2021-07-26 20:19:11

by Emil Lenngren

[permalink] [raw]
Subject: Re: Instable BLE connection - MTU Request, Attribute not found - wireshark findings

Den mån 26 juli 2021 kl 22:00 skrev Peter Höller <[email protected]>:
> However, I installed wireshark ( I used the wireshark version instead
> of tshark, because I am not familiar with the shell commands in
> tshark. However, unfortunately I cannot copy any sniffed protocols for
> now)
> my connection status out of bluetoothctl is:
> paired, trusted and connected
> 1.) paired and connected I go to
> >menu gatt
> >select attribute b5f90074-aa8d-11e3-9046-0002a5d5c51b (as I always do)
> this leads me to:
> GoPro8639:/service002d/char0033]#
> no I:
> write "0x03 0x01 0x01 0x01" (which always started the shutter on
> peripheral, when we used btusb 0.6 (now we are using btusb 0.7!)
> but nothing happens at peripheral.
> on wireshark there is no error but I get on Write response packet:
> Bluetooth Attribute Protocol
> -->Opcode: Write Response (0x13)
> -->0... .... = Authentication Signature: False
> .0.. .... = Command: False
> ..01 0011 = Method: Write Respone (0x13)
> Can you debug this? Was there any change in syntax due to write <data
> = xx xx xx xx xx> [offset] [type] ?
> Hoever,
> sudo gatttool -t random -b xx:xx:xx:xx:xx:xx -I
> connect
> char-write-req 2f 03010101
> still works (!) and goes through to the peripheral !, unless there
> occurs no is no file descriptor Error
> 2.) due to the disconnect problem after longer connection ~15 min:
> there where no further findings:
> wireshark delivers an HCI event - Disconnect Complete with
> Reason: Connection Timeout (0x08)
> 3.) due to the immediate disconnect problem (~1 - 10 sec after
> connection): there seems to be an encryption problem and /or
> Encryption change takes too long?:
> (I type for you...)
> from host to controller: HCI_CMD length: 29
> SENT LE Create Connection
> from controller to host: HCI_EVT length: 7
> Rcvd Command Status (LE Create Connection)
> from controller to host: HCI_EVT lenght: 22
> Rcvd LE Meta (LE Connection Complete)
> from host to controller: HCI_CMD length: 32
> Sent LE Start Encryption
> from controller to host: HCI_EVT lenght: 7
> Rcvd Command Status (LE Start Encryption)
> from controller to host: HCI_EVT lenght: 7
> Rcvd Encryption Change
> ----->containg under BluetoothHCI Event: Status: Connection timeout (0x08) and
> Encrytion Enable: Link Level Encryption is OFF (0x00)
> from host to controller: HCI_CMD length: 7
> Sent Disconnect
> ----->containg under BluetoothHCI Command: Reason: Authentication
> Failure (0x05)
> from controller to host: HCI_EVT lenght: 7
> Sent Disconnect Complete
> ----->containg under BluetoothHCI Event: Reason Connection Timeout(0x08)

If you have one method that works and one that fails, you should use
btmon to compare the exact write payloads. I don't know about GoPro so
can't help what kind of messages it expects.

You can see that it's the controller that first notifies of the
disconnection with the reason "Connection Timeout" (in a start
encryption result, as indicated by the result code). So likely it's
due to one of the reasons I wrote about earlier. Another reason for
connection timeout is if the firmware is buggy or just drops the
connection for example when you suddenly power off the device. What
also could happen is, during encryption setup, is if both devices
believe they share the same encryption key, but in fact they for some
reason have two different keys stored, then the peripheral will drop
the connection with the reason "Connection terminated due to MIC
failure" while the central will eventually get a "Connection Timeout".