零. 概述
本文章主要讲下蓝牙设备类型class of device的概念,service class ,major device,minor device类型以及举例说明下某一个cod的解析。
一. 声明
本专栏文章我们会以连载的方式持续更新,本专栏计划更新内容如下:
第一篇:蓝牙综合介绍 ,主要介绍蓝牙的一些概念,产生背景,发展轨迹,市面蓝牙介绍,以及蓝牙开发板介绍。
第二篇:Transport层介绍,主要介绍蓝牙协议栈跟蓝牙芯片之前的硬件传输协议,比如基于UART的H4,H5,BCSP,基于USB的H2等
第三篇:传统蓝牙controller介绍,主要介绍传统蓝牙芯片的介绍,包括射频层(RF),基带层(baseband),链路管理层(LMP)等
第四篇:传统蓝牙host介绍,主要介绍传统蓝牙的协议栈,比如HCI,L2CAP,SDP,RFCOMM,HFP,SPP,HID,AVDTP,AVCTP,A2DP,AVRCP,OBEX,PBAP,MAP等等一系列的协议吧。
第五篇:低功耗蓝牙controller介绍,主要介绍低功耗蓝牙芯片,包括物理层(PHY),链路层(LL)
第六篇:低功耗蓝牙host介绍,低功耗蓝牙协议栈的介绍,包括HCI,L2CAP,ATT,GATT,SM等
第七篇:蓝牙芯片介绍,主要介绍一些蓝牙芯片的初始化流程,基于HCI vendor command的扩展
第八篇:附录,主要介绍以上常用名词的介绍以及一些特殊流程的介绍等。
另外,开发板如下所示,对于想学习蓝牙协议栈的最好人手一套。以便更好的学习蓝牙协议栈,相信我,学完这一套视频你将拥有修改任何协议栈的能力(比如Linux下的bluez,Android下的bluedroid)。
-------------------------------------------------------------------------------------------------------------------------
CSDN学院链接(进入选择你想要学习的课程):https://edu.csdn.net/lecturer/5352?spm=1002.2001.3001.4144
蓝牙交流扣扣群:970324688
Github代码:https://github.com/sj15712795029/bluetooth_stack
入手开发板:https://item.taobao.com/item.htm?spm=a1z10.1-c-s.w4004-22329603896.18.5aeb41f973iStr&id=622836061708
蓝牙学习目录:https://blog.csdn.net/XiaoXiaoPengBo/article/details/107727900
--------------------------------------------------------------------------------------------------------------------------
二.蓝牙设备类型Cod(class of device)概念
cod就是设备类型(class of device),设备在蓝牙初始化的时候就要声明自己的设备类型,对方inquiry的时候会扫描到你的设备类型,并做对应的显示,典型的应用如android手机的搜索前面显示的小图标,如图前面的这排图标都是根据cod来显示的。
另外,需要注意的是,协议一定要跟cod匹配,比如你想做一个蓝牙键盘,不能注册audio的cod,否则很有可能出现奇奇怪怪的问题,此部分尤其注意。
Cod参照文章: https://www.bluetooth.com/specifications/assigned-numbers/baseband/
三.Cod结构以及子项
Cod的结构如上图,一共有3个byte,其中一共分为4个部分
3.1 Service class:设备类型
| Bit No. | Major Service Class |
|---|---|
| 13 | Limited Discoverable Mode [Ref #1] |
| 14 | (reserved) |
| 15 | (reserved) |
| 16 | Positioning (Location identification) |
| 17 | Networking (LAN, Ad hoc, …) |
| 18 | Rendering (Printing, Speakers, …) |
| 19 | Capturing (Scanner, Microphone, …) |
| 20 | Object Transfer (v-Inbox, v-Folder, …) |
| 21 | Audio (Speaker, Microphone, Headset service, …) |
| 22 | Telephony (Cordless telephony, Modem, Headset service, …) |
| 23 | Information (WEB-server, WAP-server, …) |
3.2 Major device class主要是设备的主要类型
有如下几种值:
| 12 | 11 | 10 | 9 | 8 | Major Device Class |
|---|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 | Miscellaneous [Ref #2] |
| 0 | 0 | 0 | 0 | 1 | Computer (desktop, notebook, PDA, organizer, … ) |
| 0 | 0 | 0 | 1 | 0 | Phone (cellular, cordless, pay phone, modem, …) |
