ble_slave¶
Presentation¶
ble_slave simulates a slave’s behaviour. It can accept an incoming connection from a master, and use the GATT/ATT server implementation inside the framework to answer the requests it sends. It can be combined with the ble_discover module to quickly set up a cloned device. If a scenario is provided, the module is launched in “scenario” mode, with events given as callbacks on specific packet types, allowing to implement complex interactions. Otherwise, it is launched in “interpreter” mode, opening a CLI for the user.
Compatible devices¶
Input parameters¶
Name |
Default value |
Possible values |
Description |
|---|---|---|---|
INTERFACE |
hci0 |
hciX,butterflyX |
Interface to use |
ATT_FILE |
<file path> |
ATT file to import |
|
GATT_FILE |
<file path> |
GATT file to import |
|
SCENARIO |
<scenario> |
Scenario to use |
Scenario signals¶
The behaviour of this module can be modified using scenarios. If you need more details about Mirage scenarios, their usage is described here. The following signals are generated by this module if a scenario is provided using the SCENARIO input parameter :
Signal |
Parameters |
Activation |
Default behaviour |
|---|---|---|---|
onStart |
when the module starts its execution |
nothing is executed |
|
onEnd |
when the module stops its execution |
nothing is executed |
|
onKey |
key |
when a key is pressed |
nothing is executed |
onMasterConnect |
packet |
when an incoming connection request is received (from master) |
the prompt is updated |
onMasterDisconnect |
packet |
when an incoming disconnection request is received (from master) |
the prompt is updated |
onMasterReadByTypeRequest |
packet |
when a Read By Type Request is received (from master) |
the corresponding method of the GATT Server is called and the corresponding Response is transmitted |
onMasterFindInformationRequest |
packet |
when a Find Information Request is received (from master) |
the corresponding method of the GATT Server is called and the corresponding Response is transmitted |
onMasterReadByGroupTypeRequest |
packet |
when a Read By Group Type Request is received (from master) |
the corresponding method of the GATT Server is called and the corresponding Response is transmitted |
onMasterReadRequest |
packet |
when a Read Request is received (from master) |
the corresponding method of the GATT Server is called and the corresponding Response is transmitted |
onMasterWriteRequest |
packet |
when a Write Request is received (from master) |
the corresponding method of the GATT Server is called and the corresponding Response is transmitted |
onMasterWriteCommand |
packet |
when a Write Command Request is received (from master) |
the corresponding method of the GATT Server is called and the corresponding Response is transmitted |
onMasterExchangeMTURequest |
packet |
when a Exchange MTU Request is received (from master) |
the corresponding method of the GATT Server is called and the corresponding Response is transmitted |
Commands¶
The following commands are available in the CLI interface :
clear : clears the screen
advertising <type> <advData> <scanData> <intervalMin> <intervalMax> : calls the ble_adv module to advertise specific data (according to the provided parameters)
address : prints the current interface’s BD address
address <BD address> : changes the current interface’s BD address to the specified one
show : prints the ATT attributes
show attributes : prints the ATT attributes
show gatt : prints the GATT services, characteristics and descriptors
show services : prints the GATT services
show characteristics : prints the GATT characteristics and descriptors
show gatt : prints the GATT services, characteristics and descriptors
notification <handle> <value> : sends a notification on the specified handle with the specified value
load <filename> : imports ATT or GATT data (CFG format) from the specified file (compatibility with ble_discover)
pairing <active> <parameters>: calls the ble_pairing using the specified parameters :
<active> : this parameter indicates if the pairing process is active or passive
<parameters> : this parameter allow to indicate multiple parameters in order to customize the pairing process, separated by the symbol | :
inputOutput : indicates the input output capabilities (yesno,display,keyboard)
authentication : indicates the authentication flag (bonding,ct2,mitm,secureConnections,keypress)
ltk : indicates the Long Term Key
ediv : indicates the ediv
rand : indicates the rand
irk : indicates the Identity Resolution Key
addr : indicates the address
addr_type : indicates the address type
csrk : indicates the Connection Signature Resolving Key
pin : indicates the PIN to use
Example :
inputOutput=yesno|authentication=bonding|ltk=112233445566778899aabbccddeeff|rand=1122334455667788|ediv=12
disconnect : disconnects from the current connection
exit : ends the execution
Usage¶
Creating a simple Device¶
You can easily create a new slave device using the Command Line Interface :
$ sudo mirage ble_slave INTERFACE=hci1
[INFO] Module ble_slave loaded !
