1*43ef8082SDominic Spill /* -*- c -*- */ 2*43ef8082SDominic Spill /* 3*43ef8082SDominic Spill * Copyright 2007 - 2013 Dominic Spill, Michael Ossmann, Will Code 4*43ef8082SDominic Spill * 5*43ef8082SDominic Spill * This file is part of libbtbb 6*43ef8082SDominic Spill * 7*43ef8082SDominic Spill * This program is free software; you can redistribute it and/or modify 8*43ef8082SDominic Spill * it under the terms of the GNU General Public License as published by 9*43ef8082SDominic Spill * the Free Software Foundation; either version 2, or (at your option) 10*43ef8082SDominic Spill * any later version. 11*43ef8082SDominic Spill * 12*43ef8082SDominic Spill * This program is distributed in the hope that it will be useful, 13*43ef8082SDominic Spill * but WITHOUT ANY WARRANTY; without even the implied warranty of 14*43ef8082SDominic Spill * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15*43ef8082SDominic Spill * GNU General Public License for more details. 16*43ef8082SDominic Spill * 17*43ef8082SDominic Spill * You should have received a copy of the GNU General Public License 18*43ef8082SDominic Spill * along with libbtbb; see the file COPYING. If not, write to 19*43ef8082SDominic Spill * the Free Software Foundation, Inc., 51 Franklin Street, 20*43ef8082SDominic Spill * Boston, MA 02110-1301, USA. 21*43ef8082SDominic Spill */ 22*43ef8082SDominic Spill #ifndef INCLUDED_BTBB_H 23*43ef8082SDominic Spill #define INCLUDED_BTBB_H 24*43ef8082SDominic Spill 25*43ef8082SDominic Spill #include <stdint.h> 26*43ef8082SDominic Spill 27*43ef8082SDominic Spill #define BTBB_WHITENED 0 28*43ef8082SDominic Spill #define BTBB_NAP_VALID 1 29*43ef8082SDominic Spill #define BTBB_UAP_VALID 2 30*43ef8082SDominic Spill #define BTBB_LAP_VALID 3 31*43ef8082SDominic Spill #define BTBB_CLK6_VALID 4 32*43ef8082SDominic Spill #define BTBB_CLK27_VALID 5 33*43ef8082SDominic Spill #define BTBB_CRC_CORRECT 6 34*43ef8082SDominic Spill #define BTBB_HAS_PAYLOAD 7 35*43ef8082SDominic Spill #define BTBB_IS_EDR 8 36*43ef8082SDominic Spill 37*43ef8082SDominic Spill #define BTBB_HOP_REVERSAL_INIT 9 38*43ef8082SDominic Spill #define BTBB_GOT_FIRST_PACKET 10 39*43ef8082SDominic Spill #define BTBB_IS_AFH 11 40*43ef8082SDominic Spill #define BTBB_LOOKS_LIKE_AFH 12 41*43ef8082SDominic Spill #define BTBB_IS_ALIASED 13 42*43ef8082SDominic Spill #define BTBB_FOLLOWING 14 43*43ef8082SDominic Spill 44*43ef8082SDominic Spill /* Payload modulation */ 45*43ef8082SDominic Spill #define BTBB_MOD_UNKNOWN 0x00 46*43ef8082SDominic Spill #define BTBB_MOD_GFSK 0x01 47*43ef8082SDominic Spill #define BTBB_MOD_PI_OVER_2_DQPSK 0x02 48*43ef8082SDominic Spill #define BTBB_MOD_8DPSK 0x03 49*43ef8082SDominic Spill 50*43ef8082SDominic Spill /* Transport types */ 51*43ef8082SDominic Spill #define BTBB_TRANSPORT_ANY 0x00 52*43ef8082SDominic Spill #define BTBB_TRANSPORT_SCO 0x01 53*43ef8082SDominic Spill #define BTBB_TRANSPORT_ESCO 0x02 54*43ef8082SDominic Spill #define BTBB_TRANSPORT_ACL 0x03 55*43ef8082SDominic Spill #define BTBB_TRANSPORT_CSB 