| 0 | 0 | 0 | 1 | 1 | LAN /Network Access point |
| 0 | 0 | 1 | 0 | 0 | Audio/Video (headset, speaker, stereo, video display, VCR, … |
| 0 | 0 | 1 | 0 | 1 | Peripheral (mouse, joystick, keyboard, … ) |
| 0 | 0 | 1 | 1 | 0 | Imaging (printer, scanner, camera, display, …) |
| 0 | 0 | 1 | 1 | 1 | Wearable |
| 0 | 1 | 0 | 0 | 0 | Toy |
| 0 | 1 | 0 | 0 | 1 | Health |
| 1 | 1 | 1 | 1 | 1 | Uncategorized: device code not specified |
| X | X | X | X | X | All other values reserved |
3.3 Minor device class是对应于每种major下面的子类
如以下
Minor Device Class field – Computer Major Class
| 7 | 6 | 5 | 4 | 3 | 2 | Minor Device Class bit no. of CoD |
|---|---|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 | 0 | Uncategorized, code for device not assigned |
| 0 | 0 | 0 | 0 | 0 | 1 | Desktop workstation |
| 0 | 0 | 0 | 0 | 1 | 0 | Server-class computer |
| 0 | 0 | 0 | 0 | 1 | 1 | Laptop |
| 0 | 0 | 0 | 1 | 0 | 0 | Handheld PC/PDA (clamshell) |
| 0 | 0 | 0 | 1 | 0 | 1 | Palm-size PC/PDA |
| 0 | 0 | 0 | 1 | 1 | 0 | Wearable computer (watch size) |
| 0 | 0 | 0 | 1 | 1 | 1 | Tablet |
| X | X | X | X | X | X | All other values reserved |
Minor Device Class field – Phone Major Class
| 7 | 6 | 5 | 4 | 3 | 2 | Minor Device Class bit no. of CoD |
|---|---|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 | 0 | Uncategorized, code for device not assigned |
| 0 | 0 | 0 | 0 | 0 | 1 | Cellular |
| 0 | 0 | 0 | 0 | 1 | 0 | Cordless |
| 0 | 0 | 0 | 0 | 1 | 1 | Smartphone |
| 0 | 0 | 0 | 1 | 0 | 0 | Wired modem or voice gateway |
| 0 | 0 | 0 | 1 | 0 | 1 | Common ISDN access |
| X | X | X | X | X | X | All other values reserved |
Minor Device Class field – LAN/Network Access Point Major Class
| 7 | 6 | 5 | Minor Device Class bit no. of CoD |
|---|---|---|---|
| 0 | 0 | 0 | Fully available |
| 0 | 0 | 1 | 1% to 17% utilized |
| 0 | 1 | 0 | 17% to 33% utilized |
| 0 | 1 | 1 | 33% to 50% utilized |
| 1 | 0 | 0 | 50% to 67% utilized |
| 1 | 0 | 1 | 67% to 83% utilized |
| 1 | 1 | 0 | 83% to 99% utilized |
| 1 | 1 | 1 | No service available |
| X | X | X | All other values reserved |
Table 6: The LAN/Network Access Point Load Factor field
The exact loading formula is not standardized. It is up to each LAN/Network Access Point implementation to determine what internal conditions to report as a utilization percentage. The only requirement is for the number to reflect an ever-increasing utilization of communication resources within the box. As a recommendation: a client locating multiple LAN/Network Access Points should attempt to connect to the one reporting the lowest load.
