0

I'm trying to achieve in bluetooth a way to bypass the HCI. I'll elaborate. in the HCI H4 layer there is the event field. I want to be able to send HCI Commands. now - if i'll do it currently - the commands will stop at the controller as it recieved a command . What I want to achieve with my two BT modules (BR/EDR) - Is to send an HCI H4 event to another BT Module. for example - "Change local name" command.

So - again - my end goal is to send an HCI event through the controller to another one, without the need to "reverse engineer" the bluetooth firmware to add hooks/changes.

You can think of it like I just want my HCI to serve as "proxy" to send my own defined packets straight to another controller without any intervention.

You can look at the answer here: how event packet header is getiing in hci_send_req api implementation?

I want to be able to make my controller send my own HCI H4 Packet indicator. (for example: 0x01 - command packet)

Thanks Jen.

Jentel
  • 148
  • 2
  • 17
  • I afraid you can not because all that is received over the air looks like a data for apper layers. – Mike Petrichenko Mar 02 '20 at 17:18
  • @MikePetrichenko Assume that the recieving party is able to parse it. is there a way to send it that way? – Jentel Mar 02 '20 at 17:24
  • 1
    Why not. However that will be non-standard Bluetooth and you have to modify its firmware. HCI is Host Controller Interface, not Remote Controller. So you have to develop custom protocol. – Mike Petrichenko Mar 02 '20 at 17:29
  • 1
    By the way, just thought. Why do not send HCI as data and do not parse it on, let say, L2CAP or apper (application) leyer? So you can leave firmware as it is and send HCI that should be executed on target device as simple data packets. Once it is received by target device the softwar eon target device executes it as local HCI command. – Mike Petrichenko Mar 02 '20 at 17:32
  • That's a bit of a long story for stackoverflow , but I can alter just the side of the sender. Is there a commercial BT device which I can make modifications to in order to send custom packets with my own HCI H4 layer? – Jentel Mar 02 '20 at 17:41
  • 1
    I think you can use any cause BT chips datasheet is open and there is no problem to re-flash then with your own firmware. I think start from any BT sniffer is good idea cause it already has changed firmware. Unfortunately I could not find the link but about 10 years ago there was an article about how to re-flash popular USB BT dongle to BT sniffer with open-source firmware. – Mike Petrichenko Mar 02 '20 at 17:48

0 Answers0