Hi Luiz
On Tue, 22 Mar 2022 at 07:55, Adam Pigg <adam@xxxxxxxxxxx> wrote:
>
> Hi Luiz
>
> On Tue, 22 Mar 2022 at 00:44, Luiz Augusto von Dentz
> <luiz.dentz@xxxxxxxxx> wrote:
> >
> > Hi Adam,
> >
> > On Mon, Mar 21, 2022 at 4:03 PM Adam Pigg <adam@xxxxxxxxxxx> wrote:
> > >
> > > Hi
> > >
> > > A bit of background, I write a linux desktop/mobile app called
> > > Amazfish which interfaces with several watches over BLE using their
> > > GATT services. To do this, I use the bluez dbus api (technically a
> > > thin wrapper around it I wrote called qble
> > > https://github.com/piggz/qble)
> > >
> > > All has been good so far, I support several generations of
> > > Huami/Amazfit watches, as well as the open source Pinetime and
> > > Bangle.js. For the Amazfit watches, i have implementations for older
> > > devies such as the Bip, and newer ones such as the GTS.
> > >
> > > Much of the reverse engineering comes from the Android Gadget Bridge
> > > project, which supports many more devices.
> > >
> > > My community of users donated to buy me a newer device called a GTR2,
> > > which, according to the GB devs uses the same protocol as the slightly
> > > older GTS, and the packet captures I have from Android would support
> > > this.
> > >
> > > But this is where my trouble starts with Bluez, my existing
> > > implementation doesnt work at all. Normally, after a connection, I
> > > would wait for the ServicesResolved signal, which happens pretty fast
> > > on all other devices, but on the GTR2, it takes about 30 seconds, by
> > > which time, the watch has disconnected. (i get a disconnected signal
> > > immediately after the ServicesResolved signal)
> > >
> > > To rule out my code, I have tried several things:
> > > Gatttool
> > > With gattool, i can connect, get the services, enable a notification,
> > > write a value and get the expected results seemingly fine
> > >
> > > Python-gatt (using the bluez dbus api)
> > > Im unable to iterate the services, like my app, it takes 30 seconds to
> > > get the signal and then swiftly disconnects
> > >
> > > Gattlib (https://github.com/labapart/gattlib)
> > > Gattlib is interesting as it appears to have "borrowed" much of its
> > > code directly from bluez. When built against the system bluez, if the
> > > version is > 5.42, it will use the dbus api. When I do this, again im
> > > unable to list services on the watch. However, if I edit the build to
> > > force it to use its internal gatt implementation, which appears to be
> > > the same one used by gatttool, then, it IS able to interrogate the
> > > watch.
> > >
> > > I have attached 3 files
> > > 1. test python program which should print services, and associated btmon
> > > 2. btmon output while using gatttool
> > > 3. btmon output running gattlib discover example
> > >
> > > Note, other than discovery, I havnt been able to get gattlib to
> > > read/write/notify!
> > >
> > > It seems as though I may be triggering a bug in the bluez dbus api?
> > > Can anyone suggest anything?
> >
> > What version are you using? I would first try with the latest to see
> > if that something already fixed.
> >
> >
> Im using 5.63 already, which is the latest tag (on opensuse tumbleweed)
>
> I'll also try bluetoothctl and attach logs using that, though I
> suspect it will behave the same as the python library and my own
> library.
>
Attached is the output of btmon while using bluetoothctl
bluetoothctl behaves the same as my lib and python, it is unable to
list services, and after a while, emits the ServicesResolved and
disconnected messages at the same time. Im sure it should be able to
list the services immediately after connect just like gatttool can.
