我对这个问题感到困惑。我有以下设备(它是一款中国智能手表(,MAC地址显示在blueman和bettercap上,但没有显示在hcitool上。
我使用:
sudo hcitool lescan
LE Scan ...
C0:28:8D:D6:66:EA
C0:28:8D:D6:66:EA (unknown)
但是Q1EB:15:0C:38:C9:B0的设备MAC地址没有出现。
我尝试更好的帽子:
sudo bettercap
» ble.recon on
» [12:01:38] [ble.device.new] new BLE device Q1 detected as EB:15:0C:38:C9:B0 -77 dBm.
然而,我也得到:
当我这样做时:
» ble.show
│ -76 dBm │ eb:15:0c:38:c9:b0 │ │ Limited Discoverable, BR/EDR Not Supported │ ✔ │ 12:05:38 │
» ble.enum eb:15:0c:38:c9:b0
[12:07:06] [sys.log] [inf] ble.recon connecting to eb:15:0c:38:c9:b0 ...
»
┌──────────────┬───────────────────────────────────────────────────────┬──────────────────────────────────────────────────┬────────────────────────────────────────────────┐
│ Handles │ Service > Characteristics │ Properties │ Data │
├──────────────┼───────────────────────────────────────────────────────┼──────────────────────────────────────────────────┼────────────────────────────────────────────────┤
│ 0001 -> 0004 │ Generic Attribute (1801) │ │ │
│ 0003 │ Service Changed (2a05) │ BCAST, READ, WRITE, NOTIFY, INDICATE, SIGN WRITE │ 00000000 │
│ │ │ │ │
│ 0005 -> 000f │ Generic Access (1800) │ │ │
│ 0007 │ Device Name (2a00) │ READ │ Q1 │
│ 0009 │ Appearance (2a01) │ READ │ Unknown │
│ 000b │ Peripheral Privacy Flag (2a02) │ READ │ Privacy Disabled │
│ 000d │ Peripheral Preferred Connection Parameters (2a04) │ READ │ Connection Interval: 224 -> 240 │
│ │ │ │ Slave Latency: 4 │
│ │ │ │ Connection Supervision Timeout Multiplier: 500 │
│ 000f │ 2aa6 │ READ │ 00 │
│ │ │ │ │
│ 0010 -> 0015 │ 6e400001b5a3f393e0a9e50e24dcca9e │ │ │
│ 0012 │ 6e400003b5a3f393e0a9e50e24dcca9e │ NOTIFY │ │
│ 0015 │ 6e400002b5a3f393e0a9e50e24dcca9e │ WRITE │ │
│ │ │ │ │
│ 0016 -> 002d │ Human Interface Device (1812) │ │ │
│ 0018 │ Protocol Mode (2a4e) │ READ, WRITE │ insufficient encryption │
│ 001a │ Report (2a4d) │ READ, WRITE, NOTIFY │ insufficient encryption │
│ 001e │ Report (2a4d) │ READ, WRITE, NOTIFY │ insufficient encryption │
│ 0022 │ Report (2a4d) │ READ, WRITE, NOTIFY │ insufficient encryption │
│ 0026 │ Report Map (2a4b) │ READ │ insufficient encryption │
│ 0028 │ Boot Mouse Input Report (2a33) │ READ, WRITE, NOTIFY │ insufficient encryption │
│ 002b │ HID Information (2a4a) │ READ │ insufficient encryption │
│ 002d │ HID Control Point (2a4c) │ WRITE │ │
│ │ │ │ │
│ 002e -> 0037 │ fee7 │ │ │
│ 0030 │ fec9 │ READ, NOTIFY │ ë150c8É° │
│ 0033 │ fea1 │ READ, INDICATE │ 07a001009e0100a00100 │
│ 0036 │ fea2 │ READ, WRITE, INDICATE │ Ð │
│ │ │ │ │
└──────────────┴───────────────────────────────────────────────────────┴──────────────────────────────────────────────────┴────────────────────────────────────────────────┘
然而,我不确定这一切意味着什么。我觉得bettercap很难理解。
» ^D
Are you sure you want to quit this session? y/n y
[12:08:07] [sys.log] [inf] ble.recon stopping scan ...
我也试过gattool:
sudo gatttool -t random -b EB:15:0C:38:C9:B0 -I
[EB:15:0C:38:C9:B0][LE]> sec-level low
[EB:15:0C:38:C9:B0][LE]> connect
Attempting to connect to EB:15:0C:38:C9:B0
Error: connect to EB:15:0C:38:C9:B0: Device or resource busy (16)
[EB:15:0C:38:C9:B0][LE]>
很抱歉,我不知道该怎么办。如果可能的话,我想读写这个设备。我使用的是Fedora 33 Linux。
提前感谢您的帮助!
