hcitool
Monitor & Configure Bluetooth connections
hcitool [-i ] [command [command parameters]]
Monitor & Configure Bluetooth connections and send special commands to Bluetooth devices.
-i hciX |
The command is applied to hciX , an installed Bluetooth device. Default first available .
|
COMMANDS
inq Inquire remote devices, address, clock offset and class are output.
Command times out after 10 seconds.Inquiring ...
60:FB:42:83:72:48 clock offset: 0x22ef class: 0x38010c
MacBookPro
As seen by hcidump -t -X
19:35:34.767470 < HCI Command: Inquiry (0x01|0x0001) plen 5
lap 0x9e8b33 len 8 num 0
19:35:34.768011 > HCI Event: Command Status (0x0f) plen 4
Inquiry (0x01|0x0001) status 0x00 ncmd 1
19:35:45.010964 > HCI Event: Inquiry Complete (0x01) plen 1
status 0x00
19:35:50.314392 < HCI Command: Inquiry (0x01|0x0001) plen 5
lap 0x9e8b33 len 8 num 0
19:35:50.314981 > HCI Event: Command Status (0x0f) plen 4
Inquiry (0x01|0x0001) status 0x00 ncmd 1
19:36:00.557232 > HCI Event: Inquiry Complete (0x01) plen 1
status 0x00
19:36:04.842860 < HCI Command: Inquiry (0x01|0x0001) plen 5
lap 0x9e8b33 len 8 num 0
| scan
lescan [--duplicates] Inquire remote devices. Outputs address and device name. .> hcitool scan
Scanning ...
60:FB:42:83:72:48 smackerpro
> hcitool lescan # Does not stop
LE Scan ...
C4:C1:A5:FB:6D:46 (unknown)
C4:C1:A5:FB:6D:46 RuuviBoot
F2:C0:C6:43:AD:03 (unknown)
F7:FA:74:4A:1E:1A (unknown)
F0:85:49:CD:59:EB (unknown)
F0:85:49:CD:59:EB One
D3:51:78:72:EC:0F (unknown) ^C
--duplicates shows (annoying) duplicate s
Once an lescan has been issued subsequent attempts will report:
Set scan parameters failed: Input/output error
| tip: export b='60:FB:42:83:72:48' and use $b for other commands
| name bdaddr output device name of remote device times out after 5 seconds. hcitool name 60:FB:42:83:72:48
smackerpro
| info bdaddr output device name, version and supported features of remote device with Bluetooth address bdaddr. hcitool info $b
Requesting information ...
BD Address: 60:FB:42:83:72:48 OUI Company: Apple (60-FB-42)
Device Name: smackerpro
LMP Version: 2.1 (0x4) LMP Subversion: 0x21d0
Manufacturer: Broadcom Corporation (15)
Features page 0: 0xff 0xff 0x8f 0xfe 0x9b 0xff 0x79 0x83 Following not in order
<3-slot packets> <5-slot packets> <encryption> <slot offset>
<timing accuracy> <role switch> <hold mode> <sniff mode>
<park state> <RSSI> <channel quality> <SCO link> <HV2 packets> <HV3 packets>
<u-law log> <A-law log> <CVSD> <paging scheme>
<power control> <transparent SCO> <broadcast encrypt>
<interlaced iscan> <interlaced pscan> <inquiry with RSSI> <enhanced iscan>
<extended SCO> <EV4 packets> <EV5 packets>
<AFH cap. slave> <AFH class. slave> <AFH cap. master> <AFH class. master>
<sniff subrating> <pause encryption>
<EDR eSCO 2 Mbps> <EDR eSCO 3 Mbps>
<EDR ACL 2 Mbps> <EDR ACL 3 Mbps>
<3-slot EDR ACL> <5-slot EDR ACL>
<3-slot EDR eSCO>
<extended inquiry> <simple pairing>
<encapsulated PDU> <err. data report> <non-flush flag> <LSTO>
<inquiry TX power> <extended features>
Features page 1: 01 00 00 00 00 00 00 00
BD Address: 4C:32:75:97:3B:AE
Device Name: smacpro
LMP Version: (8) LMP Subversion: 2199
Manufacturer: Broadcom Corporation (15)
Features page 0: bf fe cf fe db ff 7b 87 (in addition to those for smackerpro)
<LE support> <LE and BR/EDR> <EPC>
but does not report <hold mode> or <park state>
Features page 1: 07 00 00 00 00 00 00 00
Features page 2: 3F 0B 00 00 00 00 00 00
| con Display active connections Connections:
< ACL 4C:32:75:97:3B:AE handle 12 state 1 lm SLAVE
or null
Always returns 0 !
