hcitool 没有找到 ble 设备,但 blueman 找到了,bettercap 和 bluetoothctl 也找到了

hcitool does not find ble device but blueman does and so does bettercap and bluetoothctl

我对这个问题很困惑。我有以下设备(这是一款中国智能手表),MAC 地址显示在 blueman 和 bettercap 上,但没有显示在 hcitool 上。

我使用:

sudo  hcitool lescan 
LE Scan ...
C0:28:8D:D6:66:EA 
C0:28:8D:D6:66:EA (unknown)

但是 Q1 EB:15:0C:38:C9:B0 的设备 MAC 地址没有出现。

我试试 bettercap:

sudo bettercap 
» ble.recon on
» [12:01:38] [ble.device.new] new BLE device Q1 detected as EB:15:0C:38:C9:B0 -77 dBm.

不过,我也得到:

当我这样做时:

» ble.show 
│ -76 dBm │ eb:15:0c:38:c9:b0 │               │ Limited Discoverable, BR/EDR Not Supported   │ ✔       │ 12:05:38 │


» ble.enum eb:15:0c:38:c9:b0
[12:07:06] [sys.log] [inf] ble.recon connecting to eb:15:0c:38:c9:b0 ...
»  
┌──────────────┬───────────────────────────────────────────────────────┬──────────────────────────────────────────────────┬────────────────────────────────────────────────┐
│   Handles    │               Service > Characteristics               │                    Properties                    │                      Data                      │
├──────────────┼───────────────────────────────────────────────────────┼──────────────────────────────────────────────────┼────────────────────────────────────────────────┤
│ 0001 -> 0004 │ Generic Attribute (1801)                              │                                                  │                                                │
│ 0003         │     Service Changed (2a05)                            │ BCAST, READ, WRITE, NOTIFY, INDICATE, SIGN WRITE │ 00000000                                       │
│              │                                                       │                                                  │                                                │
│ 0005 -> 000f │ Generic Access (1800)                                 │                                                  │                                                │
│ 0007         │     Device Name (2a00)                                │ READ                                             │ Q1                                             │
│ 0009         │     Appearance (2a01)                                 │ READ                                             │ Unknown                                        │
│ 000b         │     Peripheral Privacy Flag (2a02)                    │ READ                                             │ Privacy Disabled                               │
│ 000d         │     Peripheral Preferred Connection Parameters (2a04) │ READ                                             │ Connection Interval: 224 -> 240                │
│              │                                                       │                                                  │ Slave Latency: 4                               │
│              │                                                       │                                                  │ Connection Supervision Timeout Multiplier: 500 │
│ 000f         │     2aa6                                              │ READ                                             │ 00                                             │
│              │                                                       │                                                  │                                                │
│ 0010 -> 0015 │ 6e400001b5a3f393e0a9e50e24dcca9e                      │                                                  │                                                │
│ 0012         │     6e400003b5a3f393e0a9e50e24dcca9e                  │ NOTIFY                                           │                                                │
│ 0015         │     6e400002b5a3f393e0a9e50e24dcca9e                  │ WRITE                                            │                                                │
│              │                                                       │                                                  │                                                │
│ 0016 -> 002d │ Human Interface Device (1812)                         │                                                  │                                                │
│ 0018         │     Protocol Mode (2a4e)                              │ READ, WRITE                                      │ insufficient encryption                        │
│ 001a         │     Report (2a4d)                                     │ READ, WRITE, NOTIFY                              │ insufficient encryption                        │
│ 001e         │     Report (2a4d)                                     │ READ, WRITE, NOTIFY                              │ insufficient encryption                        │
│ 0022         │     Report (2a4d)                                     │ READ, WRITE, NOTIFY                              │ insufficient encryption                        │
│ 0026         │     Report Map (2a4b)                                 │ READ                                             │ insufficient encryption                        │
│ 0028         │     Boot Mouse Input Report (2a33)                    │ READ, WRITE, NOTIFY                              │ insufficient encryption                        │
│ 002b         │     HID Information (2a4a)                            │ READ                                             │ insufficient encryption                        │
│ 002d         │     HID Control Point (2a4c)                          │ WRITE                                            │                                                │
│              │                                                       │                                                  │                                                │
│ 002e -> 0037 │ fee7                                                  │                                                  │                                                │
│ 0030         │     fec9                                              │ READ, NOTIFY                                     │ ë150c8É°                                       │
│ 0033         │     fea1                                              │ READ, INDICATE                                   │ 07a001009e0100a00100                           │
│ 0036         │     fea2                                              │ READ, WRITE, INDICATE                            │ Ð                                              │
│              │                                                       │                                                  │                                                │
└──────────────┴───────────────────────────────────────────────────────┴──────────────────────────────────────────────────┴────────────────────────────────────────────────┘

但是我不确定这一切意味着什么。我发现 bettercap 很难理解。

» ^D
Are you sure you want to quit this session? y/n y
[12:08:07] [sys.log] [inf] ble.recon stopping scan ...