Thanks
> > --
> > Luiz Augusto von Dentz
bluetoothctl:
[bluetooth]# connect F8:C3:D1:B0:5A:3A
Attempting to connect to F8:C3:D1:B0:5A:3A
[CHG] Device F8:C3:D1:B0:5A:3A Connected: yes
Connection successful
[Amazfit GTR 2]# menu gatt
Menu gatt:
Available commands:
-------------------
list-attributes [dev/local] List attributes
select-attribute <attribute/UUID> Select attribute
attribute-info [attribute/UUID] Select attribute
read [offset] Read attribute value
write <data=xx xx ...> [offset] [type] Write attribute value
acquire-write Acquire Write file descriptor
release-write Release Write file descriptor
acquire-notify Acquire Notify file descriptor
release-notify Release Notify file descriptor
notify <on/off> Notify attribute value
clone [dev/attribute/UUID] Clone a device or attribute
register-application [UUID ...] Register profile to connect
unregister-application Unregister profile
register-service <UUID> [handle] Register application service.
unregister-service <UUID/object> Unregister application service
register-includes <UUID> [handle] Register as Included service in.
unregister-includes <Service-UUID><Inc-UUID> Unregister Included service.
register-characteristic <UUID> <Flags=read,write,notify...> [handle] Register application characteristic
unregister-characteristic <UUID/object> Unregister application characteristic
register-descriptor <UUID> <Flags=read,write...> [handle] Register application descriptor
unregister-descriptor <UUID/object> Unregister application descriptor
back Return to main menu
version Display version
quit Quit program
exit Quit program
help Display help about this program
export Print environment variables
[Amazfit GTR 2]# list-attributes
[Amazfit GTR 2]# list-attributes
[CHG] Device F8:C3:D1:B0:5A:3A ServicesResolved: yes
[CHG] Device F8:C3:D1:B0:5A:3A ServicesResolved: no
[CHG] Device F8:C3:D1:B0:5A:3A Connected: no
[bluetooth]# list-attributes
Missing device address argument
[bluetooth]#
----------
btmon:
piggz@adam-laptop ~ $ sudo btmon
Bluetooth monitor ver 5.63
= Note: Linux version 5.16.14-1-default (x86_64) 0.789481
= Note: Bluetooth subsystem version 2.22 0.789491
= New Index: DC:53:60:51:00:C6 (Primary,USB,hci0) [hci0] 0.789493
= Open Index: DC:53:60:51:00:C6 [hci0] 0.789495
= Index Info: DC:53:60:51:00:C6 (Intel Corp.) [hci0] 0.789497
@ MGMT Open: bluetoothd (privileged) version 1.21 {0x0001} 0.789501
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #1 [hci0] 23.828121
Type: Passive (0x00)
Interval: 60.000 msec (0x0060)
Window: 60.000 msec (0x0060)
Own address type: Public (0x00)
Filter policy: Accept all advertisement (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #2 [hci0] 23.945934
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #3 [hci0] 23.945959
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #4 [hci0] 23.946923
LE Set Scan Enable (0x08|0x000c) ncmd 2
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 40 #5 [hci0] 24.036976
LE Advertising Report (0x02)
Num reports: 1
Event type: Scannable undirected - ADV_SCAN_IND (0x02)
Address type: Random (0x01)
Address: 59:99:99:79:5A:A2 (Resolvable)
Data length: 28
16-bit Service UUIDs (complete): 1 entry
Google (0xfe9f)
Service Data (UUID 0xfe9f): 0000000000000000000000000000000000000000
RSSI: -79 dBm (0xb1)
> HCI Event: LE Meta Event (0x3e) plen 43 #6 [hci0] 24.935972
LE Advertising Report (0x02)
Num reports: 1
Event type: Connectable undirected - ADV_IND (0x00)
Address type: Random (0x01)
Address: F8:C3:D1:B0:5A:3A (Static)
Data length: 31
Flags: 0x02