| cc [--role=m|s]
[--pkt-type=ptypes] bdaddr
Create connection
m (stay master) or s (allow role switch, become slave if the peer wants master). Default m .
ptype is a comma-separated list DM1, DM3, DM5, DH1, DH3, DH5, HV1, HV2, HV3. Default all
hcitool cc $b;hcitool lq $b
Link quality: 255
Can't create connection: Connection timed out
Always returns 0 !
|
These commands require a connection cc $b
At any moment a particular bluetooth device may not accept a connection.
Trying again may be successful!
| rssi bdaddr received signal strength hcitool cc $b && d hcitool rssi $b
RSSI return value: -22
| lq bdaddr link quality
hcitool cc $b && d hcitool lq $b
Link quality: 255
| tpl bdaddr [1] Display transmit power level ; 1 for maximum
| afh bdaddr AFH channel map hcitool cc $b && d hcitool afh $b
AFH map: 0x00000000000000000000
| lp bdaddrr [lpol]
With no value, displays link policy
If value is given, sets the link policy settings. Possible values are RSWITCH, HOLD, SNIFF and PARK.
hcitool cc $b && d hcitool lp $b
Link policy settings: RSWITCH SNIFF
Returns 1 if "HCI read_link_policy_settings request failed: Input/output error"
| lst bdaddr [slots]
With no value, displays link supervision timeout.
is given, sets connection to value slots, or to infinite if value is 0. hcitool cc $b && d hcitool lst $b
Link supervision timeout: 32000 slots (20 000.00 msec)
| clkoff bdaddr Display the clock offset
| clock [bdaddr] [0] Display the clock 0 for the local clock or 1 for the piconet clock (default).
hcitool cc $b && d hcitool clock $b 1
Clock: 0xe9c4ba6
Accuracy: 0.00 msec
hcitool cc $b && d hcitool clock $b 0
Can't create connection: Connection timed out
Clock: 0x24209d6
Accuracy: 0.00 msec
hcitool cc $b && d hcitool clock $b 1 && d hcitool clock $b 0 ; usually fails
Clock: 0xe9ddb45
Accuracy: 0.00 msec
Clock: 0x24bf4e4
Accuracy: 0.00 msec
auth bdaddr Request authentication
| sr bdaddr role Switch role
| cpt bdaddr ptypes Change packet types comma-separated list of packet types
| enc bdaddr [encrypt enable] Enable or disable the encryption
| key bdaddr Change the connection link key
|
| lewlsz Read size of LE White List
| lewladd Add device to LE White List
| lewlrm Remove device from LE White List
| lewlclr Clear LE White list
|
| lecc Create a LE Connection
| lecup LE Connection UpdateAccuracy: 0.00 msec
| ledc Disconnect a LE Connection
| dc bdaddr [reason]
Delete connection. reason is a decimal
error codes. Default is 19 for user ended connections.
|
dev Display local devices hcitool dev
Devices:
hci0 B8:27:EB:96:64:43
| cmd ogf ocf [parameters] | Submit an arbitrary command to local device. ogf, ocf and parameters are hexadecimal.
Example: hcitool cmd 0x3f 0x15
< HCI Command: ogf 0x3f, ocf 0x0015, plen 0
> HCI Event: 0x0e plen 6
01 15 FC 30 14 16
| spinq Start periodic inquiry process. No inquiry results are output
| epinq Exit periodic inquiry process.
