Bluetooth LEDodging The BulletsDaniel Kummer.NCamp. 2016.

NCamp. 2016. 1

DisclaimerMinimal Technical StuffAt the end there will be !

NCamp. 2016. 2

Preface - Mental Health

To keep everyone calm and relaxed after stressful slides, cute kittens will be shown

NCamp. 2016. 3

AgendaEntry

▸▸ Origins ▸ Basics ▸ iOS/Android ▸ Hardware

Experience

▸▸ Advertising ▸ Pairing ▸ Bonding ▸ Operation

Exit

▸▸ Data Quantities ▸ Survival Tips ▸ Tools

NCamp. 2016. 4

Bluetooth OriginsHistory Side Trip

NCamp. 2016. 5

King Harald Blåtand958 - 986

NCamp. 2016. 6

Blueooth Low Energy» 4.0 (2010)▸▸ Wibree (Nokia) aka Bluetooth Smart, GATT, 25Mbit/s, 60m

» 4.2 (2014)▸▸ IoT key features, focus on security

» 5.0 (2017)▸▸ 50MBit/s, 240m

NCamp. 2016. 7

BLE Basics2'000 pages core spec ▸▸ 2 slides

NCamp. 2016. 8

Terminology

NCamp. 2016. 9

GATTGeneric Attribute Profile

Your main battlefield

» Data exchange

» Use case specific

» SIG defined (Glucose Profile, HID, ...)

» Vendor defined

NCamp. 2016. 10

Shootin' time!Dodge + CoverNCamp. 2016. 11

iOS / Android

NCamp. 2016. 12

iOSSince iPhone 4s / iOS 5

» ! More reliable and failure tolerant than Android

» ! Works on one device, works on all

» " Restrictive API

» " Restrictive peripheral mode (acting as server)

NCamp. 2016. 13

AndroidSince Android 4.3

» ! High API freedom

» " Issues below Android 5.0 (API Level 21)(it's #)

» " Android Problem Multiplexer

NCamp. 2016. 14

Android Problem Multiplexer

» No predictions possible

» Approach ▸ Test and verifyNCamp. 2016. 15

HardwareNuts and Bolts

NCamp. 2016. 16

Hardware Issues» Bad and worse chipsets out

there

» Practically all have issues

» Bad and complicated (and/or wrong) documentation

“Imaging an universal power adapter not fitting into a plug”

NCamp. 2016. 17

Hardware Advice» Get target hardware asap

» Stick to BLE core functionality

» Get in contact with the chipset manufacturer

Chipset Hints

» Nordic !, Texas Instruments ", Qualcomm #

NCamp. 2016. 18

RelaxationKitten #1 ▸

NCamp. 2016. 19

AdvertisingHello, I'm here

NCamp. 2016. 20

Bluetooth Advertising» Like the beam of a lighthouse

» Shortly visible, in periods

» Not much information transfer possible

» 26 Characters1 - that's it

» Usually device/functionality identifiers

1 Bytes

NCamp. 2016. 21

Advertising Hints» Plan ahead - Define early what goes into

advertising

» Request company identifier from Bluetooth SIG

» Use scan response and active scanning

» Advertising should be static data, scan response changing data

NCamp. 2016. 22

iOS Advertising» iOS uses obsfucated device identifier, not the MAC

address

» When mocking a peripheral:

» No full control of advertising data (ex: Manufacturer Specific Data)

» MAC will change randomly

NCamp. 2016. 23

iOS Advertising Hints» Implement independent from identifier (especially

for cross-platform apps)

» Know your mock limitations

NCamp. 2016. 24

Android Advertising Hints» The Android BLE stack(s) are ! - period!