0x04 56*43ef8082SDominic Spill 57*43ef8082SDominic Spill #ifdef __cplusplus 58*43ef8082SDominic Spill extern "C" 59*43ef8082SDominic Spill { 60*43ef8082SDominic Spill #endif 61*43ef8082SDominic Spill 62*43ef8082SDominic Spill /* BT BR/EDR support */ 63*43ef8082SDominic Spill 64*43ef8082SDominic Spill typedef struct btbb_packet btbb_packet; 65*43ef8082SDominic Spill 66*43ef8082SDominic Spill /* Initialize the library. Compute the syndrome. Return 0 on success, 67*43ef8082SDominic Spill * negative on error. 68*43ef8082SDominic Spill * 69*43ef8082SDominic Spill * The library limits max_ac_errors to 5. Using a larger value will 70*43ef8082SDominic Spill * take up a lot of memory (several GB), without decoding many useful 71*43ef8082SDominic Spill * packets. Even a limit of 5 results in a syndrome table of several 72*43ef8082SDominic Spill * hundred MB and lots of noise. For embedded targets, a value of 2 is 73*43ef8082SDominic Spill * reasonable. */ 74*43ef8082SDominic Spill int btbb_init(int max_ac_errors); 75*43ef8082SDominic Spill 76*43ef8082SDominic Spill char *btbb_get_release(void); 77*43ef8082SDominic Spill char *btbb_get_version(void); 78*43ef8082SDominic Spill 79*43ef8082SDominic Spill btbb_packet *btbb_packet_new(void); 80*43ef8082SDominic Spill void btbb_packet_ref(btbb_packet *pkt); 81*43ef8082SDominic Spill void btbb_packet_unref(btbb_packet *pkt); 82*43ef8082SDominic Spill 83*43ef8082SDominic Spill /* Search for a packet with specified LAP (or LAP_ANY). The stream 84*43ef8082SDominic Spill * must be at least of length serch_length + 72. Limit to 85*43ef8082SDominic Spill * 'max_ac_errors' bit errors. 86*43ef8082SDominic Spill * 87*43ef8082SDominic Spill * Returns offset into 'stream' at which packet was found. If no 88*43ef8082SDominic Spill * packet was found, returns a negative number. If LAP_ANY was 89*43ef8082SDominic Spill * specified, fills lap. 'ac_errors' must be set as an input, replaced 90*43ef8082SDominic Spill * by actual number of errors on output. */ 91*43ef8082SDominic Spill int btbb_find_ac(char *stream, 92*43ef8082SDominic Spill int search_length, 93*43ef8082SDominic Spill uint32_t lap, 94*43ef8082SDominic Spill int max_ac_errors, 95*43ef8082SDominic Spill btbb_packet **pkt); 96*43ef8082SDominic Spill #define LAP_ANY 0xffffffffUL 97*43ef8082SDominic Spill #define UAP_ANY 0xff 98*43ef8082SDominic Spill 99*43ef8082SDominic Spill void btbb_packet_set_flag(btbb_packet *pkt, int flag, int val); 100*43ef8082SDominic Spill int btbb_packet_get_flag(const btbb_packet *pkt, int flag); 101*43ef8082SDominic Spill 102*43ef8082SDominic Spill uint32_t btbb_packet_get_lap(const btbb_packet *pkt); 103*43ef8082SDominic Spill void btbb_packet_set_uap(btbb_packet *pkt, uint8_t uap); 104*43ef8082SDominic Spill uint8_t btbb_packet_get_uap(const btbb_packet *pkt); 105*43ef8082SDominic Spill uint16_t btbb_packet_get_nap(const btbb_packet *pkt); 106*43ef8082SDominic Spill 107*43ef8082SDominic Spill void btbb_packet_set_modulation(btbb_packet *pkt, uint8_t