[SUCCESS] HCI Device (hci1) successfully instanciated !
[INFO] Importing GATT layer datas from /tmp/gatt.ini ...
[SLAVE]: address
[INFO] Current address : XX:XX:XX:59:EC:3B
[SLAVE]: show
┌Attributes────────┬─────────────────────────────────────────────────────┬──────────────────────────────────────────┐
│ Attribute Handle │ Attribute Type │ Attribute Value │
├──────────────────┼─────────────────────────────────────────────────────┼──────────────────────────────────────────┤
│ 0x0001 │ Primary Service │ 0018 │
│ 0x0002 │ Characteristic Declaration │ 020300002a │
[...]
│ 0x003c │ Characteristic Declaration │ 023d0018d3dd5ce93dd0895140344841fbb3a8 │
│ 0x003d │ a8b3fb414834405189d03de95cddd318 │ 50013c0030000200 │
│ 0x003e │ Characteristic Declaration │ 023f0018d3dd5ce93dd0895140344843fbb3a8 │
│ 0x003f │ a8b3fb434834405189d03de95cddd318 │ 00e600023d0700000664 │
│ 0x0040 │ Primary Service │ 18d3dd5ce93dd08951403448e0ffb3a8 │
│ 0x0041 │ Characteristic Declaration │ 02420018d3dd5ce93dd08951403448e1ffb3a8 │
│ 0x0042 │ a8b3ffe14834405189d03de95cddd318 │ 05 │
│ 0x0043 │ Characteristic Declaration │ 0a440018d3dd5ce93dd08951403448e2ffb3a8 │
│ 0x0044 │ a8b3ffe24834405189d03de95cddd318 │ │
└──────────────────┴─────────────────────────────────────────────────────┴──────────────────────────────────────────┘
[SLAVE]: advertising ADV_IND 0201060eff0d000500e600023d0700000664
[SUCCESS] Currently advertising : <<type=ADV_IND|intervalMin=200|intervalMax=210>> 0201060eff0d000500e600023d0700000664
[SLAVE]: [INFO] Updating connection handle : 68
[INFO] Master connected : XX:XX:XX:45:49:40
[INFO] Read By Group Type Request : startHandle = 0x1 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=01000b000018 >>
[INFO] Read By Group Type Request : startHandle = 0xc / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=0c000f000118 >>
[INFO] Read By Group Type Request : startHandle = 0x10 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=20 | data=1000160018d3dd5ce93dd0895140344801fab3a8 >>
[INFO] Read By Group Type Request : startHandle = 0x17 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=170029000a18 >>
[INFO] Read By Group Type Request : startHandle = 0x2a / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=20 | data=2a00360018d3dd5ce93dd08951403448c0ffb3a8 >>
[INFO] Read By Group Type Request : startHandle = 0x37 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=20 | data=37003f0018d3dd5ce93dd0895140344804fab3a8 >>
[INFO] Read By Group Type Request : startHandle = 0x40 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=20 | data=4000440018d3dd5ce93dd08951403448e0ffb3a8 >>
[INFO] Read By Group Type Request : startHandle = 0x45 / endHandle = 0xffff / uuid = 0x2800
[INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0xb / uuid = 0x2802
[...]
[PACKET] << BLE - Read By Type Response | data=15410002420018d3dd5ce93dd08951403448e1ffb3a8 >>
[INFO] Read By Type Request : startHandle = 0x42 / endHandle = 0x44 / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=1543000a440018d3dd5ce93dd08951403448e2ffb3a8 >>
[INFO] Read By Type Request : startHandle = 0x44 / endHandle = 0x44 / uuid = 0x2803
[INFO] Read Request : handle = 0x1f
[INFO] Read Request : handle = 0x1f
[INFO] Read Request : handle = 0x3f
[INFO] Read Request : handle = 0x3f
[INFO] Read Request : handle = 0x3b
[INFO] Read Request : handle = 0x3f
[INFO] Read Request : handle = 0x39
[INFO] Read Request : handle = 0x39
[...]
[INFO] Read Request : handle = 0x39
[INFO] Read Request : handle = 0x39
[INFO] Read Request : handle = 0x39
[INFO] Read Request : handle = 0x39
[INFO] Read Request : handle = 0x39
[INFO] Read Request : handle = 0x39
[SLAVE|41:C3:C5:45:49:40]: exit
[INFO] Mirage process terminated !
