Using iOS GameKit's "Bluetooth Bonjour" with other platforms
Asked Answered
P

2

68

I'm interested in connecting to iOS-based devices over Bluetooth. I can see that the "Local Network" service is exposed, but I cannot find any extra information about it. Property stored under key 0x0204 looks like a Bonjour key.

Which protocol is used? How can one talk to the iOS device using Linux, Mac or one's own embedded device equipped with a Bluetooth chip?

Here's SDP data extracted using Bluetooth Explorer under OS X while the iOS device runs Gameloft's Star Battalion.

    {
        0x0000 = uint32(1330188565),
        0x0200 = uint32(2),
        0x0202 = string(004wD7l1A..0|0|0|ivucic-À'),
        0x030a = uint32(0),
        0x0009 = { { uuid16(11 15), uint16(256) } },
        0x0201 = string(_657o30a6rmst07À),
        0x0005 = { uuid16(10 02) },
        0x0100 = string(Local Network),
        0x0001 = { uuid16(11 15) },
        0x0203 = string(004wd7l1a..0|0|0|ivucic-_657o30a6rmst07À
        0xf000 = uint8(2),
        0x0204 = string(    txtvers=1state=A),
        0x0008 = uint8(255),
        0x0006 = { uint16(25966), uint16(106), uint16(256), uint16(26226), uint16(106), uint16(272), uint16(25701), uint16(106), uint16(288), uint16(27233), uint16(106), uint16(304) },
        0x0004 = { { uuid16(01 00), uint16(15) }, { uuid16(00 0f), uint16(256), { uint16(2048), uint16(2054) } } },
        0x0002 = uint32(0)
    },

Other partially relevant questions:


Researching further with Apple's Bluetooth Explorer in OS X and sdptool in GNU/Linux, I have discovered that key 0x0001 (standing for "protocol class"), containing value of 0x1115, stands for the "PANU" variant of "PAN" - a peer2peer variant. It is notable that OS X does not provide service-side ('hosting') support for this protocol, despite supporting creation of a 0x1116 network, which is the "NAP" variant of "PAN" - a client/server variant.

This might be good news, but only if GameKit's session protocol does not have to be used. Hijacking the media-layer connection established by GameKit in order to send other UDP traffic would be ideal.

I'll still have to research whether or not this GameKit connection really is 0x1115; that is, if it really is "PANU". Does anyone have any further information?


Note while Bonjour automatically announced this Bluetooth service after iOS 3, this has changed with iOS 5. See the answer I posted on how to establish Bluetooth connection without GameKit, where I handily documented information from Apple's Technical Q&A QA1753.


A small amount of research with GNU/Linux did not result in a successful connection. It may be due to lack of knowledge on how to properly use pand. It may also be due to Bluetooth MAC based blocking. I'd love info anyone may have to offer. If I research this further and stumble upon something interesting, I'll update this answer.


Results under Ubuntu. The service appears only when Bluetooth Bonjour is active.

ivucica@ivucica-MacBook:~$ sdptool browse $ADDR #relevant data only
Browsing ADDRESS_HERE ...
Service Name: Local Network
Service RecHandle: 0x4f491115
Service Class ID List:
  "PAN User" (0x1115)
Protocol Descriptor List:
  "L2CAP" (0x0100)
    PSM: 15
  "BNEP" (0x000f)
    Version: 0x0100
    SEQ8: 0 6
Language Base Attr List:
  code_ISO639: 0x656e
  encoding:    0x6a
  base_offset: 0x100
  code_ISO639: 0x6672
  encoding:    0x6a
  base_offset: 0x110
  code_ISO639: 0x6465
  encoding:    0x6a
  base_offset: 0x120
  code_ISO639: 0x6a61
  encoding:    0x6a
  base_offset: 0x130
Profile Descriptor List:
  "PAN User" (0x1115)
    Version: 0x0100

... and so on ...

