ble_slave ========= Presentation ------------ **ble_slave** simulates a slave's behaviour. It can accept an incoming connection from a master, and use the GATT/ATT server implementation inside the framework to answer the requests it sends. It can be combined with the `ble_discover `_ module to quickly set up a cloned device. If a scenario is provided, the module is launched in "scenario" mode, with events given as callbacks on specific packet types, allowing to implement complex interactions. Otherwise, it is launched in "interpreter" mode, opening a CLI for the user. Compatible devices ------------------ * `HCI Device `_ * `ButteRFly Device `_ Input parameters ----------------- +----------------------------------------+---------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+ | Name | Default value | Possible values | Description | +========================================+=======================================+=============================================================+==========================================================================+ | INTERFACE | hci0 | hciX,butterflyX | Interface to use | +----------------------------------------+---------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+ | ATT_FILE | | | ATT file to import | +----------------------------------------+---------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+ | GATT_FILE | | | GATT file to import | +----------------------------------------+---------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+ | SCENARIO | | | Scenario to use | +----------------------------------------+---------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+ Scenario signals ----------------- The behaviour of this module can be modified using scenarios. If you need more details about Mirage scenarios, their usage is described `here `_. The following signals are generated by this module if a scenario is provided using the *SCENARIO* input parameter : +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | Signal | Parameters | Activation | Default behaviour | +========================================+===================================================================+======================================================================================+=====================================================================================================+ | onStart | | when the module starts its execution | nothing is executed | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onEnd | | when the module stops its execution | nothing is executed | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onKey | key | when a key is pressed | nothing is executed | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onMasterConnect | packet | when an incoming connection request is received (from master) | the prompt is updated | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onMasterDisconnect | packet | when an incoming disconnection request is received (from master) | the prompt is updated | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onMasterReadByTypeRequest | packet | when a Read By Type Request is received (from master) | the corresponding method of the GATT Server is called and the corresponding Response is transmitted | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onMasterFindInformationRequest | packet | when a Find Information Request is received (from master) | the corresponding method of the GATT Server is called and the corresponding Response is transmitted | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onMasterReadByGroupTypeRequest | packet | when a Read By Group Type Request is received (from master) | the corresponding method of the GATT Server is called and the corresponding Response is transmitted | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onMasterReadRequest | packet | when a Read Request is received (from master) | the corresponding