How to debug Bluetooth

Document directory

• Introduction
• Opening/selecting data capture method
• Hardware settings
• Start sniffing
• Analyzing data
• Description
• Options
• Useage steps

Where are the logs?

Whatare needed to debug Bluetooth?

1. Overview of Bluetooth stacks architecture.
2. You shoshould know which layer has issue.
3. Read Bluetooth specification careful if you need.
4. Cross analyze logs, codes and spec.

 

There are hcidump, air sniffer log, Bluetooth Kernel stack log, export thd print log and Android logcat. In general case, they are needed to debug Bluetooth issues.

The figure like this:

 

How touse frontline to capture the Bluetooth air log? Introduction

 

Fts4bt is a pc‐based,BluetoothProtocol analyzer that displaysclassicBluetoothData in frontline's intuitive display, simplifying andaccelerating the debugging process.

1. Hardware.

Purchasethem from frontline companyj

1. Software

Downloadfts4bt from:

Http://www.fte.com/support/CPAS-download.aspx? Demo = fts4bt & IID = 16

2. INSTALLThe fts4bt.
1) plug in the FTS dongle into computer.
2) Pls install the fts4bt, it is very easy.

Opening/selecting data capture method

Nowthat the devices are on, the comprobe positioned correctly, the next step is toopen fts4bt and select the data capture method.

1. Open "Frontline fts4bt" from the Start Menu or from the Desktop Folder.

Select "Frontline fts4bt ".

Expand the tree"
BluetoothAirsniffing"

 

1. Select "Single connection (Air Basic )".

Select "run ".

 

Hardware settings

 

 

Select "Hardware Settings"

ChooseBluetoothComprobe Device.

 

I/O settings

 

 

 

Turn on devices

 

Beforeyou actually configure I/O settings, you have to turn on the devices that youwant to test.

 

1. Make the device (s) discoverable. The process will be different for every device.
Important Note:If youcan't make your device discoverable, The bd_addr may be entered manually. youwill have the chance to do that later in the process.

Clocksynchronization

TheBluetoothAnalyzer needs to know how to synchronize with the piconet. The analyzer supports two synchronization modes: Standard (slave page) andalternate-slave must be discoverable (slave inquiry)

1. Select standard (slave page)

This is thepreferred synchronization mode to use. this is how frontline learns the clockof a device that is not discoverable. for example, after a phone and a headsethave too red, often the headset will not be discoverable. if the headset is Aslave device and it is not discoverable, then fts4bt will not be able tosynchronize to that device using slave Inquiry mode. if we know the headset (slave) BD ‐addr then by using slavepage mode, fts4bt will be able to page the device, (but will never complete THECONNECTION during the page session ). once fts4bt learns the clock informationduring the paging process, fts4bt will discontinue the paging process and willnow be synchronized to the undiscoverable slave's clock.

 

Slavepage is highly recommended, especially when the link is encrypted

Synchronizationdevice
Nowfts4bt needs to know BluetoothDevice address (bd_addr) of thesynchronizing devices.

2. Select the "discoverdevices" button

 

 

Fts4btwill go out and locate all the discoverableBluetoothDevices. The devices that you made discoverable a few moments ago shoshould appear in the list

1. Click on the drop-down arrowMasterAnd select the device address for the telephone

1. Click on the drop-down arrowSlaveAnd select the device address for the ear piece

 

It 'ortant ant to remember here that the master is always the device which initiatesthe connection.

Click on the drop-down arrow
SlaveAnd select the deviceaddress for the ear piece

 

Encryption

 

Once you have identified the master and slave, the next step is tochoose encryption.

L none

L pincode (ASCII)

L pincode (HEX)

L linkkey

 

L first, you can choose "NONE" as the encryption method when neither of thedevices has encryption enabled.

L thesecond and third ways are to use a PIN code to generate the link key. thedevices generate link keys during the pairing process based on a pin code. thelink key generated from this process is also based on a random number so thesecurity cannot be compromised. if the analyzer is given the PIN code it candetermine the link key using the same algorithm. since the analyzer also needsthe random number, the analyzer must catch the entire pairing process or elseit cannot generate the link key and decode the data.

 

L fourth, if you know the link key in advance you may enter it directly. SelectLinkkeyIn the encryption list and then enter the link key in the edit box. ifthe link key is already in the database, the link key is automatically enteredin the edit box after the master and slave have been selected. you can alsopickChoose pair from Device databaseTo select a master, slave and linkkey from the device database.

