# Bluetooth Basics * Class 1 External Bluetooth adapter. Provides \~100 yard range. * ### Basics of Interaction * `hciconfig` command is to bluetooth adapters as `ifconfig` is to linux networking interfaces. * View your device ``` hciconfig hci0: Type: Primary Bus: USB BD Address: 00:01:95:79:EF:89 ACL MTU: 310:10 SCO MTU: 64:8 UP RUNNING RX bytes:1252 acl:0 sco:0 events:76 errors:0 TX bytes:2862 acl:0 sco:0 commands:75 errors:0 ``` * Can see `Bus: USB` * Interface name `hci0` * BD Address (our address) `00:01:95:79:EF:89` * Status of our adapter `UP RUNNING` * `ACL MTU: 310:10` * The MTU size for ACL connections. 310 bytes. An ACL buffer size uses 10 packets. * `SCO MTU: 64:8` * The MTU size for SCO connection. 64 bytes. An SCO buffer size uses 8 packets. * UP - The interface is in the UP state. * RUNNING - The interface is currently operational. * PSCAN - The interface will respond to page scan messages. ### Change the name of Adapter ``` hciconfig hci0 name sudo hciconfig hci0 name SECRET hciconfig hci0 name ``` * Names cannot be blank and names cannot be in excess of 248 bytes in length * **BlueZ stack limits devices to 247 byte name length** ### Bring Adapter Up/Down ``` hciconfig hci0: Type: Primary Bus: USB BD Address: 00:01:95:79:EF:89 ACL MTU: 310:10 SCO MTU: 64:8 UP RUNNING RX bytes:1252 acl:0 sco:0 events:76 errors:0 TX bytes:2862 acl:0 sco:0 commands:75 errors:0 ``` ``` hciconfig hci0 down hciconfig hci0 up ``` ### Central v Peripheral Mode * See if your adapter is running in central or peripheral mode ``` hciconfig hci0 lm hci0: Type: Primary Bus: USB BD Address: 00:01:95:79:EF:89 ACL MTU: 310:10 SCO MTU: 64:8 Link mode: PERIPHERAL ACCEPT ``` * Can see we are in peripheral mode * ACCEPT means that the interface will accept new baseband connections from a central device ### View Version ``` hciconfig hci0 version hci0: Type: Primary Bus: USB BD Address: 00:01:95:79:EF:89 ACL MTU: 310:10 SCO MTU: 64:8 HCI Version: 4.0 (0x6) Revision: 0x2031 LMP Version: 4.0 (0x6) Subversion: 0x2031 Manufacturer: Cambridge Silicon Radio (10) ``` ### Enable Discoverable Mode * configure device to be in discoverable mode and allow connections to the interface ``` sudo hciconfig hci0 piscan hciconfig hci0 hci0: Type: Primary Bus: USB BD Address: 00:01:95:79:EF:89 ACL MTU: 310:10 SCO MTU: 64:8 UP RUNNING PSCAN ISCAN RX bytes:1278 acl:0 sco:0 events:79 errors:0 TX bytes:2904 acl:0 sco:0 commands:78 errors:0 ``` * If successful you will see `PSCAN ISCAN` ### Disable Discoverable Mode ``` sudo hciconfig hci0 noscan hciconfig hci0: Type: Primary Bus: USB BD Address: 00:01:95:79:EF:89 ACL MTU: 310:10 SCO MTU: 64:8 UP RUNNING RX bytes:1290 acl:0 sco:0 events:81 errors:0 TX bytes:2943 acl:0 sco:0 commands:80 errors:0 ``` ### PSCAN V ISCAN * PSCAN enabled allows connections to the interface * ISCAN places the device in discoverable mode #### Place device in discoverable mode but dont accept new connections ``` sudo hciconfig hci0 noscan sudo hciconfig hci0 pscan hciconfig hci0 sudo hciconfig hci0 noscan sudo hciconfig hci0 iscan hciconfig hci0 ``` * Should see `UP RUNNING ISCAN` in the output of the second `hciconfig hci0` command #### Restore ability to accept new connections ``` sudo hciconfig hci0 piscan hciconfig hci0 ``` * should see `UP RUNNING PSCAN ISCAN` ### Spoofing Device Class * There are three types of Bluetooth device classes 1-3. * It is important to have the ability to spoof a device in a different class * Some devices might simply ignore your device if it is of the wrong class. * i.e. a headset for phone calls might ignore your device if you are not a phone * case by case basis per manufacturer * change the class for a device * useful site for attaining the codes to act like other devices * ``` hciconfig hci0 class sudo hciconfig hci0 class 0x3e0100 hciconfig hci0 class sudo hciconfig hci0 class 0x84010c hciconfig hci0 class sudo hciconfig hci0 class 0x050204 hciconfig hci0 class ``` ### Scanning for Devices * Basic Scan ``` hcitool -i hci0 scan Scanning ... 98:2C:BC:0E:06:8B BALTIMORE ``` * Detailed Scan ``` hcitool -i hci0 scan --info --class Scanning ... BD Address: 98:2C:BC:0E:06:8B [mode 1, clkoffset 0x717b] Device name: BALTIMORE Device class: Computer, Laptop (0x2a410c) ``` * A better example ``` hcitool -i hci1 scan Scanning ... 00:1F:FF:7C:8A:F2 PR BT 9747 E0:D8:C4:3F:DF:F7 Living Room TV 2 E0:D4:64:55:20:61 dev #1 E0:03:6B:60:9B:4D Samsung CU7000 50 1 E0:03:6B:5E:34:C4 Samsung CU7000 50 hcitool -i hci1 scan --info --class Scanning ... BD Address: E0:D4:64:55:20:61 [mode 1, clkoffset 0x16c2] Device name: dev #1 Device class: Computer, Laptop (0x7c010c) BD Address: E0:03:6B:5E:34:C4 [mode 1, clkoffset 0x6703] Device name: Samsung CU7000 50 Device class: Audio/Video, Video Display and Loudspeaker (0x08043c) BD Address: E0:D8:C4:3F:DF:F7 [mode 1, clkoffset 0x6245] Device name: Living Room TV 2 Device class: Audio/Video, Video Display and Loudspeaker (0x28043c) BD Address: E0:03:6B:60:9B:4D [mode 1, clkoffset 0x188f] Device name: Samsung CU7000 50 1 Device class: Audio/Video, Video Display and Loudspeaker (0x08043c) ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.ice-wzl.xyz/wifi-bluetooth-zigbee-sdr-smartcards/bluetooth-basics.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.