ESP32 iPhone Bluetooth, just a general question - ios

I'm writing some code (C++) for ESP32, to act as a BLE beacon. The problem is this: the iPhone doesn't send out its real MAC address, but does a random-generated MAC address, for security. The thing I'm confused about is how do you know if it's a device you've previously paired with?
So let's say I detect a new BLE MAC address, and looking at the manufacturer data I can determine it's an Apple device (first 2 bytes are "4C").
Now I need to know if I've previously paired with that device, so that I can allow the ESP32 to initiate an action (for simplicity let's just say turn on an LED). If that MAC address is in a list of known devices, then I can continue, and if not, I ignore it.
The problem is, if the iPhone is not giving up the real MAC address, the detected MAC address will never match anything. As this is a security situation I'm sure the algorithm for generating those MAC addresses is not known.
To be clear: this code is being written for the ESP32, not the iPhone.

It is in fact not possible to tell if a device has been previously seen, unless you pair and establish a bond with it. Once you pair with the device, long-term keys are exchanged and are used to quickly re-establish the connection.
This is by design. MAC addresses were originally unique, but this allowed tracking people and devices without their consent. You can read more about this in the following ESP-IDF guides:
GATT security server walkthrough
GATT security client walkthrough

So are you using esp32 as a beacon? This dose not involve any pairing or iOS MAC addresses. iOS will just be able to listen and the esp32 will not even know someone is "listening" to its broadcast.
Probably iOS application can store which services it is interested to hear to; may looks like pairing.. but it is a high level application managed technique and not any related to what BT standard calls pairing.

Related

Does BLE Data Transfer require pairing (pairless bt data transfer)

For a project of mine I need a pairless bluetooth data transfer. I have first thought about doing it with BLE IBeacons but they can only advertise a very limited amount of data. I looked further through the Apple documentation and found this tutorial about Central/ Peripheral
BLE data transfer. I've implemented the code in my project but even though the devices were very close together they could not "see" each other. I have since looked up on the Internet and could not find a hint about whether the devices need pairing or not and what the problem of mine could be(the code is not throwing any errors nor warnings).
If it does require pairing, is there some way to do that in the background without requiring the user to perform an action, so that I could theoretically advertise some kind of pair request via. IBeacons to then transfer the data? If that's not the case, is there even a way to transfer data (mono directional, round about 512 bytes) between nearby bluetooth devices without user actions?
greets from germany!
To get started with Bluetooth Low Energy or any other protocol, it's best to learn how it works. At least basics.
Simplifying. BLE allows you to send data:
"Passive" (without conncetion) - over Advertisement Data. The size of the packages depends on the BLE version.
"Active" (requires connection with the device) - bidrirectional comunication. In this case size of the data package also depends on the BLE version.
Bonding and pairing is a separate issues.
I suggested you look at the following book:
https://www.oreilly.com/library/view/getting-started-with/9781491900550/
The websites of BLE module manufacturers also offer a lot of information about this technology. For example Nordic or TI. Very often with sample programs for various platforms.
For iOS:
https://developer.apple.com/videos/play/wwdc2017/712/
https://developer.apple.com/bluetooth/
You may also be interested in sending more data without connection using version BLE 5.0
https://www.bluetooth.com/blog/exploring-bluetooth5-whats-new-in-advertising/

If my iOS app pairs with a device using Core Bluetooth, will other apps have access to the device?

From Android documentation:
Caution: When a user pairs their device with another device using BLE, the data that's communicated between the two devices is accessible to all apps on the user's device.
For this reason, if your app captures sensitive data, you should implement app-layer security to protect the privacy of that data.
Is this also true for iOS? I haven't found anything on it and I assumed because iOS doesn't show the true MAC addresses of devices this wouldn't be an issue, but just wanted to check. Thanks
Yes, iOS also works in a similar way. And if you want private communication, you also need to maintain app layer security. Thus android wear, galaxy watch, and other similar devices use encrypted communication in the app layer.
If you already know the details. BLE communication works via Gatt Characteristics.
Consider there are two health applications running on an iOS device and the user also using an activity tracker device. In that case if the user wants to connect both of the health apps with that tracker, he certainly can do it. Both apps will be able to communicate with the activity tracker and get sensor data using the CBCentral module. Look at the diagram for Details.
On the other hand, In general, vice versa will not possible. Because if both iOS apps use Peripheral Role they will register two different instances of BLE-Service even if using the same UUID. Thus it will force two apps to communicate with completely different characteristics instances. However, it is also possible to work with two peripheral apps with the same UUID but this is not what the BLE developers ever wanted.
you need to provide app level security based on Service UUID, so that devices having the app with only same service UUID can connect.

How does apple store app knows my in-store location?