LE General Discoverable Mode
Company: Anhui Huami Information Technology Co., Ltd. (343)
Data: 02ffffffffffffffffffffffffffffffff02f8c3d1b05a3a
RSSI: -55 dBm (0xc9)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #7 [hci0] 24.936049
Scanning: Disabled (0x00)
Filter duplicates: Disabled (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #8 [hci0] 24.960963
LE Set Scan Enable (0x08|0x000c) ncmd 2
Status: Success (0x00)
< HCI Command: LE Create Connection (0x08|0x000d) plen 25 #9 [hci0] 24.961101
Scan interval: 60.000 msec (0x0060)
Scan window: 60.000 msec (0x0060)
Filter policy: Accept list is not used (0x00)
Peer address type: Random (0x01)
Peer address: F8:C3:D1:B0:5A:3A (Static)
Own address type: Public (0x00)
Min connection interval: 30.00 msec (0x0018)
Max connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Min connection length: 0.000 msec (0x0000)
Max connection length: 0.000 msec (0x0000)
> HCI Event: Command Status (0x0f) plen 4 #10 [hci0] 24.961888
LE Create Connection (0x08|0x000d) ncmd 2
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 19 #11 [hci0] 25.792901
LE Connection Complete (0x01)
Status: Success (0x00)
Handle: 3585
Role: Central (0x00)
Peer address type: Random (0x01)
Peer address: F8:C3:D1:B0:5A:3A (Static)
Connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Central clock accuracy: 0x00
@ MGMT Event: Device Connected (0x000b) plen 44 {0x0001} [hci0] 25.792971
LE Address: F8:C3:D1:B0:5A:3A (Static)
Flags: 0x00000008
Connection Locally Initiated
Data length: 31
Flags: 0x02
LE General Discoverable Mode
Company: Anhui Huami Information Technology Co., Ltd. (343)
Data: 02ffffffffffffffffffffffffffffffff02f8c3d1b05a3a
< HCI Command: LE Read Remote Used Features (0x08|0x0016) plen 2 #12 [hci0] 25.793193
Handle: 3585
> HCI Event: Command Status (0x0f) plen 4 #13 [hci0] 25.793895
LE Read Remote Used Features (0x08|0x0016) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 12 #14 [hci0] 25.841893
LE Read Remote Used Features (0x04)
Status: Success (0x00)
Handle: 3585
Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
LE Encryption
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28 #15 [hci0] 25.841997
Handle: 3585
Random number: 0x4466d17a4fe0a6d4
Encrypted diversifier: 0xdc96
Long term key: 86f2f8d5c8b54af78af65be71cd95bc0
> HCI Event: Command Status (0x0f) plen 4 #16 [hci0] 25.842883
LE Start Encryption (0x08|0x0019) ncmd 1
Status: Success (0x00)
> HCI Event: Encryption Change (0x08) plen 4 #17 [hci0] 26.290886
Status: Success (0x00)
Handle: 3585
Encryption: Enabled with AES-CCM (0x01)
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #18 [hci0] 26.291150
ATT: Exchange MTU Request (0x02) len 2
Client RX MTU: 517
> ACL Data RX: Handle 3585 flags 0x02 dlen 7 #19 [hci0] 26.340636
ATT: Exchange MTU Request (0x02) len 2
Client RX MTU: 247
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #20 [hci0] 26.341105
ATT: Exchange MTU Response (0x03) len 2
Server RX MTU: 517
> HCI Event: Number of Completed Packets (0x13) plen 5 #21 [hci0] 26.341885
Num handles: 1
Handle: 3585
Count: 1
> HCI Event: Number of Completed Packets (0x13) plen 5 #22 [hci0] 26.391907
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 7 #23 [hci0] 26.440658
ATT: Exchange MTU Response (0x03) len 2
Server RX MTU: 252
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #24 [hci0] 26.441186
ATT: Read Request (0x0a) len 2
Handle: 0x0032
> HCI Event: Number of Completed Packets (0x13) plen 5 #25 [hci0] 26.490891
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 12 #26 [hci0] 26.540658