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
HELP
Commands:
dev Display local devices
inq Inquire remote devices
scan Scan for remote devices
name Get name from remote device
info Get information from remote device
spinq Start periodic inquiry
epinq Exit periodic inquiry
cmd Submit arbitrary HCI commands
con Display active connections
cc Create connection to remote device
dc Disconnect from remote device
sr Switch master/slave role
cpt Change connection packet type
rssi Display connection RSSI
lq Display link quality
tpl Display transmit power level
afh Display AFH channel map
lp Set/display link policy settings
lst Set/display link supervision timeout
auth Request authentication
enc Set connection encryption
key Change connection link key
clkoff Read clock offset
clock Read local or remote clock
lescan Start LE scan
lewladd Add device to LE White List
lewlrm Remove device from LE White List
lewlsz Read size of LE White List
lewlclr Clear LE White list
lecc Create a LE Connection
ledc Disconnect a LE Connection
lecup LE Connection Update
Inquiry scan (slave)
An unconnected Bluetooth device that wants to be "discovered" by a master device will periodically enter the inquiry scan state; in this state, the device activates its receiver and listens for inquiries.
It must enter this state at least every 2.56 seconds (4096 slots).
It listens on a channel, for at least 10ms (16 slots).
A different channel is selected every 1.28 seconds (2048 slots).
The channels and the hopping sequence are calculated from the general inquiry address.
Inquiry (master)
When commanded to enter the inquiry state, the master device starts to transmit, using 16 channels used for inquiries.
During every even numbered slot it transmits two ID packets on two channels and
during the following slot it listens on those channels for a slave's response (an FHS
packet).
In the next two time slots 1/16th second aka 625ms it uses the next two channels, the hopping sequence (of 16 channels) repeats every 10ms (16 slots).
The 16 slot sequence must be repeated at least 256 times (i.e. for at least 2.56 seconds) before switching to the other set of channels.
Don't bother using a null address
hcitool info 00:00:00:00:00:00
Requesting information ...
BD Address: 00:00:00:00:00:00
OUI Company: XEROX CORPORATION (00-00-00)
Features: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
see notes
In order to run without root i.e. without sudo:
sudo setcap 'cap_net_raw,cap_net_admin+eip' `which hcitool`
sudo setcap 'cap_net_raw,cap_net_admin+eip' `which hcidump`
hci0: Type: BR/EDR Bus: UART
BD Address: B8:27:EB:96:64:43 ACL MTU: 1021:8 SCO MTU: 64:1
UP RUNNING
RX bytes:3405617 acl:720 sco:0 events:100851 errors:0
TX bytes:33782 acl:720 sco:0 commands:1749 errors:0
Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH SNIFF
Link mode: SLAVE ACCEPT
Name: 'piw'
Class: 0x0c0000
Service Classes: Rendering, Capturing
Device Class: Miscellaneous,
HCI Version: 4.1 (0x7) Revision: 0x145
LMP Version: 4.1 (0x7) Subversion: 0x2209
Manufacturer: Broadcom Corporation (15)
hciconfig
configure Bluetooth devices
hciconfig [-a] [hciX] [command [command parameters]]
hciX
is the name of a Bluetooth device
Without device lists all devices.
If no command is given, outputs basic information on device hciX only. i.e. interface type, BD address, ACL MTU,
SCO MTU, flags (up, init, running, raw, page scan enabled, inquiry scan enabled, inquiry, authentication enabled, encryption
enabled).
> hciconfig
hci0: Type: BR/EDR Bus: UART
BD Address: B8:27:EB:96:64:43 ACL MTU: 1021:8 SCO MTU: 64:1
UP RUNNING
RX bytes:4906690 acl:0 sco:0 events:156404 errors:0
TX bytes:19644 acl:0 sco:0 commands:1020 errors:0
-a, --all
Includes: features, packet type, link policy, link mode, name, class, version.