method of the GATT Server is called and the corresponding Response is transmitted | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onMasterWriteRequest | packet | when a Write Request is received (from master) | the corresponding method of the GATT Server is called and the corresponding Response is transmitted | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onMasterWriteCommand | packet | when a Write Command Request is received (from master) | the corresponding method of the GATT Server is called and the corresponding Response is transmitted | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | onMasterExchangeMTURequest | packet | when a Exchange MTU Request is received (from master) | the corresponding method of the GATT Server is called and the corresponding Response is transmitted | +----------------------------------------+-------------------------------------------------------------------+--------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ Commands -------- The following commands are available in the CLI interface : - **clear** : clears the screen - **advertising ** : calls the `ble_adv `_ module to advertise specific data (according to the provided parameters) - **address** : prints the current interface's BD address - **address ** : changes the current interface's BD address to the specified one - **show** : prints the ATT attributes - **show attributes** : prints the ATT attributes - **show gatt** : prints the GATT services, characteristics and descriptors - **show services** : prints the GATT services - **show characteristics** : prints the GATT characteristics and descriptors - **show gatt** : prints the GATT services, characteristics and descriptors - **notification ** : sends a notification on the specified handle with the specified value - **load ** : imports ATT or GATT data (CFG format) from the specified file (compatibility with `ble_discover `_) - **pairing **: calls the `ble_pairing `_ using the specified parameters : * ** : this parameter indicates if the pairing process is *active* or *passive* * ** : this parameter allow to indicate multiple parameters in order to customize the pairing process, separated by the symbol `|` : * *inputOutput* : indicates the input output capabilities (yesno,display,keyboard) * *authentication* : indicates the authentication flag (bonding,ct2,mitm,secureConnections,keypress) * *ltk* : indicates the Long Term Key * *ediv* : indicates the ediv * *rand* : indicates the rand * *irk* : indicates the Identity Resolution Key * *addr* : indicates the address * *addr_type* : indicates the address type * *csrk* : indicates the Connection Signature Resolving Key * *pin* : indicates the PIN to use Example : ``inputOutput=yesno|authentication=bonding|ltk=112233445566778899aabbccddeeff`` ``|rand=1122334455667788|ediv=12`` - **disconnect** : disconnects from the current connection - **exit** : ends the execution Usage ------ Creating a simple Device ^^^^^^^^^^^^^^^^^^^^^^^^^ You can easily create a new slave device using the Command Line Interface : :: $ sudo mirage ble_slave INTERFACE=hci1 [INFO] Module ble_slave loaded ! [SUCCESS] HCI Device (hci1) successfully instanciated ! [INFO] Importing GATT layer datas from /tmp/gatt.ini ... [SLAVE]: address [INFO] Current address : XX:XX:XX:59:EC:3B [SLAVE]: show ┌Attributes────────┬─────────────────────────────────────────────────────┬──────────────────────────────────────────┐ │ Attribute Handle │ Attribute Type │ Attribute Value │ ├──────────────────┼─────────────────────────────────────────────────────┼──────────────────────────────────────────┤ │ 0x0001 │ Primary Service │ 0018 │ │ 0x0002 │ Characteristic Declaration │ 020300002a │ [...] │ 0x003c │ Characteristic Declaration │ 023d0018d3dd5ce93dd0895140344841fbb3a8 │ │ 0x003d │ a8b3fb414834405189d03de95cddd318 │ 50013c0030000200 │ │ 0x003e │ Characteristic Declaration │ 023f0018d3dd5ce93dd0895140344843fbb3a8 │ │ 0x003f │ a8b3fb434834405189d03de95cddd318 │ 00e600023d0700000664 │ │ 0x0040 │ Primary Service │ 18d3dd5ce93dd08951403448e0ffb3a8 │ │ 0x0041 │ Characteristic Declaration │ 02420018d3dd5ce93dd08951403448e1ffb3a8 │ │ 0x0042 │ a8b3ffe14834405189d03de95cddd318 │ 05 │ │ 0x0043 │ Characteristic Declaration │ 0a440018d3dd5ce93dd08951403448e2ffb3a8 │ │ 0x0044 │ a8b3ffe24834405189d03de95cddd318 │ │ └──────────────────┴─────────────────────────────────────────────────────┴──────────────────────────────────────────┘ [SLAVE]: advertising ADV_IND 0201060eff0d000500e600023d0700000664 [SUCCESS] Currently advertising : <> 0201060eff0d000500e600023d0700000664 [SLAVE]: [INFO] Updating connection handle : 68 [INFO] Master connected : XX:XX:XX:45:49:40 [INFO] Read By Group Type Request : startHandle = 0x1 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=01000b000018 >> [INFO] Read By Group Type Request : startHandle = 0xc / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=0c000f000118 >> [INFO] Read By Group Type Request : startHandle = 0x10 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=20 | data=1000160018d3dd5ce93dd0895140344801fab3a8 >> [INFO] Read By Group Type Request : startHandle = 0x17 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=170029000a18 >> [INFO] Read By Group Type Request : startHandle = 0x2a / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=20 | data=2a00360018d3dd5ce93dd08951403448c0ffb3a8 >> [INFO] Read By Group Type Request : startHandle = 0x37 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=20 | data=37003f0018d3dd5ce93dd0895140344804fab3a8 >> [INFO] Read By Group Type Request : startHandle = 0x40 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=20 | data=4000440018d3dd5ce93dd08951403448e0ffb3a8 >> [INFO] Read By Group Type Request : startHandle = 0x45 / endHandle = 0xffff / uuid = 0x2800 [INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0xb / uuid = 0x2802 [...] [PACKET] << BLE - Read By Type Response | data=15410002420018d3dd5ce93dd08951403448e1ffb3a8 >> [INFO] Read By Type Request : startHandle = 0x42 / endHandle = 0x44 / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=1543000a440018d3dd5ce93dd08951403448e2ffb3a8 >> [INFO] Read By Type Request : startHandle = 0x44 / endHandle = 0x44 / uuid = 0x2803 [INFO] Read Request : handle = 0x1f [INFO] Read Request : handle = 0x1f [INFO] Read Request : handle = 0x3f [INFO] Read Request : handle = 0x3f [INFO] Read Request : handle = 0x3b [INFO] Read Request : handle = 0x3f [INFO] Read Request : handle = 0x39 [INFO] Read Request : handle = 0x39 [...] [INFO] Read Request : handle = 0x39 [INFO] Read Request : handle = 0x39 [INFO] Read Request : handle = 0x39 [INFO] Read Request : handle = 0x39 [INFO] Read Request : handle = 0x39 [INFO] Read Request : handle = 0x39 [SLAVE|41:C3:C5:45:49:40]: exit [INFO] Mirage process terminated ! Cloning an existing Device ^^^^^^^^^^^^^^^^^^^^^^^^^^^ **ble_slave** allows to be combined with multiple other modules (`ble_discover `_, `ble_scan `_, `ble_adv `_ ...) For example, the following sequential execution allows to clone a specific device ("FF:FF:60:A5:17:44") : * **ble_scan** scans the advertisements emitted by the device * **ble_connect** connects to this device * **ble_discover** dumps the GATT layer of the device * **ble_adv** spoofs the target BD address (if possible) and starts to advertise * **ble_slave** imports the GATT file generated by **ble_discover** and accepts every incoming connection :: $ sudo mirage "ble_scan|ble_connect|ble_discover|ble_adv|ble_slave" ble_scan1.INTERFACE=hci1 ble_scan1.TARGET=FF:FF:60:A5:17:44 ble_scan1.TIME=5 ble_connect2.INTERFACE=hci1 ble_discover3.GATT_FILE=/tmp/att.cfg [INFO] Module ble_scan loaded ! [INFO] Module ble_connect loaded ! [INFO] Module ble_discover loaded ! [INFO] Module ble_adv loaded ! [INFO] Module ble_slave loaded ! [SUCCESS] HCI Device (hci1) successfully instanciated ! ┌Devices found──────┬──────────────────┬─────────┬───────────────────────────────────────────────────┬─────────────────────────────────────────────────┐ │ BD Address │ Name │ Company │ Flags │ Advertising data │ ├───────────────────┼──────────────────┼─────────┼───────────────────────────────────────────────────┼─────────────────────────────────────────────────┤ │ FF:FF:60:A5:17:44 │ iTAG │ │ LE Limited Discoverable Mode,BR/EDR not supported │ 020105020a000319c1030302e0ff (ADV_IND) │ │ │ │ │ │ 110969544147202020202020202020202020 (SCAN_RSP) │ └───────────────────┴──────────────────┴─────────┴───────────────────────────────────────────────────┴─────────────────────────────────────────────────┘ [INFO] Trying to connect to : FF:FF:60:A5:17:44 (type : public) [INFO] Updating connection handle : 72 [SUCCESS] Connected on device : FF:FF:60:A5:17:44 [INFO] Services discovery ... ┌Services──────┬────────────┬────────┬──────────────────────────────────┬─────────────────┐ │ Start Handle │ End Handle │ UUID16 │ UUID128 │ Name │ ├──────────────┼────────────┼────────┼──────────────────────────────────┼─────────────────┤ │ 0x0001 │ 0x0005 │ 0x1800 │ 0000180000001000800000805f9b34fb │ Generic Access │ │ 0x0006 │ 0x0008 │ 0x180f │ 0000180f00001000800000805f9b34fb │ Battery Service │ │ 0x0009 │ 0x000b │ 0x1802 │ 0000180200001000800000805f9b34fb │ Immediate Alert │ │ 0x000c │ 0x000e │ 0xffe0 │ 0000ffe000001000800000805f9b34fb │ │ └──────────────┴────────────┴────────┴──────────────────────────────────┴─────────────────┘ [INFO] Characteristics by service discovery ... ┌Service 'Generic Access'(start Handle = 0x0001 / end Handle = 0x0005)──────────┬─────────────┬─────────────┬──────────────────┬─────────────┐ │ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │ ├────────────────────┼──────────────┼────────┼──────────────────────────────────┼─────────────┼─────────────┼──────────────────┼─────────────┤ │ 0x0002 │ 0x0003 │ 0x2a00 │ 00002a0000001000800000805f9b34fb │ Device Name │ Notify,Read │ iTAG │ │ │ 0x0004 │ 0x0005 │ 0x2a01 │ 00002a0100001000800000805f9b34fb │ Appearance │ Read │ │ │ └────────────────────┴──────────────┴────────┴──────────────────────────────────┴─────────────┴─────────────┴──────────────────┴─────────────┘ ┌Service 'Battery Service'(start Handle = 0x0006 / end Handle = 0x0008)─────────┬───────────────┬─────────────┬───────┬─────────────┐ │ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │ ├────────────────────┼──────────────┼────────┼──────────────────────────────────┼───────────────┼─────────────┼───────┼─────────────┤ │ 0x0007 │ 0x0008 │ 0x2a19 │ 00002a1900001000800000805f9b34fb │ Battery Level │ Notify,Read │ c │ │ └────────────────────┴──────────────┴────────┴──────────────────────────────────┴───────────────┴─────────────┴───────┴─────────────┘ ┌Service 'Immediate Alert'(start Handle = 0x0009 / end Handle = 0x000b)─────────┬─────────────┬─────────────────────────────────────┬───────┬─────────────┐ │ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │ ├────────────────────┼──────────────┼────────┼──────────────────────────────────┼─────────────┼─────────────────────────────────────┼───────┼─────────────┤ │ 0x000a │ 0x000b │ 0x2a06 │ 00002a0600001000800000805f9b34fb │ Alert Level │ Notify,Write,Write Without Response │ │ │ └────────────────────┴──────────────┴────────┴──────────────────────────────────┴─────────────┴─────────────────────────────────────┴───────┴─────────────┘ ┌Service 0000ffe000001000800000805f9b34fb(start Handle = 0x000c / end Handle = 0x000e)─┬─────────────┬───────┬─────────────┐ │ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │ ├────────────────────┼──────────────┼────────┼──────────────────────────────────┼──────┼─────────────┼───────┼─────────────┤ │ 0x000d │ 0x000e │ 0xffe1 │ 0000ffe100001000800000805f9b34fb │ │ Notify,Read │ │ │ └────────────────────┴──────────────┴────────┴──────────────────────────────────┴──────┴─────────────┴───────┴─────────────┘ [SUCCESS] Discovered services and characteristics are saved as /tmp/att.cfg (CFG file format) [INFO] Changing HCI Device (hci1) Address to : FF:FF:60:A5:17:44 [SUCCESS] BD Address successfully modified ! [SUCCESS] HCI Device (hci1) successfully instanciated ! [INFO] Importing GATT layer datas from /tmp/att.cfg ... [SLAVE]: [INFO] Updating connection handle : 68 [INFO] Master connected : 71:0E:25:DC:A4:84 [INFO] Read By Group Type Request : startHandle = 0x1 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=010005000018 >> [INFO] Read By Group Type Request : startHandle = 0x6 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=060008000f18 >> [INFO] Read By Group Type Request : startHandle = 0x9 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=09000b000218 >> [INFO] Read By Group Type Request : startHandle = 0xc / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=0c000e00e0ff >> [INFO] Read By Group Type Request : startHandle = 0xf / endHandle = 0xffff / uuid = 0x2800 [INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070200120300002a0400020500012a >> [INFO] Read By Type Request : startHandle = 0x5 / endHandle = 0x5 / uuid = 0x2803 [INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070700120800192a >> [INFO] Read By Type Request : startHandle = 0x8 / endHandle = 0x8 / uuid = 0x2803 [INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070a001c0b00062a >> [INFO] Read By Type Request : startHandle = 0xb / endHandle = 0xb / uuid = 0x2803 [INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070d00120e00e1ff >> [INFO] Read By Type Request : startHandle = 0xe / endHandle = 0xe / uuid = 0x2803 [INFO] Read Request : handle = 0x3 [INFO] Read Request : handle = 0x5 [INFO] Master disconnected ! [SLAVE]: exit Customizing the behaviour using scenarios ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you want to use a scenario, you can use the ``create_scenario`` command in order to generate a basic code : :: $ mirage --create_scenario [QUESTION] Scenario's name : slave_test [SUCCESS] Scenario master_test successfully generated : /home/user/.mirage/scenarios/slave_test.py [INFO] Mirage process terminated ! Then, you can modify the code as you want, the following example allow to prints a given message when a specific Write Command is received : :: from mirage.core import scenario from mirage.libs import io,ble,bt,utils class slave_test(scenario.Scenario): def onStart(self): self.emitter = self.module.emitter self.receiver = self.module.receiver return True def onEnd(self): return True def onKey(self,key): return True def onMasterWriteCommand(self,packet): if packet.handle == 0x0b and packet.value == bytes.fromhex("02"): io.info("BEEP BEEP") elif packet.handle == 0x0b and packet.value == bytes.fromhex("01"): io.info("beep beep") elif packet.handle == 0x0b and packet.value == bytes.fromhex("00"): io.info("---------") return True If you want to use this scenario, just provide its name as the value of the input parameter *SCENARIO* (in scenario mode, the module must be used with `ble_adv `_ in order to advertise) : :: $ sudo mirage "ble_adv|ble_slave" ble_slave2.GATT_FILE=att.cfg ble_slave2.SCENARIO=slave_test [INFO] Module ble_adv loaded ! [INFO] Module ble_slave loaded ! [SUCCESS] HCI Device (hci0) successfully instanciated ! [INFO] Importing GATT layer datas from att.cfg ... [INFO] Scenario loaded ! [INFO] Updating connection handle : 16 [INFO] Master connected : 4A:E9:93:56:FE:AA [INFO] Read By Group Type Request : startHandle = 0x1 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=010005000018 >> [INFO] Read By Group Type Request : startHandle = 0x6 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=060008000f18 >> [INFO] Read By Group Type Request : startHandle = 0x9 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=09000b000218 >> [INFO] Read By Group Type Request : startHandle = 0xc / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=0c000e00e0ff >> [INFO] Read By Group Type Request : startHandle = 0xf / endHandle = 0xffff / uuid = 0x2800 [INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070200120300002a0400020500012a >> [INFO] Read By Type Request : startHandle = 0x5 / endHandle = 0x5 / uuid = 0x2803 [INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070700120800192a >> [INFO] Read By Type Request : startHandle = 0x8 / endHandle = 0x8 / uuid = 0x2803 [INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070a001c0b00062a >> [INFO] Read By Type Request : startHandle = 0xb / endHandle = 0xb / uuid = 0x2803 [INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070d00120e00e1ff >> [INFO] Read By Type Request : startHandle = 0xe / endHandle = 0xe / uuid = 0x2803 [INFO] Write Request : handle = 0xb / value = 02 [INFO] BEEP BEEP [INFO] Write Command : handle = 0xb / value = 02 [INFO] beep beep [INFO] Write Command : handle = 0xb / value = 01 [INFO] --------- [INFO] Write Command : handle = 0xb / value = 00 [INFO] Master disconnected ! [INFO] Mirage process terminated ! Of course, it can be used in a sequential execution of multiple modules : :: $ sudo mirage "ble_scan|ble_connect|ble_discover|ble_adv|ble_slave" ble_scan1.INTERFACE=hci1 ble_scan1.TARGET=FF:FF:60:A5:17:44 ble_scan1.TIME=5 ble_connect2.INTERFACE=hci1 ble_discover3.GATT_FILE=/tmp/att.cfg ble_slave5.SCENARIO=slave_test [INFO] Module ble_scan loaded ! [INFO] Module ble_connect loaded ! [INFO] Module ble_discover loaded ! [INFO] Module ble_adv loaded ! [INFO] Module ble_slave loaded ! [SUCCESS] HCI Device (hci1) successfully instanciated ! ┌Devices found──────┬──────────────────┬─────────┬───────────────────────────────────────────────────┬─────────────────────────────────────────────────┐ │ BD Address │ Name │ Company │ Flags │ Advertising data │ ├───────────────────┼──────────────────┼─────────┼───────────────────────────────────────────────────┼─────────────────────────────────────────────────┤ │ FF:FF:60:A5:17:44 │ iTAG │ │ LE Limited Discoverable Mode,BR/EDR not supported │ 020105020a000319c1030302e0ff (ADV_IND) │ │ │ │ │ │ 110969544147202020202020202020202020 (SCAN_RSP) │ └───────────────────┴──────────────────┴─────────┴───────────────────────────────────────────────────┴─────────────────────────────────────────────────┘ [INFO] Trying to connect to : FF:FF:60:A5:17:44 (type : public) [INFO] Updating connection handle : 72 [SUCCESS] Connected on device : FF:FF:60:A5:17:44 [INFO] Services discovery ... ┌Services──────┬────────────┬────────┬──────────────────────────────────┬─────────────────┐ │ Start Handle │ End Handle │ UUID16 │ UUID128 │ Name │ ├──────────────┼────────────┼────────┼──────────────────────────────────┼─────────────────┤ │ 0x0001 │ 0x0005 │ 0x1800 │ 0000180000001000800000805f9b34fb │ Generic Access │ │ 0x0006 │ 0x0008 │ 0x180f │ 0000180f00001000800000805f9b34fb │ Battery Service │ │ 0x0009 │ 0x000b │ 0x1802 │ 0000180200001000800000805f9b34fb │ Immediate Alert │ │ 0x000c │ 0x000e │ 0xffe0 │ 0000ffe000001000800000805f9b34fb │ │ └──────────────┴────────────┴────────┴──────────────────────────────────┴─────────────────┘ [INFO] Characteristics by service discovery ... ┌Service 'Generic Access'(start Handle = 0x0001 / end Handle = 0x0005)──────────┬─────────────┬─────────────┬──────────────────┬─────────────┐ │ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │ ├────────────────────┼──────────────┼────────┼──────────────────────────────────┼─────────────┼─────────────┼──────────────────┼─────────────┤ │ 0x0002 │ 0x0003 │ 0x2a00 │ 00002a0000001000800000805f9b34fb │ Device Name │ Notify,Read │ iTAG │ │ │ 0x0004 │ 0x0005 │ 0x2a01 │ 00002a0100001000800000805f9b34fb │ Appearance │ Read │ │ │ └────────────────────┴──────────────┴────────┴──────────────────────────────────┴─────────────┴─────────────┴──────────────────┴─────────────┘ ┌Service 'Battery Service'(start Handle = 