I have a pair of chinese rave glasses that can display scrolling text, bitmaps, or animations. They also make you look way too cool for school.
They speak Bluetooth to a shady APK, I've put it on a disconnected phone and I'm reverse engineering the protocol. https://queer.af/media/kPpwoBGP0l_uV41DNcs
The protocol looks simple enough; it exposes a GATT service:
char0002 has flags: read, write-without-response and notify, the device has no manufacturer info, and all the UUIDs are generic
By the way, this is from Cyberdog, if anybody wants a pair: https://www.cyberdog.net/products/rave-glasses
I also have one of these collars, which is next once I finish this: https://www.cyberdog.net/collections/accessories-light-up/products/future-collar?tag=
Here's the catch: the GATT collection only includes a single descriptor (0004), and it's not writable.
Wireshark shows that the app, when you toggle them off and on, sends a GATT Command write (0x52) to handle 0x0003, with value: 01 00 02 06 09 02 05 03.
I'm not sure how to coerce BlueZ to let me do this.
Currently trying to figure out how to capture Bluetooth data with Wireshark, my bluetooth adapter isn't showing up as a capture source :(
What I can figure out of Bluetooth semantics right now: you can ask it eg. "what services do you have?", the response has UUIDs for what kind of service this is, and "handles" for referring to it.
These are global, shared between all types of objects, and what you use to execute commands.
The dump I have starts with an exchange of:
- what services do you have?
- handle 1 is an fff0 service
- include declarations(?)?
- handle 2 is a fff1 one, handle 3 is its value(I think?)
- what about handle 4
- it's an attribute
I've been informed that this is not, in fact, Bluetooth, but Bluetooth Low Energy, which actually has very little to do with Bluetooth
That does explain a thing or two
These threads are my attempt to publicly shame myself into finishing projects, and hopefully they're also somewhat interesting
Advanced ADHD survival tricks
This has now been derailed into me having to patch the NixOS libpcap package to have Bluetooth support, which unfortunately creates a circular dependency because iptables depends on libpcap and bluez somehow has iptables as a dependency??
Currently trying to find a BTLE library that doesn't do error handling by Box<dyn ::std::error::Error>, I can't even stuff that in error_chain >__>
"Any project embr works on will eventually evolve to contain a command shell, or be one"
because the universe is conspiring against me, I've not only lost my notes on the protocol to a drive failure, my dev phone is bricked
thankfully, I can recover the most important bit from this screenshot w
Gc.c is an instance by trans women for trans folk and strives to keep the security and enjoyment of our users in mind.