;antonio-dj 4pda.ru/forum
COM2 115200
-----------------------------------------------------------------------------------------------
First byte - command
Second byte - data lenght
Next bytes - data
-----------------------------------------------------------------------------------------------
Commands:
11 - Reset?
12 - Get module info
13 - "GetLocalDeviceStatus"
14 - AT command ???
16 - Write name of device
17 - Set visibility
18 - Off ???
1C - Find devices "InquiryDevice"
1E - Request name of device
20 - Write PIN nF2301
21 - require a PIN
22 - Request to create a pair of "PairRemoteDevice" ?
23 - Request paired devices in memory
24 - Clear paired devices in memory
25 - Establish SLC Paired Device (SLC -Service Level Connection)
26 - Disconnect Paired Device
27 - ???
28 - ???
29 - "Answer" Receive a call
2A - "Reject"
2B - "Terminate"
2C - Dial number
2E - ReDial?
2F - VoiceDial?
30 - Select sound
31 - DTMF
32 - SetVolume (Not supported 82)
33 - MicVol (Not supported 82)
34 - ??? (Not supported 82)
35 - "EnhancedCallCtrl(int)"
38 - Redial?
3D - AVRCP Commands
3E - "CallHistoryDownload"
45 - "SendSMS"
4A - Transfer data ?
4E - "NFTest"?
4F - Mute
53 - "SetRingToneLevel"
54 - Request to contacts "GetPhoneBookDownLoad"?
57 - "VRState" (Not supported 82)
59 - "SetMicInput" (Not supported 82)
5A - "SetMicGain" (Not supported 82)
62 - "Set_3g_mode"
7F - "SandBoxCmd"
Statuses:
80 - Start init?
81 - Finish init?
82 - Info about device to paired (after 22...)
83 - Connection result?
84 - Call state
85 - State of sound destination?
89 - Detected incoming phone number
8D - BT signal power
8E - ?
8F - ?
90 - ?
93 - ??? Detected phone number
95 - State of A2DP ?
96 - Sound state or mic mute state ?
97 - State of BT connection
AC - Info about device to paired ?
B9 - End list of paired devices in memory
BB - Disconnecting BT ?
BE - ?
C6 - After start init, BUSY?
C7 - Out MUTE state ?
D1 - ?
D2 - ?
Errors:
81 - Command not perform
82 - Unknown command
83 - Uncorrect data or ?
89 - No Data (Command 23)
8B -
8E -
91 -
92 - already running ?
-----------------------------------------------------------------------------------------------
Tx: 11 01 01 - "PowerOn" Reset or init
After reset messages
Rx: C7 01 01 - Out MUTE state ?
Rx: 80 00 - Start init ?
Rx: C6 02 01 00 - State of ....?
Rx: 95 02 01 00 - State of A2DP ?
Rx: 97 02 01 00 - State of BT connection
Rx: 84 03 01 00 00 - State of call ?
Rx: 81 00 - Finish init ?
Tx: 12 00 - Request information about MMC "GetFWVersion"
Rx: 12 1D 00 00 17 53 44 43 C5 00 7A 00 09 4B 6F 27 11 04 30 30 30 30 08 4D 4D 43 20 32 31 39 30
xx : Return value 00 = Ok
00 17 53 44 43 C5 : MAC NF2301
00 7A 00 09 : CoD (Class of Device) http://bluetooth-pentest.narod.ru/software/bluetooth_class_of_device-service_generator.html and http://www.ampedrftech.com/guides/cod_definition.pdf
7A - Classes: Telephony (Cordless telephony, Modem, Headset service, ...),
Audio (Speaker, Microphone, Headset service, ...),
Object Transfer (v-Inbox, v-Folder, ...),
Capturing (Scanner, Microphone, ...),
Networking (LAN, Ad hoc, ...)
00 - Device Class: Miscellaneous
09 - Hands-free Device
4B 6F 27 11 : ?FW version? Core version? ("Ko'
04 : number of bytes PIN
30 30 30 30 : PIN
08 : number of bytes of name
4D 4D 43 20 32 31 39 30 : name (MMC 2190)
Tx: 13 00 - Request "GetLocalDeviceStatus"
Rx: 13 0D 00 02 03 00 00 0C 0C 01 01 01 01 01 00
00 : Return value 00 = Ok
02 : Power//Status 1 ?