0x0006 / end Handle = 0x0008)─────────┬───────────────┬─────────────┬───────┬─────────────┐ │ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │ ├────────────────────┼──────────────┼────────┼──────────────────────────────────┼───────────────┼─────────────┼───────┼─────────────┤ │ 0x0007 │ 0x0008 │ 0x2a19 │ 00002a1900001000800000805f9b34fb │ Battery Level │ Notify,Read │ c │ │ └────────────────────┴──────────────┴────────┴──────────────────────────────────┴───────────────┴─────────────┴───────┴─────────────┘ ┌Service 'Immediate Alert'(start Handle = 0x0009 / end Handle = 0x000b)─────────┬─────────────┬─────────────────────────────────────┬───────┬─────────────┐ │ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │ ├────────────────────┼──────────────┼────────┼──────────────────────────────────┼─────────────┼─────────────────────────────────────┼───────┼─────────────┤ │ 0x000a │ 0x000b │ 0x2a06 │ 00002a0600001000800000805f9b34fb │ Alert Level │ Notify,Write,Write Without Response │ │ │ └────────────────────┴──────────────┴────────┴──────────────────────────────────┴─────────────┴─────────────────────────────────────┴───────┴─────────────┘ ┌Service 0000ffe000001000800000805f9b34fb(start Handle = 0x000c / end Handle = 0x000e)─┬─────────────┬───────┬─────────────┐ │ Declaration Handle │ Value Handle │ UUID16 │ UUID128 │ Name │ Permissions │ Value │ Descriptors │ ├────────────────────┼──────────────┼────────┼──────────────────────────────────┼──────┼─────────────┼───────┼─────────────┤ │ 0x000d │ 0x000e │ 0xffe1 │ 0000ffe100001000800000805f9b34fb │ │ Notify,Read │ │ │ └────────────────────┴──────────────┴────────┴──────────────────────────────────┴──────┴─────────────┴───────┴─────────────┘ [SUCCESS] Discovered services and characteristics are saved as /tmp/att.cfg (CFG file format) [INFO] Importing GATT layer datas from /tmp/att.cfg ... [INFO] Scenario loaded ! [INFO] Updating connection handle : 67 [INFO] Master connected : 71:0E:25:DC:A4:84 [INFO] Read By Group Type Request : startHandle = 0x1 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=010005000018 >> [INFO] Read By Group Type Request : startHandle = 0x6 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=060008000f18 >> [INFO] Read By Group Type Request : startHandle = 0x9 / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=09000b000218 >> [INFO] Read By Group Type Request : startHandle = 0xc / endHandle = 0xffff / uuid = 0x2800 [PACKET] << BLE - Read By Group Type Response Packet | length=6 | data=0c000e00e0ff >> [INFO] Read By Group Type Request : startHandle = 0xf / endHandle = 0xffff / uuid = 0x2800 [INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0x1 / endHandle = 0x5 / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070200120300002a0400020500012a >> [INFO] Read By Type Request : startHandle = 0x5 / endHandle = 0x5 / uuid = 0x2803 [INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0x6 / endHandle = 0x8 / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070700120800192a >> [INFO] Read By Type Request : startHandle = 0x8 / endHandle = 0x8 / uuid = 0x2803 [INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0x9 / endHandle = 0xb / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070a001c0b00062a >> [INFO] Read By Type Request : startHandle = 0xb / endHandle = 0xb / uuid = 0x2803 [INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2802 [INFO] Read By Type Request : startHandle = 0xc / endHandle = 0xe / uuid = 0x2803 [PACKET] << BLE - Read By Type Response | data=070d00120e00e1ff >> [INFO] Read By Type Request : startHandle = 0xe / endHandle = 0xe / uuid = 0x2803 [INFO] Write Request : handle = 0xb / value = 02 [INFO] BEEP BEEP [INFO] Write Command : handle = 0xb / value = 02 [INFO] beep beep [INFO] Write Command : handle = 0xb / value = 01 [INFO] --------- [INFO] Write Command : handle = 0xb / value = 00 [INFO] Master disconnected ! [INFO] Mirage process terminated !