» Lagging initial discovery time (up to 30 sec)

» Devices dropping out of cache when too many other devices are advertising

❗ Android will fall back to BR/EDR mode on dual mode chipsets

» Android 4.3 cannot filter 128Bit UUIDs

NCamp. 2016. 25

Dodge Android Advertising» Maintain your own list of BLE devices in app-code

» Don't rely on SDK provided filtering

» Don't use dual-mode chipsets on the target hardware

» Don't use Android < 5.0 (API Level 21)

NCamp. 2016. 26

RelaxationKitten #2 ▸

NCamp. 2016. 27

Pairing + BondingShort- & longterm Relationships

NCamp. 2016. 28

Goldfish vs. Elephant

» Pairing - Short term, forget after disconnect

» Bonding - Long term, rememberNCamp. 2016. 29

Focus BondingSwallow the fish, free the elephant

NCamp. 2016. 30

Bonding» Initiated after first encrypted characteristic

read attempt (iOS)

» Extremely hardware and stack dependent

» Increased overall complexity

NCamp. 2016. 31

Bonding Suggestions» Determine whether truly necessary - usually not

» Include early in development

» Don't assume working without verifying (Android ❗)

NCamp. 2016. 32

Final Bonding Advice1# Don't use it2# Implement app-side

NCamp. 2016. 33

RelaxationKitten #3 ▸

NCamp. 2016. 34

Connection ManagementHello? Are you still there?

NCamp. 2016. 35

Connection Management» Random and frequent disconnects will occur

» Connections remain open without active disconnects

» Limited amount of services and characteristics

» Lots of possible errors can occur

NCamp. 2016. 36

Connection Management Suggestions» Implement auto-reconnect yourself

» Do not use non-standard MTU3

» Be very failure tolerant

» Limit characteristic usage

3 https://www.adafruit.com/product/2269

NCamp. 2016. 37

Connection ManagementAndroid Supplement

NCamp. 2016. 38

Android Supplement» Do not use the autoConnect feature

» States can be stale - don't trust them too much

» Many undocumented status codes can occur - implement retry

» 'Restart Phone' is a valid problem solving approach

» Always close GATT after disconnect

NCamp. 2016. 39

RelaxationKitten #4 ▸

NCamp. 2016. 40

OperationIs the smoke normal?

NCamp. 2016. 41

Operation» All communication is async - but you cannot do two

things at once

» Chipsets sometimes limit GATT UUID formats

» Characteristic descriptors (read/write/indicate/notify/...) are frickle

» Reliable read / write operations aren't reliable

» Many problems might lead to inconsistent stack

NCamp. 2016. 42

Operation Proposals» Limit notification characteristics as much as

possible

» Implement 'heartbeat' for tracking connection loss

» Implement your own synchronization layer where necessary

NCamp. 2016. 43

Data QuantitiesHow much? Seriously?

NCamp. 2016. 44

Data Quantities» GATT is not intended for large transfer volumes

» 20 Bytes per characterisic

» 'Roll your own' complex implementation

» Don't try to transfer larger volumes!

» Data where integrity is important

» Firmware upgrades, control code, ...

NCamp. 2016. 45

Data Quantities Proposals“GATT services and characteristics are not always the right approach!”Anonymous

» Later changes are extremely expensive

» SPP (Serial Port Profile) alternative

» RS232 over Bluetooth - RX and TX

» Use-case based descision

NCamp. 2016. 46

RelaxationKitten #5 ▸

NCamp. 2016. 47

Survival TipsThe Art of staying alive

NCamp. 2016. 48

Do NotReally! Seriously!

» Commit to fixed timelines

» Guarantee functionality / device support

» Blindly estimate testing efforts

NCamp. 2016. 49

DoAt least try to

» Do Proof of concepts early

» Organize your mobile test devices (phones)

» Stick to core functionality

» Get your hands on real hardware (peripherals) asap

» Debug Frequently

» Log extensively

NCamp. 2016. 50

ToolsSpoon?

NCamp. 2016. 51

ToolsAndroid - nRF Connect App - HCI Snoop Protocol + WireShark

iOS - LightBlue Explorer App

Hardware - Bluefruit LE Sniffer3

3 https://www.adafruit.com/product/2269

NCamp. 2016. 52

Resources» Ask someone with experience▸▸ Really!

» O'Reilly - Getting Started with Bluetooth Low Energy▸▸ Good but very shallow

» Bluetooth.org + Core Specification▸▸ You'll have to even if you don't want to

NCamp. 2016. 53

Closing Thoughts

NCamp. 2016. 54

The ! is a lie!» Well, not completely

» The technology is there BUT it's often not as good as advertised

» Don't go off just using it for everything without having a plan

» Don't be overconfident

NCamp. 2016. 55

! You can and will get it to work! With enough time and compromises

NCamp. 2016. 56

Final relaxation kitten

NCamp. 2016. 57

Thank you

NCamp. 2016. 58