| 4 | 3 | 2 | Minor Device Class bit no. of CoD |
|---|---|---|---|
| 0 | 0 | 0 | Uncategorized (use this value if no others apply) |
| X | X | X | All other values reserved |
Table 7: Reserved sub-field for the LAN/Network Access Point
Minor Device Class field – Audio/Video Major Class
| 7 | 6 | 5 | 4 | 3 | 2 | Minor Device Class bit no. of CoD |
|---|---|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 | 0 | Uncategorized, code not assigned |
| 0 | 0 | 0 | 0 | 0 | 1 | Wearable Headset Device |
| 0 | 0 | 0 | 0 | 1 | 0 | Hands-free Device |
| 0 | 0 | 0 | 0 | 1 | 1 | (Reserved) |
| 0 | 0 | 0 | 1 | 0 | 0 | Microphone |
| 0 | 0 | 0 | 1 | 0 | 1 | Loudspeaker |
| 0 | 0 | 0 | 1 | 1 | 0 | Headphones |
| 0 | 0 | 0 | 1 | 1 | 1 | Portable Audio |
| 0 | 0 | 1 | 0 | 0 | 0 | Car audio |
| 0 | 0 | 1 | 0 | 0 | 1 | Set-top box |
| 0 | 0 | 1 | 0 | 1 | 0 | HiFi Audio Device |
| 0 | 0 | 1 | 0 | 1 | 1 | VCR |
| 0 | 0 | 1 | 1 | 0 | 0 | Video Camera |
| 0 | 0 | 1 | 1 | 0 | 1 | Camcorder |
| 0 | 0 | 1 | 1 | 1 | 0 | Video Monitor |
| 0 | 0 | 1 | 1 | 1 | 1 | Video Display and Loudspeaker |
| 0 | 1 | 0 | 0 | 0 | 0 | Video Conferencing |
| 0 | 1 | 0 | 0 | 0 | 1 | (Reserved) |
| 0 | 1 | 0 | 0 | 1 | 0 | Gaming/Toy |
| X | X | X | X | X | X | All other values reserved |
Minor Device Class field – Peripheral Major Class
| 7 | 6 | Minor Device Class bit no. of CoD |
|---|---|---|
| 0 | 0 | Not Keyboard / Not Pointing Device |
| 0 | 1 | Keyboard |
| 1 | 0 | Pointing device |
| 1 | 1 | Combo keyboard/pointing device |
Table 9: The Peripheral Major Class keyboard/pointing device field
Bits six and seven independently specify mouse, keyboard or combo mouse/keyboard devices. These may be combined with the lower bits in a multifunctional device.
| 5 | 4 | 3 | 2 | Minor Device Class bit no. of CoD |
|---|---|---|---|---|
| 0 | 0 | 0 | 0 | Uncategorized device |
| 0 | 0 | 0 | 1 | Joystick |
| 0 | 0 | 1 | 0 | Gamepad |
| 0 | 0 | 1 | 1 | Remote control |
| 0 | 1 | 0 | 0 | Sensing device |
| 0 | 1 | 0 | 1 | Digitizer tablet |
| 0 | 1 | 1 | 0 | Card Reader (e.g. SIM Card Reader) |
| 0 | 1 | 1 | 1 | Digital Pen |
| 1 | 0 | 0 | 0 | Handheld scanner for bar-codes, RFID, etc. |
| 1 | 0 | 0 | 1 | Handheld gestural input device (e.g., “wand” form factor) |
| X | X | X | X | All other values reserved |
Minor Device Class field – Imaging Major Class
| 7 | 6 | 5 | 4 | Minor Device Class bit no. of CoD |
|---|---|---|---|---|
| X | X | X | 1 | Display |
| X | X | 1 | X | Camera |
| X | 1 | X | X | Scanner |
| 1 | X | X | X | Printer |
| X | X | X | X | All other values reserved |
Table 11: The Imaging Major Class bits four to seven
Bits four to seven independently specify display, camera, scanner or printer. These may be combined in a multifunctional device.
