手机与蓝牙耳机配对失败笔记
来源:互联网 发布:台湾的网络直播平台17 编辑:程序博客网 时间:2024/04/29 17:00
安全简单配对(Secure Simple Pairing)采用了四个关联的模型,这四个模式是数字比较(Numeric Comparison),使用简单(Just Works),带外(Out Of Band),秘钥接入(Passkey Entry)。
蓝牙规范中的配对分为三种过程,分别是Bluetooth InBand, OOB Discovery only,OOB Discovery and Authentication。 OOB是out of band,即非蓝牙传输方式如NFC.
整个配对分四个步骤:
1.通过inquiry来搜索设备.
2.通过page建立蓝牙物理连接(ACL Link)
3.link key生成.
4.link key生成后,可通过三种方式进行鉴权:Numeric Compare(6位随机密码比较), Passkey Entry(一方显示数据,另一方输入密码),Just works(不鉴权,直接使用)
蓝牙规范中的配对分为三种过程,分别是Bluetooth InBand, OOB Discovery only,OOB Discovery and Authentication。 OOB是out of band,即非蓝牙传输方式如NFC.
整个配对分四个步骤:
1.通过inquiry来搜索设备.
2.通过page建立蓝牙物理连接(ACL Link)
3.link key生成.
4.link key生成后,可通过三种方式进行鉴权:Numeric Compare(6位随机密码比较), Passkey Entry(一方显示数据,另一方输入密码),Just works(不鉴权,直接使用)
蓝牙配对失败:
bt-btm : btm_simple_pair_complete() Pair State: 9 Status:5 sec_state: 1 //配对失败Log Status:5//鉴权失败
/* Pairing State */ system/bt/stack/btm/btm_int.h
enum{ BTM_PAIR_STATE_IDLE, /* Idle */ BTM_PAIR_STATE_GET_REM_NAME, /* Getting the remote name (to check for SM4) */ BTM_PAIR_STATE_WAIT_PIN_REQ, /* Started authentication, waiting for PIN req (PIN is pre-fetched) */ BTM_PAIR_STATE_WAIT_LOCAL_PIN, /* Waiting for local PIN code */ BTM_PAIR_STATE_WAIT_NUMERIC_CONFIRM, /* Waiting user 'yes' to numeric confirmation */ BTM_PAIR_STATE_KEY_ENTRY, /* Key entry state (we are a keyboard) */ BTM_PAIR_STATE_WAIT_LOCAL_OOB_RSP, /* Waiting for local response to peer OOB data */ BTM_PAIR_STATE_WAIT_LOCAL_IOCAPS, /* Waiting for local IO capabilities and OOB data */ BTM_PAIR_STATE_INCOMING_SSP, /* Incoming SSP (got peer IO caps when idle) */ BTM_PAIR_STATE_WAIT_AUTH_COMPLETE, /* All done, waiting authentication cpmplete */ BTM_PAIR_STATE_WAIT_DISCONNECT /* Waiting to disconnect the ACL */}; /*** Defentions for HCI Error Codes that are past in the events system/bt/stack/include/hcidefs.h*/#define HCI_ERR_AUTH_FAILURE 0x05 //鉴权失败
例:手机与蓝牙耳机HAVIT I11(00:0C:8A:48:43:EC)配对不上分析:点击扫描到的HAVIT I11耳机,无法连接,一直弹出框Couldn't communicate withHAVIT I11.