Here's the attempt to connect:

ivucica@ivucica-MacBook:~$ pand --connect $ADDR -n
pand[3237]: Bluetooth PAN daemon version 4.98
pand[3237]: Connecting to ADDRESS_HERE
pand[3237]: Connect to ADDRESS_HERE failed. Connection refused(111)

Is some sort of authorization required? Enabling encryption, authentication, secure connection and forcing becoming a master doesn't seem to make any difference (-AESM options in various combinations).

Anyone has any ideas?


Huh!

ivucica@ivucica-MacBook:~$ sudo hcidump
HCI sniffer - Bluetooth packet analyzer ver 2.2
device: hci0 snap_len: 1028 filter: 0xffffffff
 HCI Event: Command Status (0x0f) plen 4
    Create Connection (0x01|0x0005) status 0x00 ncmd 1
> HCI Event: Role Change (0x12) plen 8
    status 0x00 bdaddr ADDRESS_HERE role 0x01
    Role: Slave
> HCI Event: Connect Complete (0x03) plen 11
    status 0x00 handle 12 bdaddr ADDRESS_HERE type ACL encrypt 0x00
 HCI Event: Command Status (0x0f) plen 4
    Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1
> HCI Event: Read Remote Supported Features (0x0b) plen 11
    status 0x00 handle 12
    Features: 0xbf 0xfe 0x8f 0xfe 0x9b 0xff 0x79 0x83
 HCI Event: Command Status (0x0f) plen 4
    Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
> HCI Event: Max Slots Change (0x1b) plen 3
    handle 12 slots 5
> HCI Event: Read Remote Extended Features (0x23) plen 13
    status 0x00 handle 12 page 1 max 1
    Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 HCI Event: Command Status (0x0f) plen 4
    Remote Name Request (0x01|0x0019) status 0x00 ncmd 1
> HCI Event: Remote Name Req Complete (0x07) plen 255
    status 0x00 bdaddr ADDRESS_HERE name 'Evil iPad'
 HCI Event: Command Status (0x0f) plen 4
    Authentication Requested (0x01|0x0011) status 0x00 ncmd 1
> HCI Event: Link Key Request (0x17) plen 6
    bdaddr ADDRESS_HERE
 HCI Event: Command Complete (0x0e) plen 10
    Link Key Request Reply (0x01|0x000b) ncmd 1
    status 0x00 bdaddr ADDRESS_HERE
> HCI Event: Auth Complete (0x06) plen 3
    status 0x00 handle 12
 HCI Event: Command Status (0x0f) plen 4
    Set Connection Encryption (0x01|0x0013) status 0x00 ncmd 1
> HCI Event: Encrypt Change (0x08) plen 4
    status 0x00 handle 12 encrypt 0x01
 HCI Event: Number of Completed Packets (0x13) plen 5
    handle 12 packets 1
> ACL data: handle 12 flags 0x02 dlen 16
    L2CAP(s): Info rsp: type 2 result 0
      Extended feature mask 0x02a8
        Enhanced Retransmission mode
        FCS Option
        Fixed Channels
        Unicast Connectless Data Reception
 HCI Event: Number of Completed Packets (0x13) plen 5
    handle 12 packets 1
> ACL data: handle 12 flags 0x02 dlen 20
    L2CAP(s): Info rsp: type 3 result 0
      Fixed channel list 0x00000006
        L2CAP Signalling Channel
        L2CAP Connless
 HCI Event: Number of Completed Packets (0x13) plen 5
    handle 12 packets 1
> ACL data: handle 12 flags 0x02 dlen 16
    L2CAP(s): Connect rsp: dcid 0x0000 scid 0x0040 result 2 status 0
      Connection refused - PSM not supported
> HCI Event: Disconn Complete (0x05) plen 4
    status 0x00 handle 12 reason 0x13
    Reason: Remote User Terminated Connection

This?

