Friday, September 2, 2011

BT LE FindMe profile in Bluez

There is a post in Bluez mailing list "Current status on BLE development". It tells us current BT LE status in Bluez and also shows some git repositories with their development. I try to build their kernel and the latest bluez. I made some experiments and understood more about FindMe profile in Bluez.

* Unstable kernel with Interleaved Discovery, RSSI Threshold monitor,
LE scanning and remaining SM patches
[1] http://git.infradead.org/users/vcgomes/linux-2.6.git (branch
proximity-integration)

* BlueZ Userspace
[2] git://git.infradead.org/users/cktakahasi/bluez.git proximity-devel

Experiment I: prepare one LE device only(Key Fob/Reporter/GATT Server) and one dual mode LE/BR/EDR device (Monitor/GATT Client) in Ubuntu machine. Key Fob runs immediate alert service. Bluez register the monitor service and it can write Alert Level to reporter. If Alert Level is mild or high, the Key Fob would ring. Then user can find where is the Key Fob. Reference to Immediate Alert Service (UUID: 0x1802) page and Alert Level(UUID:0x2a06) page.

Reference from Bluetooth.org site:
The Immediate Alert service is instantiated as a Primary Service. There is only one instance of the Immediate Alert service on a device. There is only one instance of the Alert Level characteristic in an Immediate Alert service. This alert continues until one of following conditions occurs:
• An implementation specific timeout
• User interaction on this device
• A new alert level is written
• The physical link is disconnected

Examples:
If the written alert level is “No Alert”, no alerting is done on this device.
If the written alert level is “Mild Alert”, the device alerts.
If the written alert level is “High Alert”, the device alerts in the strongest possible way.

How to demo it:
1. set Key Fob to advertising mode
2. try LE scan from Ubuntu

erin@sundays:/project/upstream/bluez$ sudo hcitool -i hci0 lescan
LE Scan ...
C0:FF:EE:C0:AA:06
C0:FF:EE:C0:AA:06
C0:FF:EE:C0:AA:06
C0:FF:EE:C0:AA:06
C0:FF:EE:C0:AA:06

3. create LE connection

erin@sundays:/project/upstream/bluez$ sudo hcitool -i hci0 lecc C0:FF:EE:C0:AA:06
Connection handle 32

4. use gatttool to browse the service of LE device

erin@sundays:/project/upstream/bluez$ sudo gatttool -i hci0 -b C0:FF:EE:C0:AA:06 -m 48 --interactive
[ ][C0:FF:EE:C0:AA:06][LE]> connect
[CON][C0:FF:EE:C0:AA:06][LE]> primary
[CON][C0:FF:EE:C0:AA:06][LE]>
attr handle: 0x0001, end grp handle: 0x000b uuid: 00001800-0000-1000-8000-00805f9b34fb
attr handle: 0x000c, end grp handle: 0x000e uuid: 00001801-0000-1000-8000-00805f9b34fb
attr handle: 0x000f, end grp handle: 0x0011 uuid: 00001803-0000-1000-8000-00805f9b34fb
attr handle: 0x0012, end grp handle: 0x0014 uuid: 00001802-0000-1000-8000-00805f9b34fb
attr handle: 0x0015, end grp handle: 0x0017 uuid: 00001804-0000-1000-8000-00805f9b34fb
attr handle: 0x0018, end grp handle: 0x001e uuid: 0000ffb0-0000-1000-8000-00805f9b34fb
attr handle: 0x001f, end grp handle: 0x0031 uuid: 0000ffa0-0000-1000-8000-00805f9b34fb
attr handle: 0x0032, end grp handle: 0x0036 uuid: 0000ffe0-0000-1000-8000-00805f9b34fb
[CON][C0:FF:EE:C0:AA:06][LE]> characteristics 0x0012 0x0014
[CON][C0:FF:EE:C0:AA:06][LE]>
handle: 0x0013, char properties: 0x08, char value handle: 0x0014, uuid: 00002a06-0000-1000-8000-00805f9b34fb
[CON][C0:FF:EE:C0:AA:06][LE]> char-desc 0x0012 0x00014
[CON][C0:FF:EE:C0:AA:06][LE]>
handle: 0x0012, uuid: 2800
handle: 0x0013, uuid: 2803
handle: 0x0014, uuid: 2a06
[CON][C0:FF:EE:C0:AA:06][LE]> char-read-uuid 2a06
[CON][C0:FF:EE:C0:AA:06][LE]>
handle: 0x0011 value: 00
[CON][C0:FF:EE:C0:AA:06][LE]> char-write-cmd 0x0011 02
[CON][C0:FF:EE:C0:AA:06][LE]> char-read-uuid 2a06
[CON][C0:FF:EE:C0:AA:06][LE]>
handle: 0x0011 value: 02
[CON][C0:FF:EE:C0:AA:06][LE]> disconnect