> hciconfig -a
hci0: Type: BR/EDR Bus: UART
BD Address: B8:27:EB:96:64:43 ACL MTU: 1021:8 SCO MTU: 64:1
UP RUNNING
RX bytes:4906690 acl:0 sco:0 events:156404 errors:0
TX bytes:19644 acl:0 sco:0 commands:1020 errors:0
Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH SNIFF
Link mode: SLAVE ACCEPT
Name: 'piw'
Class: 0x0c0000
Service Classes: Rendering, Capturing
Device Class: Miscellaneous,
HCI Version: 4.1 (0x7) Revision: 0x145
LMP Version: 4.1 (0x7) Subversion: 0x2209
Manufacturer: Broadcom Corporation (15)
up Open and initialize HCI device.
| down Close HCI device.
| reset Reset HCI device.
| rstat Reset statistic counters.
| [no]auth Enable authentication (sets device to security mode 3).
| [no]encrypt Enable encryption (sets device to security mode 3).
| [no]secmgr Enable security manager
| [no]piscan Enable page and inquiry scan.
| iscan Enable inquiry scan, disable page scan.
| pscan Enable page scan, disable inquiry scan.
| delkey bdaddr deletes the stored link key for bdaddr from the device.
|
for the following, hcix is required
If no argument is specified command displays the current setting.
de
All report hci0: Type: Primary Bus: UART
BD Address: B8:27:EB:08:E2:A5 ACL MTU: 1021:8 SCO MTU: 64:1 then information
These exxamples are for Raspian strech on a
| ptype [type[,type...] packet types, DM1, DM3, DM5, DH1, DH3, DH5, HV1, HV2, HV3 Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
| name [name] local name (??)Name: 'class'
| class [class] class is a 24-bit hex number, See section 1.2 of the Bluetooth Assigned Numers Class: 0x000000
Service Classes: Unspecified
Device Class: Miscellaneous,
voice [voice] is a 16-bit hex number describing the voice setting.Voice setting: 0x0060 (Default Condition)
Input Coding: Linear
Input Data Format: 2's complement
Input Sample Size: 16 bit
# of bits padding at MSB: 0
Air Coding Format: CVSD
| iac [iac] IAC: 0x9e8b33
| inqtpl [level] Inquiry transmit power level: 0
| inqmode [mode] Inquiry mode: Inquiry with RSSI or Extended Inquiry
| inqdata [data] FEC disabled
09 09 70 69 39 33 67 72 61 66 02 0a 00 09 10 02
00 6b 1d 46 02 32 05 05 03 0e 11 0c 11 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
…
Complete local name: 'pi93graf'
TX power level: 0
Device ID with 8 bytes data
Complete service classes: 0x110e 0x110c
| inqtype [type] Inquiry scan type: Standard Inquiry Scan
| inqparams [win:int] Inquiry interval: 4096 slots (2560.00 ms), window: 18 slots (11.25 ms)
| pageparms [win:int] | Page interval: 2048 slots (1280.00 ms), window: 18 slots (11.25 ms)
| pageto [to] Page timeout: 8192 slots (5120.00 ms)
| afhmode [mode]AFH mode: Enabled
| sspmode [mode]Simple Pairing mode: Enabled
| aclmtu mtu:pkt Sets ACL MTU to mtu bytes and buffer size to pkt
| scomtu mtu:pkt Sets SCO MTU to mtu bytes and buffer size to pkt
| oobdata Get local OOB data (invalidates previously read data). sudo hciconfig hci0 oobdata
hci0: Type: Primary Bus: UART
BD Address: B8:27:EB:08:E2:A5 ACL MTU: 1021:8 SCO MTU: 64:1
OOB Hash: 63 52 be ed e3 7c 5a 03 8f c0 50 2b e3 ce 98 66
Randomizer: a2 40 b9 0a 1e db 5e 90 10 94 7f 5e 1d e2 59 33
commands hciconfig hci0 commands
hci0: Type: Primary Bus: UART
BD Address: B8:27:EB:08:E2:A5 ACL MTU: 1021:8 SCO MTU: 64:1
Commands: Octet 0 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 1 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 2 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 3 = 0x03 (Bit 0 1)
