Microsoft Bluetooth Low Energy Advertisement

Question

While I'm performing a Bluetooth Low Energy scan, I faced two advertising packets that I don't understand. These two packets are respectively :

0x1eff060001092000f4a6326eb7f6dd2338b0b3502d434ffb6d5b89ae3082ab

and

0x1eff060001092000a6fac5c9f755e1fcdf29e6732d047c37825cd44aee744c

Reading the latest Bluetooth Core Specification version 5.0, it seems that these advertising packets are from Microsoft. Indeed, the structure of an advertising packet is Length-Type-Value and, if I'm right, here I have:

• Length : 0x1e in hexadecimal meaning "30 bytes" after decimal conversion
• Type : 0xff meaning "Manufacturer Specific Data" (see Bluetooth Generic Access Profile)
• Value : 0x060001092000a6fac5c9f755e1fcdf29e6732d047c37825cd44aee744c

Analyzing the structure of "Manufacturer Specific Data" type, a company identifier is depicted in the first two bytes of the value. Here, the company identifier of the two advertising packets is 0x0600 (in big-endian). Converting it to little-endian (0x0006), I found "Microsoft" from the Bluetooth assigned company identifiers.

Actually, my questions are :

(1) Does anyone know what the 0x01092000f4a6326eb7f6dd2338b0b3502d434ffb6d5b89ae3082ab part means ?

(2) Does anyone know how this particular type of advertising packet is triggered (by a Bluetooth enabled computer or other Microsoft hardware) ?

From what I've observed, the following schema of the Value can be derived:

• 1st part : 0x01092000
• 2nd part : 23 bytes of data (for instance, 0xf4a6326eb7f6dd2338b0b3502d434ffb6d5b89ae3082ab)

After having defined these two parts, I have no idea of what they represent...

Thanks in advance for your help :).

Answer 1

It's the advertising beacon described here

The first part 0x01092000 tells you that the sender is a Windows 10 Desktop (09) and the second part is a 4 random byte salt followed by a SHA256 hash of the device thumbprint.