modulation); 108*43ef8082SDominic Spill void btbb_packet_set_transport(btbb_packet *pkt, uint8_t transport); 109*43ef8082SDominic Spill uint8_t btbb_packet_get_modulation(const btbb_packet *pkt); 110*43ef8082SDominic Spill uint8_t btbb_packet_get_transport(const btbb_packet *pkt); 111*43ef8082SDominic Spill 112*43ef8082SDominic Spill uint8_t btbb_packet_get_channel(const btbb_packet *pkt); 113*43ef8082SDominic Spill uint8_t btbb_packet_get_ac_errors(const btbb_packet *pkt); 114*43ef8082SDominic Spill uint32_t btbb_packet_get_clkn(const btbb_packet *pkt); 115*43ef8082SDominic Spill uint32_t btbb_packet_get_header_packed(const btbb_packet* pkt); 116*43ef8082SDominic Spill 117*43ef8082SDominic Spill void btbb_packet_set_data(btbb_packet *pkt, 118*43ef8082SDominic Spill char *syms, // Symbol data 119*43ef8082SDominic Spill int length, // Number of symbols 120*43ef8082SDominic Spill uint8_t channel, // Bluetooth channel 0-79 121*43ef8082SDominic Spill uint32_t clkn); // 312.5us clock (CLK27-0) 122*43ef8082SDominic Spill 123*43ef8082SDominic Spill /* Get a pointer to packet symbols. */ 124*43ef8082SDominic Spill const char *btbb_get_symbols(const btbb_packet* pkt); 125*43ef8082SDominic Spill 126*43ef8082SDominic Spill int btbb_packet_get_payload_length(const btbb_packet* pkt); 127*43ef8082SDominic Spill 128*43ef8082SDominic Spill /* Get a pointer to payload. */ 129*43ef8082SDominic Spill const char *btbb_get_payload(const btbb_packet* pkt); 130*43ef8082SDominic Spill 131*43ef8082SDominic Spill /* Pack the payload in to bytes */ 132*43ef8082SDominic Spill int btbb_get_payload_packed(const btbb_packet* pkt, char *dst); 133*43ef8082SDominic Spill 134*43ef8082SDominic Spill uint8_t btbb_packet_get_type(const btbb_packet* pkt); 135*43ef8082SDominic Spill uint8_t btbb_packet_get_lt_addr(const btbb_packet* pkt); 136*43ef8082SDominic Spill uint8_t btbb_packet_get_header_flags(const btbb_packet* pkt); 137*43ef8082SDominic Spill uint8_t btbb_packet_get_hec(const btbb_packet *pkt); 138*43ef8082SDominic Spill 139*43ef8082SDominic Spill /* Generate Sync Word from an LAP */ 140*43ef8082SDominic Spill uint64_t btbb_gen_syncword(const int LAP); 141*43ef8082SDominic Spill 142*43ef8082SDominic Spill /* decode the packet header */ 143*43ef8082SDominic Spill int btbb_decode_header(btbb_packet* pkt); 144*43ef8082SDominic Spill 145*43ef8082SDominic Spill /* decode the packet header */ 146*43ef8082SDominic Spill int btbb_decode_payload(btbb_packet* pkt); 147*43ef8082SDominic Spill 148*43ef8082SDominic Spill /* print packet information */ 149*43ef8082SDominic Spill void btbb_print_packet(const btbb_packet* pkt); 150*43ef8082SDominic Spill 151*43ef8082SDominic Spill /* check to see if the packet has a header */ 152*43ef8082SDominic Spill int btbb_header_present(const btbb_packet* pkt); 153*43ef8082SDominic Spill 154*43ef8082SDominic Spill /* Packet queue (linked list) */ 155*43ef8082SDominic Spill typedef struct pkt_queue { 156*43ef8082SDominic Spill btbb_packet *pkt; 157*43ef8082SDominic Spill 