What Kind of BLE Connection Handshake is This?
I have a peripheral to which I am trying to connect over BLE. I do not have access to the internals of the peripheral, though I do know it is using a TI CC2540 chip for its BLE implementation (not sure if that matters.) I am having trouble maintaining a connection to the peripheral. It appears to require a handshake/key exchange that must begin within 3 seconds or it auto-disconnects.
I am able to sniff BLE packets between the peripheral and another application (that I don't own) that establishes and maintains a connection. The following are transmissions between the peripheral and the computer for a successful connection.
In the tables, Send is the application sending bytes to the peripheral via a BLE "Write with Response" operation. Recv is when the peripheral responds with a BLE "Handle Value Notification" operation. (In other words, I believe the data is otherwise unencrypted.) The "heartbeat" messages are after the connection has been established - the computer and peripheral send the same two messages back and forth every second thereafter.
| Op | Data | Notes |
|---|---|---|
| Send | 0000 2500 0005 3EA1 B14B 7874 35C2 0000 |
|
| Recv | 0000 0700 0000 E973 EA6F 8104 1421 0000 |
|
| Send | 0000 0E05 0000 0000 0000 0000 0000 0000 |
|
| Recv | 0000 0701 0000 E38C DF6B 65AA 3C22 0000 |
|
| Send | 0000 0E06 0000 0000 0000 0000 0000 0000 |
|
| Recv | 0000 0702 0000 BF03 0174 6327 1AEE 0000 |
|
| Send | 7720 B9B0 A71A ED3D F232 A3AE 1B49 8430 |
|
| Send | 6118 91C4 DD9E 8ACD 91C3 FD82 40F8 A6E8 |
|
| Send | 334F 62B2 E311 B601 9A7E A57A EAC7 AF3C |
|
| Recv | DF8E B98F 72FC 8565 440A 3FB1 DD53 2B91 |
|
| Send | 6E17 C496 7F80 91AA 608E 4C63 440D 6BB1 |
|
| Recv | B113 B032 A034 06B9 3474 7948 FC98 FF5F |
|
| Recv | 5E86 1021 9DAB BE8B 5B9C BA5B 9672 59EB |
|
| Send | D6C6 22C1 007C E473 6045 565F 8D8A FB19 |
|
| Send | 1C04 4FF9 4430 86F9 D3A0 D43A 3DA3 6A72 |
Heartbeat Send |
| Recv | EF84 B93A 97B2 B095 0D25 2A90 2DE4 5E69 |
Heartbeat Recv |
Another successful connection example:
| Op | Data | Notes |
|---|---|---|
| Send | 0000 2500 00D1 49B8 4E36 831D 22DF 0000 |
|
| Recv | 0000 0700 0000 D716 3628 6857 0CFE 0000 |
|
| Send | 0000 0E05 0000 0000 0000 0000 0000 0000 |
|
| Recv | 0000 0701 0000 4B63 6017 8AE1 3F08 0000 |
|
| Send | 0000 0E06 0000 0000 0000 0000 0000 0000 |
|
| Recv | 0000 0702 0000 6705 56F6 B46F 0D57 0000 |
|
| Send | 949D 255B 63BC A90E EAA4 3A41 B5E4 1AB7 |
|
| Send | B0A4 3CE6 E00D EA11 B3EA A0CC 6C6E C9CB |
|
| Send | 8309 FA93 F327 1E4C E795 A6C4 38AC 3A85 |
|
| Recv | 2133 3FBE DD9C BEC8 84EC F53B 7727 0B5D |
|
| Send | AE71 52CE EC30 06B7 2309 16CA A2DE 08DF |
|
| Recv | 1F7D F64D B14F E54B 0B99 7C71 2C1F 9ADC |
|
| Recv | 50DC A346 C693 7711 2568 C635 1810 A0A8 |
|
| Send | 7B2F 73DB DCB3 97F0 9C28 535A 252B 05CF |
|
| Send | 44BF F48B 402D 3470 E2D4 2211 0F31 CBF0 |
Heartbeat Send |
| Recv | 1A45 9DF7 1931 22C8 8EBB B56D E997 AA94 |
Heartbeat Recv |
Can anyone identify what the handshake is here? I am having a hard time searching for what the protocol is and how I might implement it to successfully connect to the peripheral.