Cloning an existing Device¶
ble_slave allows to be combined with multiple other modules (ble_discover, ble_scan, ble_adv …) For example, the following sequential execution allows to clone a specific device (“FF:FF:60:A5:17:44”) :
ble_scan scans the advertisements emitted by the device
ble_connect connects to this device
ble_discover dumps the GATT layer of the device
ble_adv spoofs the target BD address (if possible) and starts to advertise
ble_slave imports the GATT file generated by ble_discover and accepts every incoming connection
$ sudo mirage "ble_scan|ble_connect|ble_discover|ble_adv|ble_slave" ble_scan1.INTERFACE=hci1 ble_scan1.TARGET=FF:FF:60:A5:17:44 ble_scan1.TIME=5 ble_connect2.INTERFACE=hci1 ble_discover3.GATT_FILE=/tmp/att.cfg
[INFO] Module ble_scan loaded !
[INFO] Module ble_connect loaded !
[INFO] Module ble_discover loaded !
[INFO] Module ble_adv loaded !
[INFO] Module ble_slave loaded !
[SUCCESS] HCI Device (hci1) successfully instanciated !
┌Devices found──────┬──────────────────┬─────────┬───────────────────────────────────────────────────┬─────────────────────────────────────────────────┐
│ BD Address │ Name │ Company │ Flags │ Advertising data │
├───────────────────┼──────────────────┼─────────┼───────────────────────────────────────────────────┼─────────────────────────────────────────────────┤
│ FF:FF:60:A5:17:44 │ iTAG │ │ LE Limited Discoverable Mode,BR/EDR not supported │ 020105020a000319c1030302e0ff (ADV_IND) │
│ │ │ │ │ 110969544147202020202020202020202020 (SCAN_RSP) │
└───────────────────┴──────────────────┴─────────┴───────────────────────────────────────────────────┴─────────────────────────────────────────────────┘
[INFO] Trying to connect to : FF:FF:60:A5:17:44 (type : public)
[INFO] Updating connection handle : 72
[SUCCESS] Connected on device : FF:FF:60:A5:17:44
[INFO] Services discovery ...
┌Services──────┬────────────┬────────┬──────────────────────────────────┬─────────────────┐
│ Start Handle │ End Handle │ UUID16 │ UUID128 │ Name │
├──────────────┼────────────┼────────┼──────────────────────────────────┼─────────────────┤
│ 0x0001 │ 0x0005 │ 0x1800 │ 0000180000001000800000805f9b34fb │ Generic Access │
│ 0x0006 │ 0x0008 │ 0x180f │ 0000180f00001000800000805f9b34fb │ Battery Service │
│ 0x0009 │ 0x000b │ 0x1802 │ 0000180200001000800000805f9b34fb │ Immediate Alert │
│ 0x000c │ 0x000e │ 0xffe0 │ 0000ffe000001000800000805f9b34fb │ │
└──────────────┴────────────┴────────┴──────────────────────────────────┴─────────────────┘
[INFO] Characteristics by service discovery ...
┌Service 'Generic Access'(start Handle = 0x0001 / end Handle = 0x0005)──────────┬─────────────┬─────────────┬──────────────────┬─────────────┐
│ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │
├────────────────────┼──────────────┼────────┼──────────────────────────────────┼─────────────┼─────────────┼──────────────────┼─────────────┤
│ 0x0002 │ 0x0003 │ 0x2a00 │ 00002a0000001000800000805f9b34fb │ Device Name │ Notify,Read │ iTAG │ │
│ 0x0004 │ 0x0005 │ 0x2a01 │ 00002a0100001000800000805f9b34fb │ Appearance │ Read │ │ │
└────────────────────┴──────────────┴────────┴──────────────────────────────────┴─────────────┴─────────────┴──────────────────┴─────────────┘
┌Service 'Battery Service'(start Handle = 0x0006 / end Handle = 0x0008)─────────┬───────────────┬─────────────┬───────┬─────────────┐
│ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │
├────────────────────┼──────────────┼────────┼──────────────────────────────────┼───────────────┼─────────────┼───────┼─────────────┤
│ 0x0007 │ 0x0008 │ 0x2a19 │ 00002a1900001000800000805f9b34fb │ Battery Level │ Notify,Read │ c │ │
└────────────────────┴──────────────┴────────┴──────────────────────────────────┴───────────────┴─────────────┴───────┴─────────────┘
┌Service 'Immediate Alert'(start Handle = 0x0009 / end Handle = 0x000b)─────────┬─────────────┬─────────────────────────────────────┬───────┬─────────────┐
│ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │
├────────────────────┼──────────────┼────────┼──────────────────────────────────┼─────────────┼─────────────────────────────────────┼───────┼─────────────┤