Octet 4 = 0xcc (Bit 2 3 6 7)
Octet 5 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 6 = 0xef (Bit 0 1 2 3 5 6 7)
Octet 7 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 8 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 9 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 10 = 0xec (Bit 2 3 5 6 7)
Octet 11 = 0x1f (Bit 0 1 2 3 4)
Octet 12 = 0xf2 (Bit 1 4 5 6 7)
Octet 13 = 0x0f (Bit 0 1 2 3)
Octet 14 = 0xe8 (Bit 3 5 6 7)
Octet 15 = 0xfe (Bit 1 2 3 4 5 6 7)
Octet 16 = 0x3f (Bit 0 1 2 3 4 5)
Octet 17 = 0xf7 (Bit 0 1 2 4 5 6 7)
Octet 18 = 0x8f (Bit 0 1 2 3 7)
Octet 19 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 20 = 0x1c (Bit 2 3 4)
Octet 22 = 0x04 (Bit 2)
Octet 24 = 0x61 (Bit 0 5 6)
Octet 25 = 0xf7 (Bit 0 1 2 4 5 6 7)
Octet 26 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 27 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 28 = 0x7f (Bit 0 1 2 3 4 5 6)
Octet 29 = 0xf8 (Bit 3 4 5 6 7)
Octet 30 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 31 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 32 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 33 = 0xff (Bit 0 1 2 3 4 5 6 7)
Octet 34 = 0x07 (Bit 0 1 2)
Octet 35 = 0x08 (Bit 3)
Octet 41 = 0x08 (Bit 3)
'Inquiry' 'Inquiry Cancel' 'Periodic Inquiry Mode'
'Exit Periodic Inquiry Mode' 'Create Connection' 'Disconnect'
'Add SCO Connection' 'Cancel Create Connection'
'Accept Connection Request' 'Reject Connection Request'
'Link Key Request Reply' 'Link Key Request Negative Reply'
'PIN Code Request Reply' 'PIN Code Request Negative Reply'
'Change Connection Packet Type' 'Authentication Requested'
'Set Connection Encryption' 'Change Connection Link Key'
'Master Link Key' 'Remote Name Request' 'Cancel Remote Name Request'
'Read Remote Supported Features' 'Read Remote Extended Features'
'Read Remote Version Information' 'Read Clock Offset'
'Read LMP Handle' 'Sniff Mode' 'Exit Sniff Mode' 'QoS Setup'
'Role Discovery' 'Switch Role' 'Read Link Policy Settings'
'Write Link Policy Settings' 'Read Default Link Policy Settings'
'Write Default Link Policy Settings' 'Flow Specification'
'Set Event Mask' 'Reset' 'Set Event Filter' 'Flush' 'Read PIN Type'
'Write PIN Type' 'Read Stored Link Key' 'Write Stored Link Key'
'Delete Stored Link Key' 'Write Local Name' 'Read Local Name'
'Read Connection Accept Timeout' 'Write Connection Accept Timeout'
'Read Page Timeout' 'Write Page Timeout' 'Read Scan Enable'
'Write Scan Enable' 'Read Page Scan Activity'
'Write Page Scan Activity' 'Read Inquiry Scan Activity'
'Write Inquiry Scan Activity' 'Read Authentication Enable'
'Write Authentication Enable' 'Read Encryption Mode'
'Write Encryption Mode' 'Read Class Of Device' 'Write Class Of Device'
'Read Voice Setting' 'Write Voice Setting'
'Read Automatic Flush Timeout' 'Write Automatic Flush Timeout'
'Read Num Broadcast Retransmissions'
'Write Num Broadcast Retransmissions' 'Read Transmit Power Level'
'Read Synchronous Flow Control Enable'
'Set Host Controller To Host Flow Control' 'Host Buffer Size'
'Host Number Of Completed Packets' 'Read Link Supervision Timeout'
'Write Link Supervision Timeout' 'Read Number of Supported IAC'
'Read Current IAC LAP' 'Write Current IAC LAP'
'Set AFH Channel Classification' 'Read Inquiry Scan Type'
'Write Inquiry Scan Type' 'Read Inquiry Mode' 'Write Inquiry Mode'
'Read Page Scan Type' 'Write Page Scan Type'