5. Key Fob would start to ring

Experiment II: prepare two BT BR/EDR devices. One is my Ubuntu laptop (daydreamer) and the other is my Ubuntu Desktop (Sundays). Daydreamer is a Key Fob (Client) and Sundays is a Monitor (Server).

1. Fake Immediate Alert profile and Link Loss profile in local data files.

erin@sundays:/project/vcgomes/linux-2.6$ cat /var/lib/bluetooth/00\:13\:EF\:F0\:C4\:46/profiles
78:DD:08:A3:A7:52 0000110a-0000-1000-8000-00805f9b34fb 0000110c-0000-1000-8000-00805f9b34fb 0000110e-0000-1000-8000-00805f9b34fb 00001112-0000-1000-8000-00805f9b34fb 0000111f-0000-1000-8000-00805f9b34fb 00001800-0000-1000-8000-00805f9b34fb 00001801-0000-1000-8000-00805f9b34fb 00001802-0000-1000-8000-00805f9b34fb 00001803-0000-1000-8000-00805f9b34fb
erin@sundays:/project/vcgomes/linux-2.6$ cat /var/lib/bluetooth/00\:13\:EF\:F0\:C4\:46/primary
78:DD:08:A3:A7:52 0011#0013#00001802-0000-1000-8000-00805f9b34fb 0009#000b#00001803-0000-1000-8000-00805f9b34fb

2. use dbus-send to change Alert Service value

erin@sundays:~$ dbus-send --system --type=method_call --print-reply --dest=org.bluez /org/bluez/2617/hci1/dev_78_DD_08_A3_A7_52 org.bluez.Proximity.GetProperties
method return sender=:1.62 -> dest=:1.91 reply_serial=2
array [
dict entry(
string "LinkLossAlertLevel"
variant string "none"
)
dict entry(
string "ImmediateAlertLevel"
variant string "none"
)
]

erin@sundays:~$ dbus-send --system --type=method_call --print-reply --dest=org.bluez /org/bluez/2617/hci1/dev_78_DD_08_A3_A7_52 org.bluez.Proximity.SetProperty string:ImmediateAlertLevel variant:string:high
method return sender=:1.62 -> dest=:1.92 reply_serial=2

erin@sundays:~$ dbus-send --system --type=method_call --print-reply --dest=org.bluez /org/bluez/2617/hci1/dev_78_DD_08_A3_A7_52 org.bluez.Proximity.GetProperties
method return sender=:1.62 -> dest=:1.93 reply_serial=2
array [
dict entry(
string "LinkLossAlertLevel"
variant string "none"
)
dict entry(
string "ImmediateAlertLevel"
variant string "high"
)
]

3. use gatttool to check the Alert Level value

erin@sundays:~$ dbus-send --system --type=method_call --print-reply --dest=org.bluez /org/bluez/2617/hci1/dev_78_DD_08_A3_A7_52 org.bluez.Proximity.SetProperty string:LinkLossAlertLevel variant:string:mild
method return sender=:1.62 -> dest=:1.96 reply_serial=2

erin@sundays:/project/upstream/bluez$ sudo gatttool -i hci0 -b 78:DD:08:A3:A7:52 -p 31 -m 48 --interactive
[ ][78:DD:08:A3:A7:52][BR]> connect
[CON][78:DD:08:A3:A7:52][BR]> char-read-uuid 2a06
[CON][78:DD:08:A3:A7:52][BR]>
handle: 0x000b value: 01
handle: 0x0013 value: 00