│ 0x000a │ 0x000b │ 0x2a06 │ 00002a0600001000800000805f9b34fb │ Alert Level │ Notify,Write,Write Without Response │ │ │
└────────────────────┴──────────────┴────────┴──────────────────────────────────┴─────────────┴─────────────────────────────────────┴───────┴─────────────┘
┌Service 0000ffe000001000800000805f9b34fb(start Handle = 0x000c / end Handle = 0x000e)─┬─────────────┬───────┬─────────────┐
│ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │
├────────────────────┼──────────────┼────────┼──────────────────────────────────┼──────┼─────────────┼───────┼─────────────┤
│ 0x000d │ 0x000e │ 0xffe1 │ 0000ffe100001000800000805f9b34fb │ │ Notify,Read │ │ │
└────────────────────┴──────────────┴────────┴──────────────────────────────────┴──────┴─────────────┴───────┴─────────────┘
[SUCCESS] Discovered services and characteristics are saved as /tmp/att.cfg (CFG file format)
[INFO] Changing HCI Device (hci1) Address to : FF:FF:60:A5:17:44
[SUCCESS] BD Address successfully modified !
[SUCCESS] HCI Device (hci1) successfully instanciated !
[INFO] Importing GATT layer datas from /tmp/att.cfg ...
[SLAVE]: [INFO] Updating connection handle : 68
[INFO] Master connected : 71:0E:25:DC:A4:84
[INFO] Read By Group Type Request : startHandle = 0x1 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=010005000018 >>
[INFO] Read By Group Type Request : startHandle = 0x6 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=060008000f18 >>
[INFO] Read By Group Type Request : startHandle = 0x9 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=09000b000218 >>
[INFO] Read By Group Type Request : startHandle = 0xc / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=0c000e00e0ff >>
[INFO] Read By Group Type Request : startHandle = 0xf / endHandle = 0xffff / uuid = 0x2800
[INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070200120300002a0400020500012a >>
[INFO] Read By Type Request : startHandle = 0x5 / endHandle = 0x5 / uuid = 0x2803
[INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070700120800192a >>
[INFO] Read By Type Request : startHandle = 0x8 / endHandle = 0x8 / uuid = 0x2803
[INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070a001c0b00062a >>
[INFO] Read By Type Request : startHandle = 0xb / endHandle = 0xb / uuid = 0x2803
[INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070d00120e00e1ff >>
[INFO] Read By Type Request : startHandle = 0xe / endHandle = 0xe / uuid = 0x2803
[INFO] Read Request : handle = 0x3
[INFO] Read Request : handle = 0x5
[INFO] Master disconnected !
[SLAVE]: exit
Customizing the behaviour using scenarios¶
If you want to use a scenario, you can use the create_scenario command in order to generate a basic code :
$ mirage --create_scenario
[QUESTION] Scenario's name : slave_test
[SUCCESS] Scenario master_test successfully generated : /home/user/.mirage/scenarios/slave_test.py
[INFO] Mirage process terminated !
Then, you can modify the code as you want, the following example allow to prints a given message when a specific Write Command is received :
from mirage.core import scenario
from mirage.libs import io,ble,bt,utils
class slave_test(scenario.Scenario):
def onStart(self):
self.emitter = self.module.emitter
self.receiver = self.module.receiver
return True
def onEnd(self):
return True
def onKey(self,key):
return True
def onMasterWriteCommand(self,packet):
if packet.handle == 0x0b and packet.value == bytes.fromhex("02"):
io.info("BEEP BEEP")
elif packet.handle == 0x0b and packet.value == bytes.fromhex("01"):
io.info("beep beep")
elif packet.handle == 0x0b and packet.value == bytes.fromhex("00"):
io.info("---------")
return True
If you want to use this scenario, just provide its name as the value of the input parameter SCENARIO (in scenario mode, the module must be used with ble_adv in order to advertise) :
$ sudo mirage "ble_adv|ble_slave" ble_slave2.GATT_FILE=att.cfg ble_slave2.SCENARIO=slave_test
[INFO] Module ble_adv loaded !
[INFO] Module ble_slave loaded !
[SUCCESS] HCI Device (hci0) successfully instanciated !