03 : Visibility ?
00 : Status 3 Active call Sound Out to MMC (85)?
00 : Status 4 ?
0C : Volume (SetVolume 32)
0C : Status 6 volume?
01 : Call (HFP) State (84)
01 : A2DP Status (95)
01 : AVRCP State (97)
01 : Status 10 ?
01 : Status 11 ?
00 : Status 12 ?
Tx: 16 08 4D 4D 43 20 32 31 39 30 - Write name of device
08 : number of bytes
4D 4D 43 20 32 31 39 30 : name of device (MMC 2190)
Rx: 16 09 00 4D 4D 43 20 32 31 39 30 - Write name of device Ok
00 : Return value 00 = Ok
4D 4D 43 20 32 31 39 30 : name of device (MMC 2190)
Tx: 17 01 0x - Set visibility
00 : Invisible
02 : Only paired?
03 : visible to everyone?
Rx: 17 02 00 0x
xx : Return value 00 = Ok
Tx: 1C 03 00 1C 0A - Find devices "InquiryDevice"
xx xx - CoD filter or timeout/maxdevice settings?
1C 03 01 05 06 - Abort inquiry
Rx: 1C 0B 00 7C FA DF CA D9 E8 00 7A 02 0C - Device finded
00 : Return value 00 = Ok
7C FA DF CA D9 E8 : MAC
00 7A 02 0C : CoD (Class of Device)
Rx: 1C 0B 01 00 00 00 00 00 00 00 00 00 00 - Not found
Tx: 1E 06 7C FA DF CA D9 E8 - Request name of device
7C FA DF CA D9 E8 : MAC
Rx: 1E 16 00 7C FA DF CA D9 E8 0E 00 4C 00 6F 00 62 00 73 00 74 00 65 00 72 - Response
00 : Return value 00 = Ok
7C FA DF CA D9 E8 : MAC
0E : number of bytes of name
00 4C 00 6F 00 62 00 73 00 74 00 65 00 72 : name unicode UTF16-BE (Lobster)
Tx: 20 04 30 30 30 30 - Write PIN nF2301
04 : number of bytes
30 30 30 30 : PIN ASCII
Rx: 20 05 00 30 30 30 30
05 : number of bytes
00 : Return value 00 = Ok
30 30 30 30 : PIN
Tx: 21 01 01 - require a PIN
Rx: 21 01 00
Tx: 22 06 E6 68 46 AE C2 35 - Request to create a pair of "PairRemoteDevice" ?
E6 68 46 AE C2 35 : MAC
Rx: 22 01 00 - Request Ок
Tx: 23 00 - Request paired devices in memory
Rx: 23 1D 00 01 E6 68 46 AE C2 35 12 00 46 00 6C 00 79 00 20 00 49 00 51 00 34 00 34 00 31 00 00
00 : Return value 00 = Ok
01 : ? device index
E6 68 46 AE C2 35 : MAC
12 : number of bytes of name (18)
00 46 00 6C 00 79 00 20 00 49 00 51 00 34 00 34 00 31 : name unicode (Fly IQ441)
00 00 : ???
Rx: 23 01 89 - No devices in memory
Rx: B9 00 - End list of devices
Tx: 24 01 xx - Clear all paired devices in memory?
xx - dev index
FF - all
Rx: 24 02 00 01
00 : Return value 00 = Ok
01 : paired dev index
Tx: 25 02 0x 0x - connect
x : auto connect on/off
x : paired device index
Tx: 25 02 01 01 - Request to BT auto connection ?
Tx: 25 07 01 7C FA DF CA D9 E8 - "EstablishSLCPairedDeviceAt(MAC)" (SLC -Service Level Connection)
01 : On (00 - Off autoconnect) ???
7C FA DF CA D9 E8 : MAC
Rx: 25 01 xx - Response
00 : Return value 00 = Ok
83 : Error
Tx: 25 02 01 09 - connect dev SLC//Auto connection
Rx: 25 02 xx 09 - Response
00 : Return value 00 = Ok
92 : Error
Tx: 26