 

1. Select "pin code (ASCII )"

2. Enter the "ASCII pincode"

3. ClickOKTo close I/osettings

4. Start the pairing process betweenthe devices. The pairing process will vary from device to Device

 

 

Start sniffing

 

 

 

Analyzing datacontrol window

 

 

 

Framedisplay

 

 

 

Clickframe display icon,

How touse hcidump? Description

HcidumpReads raw HCI data coming from and Going To ablustmth Device

(Which canbe specified with the option-I, Default is the first avail-

Able One) and prints to screen commands, events and data in a human-

Readableform. Optionally, the dump can be written to a file rather

Than parsed, And the dump file can be parsed in a subsequent moment.

Options

Usage: hcidump [option...] [filter]

-I, -- device = hci_dev HCI Device

-L, -- snap-len = Len snap Len (in bytes)

-P, -- PSM = PSM default PSM

-M, -- manufacturer = COMPID default manufacturer

-W, -- save-dump = File Save dump to a file

-R, -- read-dump = File Read dump from a file

-D, -- Wait-dump = Host wait on a host and send

-T, -- TS display time stamps

-A, -- ASCII dump data in ASCII

-X, -- Hex dump data in hex

-X, -- ext dump data in Hex and ASCII

-R, -- raw dump raw data

-C, -- cmtp = SMS for cmtp

-H, -- HCRP = SMS for HCRP

-O, -- obex = channel for obex

-P, -- PPP = channel for PPP

-D, -- pppdump = file extract PPP traffic

-A, -- audio = file extract SCO audio data

-Y, -- novendor no vendor commands or events

-4, -- IPv4 use IPv4 as transport

-6 -- IPv6 use IPv6 astransport

-H, -- help give this help list

-V, -- version give version information

-- Usage give a short usage message

Useage steps

1. Install hcidump on debug board. ATPC develop directory:
~ /Workspace/dkbtd-Gingerbread $ ADB pushout/target/product/dkb/system/xbin/hcidump/system/xbin/

2. Enable BT on debug Board

3. Run"Hcidump-w hci. CFA"Atdebug board's sdcard directory

4. Do your test

5. On PC side, pull out the hcidumpdata:$ ADB pull/sdcard/HCI. CFA ./

Openfts's "capture File Viewer" from Start Menu ordesktop

1. Click Open icon, choose your capture data file, like this:

Click Show frame display icon,

Showthe frames:

PS:

Ifyou don't have FTS, you can check the hcidump data use"Hcidump-r HCI. CFA-TV". There is a sample:

Sxxu @ sxxu-desktop :~ /Tmp $ hcidump-r hci1.cfa-TV

Hcisnifer-Bluetooth packet analyzer ver 1.42

2000-01-0415: 46: 43.240234 <ACL data: handle 1 flags 0x00 dlen 12

2000-01-0415: 46: 43.240264 <HCI command: Exit sniff mode (0x02 | 0x0004) Plen 2

Handle 1

2000-01-0415: 46: 43.247741> HCI event: command status (0x0f) Plen 4

Exit sniff mode (0x02 | 0x0004) status 0x00ncmd 1

2000-01-0415: 46: 43.384490> HCI event: number of completed packets (0x13) Plen 5

Handle 1 packets 1

2000-01-0415: 46: 43.388122> ACL data: handle 1 flags 0x02 dlen 16

L2CAP (s): connect RSP: DCID 0x005f scid0x0041 result 1 status 2

Connection pending-authorizationpending

2000-01-0415: 46: 43.390136> HCI event: mode change (0x14) Plen 6

Status 0x00 handle 1 Mode 0x00 interval 0

Mode: Active

2000-01-0415: 46: 43.398040> ACL data: handle 1 flags 0x02 dlen 16

L2CAP (s): connect RSP: DCID 0x005f SCID 0x0041result 0 status 0

Connection successful

2000-01-0415: 46: 43.398101 <ACL data: handle 1 flags 0x00 dlen 16

2000-01-0415: 46: 43.400512> HCI event: number of completed packets (0x13) Plen 5

Handle 1 packets 1

2000-01-0415: 46: 43.407409> ACL data: handle 1 flags 0x02 dlen 14

L2CAP (s): config RSP: SCID 0x0041 flags0x00 result 0 clen 0

Success

2000-01-0415: 46: 43.407958> ACL data: handle 1 flags 0x02 dlen 16

L2CAP (s): config Req: DCID 0x0041 flags0x00 clen 4

MTU 1013

How tocapture the bluez print log? Logcatalsoj how toseparate the logs?