'Read AFH Channel Assessment Mode' 'Write AFH Channel Assessment Mode'
'Read Local Version Information' 'Read Local Supported Features'
'Read Local Extended Features' 'Read Buffer Size' 'Read BD ADDR'
'Read Failed Contact Counter' 'Reset Failed Contact Counter'
'Get Link Quality' 'Read RSSI' 'Read AFH Channel Map' 'Read BD Clock'
'Read Loopback Mode' 'Write Loopback Mode'
'Enable Device Under Test Mode' 'Setup Synchronous Connection'
'Accept Synchronous Connection' 'Reject Synchronous Connection'
'Read Extended Inquiry Response' 'Write Extended Inquiry Response'
'Refresh Encryption Key' 'Sniff Subrating' 'Read Simple Pairing Mode'
'Write Simple Pairing Mode' 'Read Local OOB Data'
'Read Inquiry Response Transmit Power Level'
'Write Inquiry Transmit Power Level'
'Read Default Erroneous Data Reporting'
'Write Default Erroneous Data Reporting' 'IO Capability Request Reply'
'User Confirmation Request Reply'
'User Confirmation Request Negative Reply'
'User Passkey Request Reply' 'User Passkey Request Negative Reply'
'Remote OOB Data Request Reply' 'Write Simple Pairing Debug Mode'
'Enhanced Flush' 'Remote OOB Data Request Negative Reply'
'Send Keypress Notification' 'IO Capability Request Negative Reply'
'Read Encryption Key Size' 'Set Event Mask Page 2'
'Read Enhanced Transmit Power Level' 'Read LE Host Support'
'Write LE Host Support' 'LE Set Event Mask' 'LE Read Buffer Size'
'LE Read Local Supported Features' 'LE Set Random Address'
'LE Set Advertising Parameters' 'LE Read Advertising Channel TX Power'
'LE Set Advertising Data' 'LE Set Scan Response Data'
'LE Set Advertise Enable' 'LE Set Scan Parameters'
'LE Set Scan Enable' 'LE Create Connection'
'LE Create Connection Cancel' 'LE Read White List Size'
'LE Clear White List' 'LE Add Device To White List'
'LE Remove Device From White List' 'LE Connection Update'
'LE Set Host Channel Classification' 'LE Read Channel Map'
'LE Read Remote Used Features' 'LE Encrypt' 'LE Rand'
'LE Start Encryption' 'LE Long Term Key Request Reply'
'LE Long Term Key Request Negative Reply' 'LE Read Supported States'
'LE Receiver Test' 'LE Transmitter Test' 'LE Test End'
features hciconfig hci0 features
hci0: Type: Primary Bus: UART
BD Address: B8:27:EB:08:E2:A5 ACL MTU: 1021:8 SCO MTU: 64:1
Features page 0: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
<3-slot packets> <5-slot packets> <encryption> <slot offset>
<timing accuracy> <role switch> <sniff mode> <RSSI>
<channel quality> <SCO link> <HV2 packets> <HV3 packets>
<u-law log> <A-law log> <CVSD> <paging scheme> <power control>
<transparent SCO> <broadcast encrypt> <EDR ACL 2 Mbps>
<EDR ACL 3 Mbps> <enhanced iscan> <interlaced iscan>
<interlaced pscan> <inquiry with RSSI> <extended SCO>
<EV4 packets> <EV5 packets> <AFH cap. slave>
<AFH class. slave> <LE support> <3-slot EDR ACL>
<5-slot EDR ACL> <sniff subrating> <pause encryption>
<AFH cap. master> <AFH class. master> <EDR eSCO 2 Mbps>
<EDR eSCO 3 Mbps> <3-slot EDR eSCO> <extended inquiry>
<LE and BR/EDR> <simple pairing> <encapsulated PDU>
<err. data report> <non-flush flag> <LSTO> <inquiry TX power>
<EPC> <extended features>
Features page 1: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Features page 2: 0x7f 0x0b 0x00 0x00 0x00 0x00 0x00 0x00
version HCI Version: 4.2 (0x8) Revision: 0x118
LMP Version: 4.2 (0x8) Subversion: 0x6119
Manufacturer: Broadcom Corporation (15)
| revision Firmware 24.97 / 25
| lm [mode] link mode.