158*43ef8082SDominic Spill struct pkt_queue *next; 159*43ef8082SDominic Spill 160*43ef8082SDominic Spill } pkt_queue; 161*43ef8082SDominic Spill 162*43ef8082SDominic Spill typedef struct btbb_piconet btbb_piconet; 163*43ef8082SDominic Spill 164*43ef8082SDominic Spill btbb_piconet *btbb_piconet_new(void); 165*43ef8082SDominic Spill void btbb_piconet_ref(btbb_piconet *pn); 166*43ef8082SDominic Spill void btbb_piconet_unref(btbb_piconet *pn); 167*43ef8082SDominic Spill 168*43ef8082SDominic Spill /* initialize the piconet struct */ 169*43ef8082SDominic Spill void btbb_init_piconet(btbb_piconet *pn, uint32_t lap); 170*43ef8082SDominic Spill 171*43ef8082SDominic Spill void btbb_piconet_set_uap(btbb_piconet *pn, uint8_t uap); 172*43ef8082SDominic Spill uint8_t btbb_piconet_get_uap(const btbb_piconet *pn); 173*43ef8082SDominic Spill uint32_t btbb_piconet_get_lap(const btbb_piconet *pn); 174*43ef8082SDominic Spill uint16_t btbb_piconet_get_nap(const btbb_piconet *pn); 175*43ef8082SDominic Spill uint64_t btbb_piconet_get_bdaddr(const btbb_piconet *pn); 176*43ef8082SDominic Spill 177*43ef8082SDominic Spill int btbb_piconet_get_clk_offset(const btbb_piconet *pn); 178*43ef8082SDominic Spill void btbb_piconet_set_clk_offset(btbb_piconet *pn, int clk_offset); 179*43ef8082SDominic Spill 180*43ef8082SDominic Spill void btbb_piconet_set_flag(btbb_piconet *pn, int flag, int val); 181*43ef8082SDominic Spill int btbb_piconet_get_flag(const btbb_piconet *pn, int flag); 182*43ef8082SDominic Spill 183*43ef8082SDominic Spill void btbb_piconet_set_channel_seen(btbb_piconet *pn, uint8_t channel); 184*43ef8082SDominic Spill void btbb_piconet_set_afh_map(btbb_piconet *pn, uint8_t *afh_map); 185*43ef8082SDominic Spill uint8_t *btbb_piconet_get_afh_map(btbb_piconet *pn); 186*43ef8082SDominic Spill 187*43ef8082SDominic Spill /* Extract as much information (LAP/UAP/CLK) as possible from received packet */ 188*43ef8082SDominic Spill int btbb_process_packet(btbb_packet *pkt, btbb_piconet *pn); 189*43ef8082SDominic Spill 190*43ef8082SDominic Spill /* use packet headers to determine UAP */ 191*43ef8082SDominic Spill int btbb_uap_from_header(btbb_packet *pkt, btbb_piconet *pn); 192*43ef8082SDominic Spill 193*43ef8082SDominic Spill /* Print hexadecimal representation of the derived AFH map */ 194*43ef8082SDominic Spill void btbb_print_afh_map(btbb_piconet *pn); 195*43ef8082SDominic Spill 196*43ef8082SDominic Spill /* decode a whole packet from the given piconet */ 197*43ef8082SDominic Spill int btbb_decode(btbb_packet* pkt, btbb_piconet *pn); 198*43ef8082SDominic Spill 199*43ef8082SDominic Spill 200*43ef8082SDominic Spill /* initialize the hop reversal process */ 201*43ef8082SDominic Spill /* returns number of initial candidates for CLK1-27 */ 202*43ef8082SDominic Spill int btbb_init_hop_reversal(int aliased, btbb_piconet *pn); 203*43ef8082SDominic Spill 204*43ef8082SDominic Spill /* narrow a list of candidate clock values based on all observed hops */ 205*43ef8082SDominic Spill int btbb_winnow(btbb_piconet *pn); 206*43ef8082SDominic Spill 207*43ef8082SDominic Spill int btbb_init_survey(void); 208*43ef8082SDominic Spill /* Destructively iterate over survey results - optionally remove elements */ 209*43ef8082SDominic Spill btbb_piconet *btbb_next_survey_result(void); 210*43ef8082SDominic Spill 211*43ef8082SDominic Spill typedef struct btbb_pcapng_handle btbb_pcapng_handle; 212*43ef8082SDominic Spill /* create a PCAPNG file for BREDR captures */ 213*43ef8082SDominic Spill int btbb_pcapng_create_file(const char *filename, const char *interface_desc, btbb_pcapng_handle ** ph); 214*43ef8082SDominic Spill /* save a BREDR packet to PCAPNG capture file */ 215*43ef8082SDominic Spill int btbb_pcapng_append_packet(btbb_pcapng_handle * h, const uint64_t ns, 216*43ef8082SDominic Spill const int8_t sigdbm, const int8_t noisedbm, 217*43ef8082SDominic Spill const uint32_t reflap, const uint8_t refuap, 218*43ef8082SDominic Spill const btbb_packet *pkt); 219*43ef8082SDominic Spill /* record a BDADDR to PCAPNG capture file */ 220*43ef8082SDominic Spill int btbb_pcapng_record_bdaddr(btbb_pcapng_handle * h, const uint64_t bdaddr, 221*43ef8082SDominic Spill const uint8_t uapmask, const uint8_t napvalid); 222*43ef8082SDominic Spill /* record BT CLOCK to PCAPNG capture file */ 223*43ef8082SDominic Spill int btbb_pcapng_record_btclock(btbb_pcapng_handle * h, const uint64_t bdaddr, 224*43ef8082SDominic Spill const uint64_t ns, const uint32_t clk, const uint32_t clkmask); 225*43ef8082SDominic Spill int btbb_pcapng_close(btbb_pcapng_handle * h); 226*43ef8082SDominic Spill 227*43ef8082SDominic Spill 228*43ef8082SDominic Spill /* BLE support */ 229*43ef8082SDominic Spill typedef struct lell_packet lell_packet; 230*43ef8082SDominic Spill /* decode and allocate LE packet */ 231*43ef8082SDominic Spill void lell_allocate_and_decode(const uint8_t *stream, uint16_t phys_channel, uint32_t clk100ns, lell_packet **pkt); 232*43ef8082SDominic Spill lell_packet *lell_packet_new(void); 233*43ef8082SDominic Spill void lell_packet_ref(lell_packet *pkt); 234*43ef8082SDominic Spill void lell_packet_unref(lell_packet *pkt); 235*43ef8082SDominic Spill uint32_t lell_get_access_address(const lell_packet *pkt); 236*43ef8082SDominic Spill unsigned lell_get_access_address_offenses(const lell_packet *pkt); 237*43ef8082SDominic Spill unsigned lell_packet_is_data(const lell_packet *pkt); 238*43ef8082SDominic Spill unsigned lell_get_channel_index(const lell_packet *pkt); 239*43ef8082SDominic Spill unsigned lell_get_channel_k(const lell_packet *pkt); 240*43ef8082SDominic Spill const char * lell_get_adv_type_str(const lell_packet *pkt); 241*43ef8082SDominic Spill void lell_print(const lell_packet *pkt); 242*43ef8082SDominic Spill 243*43ef8082SDominic Spill typedef struct lell_pcapng_handle lell_pcapng_handle; 244*43ef8082SDominic Spill /* create a PCAPNG file for LE captures */ 245*43ef8082SDominic Spill int lell_pcapng_create_file(const char *filename, const char *interface_desc, lell_pcapng_handle ** ph); 246*43ef8082SDominic