[INFO] Importing GATT layer datas from att.cfg ...
[INFO] Scenario loaded !
[INFO] Updating connection handle : 16
[INFO] Master connected : 4A:E9:93:56:FE:AA
[INFO] Read By Group Type Request : startHandle = 0x1 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=010005000018 >>
[INFO] Read By Group Type Request : startHandle = 0x6 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=060008000f18 >>
[INFO] Read By Group Type Request : startHandle = 0x9 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=09000b000218 >>
[INFO] Read By Group Type Request : startHandle = 0xc / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=0c000e00e0ff >>
[INFO] Read By Group Type Request : startHandle = 0xf / endHandle = 0xffff / uuid = 0x2800
[INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070200120300002a0400020500012a >>
[INFO] Read By Type Request : startHandle = 0x5 / endHandle = 0x5 / uuid = 0x2803
[INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070700120800192a >>
[INFO] Read By Type Request : startHandle = 0x8 / endHandle = 0x8 / uuid = 0x2803
[INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070a001c0b00062a >>
[INFO] Read By Type Request : startHandle = 0xb / endHandle = 0xb / uuid = 0x2803
[INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070d00120e00e1ff >>
[INFO] Read By Type Request : startHandle = 0xe / endHandle = 0xe / uuid = 0x2803
[INFO] Write Request : handle = 0xb / value = 02
[INFO] BEEP BEEP
[INFO] Write Command : handle = 0xb / value = 02
[INFO] beep beep
[INFO] Write Command : handle = 0xb / value = 01
[INFO] ---------
[INFO] Write Command : handle = 0xb / value = 00
[INFO] Master disconnected !
[INFO] Mirage process terminated !
Of course, it can be used in a sequential execution of multiple modules :
$ sudo mirage "ble_scan|ble_connect|ble_discover|ble_adv|ble_slave" ble_scan1.INTERFACE=hci1 ble_scan1.TARGET=FF:FF:60:A5:17:44 ble_scan1.TIME=5 ble_connect2.INTERFACE=hci1 ble_discover3.GATT_FILE=/tmp/att.cfg ble_slave5.SCENARIO=slave_test
[INFO] Module ble_scan loaded !
[INFO] Module ble_connect loaded !
[INFO] Module ble_discover loaded !
[INFO] Module ble_adv loaded !
[INFO] Module ble_slave loaded !
[SUCCESS] HCI Device (hci1) successfully instanciated !
┌Devices found──────┬──────────────────┬─────────┬───────────────────────────────────────────────────┬─────────────────────────────────────────────────┐
│ BD Address │ Name │ Company │ Flags │ Advertising data │
├───────────────────┼──────────────────┼─────────┼───────────────────────────────────────────────────┼─────────────────────────────────────────────────┤
│ FF:FF:60:A5:17:44 │ iTAG │ │ LE Limited Discoverable Mode,BR/EDR not supported │ 020105020a000319c1030302e0ff (ADV_IND) │
│ │ │ │ │ 110969544147202020202020202020202020 (SCAN_RSP) │
└───────────────────┴──────────────────┴─────────┴───────────────────────────────────────────────────┴─────────────────────────────────────────────────┘
[INFO] Trying to connect to : FF:FF:60:A5:17:44 (type : public)
[INFO] Updating connection handle : 72
[SUCCESS] Connected on device : FF:FF:60:A5:17:44
[INFO] Services discovery ...
┌Services──────┬────────────┬────────┬──────────────────────────────────┬─────────────────┐
│ Start Handle │ End Handle │ UUID16 │ UUID128 │ Name │
├──────────────┼────────────┼────────┼──────────────────────────────────┼─────────────────┤
│ 0x0001 │ 0x0005 │ 0x1800 │ 0000180000001000800000805f9b34fb │ Generic Access │
│ 0x0006 │ 0x0008 │ 0x180f │ 0000180f00001000800000805f9b34fb │ Battery Service │
│ 0x0009 │ 0x000b │ 0x1802 │ 0000180200001000800000805f9b34fb │ Immediate Alert │
│ 0x000c │ 0x000e │ 0xffe0 │ 0000ffe000001000800000805f9b34fb │ │
└──────────────┴────────────┴────────┴──────────────────────────────────┴─────────────────┘
[INFO] Characteristics by service discovery ...