MASTER or SLAVE mean, ask to become master or to remain slave when a connection request comes in.
NONE or a comma-separated list MASTER and ACCEPT .
NONE sets link policy to the default behaviour of remaining slave and not accepting baseband connections when there are no listening AF_BLUETOOTH sockets.
ACCEPT accept baseband connections even when there are no listening AF_BLUETOOTH sockets.
MASTER ask to become master if a connection request comes in.
Link mode: SLAVE ACCEPT
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
dmesg|grep -i blue|more
[ 9.521389] Bluetooth: Core ver 2.22
[ 9.521475] Bluetooth: HCI device and connection manager initialized
[ 9.521494] Bluetooth: HCI socket layer initialized
[ 9.521506] Bluetooth: L2CAP socket layer initialized
[ 9.521540] Bluetooth: SCO socket layer initialized
[ 9.550942] Bluetooth: HCI UART driver ver 2.3
[ 9.550954] Bluetooth: HCI UART protocol H4 registered
[ 9.550959] Bluetooth: HCI UART protocol Three-wire (H5) registered
[ 9.551122] Bluetooth: HCI UART protocol Broadcom registered
[ 9.831008] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 9.831014] Bluetooth: BNEP filters: protocol multicast
[ 9.831025] Bluetooth: BNEP socket layer initialized
Errors
In some cases hcitool lescan # no required
Set scan parameters failed: Input/output error
A
following sequence has been known to help
hciconfig hci0 down
hciconfig hci0 up
service bluetooth restart
service dbus restart
hciconfig hci0 reset
hcidump
Continuous Bluetooth Device Discovery "Inquisition"
github
gatttool
bluetoothctl
hciattach
attach serial devices via UART HCI to BlueZ stack
hciattach [-b] [-n] [-p] [-t timeout]
[-s speed] [-l] [-r] tty
[type|id ] [no]]sleep] [[no]flow]] [bdaddr
Attach a serial UART to the Bluetooth stack as HCI transport interface.
-l |sort List all available configurations.
any 0x0000,0x0000
3com 0x0101,0x0041
3wire 0x0000,0x0000
amp 0x0000,0x0000
ath3k 0x0000,0x0000
bboxes 0x0160,0x0002
bcm2035 0x0a5c,0x2035
bcm43xx 0x0000,0x0000
bcm43xx-3wire0x0000,0x0000
bcsp 0x0000,0x0000
bgb2xx 0x0000,0x0000
billionton0x0279,0x950b
bt2000c 0x022d,0x2000
comone 0xffff,0x0101
csr 0x0000,0x0000
digi 0x0000,0x0000
ericsson 0x0000,0x0000
intel 0x0000,0x0000
inventel 0x0000,0x0000
qualcomm 0x0000,0x0000
philips 0x0000,0x0000
picocard 0x025e,0x1000
sitecom 0x0279,0x950b
socket 0x0104,0x0096
st 0x0000,0x0000
stlc2500 0x0000,0x0000
swave 0x0000,0x0000
tdk 0x0105,0x4254
texas 0x0000,0x0000
texasalt 0x0000,0x0000
xircom 0x0105,0x080a
zoom 0x0279,0x950b
| | | |
| -b Send break.
| -n Don't detach from controlling terminal.
| -p output the PID when detaching.
| -t timeout initialization timeout. (Default is 5 seconds.)
| -s speed initial speed instead of the hardware default.
9600, 19200, 38400, 57600, 115200, 230400, 460800, 921600 N.B. 921600 may cause problems espically on raspberry pi.
