Debugging and hacking unknown Device #49
Description
First of all, thank you very much for the great tool!
I'm currently trying to hack a device, it's a cooler with a cell phone app that connects via Bluetooth.
My goal is to offer the values that the box provides via BT in a separate interface. I don't have much experience with the BT protocol and handling.
Can you give me a tip on the best way to start?
I was able to find the device with bluing le --scan:
----------------LE Devices Scan Result----------------
Addr: FC:E4:97:72:E9:83
Addr type: random
Connectable: True
RSSI: -96 dBm
General Access Profile:
Complete Local Name: WT-0001
Flags:
LE General Discoverable Mode
BR/EDR Not Supported
Complete List of 16-bit Service Class UUIDs:
0x1234
Manufacturer Specific Data:
Company ID: 0x0000 (Ericsson Technology Licensing)
Data:
Tx Power Level: 4 dBm (pathloss 100 dBm)
mit --pairing-feature und --ll-feature-set bekomme ich keine Antwort, bluing le --ll-feature-set FC:E4:97:72:E9:83 liefert:
Running in chroot, ignoring command 'restart'
[INFO] Automatically determining the address type of FC:E4:97:72:E9:83
[INFO] FC:E4:97:72:E9:83 is a random address
[INFO] BtAgent registered
----------------GATT Scan Result----------------
Number of services: 3
Service (0x0001 - 0x0007, 3 characteristics)
Declaration
Handle: 0x0001
Type: 2800 (Primary Service declaration)
Value: 1800 (Generic Access)
Permissions: Read (no authen/author)
Characteristic (0 descriptors)
Declaration
Handle: 0x0002
Type: 2803 (Characteristic declaration)
Value:
Properties: Read, Write
Handle: 0x0003
UUID: 2A00 (Device Name)
Permissions: Read (no authen/author)
Value
Handle: 0x0003
Type: 2A00 (Device Name)
Value: b'WT-0001'
Permissions: Higher layer specific
Characteristic (0 descriptors)
Declaration
Handle: 0x0004
Type: 2803 (Characteristic declaration)
Value:
Properties: Read
Handle: 0x0005
UUID: 2A01 (Appearance)
Permissions: Read (no authen/author)
Value
Handle: 0x0005
Type: 2A01 (Appearance)
Value: b'\x00\x00'
Permissions: Higher layer specific
Characteristic (0 descriptors)
Declaration
Handle: 0x0006
Type: 2803 (Characteristic declaration)
Value:
Properties: Read
Handle: 0x0007
UUID: 2A04 (Peripheral Preferred Connection Parameters)
Permissions: Read (no authen/author)
Value
Handle: 0x0007
Type: 2A04 (Peripheral Preferred Connection Parameters)
Value: b'\x0c\x00\x18\x00\x00\x00\x90\x01'
Permissions: Higher layer specific
Service (0x0008 - 0x0008, 0 characteristics)
Declaration
Handle: 0x0008
Type: 2800 (Primary Service declaration)
Value: 1801 (Generic Attribute)
Permissions: Read (no authen/author)
Service (0x0009 - 0xffff, 2 characteristics)
Declaration
Handle: 0x0009
Type: 2800 (Primary Service declaration)
Value: 1234 (Unknown)
Permissions: Read (no authen/author)
Characteristic (0 descriptors)
Declaration
Handle: 0x000a
Type: 2803 (Characteristic declaration)
Value:
Properties: Write Without Response
Handle: 0x000b
UUID: 1235 (Unknown)
Permissions: Read (no authen/author)
Characteristic (1 descriptors)
Declaration
Handle: 0x000c
Type: 2803 (Characteristic declaration)
Value:
Properties: Read, Notify
Handle: 0x000d
UUID: 1236 (Unknown)
Permissions: Read (no authen/author)
Value
Handle: 0x000d
Type: 1236 (Unknown)
Value: b''
Permissions: Higher layer specific
Descriptor
Handle: 0x000e
Type: 2902 (Client Characteristic Configuration declaration)
Value: b'\x00\x00'
Permissions: Read (no authen/author), Write (higher layer specifies authen/author)
does that help me in any way :o
Thx and best regards, Jörg