┌Service 'Generic Access'(start Handle = 0x0001 / end Handle = 0x0005)──────────┬─────────────┬─────────────┬──────────────────┬─────────────┐
│ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │
├────────────────────┼──────────────┼────────┼──────────────────────────────────┼─────────────┼─────────────┼──────────────────┼─────────────┤
│ 0x0002 │ 0x0003 │ 0x2a00 │ 00002a0000001000800000805f9b34fb │ Device Name │ Notify,Read │ iTAG │ │
│ 0x0004 │ 0x0005 │ 0x2a01 │ 00002a0100001000800000805f9b34fb │ Appearance │ Read │ │ │
└────────────────────┴──────────────┴────────┴──────────────────────────────────┴─────────────┴─────────────┴──────────────────┴─────────────┘
┌Service 'Battery Service'(start Handle = 0x0006 / end Handle = 0x0008)─────────┬───────────────┬─────────────┬───────┬─────────────┐
│ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │
├────────────────────┼──────────────┼────────┼──────────────────────────────────┼───────────────┼─────────────┼───────┼─────────────┤
│ 0x0007 │ 0x0008 │ 0x2a19 │ 00002a1900001000800000805f9b34fb │ Battery Level │ Notify,Read │ c │ │
└────────────────────┴──────────────┴────────┴──────────────────────────────────┴───────────────┴─────────────┴───────┴─────────────┘
┌Service 'Immediate Alert'(start Handle = 0x0009 / end Handle = 0x000b)─────────┬─────────────┬─────────────────────────────────────┬───────┬─────────────┐
│ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │
├────────────────────┼──────────────┼────────┼──────────────────────────────────┼─────────────┼─────────────────────────────────────┼───────┼─────────────┤
│ 0x000a │ 0x000b │ 0x2a06 │ 00002a0600001000800000805f9b34fb │ Alert Level │ Notify,Write,Write Without Response │ │ │
└────────────────────┴──────────────┴────────┴──────────────────────────────────┴─────────────┴─────────────────────────────────────┴───────┴─────────────┘
┌Service 0000ffe000001000800000805f9b34fb(start Handle = 0x000c / end Handle = 0x000e)─┬─────────────┬───────┬─────────────┐
│ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │
├────────────────────┼──────────────┼────────┼──────────────────────────────────┼──────┼─────────────┼───────┼─────────────┤
│ 0x000d │ 0x000e │ 0xffe1 │ 0000ffe100001000800000805f9b34fb │ │ Notify,Read │ │ │
└────────────────────┴──────────────┴────────┴──────────────────────────────────┴──────┴─────────────┴───────┴─────────────┘
[SUCCESS] Discovered services and characteristics are saved as /tmp/att.cfg (CFG file format)
[INFO] Importing GATT layer datas from /tmp/att.cfg ...
[INFO] Scenario loaded !
[INFO] Updating connection handle : 67
[INFO] Master connected : 71:0E:25:DC:A4:84
[INFO] Read By Group Type Request : startHandle = 0x1 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=010005000018 >>
[INFO] Read By Group Type Request : startHandle = 0x6 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=060008000f18 >>
[INFO] Read By Group Type Request : startHandle = 0x9 / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=09000b000218 >>
[INFO] Read By Group Type Request : startHandle = 0xc / endHandle = 0xffff / uuid = 0x2800
[PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=0c000e00e0ff >>
[INFO] Read By Group Type Request : startHandle = 0xf / endHandle = 0xffff / uuid = 0x2800
[INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070200120300002a0400020500012a >>
[INFO] Read By Type Request : startHandle = 0x5 / endHandle = 0x5 / uuid = 0x2803
[INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070700120800192a >>
[INFO] Read By Type Request : startHandle = 0x8 / endHandle = 0x8 / uuid = 0x2803
[INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070a001c0b00062a >>
[INFO] Read By Type Request : startHandle = 0xb / endHandle = 0xb / uuid = 0x2803
[INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2802
[INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2803
[PACKET] << BLE - Read By Type Response | data=070d00120e00e1ff >>
[INFO] Read By Type Request : startHandle = 0xe / endHandle = 0xe / uuid = 0x2803
[INFO] Write Request : handle = 0xb / value = 02
[INFO] BEEP BEEP
[INFO] Write Command : handle = 0xb / value = 02
[INFO] beep beep
[INFO] Write Command : handle = 0xb / value = 01
[INFO] ---------
[INFO] Write Command : handle = 0xb / value = 00
[INFO] Master disconnected !
[INFO] Mirage process terminated !