相关log:1963 2003 I bt_btm : BDA 00:0c:8a:48:43:ec1963 2003 I bt_btm : Inquire BDA 00:0c:8a:48:43:ec1963 2003 I bt_btm : BTM_InqDbRead: bd addr [000c8a4843ec]1963 2003 D bt_btm : btm_find_dev_type - device_type = 1 addr_type = 01963 2003 I bt_btm : btm_sec_rmt_name_request_complete1963 2003 D bt_btm : btm_acl_resubmit_page1963 2003 I bt_btm : Security Manager: rmt_name_complete PairState: 1 RemName: status: 4 State:0 p_dev_rec: 0xefc5e06c1963 2003 I bt_btm : btm_sec_rmt_name_request_complete() continue bonding sm4: 0x0000, status:0x41963 2003 W bt_btm : btm_sec_rmt_name_request_complete() Retrying RNR due to page timeout1963 2003 I bt_btm : BTM_ReadRemoteDeviceName: bd addr [000c8a4843ec]1963 2003 I bt_btm : no device found in inquiry db1963 2003 D bt_btm : btm_acl_paging discing:0, paging:0 BDA: 000c8a4843ec1963 2003 D bt_btm : connecting_bda: 000c8a4843ec1963 2003 I bt_btm : btm_find_or_alloc_dev1963 2003 I bt_btm : BDA 00:0c:8a:48:43:ec1963 2003 I bt_btm : Inquire BDA 00:0c:8a:48:43:ec1963 2003 I bt_btm : BTM_InqDbRead: bd addr [000c8a4843ec]1963 2003 D bt_btm : btm_find_dev_type - device_type = 1 addr_type = 01963 2003 I bt_btm : btm_sec_rmt_name_request_complete1963 2003 D bt_btm : btm_acl_resubmit_page1963 2003 I bt_btm : Security Manager: rmt_name_complete PairState: 1 RemName: status: 4 State:0 p_dev_rec: 0xefc5e06c1963 2003 I bt_btm : btm_sec_rmt_name_request_complete() continue bonding sm4: 0x0000, status:0x41963 2003 I bt_btm : btm_sec_rmt_name_request_complete() reset RNR retry count1963 2003 I bt_btm : btm_sec_change_pairing_state() Old: 11963 2003 I bt_btm : btm_sec_change_pairing_state() New: 0 pairing_flags:0x11963 2003 I bt_btm : BTM_InqDbRead: bd addr [000c8a4843ec]1963 2003 D bt_btm : btm_find_dev_type - device_type = 1 addr_type = 01963 2003 D bt_btif : btif_transfer_context event 3, len 2801963 2003 I bt_btm : BTM_IsAclConnectionUp: RemBdAddr: 000c8a4843ec1963 2003 D bt_btm : btm_sec_clear_ble_keys() Clearing BLE Keys1963 2003 I bt_btm : btm_ble_resolving_list_remove_dev1963 2003 D bt_btm : Device not in resolving list1963 2003 I bt_btm : BTM: BTM_DeleteStoredLinkKey: delete_all_flag: FALSE1963 2003 I bt_btif : BTA got event 0x1f021963 2003 E bt_btif : bta_gattc_mark_bg_conn unable to find the bg connection mask for: 00:0c:8a:48:43:ec1963 2003 I bt_btif : BTA got event 0x1f0c1963 2003 D bt_btif : bta_gattc_co_cache_reset()1963 1990 D bt_btif : btif task fetched event a0011963 1990 D bt_btif : btif_context_switched1963 1990 I bt_btif : btif_dm_upstreams_cback ev: BTA_DM_AUTH_CMPL_EVT1963 1990 D bt_btif : btif_dm_auth_cmpl_evt: bond state=11963 1990 D bt_btif : in, bd addr:00:0c:8a:48:43:ec, prop type:4, len:41963 1990 I bt_btif_dm: check_cod remote_cod = 0x00240404 cod = 0x000005801963 1990 D bt_btif : bond_state_changed: state=0, prev_state=1, sdp_attempts = 01963 1990 I bt_btif : HAL bt_hal_cbacks->bond_state_changed_cb1963 1990 I BluetoothBondStateMachine: bondStateChangeCallback: Status: 10 Address: 00:0C:8A:48:43:EC newState: 01963 1995 D BluetoothAdapterProperties: Failed to remove device: 00:0C:8A:48:43:ECsnoop log:获取remote_name超时:
