The broadcasting device sends an advertising packet, which contains a 31-byte payload that
includes information about the broadcasting device and also any additional custom informa-
tion. When 31 bytes is not enough to transmit the necessary information, BLE supports a
mechanism called scan response, which listening devices can use to request a second advertis-
ing frame that is also 31 bytes long, bringing the total to 62 bytes.
Note that the advertising packets used to broadcast do not contain any security mechanisms, so
sensitive information should not be sent during broadcast.To transmit data in both directions, devices need to establish a connection between a mas-
ter device and a slave device. The master device picks up advertising packets transmitted by the
slave and requests the slave to establish a permanent connection. A single device can act as a
master and slave at the same time. A slave device can connect to multiple master devices, and
a master device can connect to multiple slave devices.
BLE packets can be captured using a USB-based Ubertooth One device, along with the
Ubertooth suite of software tools that can be built using the build guide. These tools include a
spectrum analyzer (shown in Figure 2-4), which you should run immediately after purchasing
an Ubertooth One to make sure things are working correctly.
FIGURE 2-4. Ubertooth spectrum analyzer
The Ubertooth project also includes a tool called ubertooth-btle, which can be used to cap-
ture BLE traffic via the following command:
[bash]$ ubertooth-btle -f -c capture.capThe -f flag specifies that the tool should follow new BLE connections as they are estab-
lished, and the -c flag specifies the name of the file the captured data should be written to.
This file can be opened using the Wireshark network sniffer, as shown in Figure 2-5.
BLUETOOTH LOW ENERGY AND UNLOCKING VIA MOBILE APPS 47