| 3 | 2 | Minor Device Class bit no. of CoD |
|---|---|---|
| 0 | 0 | Uncategorized, default |
| X | X | All other values reserved |
Minor Device Class field – Wearable Major Class
The Minor Class segment is the lowest level of granularity for defining a Bluetooth Device. There are 64 different possible minor classes.
| 7 | 6 | 5 | 4 | 3 | 2 | Minor Device Class bit no. of CoD |
|---|---|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 | 1 | Wristwatch |
| 0 | 0 | 0 | 0 | 1 | 0 | Pager |
| 0 | 0 | 0 | 0 | 1 | 1 | Jacket |
| 0 | 0 | 0 | 1 | 0 | 0 | Helmet |
| 0 | 0 | 0 | 1 | 0 | 1 | Glasses |
| X | X | X | X | X | X | All other values reserved |
Minor Device Class field – Toy Major Class
| 7 | 6 | 5 | 4 | 3 | 2 | Minor Device Class bit no. of CoD |
|---|---|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 | 1 | Robot |
| 0 | 0 | 0 | 0 | 1 | 0 | Vehicle |
| 0 | 0 | 0 | 0 | 1 | 1 | Doll / Action figure |
| 0 | 0 | 0 | 1 | 0 | 0 | Controller |
| 0 | 0 | 0 | 1 | 0 | 1 | Game |
| X | X | X | X | X | X | All other values reserved |
Minor Device Class field – Health
| 7 | 6 | 5 | 4 | 3 | 2 | Minor Device Class bit no. of CoD |
|---|---|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 | 0 | Undefined |
| 0 | 0 | 0 | 0 | 0 | 1 | Blood Pressure Monitor |
| 0 | 0 | 0 | 0 | 1 | 0 | Thermometer |
| 0 | 0 | 0 | 0 | 1 | 1 | Weighing Scale |
| 0 | 0 | 0 | 1 | 0 | 0 | Glucose Meter |
| 0 | 0 | 0 | 1 | 0 | 1 | Pulse Oximeter |
| 0 | 0 | 0 | 1 | 1 | 0 | Heart/Pulse Rate Monitor |
| 0 | 0 | 0 | 1 | 1 | 1 | Health Data Display |
| 0 | 0 | 1 | 0 | 0 | 0 | Step Counter |
| 0 | 0 | 1 | 0 | 0 | 1 | Body Composition Analyzer |
| 0 | 0 | 1 | 0 | 1 | 0 | Peak Flow Monitor |
| 0 | 0 | 1 | 0 | 1 | 1 | Medication Monitor |
| 0 | 0 | 1 | 1 | 0 | 0 | Knee Prosthesis |
| 0 | 0 | 1 | 1 | 0 | 1 | Ankle Prosthesis |
| 0 | 0 | 1 | 1 | 1 | 0 | Generic Health Manager |
| 0 | 0 | 1 | 1 | 1 | 1 | Personal Mobility Device |
| X | X | X | X | X | X | All other values reserved |
Type:一般是00用于后11bit service class做掩码用
四.举例分析一个蓝牙设备的cod
下面我们来举几个例子来说明下(在举例子之前推荐一个文章可以生成cod)
http://bluetooth-pentest.narod.ru/software/bluetooth_class_of_device-service_generator.html
拿一个0x340404来说明下
0x340404=001101000000010000000100b
Service class = 00110100000
对应的是
Major device class = 00100 ,如下图
然后minor device class=000001b,然后我们找到Audio/Video的minor device class对应如下
我们来看个btsnoop对应下看看我们分析的对不对
我们也来用我上面给的连接生成下看看是否跟我们一样,来加深下印象