frameworks/base/core/java/android/bluetooth/BluetoothDevice.java
public static final int BOND_NONE = 10; public static final int BOND_BONDING = 11; public static final int BOND_BONDED = 12;packages/apps/Bluetooth/src/com/android/bluetooth/btservice/BondStateMachine.java static final int BOND_STATE_NONE = 0; static final int BOND_STATE_BONDING = 1; static final int BOND_STATE_BONDED = 2; private void sendIntent(BluetoothDevice device, int newState, int reason) { DeviceProperties devProp = mRemoteDevices.getDeviceProperties(device); int oldState = BluetoothDevice.BOND_NONE; if (devProp != null) { oldState = devProp.getBondState(); } if (oldState == newState) return; mAdapterProperties.onBondStateChanged(device, newState); Intent intent = new Intent(BluetoothDevice.ACTION_BOND_STATE_CHANGED); intent.putExtra(BluetoothDevice.EXTRA_DEVICE, device); intent.putExtra(BluetoothDevice.EXTRA_BOND_STATE, newState); intent.putExtra(BluetoothDevice.EXTRA_PREVIOUS_BOND_STATE, oldState); if (newState == BluetoothDevice.BOND_NONE) intent.putExtra(BluetoothDevice.EXTRA_REASON, reason); mAdapterService.sendBroadcastAsUser(intent, UserHandle.ALL, AdapterService.BLUETOOTH_PERM); infoLog("Bond State Change Intent:" + device + " OldState: " + oldState + " NewState: " + newState); } void bondStateChangeCallback(int status, byte[] address, int newState) { BluetoothDevice device = mRemoteDevices.getDevice(address); if (device == null) { infoLog("No record of the device:" + device); // This device will be added as part of the BONDING_STATE_CHANGE intent processing // in sendIntent above device = mAdapter.getRemoteDevice(Utils.getAddressStringFromByte(address)); } infoLog("bondStateChangeCallback: Status: " + status + " Address: " + device + " newState: " + newState); Message msg = obtainMessage(BONDING_STATE_CHANGE); msg.obj = device; if (newState == BOND_STATE_BONDED) msg.arg1 = BluetoothDevice.BOND_BONDED; else if (newState == BOND_STATE_BONDING) msg.arg1 = BluetoothDevice.BOND_BONDING; else msg.arg1 = BluetoothDevice.BOND_NONE; msg.arg2 = status; sendMessage(msg); }system/bt/stack/btm/Btm_sec.c/*********************************************************************************** Function btm_sec_rmt_name_request_complete**** Description This function is called when remote name was obtained from** the peer device**** Returns void*********************************************************************************/void btm_sec_rmt_name_request_complete (UINT8 *p_bd_addr, UINT8 *p_bd_name, UINT8 status){ tBTM_SEC_DEV_REC *p_dev_rec; int i; DEV_CLASS dev_class; UINT8 old_sec_state; BTM_TRACE_EVENT ("btm_sec_rmt_name_request_complete"); if (((p_bd_addr == NULL) && !BTM_ACL_IS_CONNECTED(btm_cb.connecting_bda)) || ((p_bd_addr != NULL) && !BTM_ACL_IS_CONNECTED(p_bd_addr))) { btm_acl_resubmit_page(); } /* If remote name request failed, p_bd_addr is null and we need to search */ /* based on state assuming that we are doing 1 at a time */ if (p_bd_addr) p_dev_rec = btm_find_dev (p_bd_addr); else { p_dev_rec = &btm_cb.sec_dev_rec[0]; for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++) { if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) && (p_dev_rec->sec_state == BTM_SEC_STATE_GETTING_NAME)) { p_bd_addr = p_dev_rec->bd_addr; break; } } if (i == BTM_SEC_MAX_DEVICE_RECORDS) p_dev_rec = NULL; } /* Commenting out trace due to obf/compilation problems. */#if (BT_USE_TRACES == TRUE) if (!p_bd_name) p_bd_name = (UINT8 *)""; if (p_dev_rec) { BTM_TRACE_EVENT ("Security Manager: rmt_name_complete PairState: %s RemName: %s status: %d State:%d p_dev_rec: 0x%08x ", btm_pair_state_descr (btm_cb.pairing_state), p_bd_name, status, p_dev_rec->sec_state, p_dev_rec); } else { BTM_TRACE_EVENT ("Security Manager: rmt_name_complete PairState: %s RemName: %s status: %d", btm_pair_state_descr (btm_cb.pairing_state), p_bd_name, status); }#endif........................... /* Check if we were delaying bonding because name was not resolved */ if ( btm_cb.pairing_state == BTM_PAIR_STATE_GET_REM_NAME) { if (p_bd_addr && memcmp (btm_cb.pairing_bda, p_bd_addr, BD_ADDR_LEN) == 0) { BTM_TRACE_EVENT ("btm_sec_rmt_name_request_complete() continue bonding sm4: 0x%04x, status:0x%x", p_dev_rec->sm4, status); if(btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_CANCEL_DD) { btm_sec_bond_cancel_complete(); return; } /* Handle RNR with retry mechanism */ if((status == HCI_ERR_PAGE_TIMEOUT) && (p_dev_rec->rnr_retry_cnt < RNR_MAX_RETRY_ATTEMPTS)) { BTM_TRACE_WARNING ("btm_sec_rmt_name_request_complete() Retrying RNR due to page timeout"); if ((BTM_ReadRemoteDeviceName(p_bd_addr, NULL, BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED) { p_dev_rec->rnr_retry_cnt++; return; } } else { BTM_TRACE_EVENT ("btm_sec_rmt_name_request_complete() reset RNR retry count "); p_dev_rec->rnr_retry_cnt = 0; } if (status != HCI_SUCCESS) { btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); if (btm_cb.api.p_auth_complete_callback) (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, p_dev_rec->sec_bd_name, status); return; }................................. /* Remote Name succeeded, execute the next security procedure, if any */ status = (UINT8)btm_sec_execute_procedure (p_dev_rec); /* If result is pending reply from the user or from the device is pending */ if (status == BTM_CMD_STARTED) return; /* There is no next procedure or start of procedure failed, notify the waiting layer */ btm_sec_dev_rec_cback_event (p_dev_rec, status, FALSE);}Android 6.0蓝牙配对流程:参考此博客学习
http://blog.csdn.net/shichaog/article/details/52836804
0 0
- 手机与蓝牙耳机配对失败笔记
- NO.86 蓝牙耳机 Nokia BH320 使用说明 (开关机、与手机配对)
- 蓝牙耳机与手机相连
- 手机蓝牙配对,重新上传失败的文件,弹出抱歉,蓝牙已停止运行
- 手机找不到设备--蓝牙耳机
- IPhone4S与蓝牙耳机连接
- Android RecognizerIntent与蓝牙耳机
- 经由蓝牙适配器连接蓝牙耳机失败解决方法。
- Cubietruck---30.蓝牙耳机与有线耳机的切换
- Cubietruck---31.蓝牙耳机与有线耳机的声音输出
- 蓝牙耳机
- 蓝牙耳机
- 蓝牙耳机
- 蓝牙耳机
- 蓝牙耳机与电脑连接篇
- 蓝牙耳机与电脑连接使用
- 蓝牙配对
- 蓝牙配对
- LeetCode 33. Search in Rotated Sorted Array
- 编程练习
- 流媒体服务器的搭建
- 浅谈框架使用的好处和弊处
- 高性能Mysql主从架构的复制原理及配置详解
- 手机与蓝牙耳机配对失败笔记
- 基于dragonboard 410c的kobuki机器人简单控制——驱动安装
- java题目
- IDEA的十大快捷键
- 深入理解C++枚举类型enum
- Git操作详解
- 安卓ViewGroup的事件分发
- pandas实战
- c++中的异常处理