ATT: Read Response (0x0b) len 7
Value: 01570140000101
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #27 [hci0] 26.541145
ATT: Read Request (0x0a) len 2
Handle: 0x0016
> HCI Event: Number of Completed Packets (0x13) plen 5 #28 [hci0] 26.640888
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 19 #29 [hci0] 26.641236
ATT: Read Response (0x0b) len 14
Value: 416d617a66697420475452203200
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #30 [hci0] 26.641557
ATT: Read Request (0x0a) len 2
Handle: 0x0018
> HCI Event: Number of Completed Packets (0x13) plen 5 #31 [hci0] 26.690889
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 7 #32 [hci0] 29.073366
ATT: Exchange MTU Request (0x02) len 2
Client RX MTU: 247
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #33 [hci0] 29.073754
ATT: Exchange MTU Response (0x03) len 2
Server RX MTU: 247
> HCI Event: Number of Completed Packets (0x13) plen 5 #34 [hci0] 29.090909
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 11 #35 [hci0] 29.790616
ATT: Read By Type Request (0x08) len 6
Handle range: 0x0001-0xffff
Attribute type: Characteristic (0x2803)
< ACL Data TX: Handle 3585 flags 0x00 dlen 27 #36 [hci0] 29.791232
< ACL Data TX: Handle 3585 flags 0x01 dlen 27 #37 [hci0] 29.791274
< ACL Data TX: Handle 3585 flags 0x01 dlen 8 #38 [hci0] 29.791289
ATT: Read By Type Response (0x09) len 57
Attribute data length: 7
Attribute data list: 8 entries
Handle: 0x0002
Value: 020300002a
Handle: 0x0004
Value: 020500012a
Handle: 0x0006
Value: 020700a62a
Handle: 0x0009
Value: 200a00052a
Handle: 0x000c
Value: 0a0d00292b
Handle: 0x000e
Value: 020f002a2b
Handle: 0x0010
Value: 0211003a2b
Handle: 0x0013
Value: 021400502a
> HCI Event: Number of Completed Packets (0x13) plen 5 #39 [hci0] 29.840901
Num handles: 1
Handle: 3585
Count: 1
> HCI Event: Number of Completed Packets (0x13) plen 5 #40 [hci0] 29.841879
Num handles: 1
Handle: 3585
Count: 1
> HCI Event: Number of Completed Packets (0x13) plen 5 #41 [hci0] 29.842882
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 11 #42 [hci0] 29.890579
ATT: Read By Type Request (0x08) len 6
Handle range: 0x0014-0xffff
Attribute type: Characteristic (0x2803)
< ACL Data TX: Handle 3585 flags 0x00 dlen 9 #43 [hci0] 29.890738
ATT: Error Response (0x01) len 4
Read By Type Request (0x08)
Handle: 0x0014
Error: Attribute Not Found (0x0a)
> HCI Event: Number of Completed Packets (0x13) plen 5 #44 [hci0] 29.940895
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 11 #45 [hci0] 29.990588
ATT: Read By Type Request (0x08) len 6
Handle range: 0x0001-0xffff
Attribute type: Device Name (0x2a00)
< ACL Data TX: Handle 3585 flags 0x00 dlen 18 #46 [hci0] 29.991016
ATT: Read By Type Response (0x09) len 13
Attribute data length: 12
Attribute data list: 1 entry
Handle: 0x0003
Value: 426c75655a20352e3633
> HCI Event: Number of Completed Packets (0x13) plen 5 #47 [hci0] 30.040906
Num handles: 1
Handle: 3585
Count: 1
< HCI Command: Disconnect (0x01|0x0006) plen 3 #48 [hci0] 58.673128
Handle: 3585
Reason: Remote User Terminated Connection (0x13)
> HCI Event: Command Status (0x0f) plen 4 #49 [hci0] 58.790939
Disconnect (0x01|0x0006) ncmd 1
Status: Success (0x00)
> HCI Event: Disconnect Complete (0x05) plen 4 #50 [hci0] 58.791937
Status: Success (0x00)
Handle: 3585
Reason: Connection Terminated By Local Host (0x16)
@ MGMT Event: Device Disconnected (0x000c) plen 8 {0x0001} [hci0] 58.791993
LE Address: F8:C3:D1:B0:5A:3A (Static)
Reason: Connection terminated by local host (0x02)