I notice when I walk into local Apple Store (the real shop), the Apple Store app on my iPhone 5s will show a welcome from the exact store (e.g. Apple Store XX where XX is a store name). I assume this app recognizes my location somehow. This store (in China) is not equipped with iBeacon yet, and after turning off BlueTooth I can still see the greetings. I continued to shut down WiFi, and restarted this app, then location and greeting is gone. Note I didn't connect to the "Apple Store" WiFi hotspot for all tests, but it definitely indicates the WiFi is relevant with the location mechanism.
So my question is:
how can this app know I'm near to or within the physical store based on WiFi scanning?
Is it part of Core Location public API? (if yes, I should be able to do the same thing for any shop with a WiFi signal - please explain how to achieve this in details if you know).
Or instead, is Apple doing their own dirty job but rejecting others all over the world to do the same? By dirty job, I mean a mapping from SSID to the exact location while device is not connected to the WiFi.
Thanks, geeks.

Bluetooth Smart: is it sensible to choose a device based on its peripheral name

I have an application (Basically an Arduino) that I connect to from iOS (and might use Android in the future as well) using BLE. I reprogram the BLE hosts to a specific value so that the when I ask the peripherals name after it gets discovered in iOS can be accepted or rejected.
I'm however not sure that this is a good way to do. The name has a code that users can easily change to an other (always valid) code. That way if two modules are up and running at the same time, users will be sure that only the module they are linked to is the one they want to be linked to. This is a bit the same like connecting a mouse / keyboard of course using 'normal' bluetooth.

What is AWDL (Apple Wireless Direct Link) and how does it work?

I'm trying to find out what AWDL is. On iOS, if you use Apple's peer-to-peer networking over BlueTooth, it seems Apple creates a new Network Interface "awdl0" to implement (I guess) IP-over-BT.
But I can't find any docs on this tech, or this interface, how it behaves, things we must / must not do with it, etc. Google comes up blank :(.
In particular, I believe it means "established a BT connection, and I'm running an IP bridge over the top, and you can use this to communicate peer-to-peer". Apple's own system libraries have bugs where this bridge isn't setup quickly enough, and if you send data too soon, it appears to get dropped by the OS. So ... if I can query this awdl0, I hope to check "are you ready yet?" and delay P2P messages until the OS is happy.
UPDATE
More info: I can get pairs of iOS devices to create awdl0 connections to each other - but they never get created to OS X machines, whether BT and Bonjour are on or not, whether the devices are paired or not.
Some background:
In iOS5, Apple permanently disabled the Bluetooth parts of Bonjour/Peer-to-peer networking, and published a technote instructing everyone to use DNS-SD if they wanted to keep using Bluetooth as a transport between iOS devices. This is fine, but it means you must use DNS-SD if you want high-performance BT, and you want it reliable.
(GameKit sometimes works fine, but we often see terrible performance in real-world scenarios, e.g. crowded public places - which goes away if you use DNS-SD)
DNS-SD protocol doesn't include info to tell you what the hardware is using. But it does tell you the Network Interfaces (which is how I know we're running on awdl0)
DNS-SD is awesome, and we have high-speed, low latency connections peer-to-peer between iOS devices - all the stuff that GameKit promises but often fails to deliver whenever there's more than a few wifi/BT devices in range.
AWDL recently caught a lot of attention when it caused Wi-Fi issues in iOS 8 and OS X Yosemite devices.
What is AWDL?
AWDL (Apple Wireless Direct Link) is a low latency/high speed WiFi peer-to peer-connection Apple uses for everywhere you’d expect: AirDrop, GameKit (which also uses Bluetooth), AirPlay, and perhaps elsewhere. It works using its own dedicated network interface, typically “awdl0".
While some services, like Instant HotSpot, Bluetooth Tethering (of course), and GameKit advertise their services over Bluetooth SDP, Apple decided to advertise AirDrop over WiFi and inadvertently destroyed WiFi performance for millions of Yosemite and iOS 8 users.
How does AWDL work?
Since the iPhone 4, the iOS kernels have had multiple WiFi interfaces to 1 WiFi Broadcom hardware chip.
en0 — primary WiFi interface
ap1 — access point interface used for WiFi tethering
awdl0 — Apple Wireless Direct Link interface (since iOS 7?)
By having multiple interfaces, Apple is able to have your standard WiFi connection on en0, while still broadcasting, browsing, and resolving peer to peer connections on awdl0 (just not well).
You can find more info here and here.
I'd like to provide a more precise answer as to how the protocol works internally. I quote part of the abstract of this paper.
In short, each AWDL node announces a sequence of Availability Windows
(AWs) indicating its readiness to communicate with other AWDL nodes.
An elected master node synchronizes these sequences. Outside the AWs,
nodes can tune their Wi-Fi radio to a different channel to communicate
with an access point, or could turn it off to save energy.
From a user perspective, AWDL allows a device remain connected to an infrastructure-based Wi-Fi network and communicate with AWDL peers "at the same time" by quickly hopping between the channels of the two networks (AWDL uses fixed social channels 6, 44, and 149). In contrast to the previous answer, we found that current versions of AWDL work fairly well and channel hopping only induces a small overhead.
Disclaimer: I'm co-author of this paper and we retrieved this information by means of reverse engineering. If you are interested in the details, please read the paper and have a look at the Wireshark dissector (published soon).

Resources