Spill /* save an LE packet to PCAPNG capture file */ 247*43ef8082SDominic Spill int lell_pcapng_append_packet(lell_pcapng_handle * h, const uint64_t ns, 248*43ef8082SDominic Spill const int8_t sigdbm, const int8_t noisedbm, 249*43ef8082SDominic Spill const uint32_t refAA, const lell_packet *pkt); 250*43ef8082SDominic Spill /* record LE CONNECT_REQ parameters to PCAPNG capture file */ 251*43ef8082SDominic Spill int lell_pcapng_record_connect_req(lell_pcapng_handle * h, const uint64_t ns, const uint8_t * pdu); 252*43ef8082SDominic Spill int lell_pcapng_close(lell_pcapng_handle *h); 253*43ef8082SDominic Spill 254*43ef8082SDominic Spill 255*43ef8082SDominic Spill /* PCAP Support */ 256*43ef8082SDominic Spill #if (BTBB_PCAP_ENABLED) 257*43ef8082SDominic Spill typedef struct btbb_pcap_handle btbb_pcap_handle; 258*43ef8082SDominic Spill /* create a PCAP file for BREDR captures with LINKTYPE_BLUETOOTH_BREDR_BB */ 259*43ef8082SDominic Spill int btbb_pcap_create_file(const char *filename, btbb_pcap_handle ** ph); 260*43ef8082SDominic Spill /* write a BREDR packet to PCAP file */ 261*43ef8082SDominic Spill int btbb_pcap_append_packet(btbb_pcap_handle * h, const uint64_t ns, 262*43ef8082SDominic Spill const int8_t sigdbm, const int8_t noisedbm, 263*43ef8082SDominic Spill const uint32_t reflap, const uint8_t refuap, 264*43ef8082SDominic Spill const btbb_packet *pkt); 265*43ef8082SDominic Spill int btbb_pcap_close(btbb_pcap_handle * h); 266*43ef8082SDominic Spill 267*43ef8082SDominic Spill typedef struct lell_pcap_handle lell_pcap_handle; 268*43ef8082SDominic Spill /* create a PCAP file for LE captures using LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR */ 269*43ef8082SDominic Spill int lell_pcap_create_file(const char *filename, lell_pcap_handle ** ph); 270*43ef8082SDominic Spill /* create a PCAP file for LE captures using LINKTYPE_PPI */ 271*43ef8082SDominic Spill int lell_pcap_ppi_create_file(const char *filename, int btle_ppi_version, lell_pcap_handle ** ph); 272*43ef8082SDominic Spill /* save an LE packet to PCAP capture file */ 273*43ef8082SDominic Spill int lell_pcap_append_packet(lell_pcap_handle * h, const uint64_t ns, 274*43ef8082SDominic Spill const int8_t sigdbm, const int8_t noisedbm, 275*43ef8082SDominic Spill const uint32_t refAA, const lell_packet *pkt); 276*43ef8082SDominic Spill int lell_pcap_append_ppi_packet(lell_pcap_handle * h, const uint64_t ns, 277*43ef8082SDominic Spill const uint8_t clkn_high, 278*43ef8082SDominic Spill const int8_t rssi_min, const int8_t rssi_max, 279*43ef8082SDominic Spill const int8_t rssi_avg, const uint8_t rssi_count, 280*43ef8082SDominic Spill const lell_packet *pkt); 281*43ef8082SDominic Spill int lell_pcap_close(lell_pcap_handle *h); 282*43ef8082SDominic Spill #endif 283*43ef8082SDominic Spill 284*43ef8082SDominic Spill #ifdef __cplusplus 285*43ef8082SDominic Spill } // __cplusplus defined. 286*43ef8082SDominic Spill #endif 287*43ef8082SDominic Spill 288*43ef8082SDominic Spill #endif /* INCLUDED_BTBB_H */ 289