> ACL data: handle 12 flags 0x02 dlen 16
    L2CAP(s): Connect rsp: dcid 0x0000 scid 0x0040 result 2 status 0
      Connection refused - PSM not supported
Pomcroy answered 9/11, 2011 at 20:15 Comment(7)
See also mringwal's answer to the similar question Is it possible, in principle, for an Android device to interface with an iPhone over Bluetooth/GameKit? for another hint about this.Valentinvalentina
@BradLarson That's an amazing hint! Thanks!Portfolio
Is there a reason you specifically need to use Bonjour? I was thinking about the same thing (in my case for sync between an iOS device and a C# WPF app). I eventually ended up using DropBox due to it's excellent API which is available for loads of platforms and allow you to do what you want. From what I've heard, even when Bonjour "works", it only works about 40% of the time.Duckett
I am planning to exchange commands and not files. I am planning to exchange commands with an embedded device that would not have a WLAN card. A Bluetooth chip is cheaper, way simpler, much easier to obtain and uses less power than a WLAN card. I also had zero issues with classic LAN/WLAN Bonjour, which as a discovery service works all the time for me. (Unless you are talking about Bluetooth variant, I'm calling this FUD ;)Portfolio
Bluetooth Bonjour is interesting not because it does anything better than classic Bonjour or Bluetooth's very own SDP, but because it opens a PANU service on iOS and hence is the only official API to talk over Bluetooth on iOS without applying for the expensive and complex MFI (troublesome for a low-volume project like the one I'm considering).Portfolio
What about the newish Core Bluetooth API? (Though it's limited to BT 4 LE, and might not be compatible with the device you want to talk to.) developer.apple.com/library/ios/#documentation/CoreBluetooth/…Toast
@SixtenOtto As you said, Low Energy, Bluetooth 4 devices only. Also iOS5+ only.Portfolio
C
8

According to this interesting site : http://code.google.com/p/btstack/wiki/iPhoneBluetooth Apple are using a special chip besides their Bluetooth RF chip which denies any connection for a device without that chip - this means its a lock on the hardware level.

Cleanshaven answered 29/7, 2012 at 13:4 Comment(3)
There's always the possibility that they activate this check when using Bluetooth Bonjour, but considering that you can buy off-the-shelf Bluetooth keyboards, mouses, headsets, and that you can do tethering via iPhone using a non-Apple branded computer or other device, I don't think there is enough evidence to definitely state as a fact that there are cryptographical checks when establishing Bluetooth Bonjour's PAN connectivity.Portfolio
Right , you are very correct Ivan - I am like you researching for bluetooth solutions - IOS - vs - other platform. But , please remember that bluetooth has profiles - so Apple can very easily define that connection to headsets and keyboards is possible while connections to other device is not. What is your opinion regarding that ?Cleanshaven
Definitely possible, but I haven't yet explored all options. I'm yet to play with EIR, which may be the key to permitting connections. In any case, it's fun that one can very easily use PAN by... drumroll ...tethering the target device. Unfortunately, that cannot be automated and requires pairing!Portfolio
M
1

Maybe a bit delayed, but technologies have evolved since so there is certainly new info around which draws fresh light on the matter...

The traditional GameKit has been replaced by Multiper Connectivity together with introducing support for WiFi Direct on iOS, however the framework still remains iOS only. I assume there is proprietary stuff going on in there.

Also, as iOS has yet to open up a direct API for WiFi Direct I believe the best way to approach this is to use BLE, which is supported by both platforms (some better than others).

On iOS a device can act both as a BLE Central and BLE Peripheral at the same time, on Android the situation is more complex as not all devices support the BLE Peripheral state. Also the Android BLE stack is very unstable (to date).

If your use case is feature driven, I would suggest to look at Frameworks and Libraries that can achieve cross platform communication for you, without you needing to build it up from scratch.

For example: http://p2pkit.io or google nearby

Disclaimer: I work for Uepaa, developing p2pkit.io for Android and iOS.

Manno answered 4/5, 2016 at 14:45 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.