感谢您提供有关bluetoothctl的信息。所以,我尝试了一下,得到:
$ sudo bluetoothctl
Agent registered
[Q1]# devices
Device EB:15:0C:38:C9:B0 Q1
Device E0:7B:1F:EB:C1:6C LH719
Device A4:C1:1C:F6:02:92 MS1020
[Q1]# connect EB:15:0C:38:C9:B0
Attempting to connect to EB:15:0C:38:C9:B0
Connection successful
但从这里阅读:https://budimir.cc/2020/02/27/ble-on-linux-with-bluetoothctl/看来我应该得到比以上更多的信息。
然而,我补充道:
[Q1]# menu gatt
Menu gatt:
Available commands:
-------------------
list-attributes [dev/local] List attributes
select-attribute <attribute/UUID> Select attribute
attribute-info [attribute/UUID] Select attribute
read [offset] Read attribute value
write <data=xx xx ...> [offset] [type] Write attribute value
acquire-write Acquire Write file descriptor
release-write Release Write file descriptor
acquire-notify Acquire Notify file descriptor
release-notify Release Notify file descriptor
notify <on/off> Notify attribute value
clone [dev/attribute/UUID] Clone a device or attribute
register-application [UUID ...] Register profile to connect
unregister-application Unregister profile
register-service <UUID> [handle] Register application service.
unregister-service <UUID/object> Unregister application service
register-includes <UUID> [handle] Register as Included service in.
unregister-includes <Service-UUID><Inc-UUID> Unregister Included service.
register-characteristic <UUID> <Flags=read,write,notify...> [handle] Register application characteristic
unregister-characteristic <UUID/object> Unregister application characteristic
register-descriptor <UUID> <Flags=read,write...> [handle] Register application descriptor
unregister-descriptor <UUID/object> Unregister application descriptor
back Return to main menu
version Display version
quit Quit program
exit Quit program
help Display help about this program
export Print environment variables
并且似乎确实得到了一份服务列表(我现在将对此进行调查(:
[Q1]# list-attributes
Primary Service (Handle 0x0100)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e
0000fee7-0000-1000-8000-00805f9b34fb
Tencent Holdings Limited.
Characteristic (Handle 0x7da4)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0035
0000fea2-0000-1000-8000-00805f9b34fb
Intrepid Control Systems, Inc.
Descriptor (Handle 0x0015)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0035/desc0037
00002902-0000-1000-8000-00805f9b34fb
Client Characteristic Configuration
Characteristic (Handle 0x9248)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0032
0000fea1-0000-1000-8000-00805f9b34fb
Intrepid Control Systems, Inc.
Descriptor (Handle 0x0015)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0032/desc0034
00002902-0000-1000-8000-00805f9b34fb
Client Characteristic Configuration
Characteristic (Handle 0xaf18)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char002f
0000fec9-0000-1000-8000-00805f9b34fb
Apple, Inc.
Descriptor (Handle 0x0015)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char002f/desc0031
00002902-0000-1000-8000-00805f9b34fb
Client Characteristic Configuration
Primary Service (Handle 0x9d80)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010
6e400001-b5a3-f393-e0a9-e50e24dcca9e
Nordic UART Service
Characteristic (Handle 0xd894)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010/char0014
6e400002-b5a3-f393-e0a9-e50e24dcca9e
Nordic UART TX
Characteristic (Handle 0xd894)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010/char0011
6e400003-b5a3-f393-e0a9-e50e24dcca9e
Nordic UART RX
Descriptor (Handle 0x0015)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010/char0011/desc0013
00002902-0000-1000-8000-00805f9b34fb
Client Characteristic Configuration
Primary Service (Handle 0x9d80)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0001
00001801-0000-1000-8000-00805f9b34fb
Generic Attribute Profile
Characteristic (Handle 0xff84)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0001/char0002
00002a05-0000-1000-8000-00805f9b34fb
Service Changed
Descriptor (Handle 0x0015)
/org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0001/char0002/desc0004
00002902-0000-1000-8000-00805f9b34fb
Client Characteristic Configuration
[Q1]#
hcitool和gatttool是BlueZ项目在2017年弃用的一些工具。如果你正在遵循一个使用它们的教程,那么它可能已经过时了。现在要使用的正确工具是bluetoothctl。
如果你是蓝牙的新手,那么使用像nRF Connect这样的通用蓝牙低能耗扫描和探索工具可能更有助于了解发生了什么。阅读BLE GATT服务的工作原理将有助于了解service > Characteristics信息。
一旦你能用这些特征进行读写,你的下一个挑战将是弄清楚发送/接收的二进制数据意味着什么,因为它们看起来使用了很多自定义特征。