Note also that /usr/bin/btuart sets speed to 3000000 .
| -r Set to raw mode (the kernel and bluetoothd will ignore it).
| tty the serial device to attach. leading /dev can be omitted. Examples: /dev/ttyS1 ttyS2
type|id
Type:
any Unspecified HCI_UART interface, no vendor specific options
| ericsson
| digi Digianswer based cards
| xircom PCMCIA cards: Credit Card Adapter and Real Port Adapter
| csr CSR Casira serial adapter or BrainBoxes serial dongle (BL642)
| bboxes BrainBoxes PCMCIA card (BL620)
| swave Silicon Wave kits
| bcsp Serial adapters using CSR chips with BCSP Serial Protocol
| ath3k Atheros AR300x based
| intel
| | | | | | | | | | |
IDs (manufacturer id, product id)
0x0105, 0x080a | Xircom PCMCIA cards: Credit Card Adapter and Real Port Adapter
| 0x0160, 0x0002 | BrainBoxes PCMCIA card (BL620)
|
| [no]sleep Enables hardware specific power management feature.
| [no]flow hardware flow control is forced on the serial link ( CRTSCTS).
| bdaddr example: b8:27:eb:e3:a4:6c
Some devices (like the STLC2500) do not store the Bluetooth address in
hardware memory, it must be uploaded during initialization .
| | | | | | | | | | | | | |
Example
From raspberry pi:/usr/bin/btuart
#!/bin/sh
# speed of 921600 has been known to cause errors use 460800 instead (https://blog.ruuvi.com/rpi-gateway-6e4a5b676510)
HCIATTACH=/usr/bin/hciattach
SERIAL=`cat /proc/device-tree/serial-number | cut -c9-` # example : 98490ec6 use only last 6 digits
B1=`echo $SERIAL | cut -c3-4` # 49 actually BYTE4, 5 and 6 since first 3 bytes are raspberry pi defined as B8:27:EB
B2=`echo $SERIAL | cut -c5-6` # 0e xor AA => A4
B3=`echo $SERIAL | cut -c7-8` # c6 xor AA => 6C
BDADDR=`printf b8:27:eb:%02x:%02x:%02x $((0x$B1 ^ 0xaa)) $((0x$B2 ^ 0xaa)) $((0x$B3 ^ 0xaa))` # example: b8:27:eb:e3:a4:6c
uart0="`cat /proc/device-tree/aliases/uart0`" # /soc/serial@7e201000
serial1="`cat /proc/device-tree/aliases/serial1`" # /soc/serial@7e201000
if [ "$uart0" = "$serial1" ] ; then
uart0_pins="`wc -c /proc/device-tree/soc/gpio@7e200000/uart0_pins/brcm\,pins | cut -f 1 -d ' '`"
# 00 00 00 1e 00 00 00 1f 00 00 00 20 00 00 00 21 i.e. 16
if [ "$uart0_pins" = "16" ] ; then # pi zero w
$HCIATTACH /dev/serial1 bcm43xx 3000000 flow - $BDADDR # looks like flow is important
else
$HCIATTACH /dev/serial1 bcm43xx 921600 noflow - $BDADDR
fi
else
$HCIATTACH /dev/serial1 bcm43xx 460800 noflow - $BDADDR
fi
rfkill
enable and disable wireless devices
rfkill [options] [command] [id|type …]
-J --json Use JSON output format.
| -n --noheadings Do not print a header line.
| -o --output Specify which output columns to print. Use --help to get a list of available columns.
| --output-all Output all available columns.
| -r --raw Use the raw output format.
| --help
--version
help
event Listen for rfkill events and display them on stdout.
| list [id|type …]
List the current state of all available devices.
Check with list command id or type scope as appropriate before setting block or unblock.
Special all type string will match everything.
Multiple id or type arguments is supported.
| block id|type […] Disable the device.
| unblock id|type […] Enable the device.
If the device is hard-blocked, for example via a hardware switch, it will remain unavailable though it is now soft-unblocked.
| | | | | | | | | | | | |
EXAMPLES
rfkill -r
ID TYPE DEVICE SOFT HARD
0 wlan phy0 unblocked unblocked
1 bluetooth hci0 unblocked unblocked
rfkill --output ID,TYPE
rfkill block all
rfkill unblock wlan
rfkill block bluetooth uwb wimax wwan gps fm nfc
see bluetoothctl