我也试过 gattool:

sudo gatttool -t random -b EB:15:0C:38:C9:B0 -I
[EB:15:0C:38:C9:B0][LE]> sec-level low
[EB:15:0C:38:C9:B0][LE]> connect
Attempting to connect to EB:15:0C:38:C9:B0
Error: connect to EB:15:0C:38:C9:B0: Device or resource busy (16)
[EB:15:0C:38:C9:B0][LE]> 

对不起,我不知道该怎么办。如果可能的话,我想读写这个设备。我在 Fedora 33 Linux.

在此先感谢您的帮助!

感谢您提供有关 bluetoothctl 的信息。所以,我试了一下,得到:

$ sudo bluetoothctl 
Agent registered
[Q1]# devices 
Device EB:15:0C:38:C9:B0 Q1
Device E0:7B:1F:EB:C1:6C LH719
Device A4:C1:1C:F6:02:92 MS1020
[Q1]#  connect EB:15:0C:38:C9:B0
Attempting to connect to EB:15:0C:38:C9:B0
Connection successful

但是从这里阅读:https://budimir.cc/2020/02/27/ble-on-linux-with-bluetoothctl/ 看来我应该得到比上面更多的信息。

不过,我补充说:

[Q1]# menu gatt


Menu gatt:
Available commands:
-------------------
list-attributes [dev/local]                       List attributes
select-attribute <attribute/UUID>                 Select attribute
attribute-info [attribute/UUID]                   Select attribute
read [offset]                                     Read attribute value
write <data=xx xx ...> [offset] [type]            Write attribute value
acquire-write                                     Acquire Write file descriptor
release-write                                     Release Write file descriptor
acquire-notify                                    Acquire Notify file descriptor
release-notify                                    Release Notify file descriptor
notify <on/off>                                   Notify attribute value
clone [dev/attribute/UUID]                        Clone a device or attribute
register-application [UUID ...]                   Register profile to connect
unregister-application                            Unregister profile
register-service <UUID> [handle]                  Register application service.
unregister-service <UUID/object>                  Unregister application service
register-includes <UUID> [handle]                 Register as Included service in.
unregister-includes <Service-UUID><Inc-UUID>      Unregister Included service.
register-characteristic <UUID> <Flags=read,write,notify...> [handle] Register application characteristic
unregister-characteristic <UUID/object>           Unregister application characteristic
register-descriptor <UUID> <Flags=read,write...> [handle] Register application descriptor
unregister-descriptor <UUID/object>               Unregister application descriptor
back                                              Return to main menu
version                                           Display version
quit                                              Quit program
exit                                              Quit program
help                                              Display help about this program
export                                            Print environment variables

并且似乎确实获得了服务列表(我现在将对其进行调查):

[Q1]# list-attributes 
Primary Service (Handle 0x0100)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e
    0000fee7-0000-1000-8000-00805f9b34fb
    Tencent Holdings Limited.
Characteristic (Handle 0x7da4)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0035
    0000fea2-0000-1000-8000-00805f9b34fb
    Intrepid Control Systems, Inc.
Descriptor (Handle 0x0015)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0035/desc0037
    00002902-0000-1000-8000-00805f9b34fb
    Client Characteristic Configuration
Characteristic (Handle 0x9248)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0032
    0000fea1-0000-1000-8000-00805f9b34fb
    Intrepid Control Systems, Inc.
Descriptor (Handle 0x0015)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0032/desc0034
    00002902-0000-1000-8000-00805f9b34fb
    Client Characteristic Configuration
Characteristic (Handle 0xaf18)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char002f
    0000fec9-0000-1000-8000-00805f9b34fb
    Apple, Inc.
Descriptor (Handle 0x0015)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char002f/desc0031
    00002902-0000-1000-8000-00805f9b34fb
    Client Characteristic Configuration
Primary Service (Handle 0x9d80)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010
    6e400001-b5a3-f393-e0a9-e50e24dcca9e
    Nordic UART Service
Characteristic (Handle 0xd894)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010/char0014
    6e400002-b5a3-f393-e0a9-e50e24dcca9e
    Nordic UART TX
Characteristic (Handle 0xd894)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010/char0011
    6e400003-b5a3-f393-e0a9-e50e24dcca9e
    Nordic UART RX
Descriptor (Handle 0x0015)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010/char0011/desc0013
    00002902-0000-1000-8000-00805f9b34fb
    Client Characteristic Configuration
Primary Service (Handle 0x9d80)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0001
    00001801-0000-1000-8000-00805f9b34fb
    Generic Attribute Profile
Characteristic (Handle 0xff84)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0001/char0002
    00002a05-0000-1000-8000-00805f9b34fb
    Service Changed
Descriptor (Handle 0x0015)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0001/char0002/desc0004
    00002902-0000-1000-8000-00805f9b34fb
    Client Characteristic Configuration
[Q1]# 

hcitool 和 gatttool 是 2017 年 deprecated by the BlueZ 项目中的一些工具。如果您正在学习使用它们的教程,那么它可能已经过时了。现在要使用的正确工具是 bluetoothctl.

如果您是蓝牙新手,那么使用像 nRF Connect 这样的通用蓝牙低功耗扫描和探索工具可能更有助于了解正在发生的事情。阅读 BLE GATT 服务的工作原理将有助于获得 service > Characteristics 信息。

一旦您可以使用这些特征进行读写,您的下一个挑战就是弄清楚 sent/received 中的二进制数据意味着什么,因为看起来它们使用了很多自定义特征。