1Bluetooth: GAP Shell
2####################
3
4The GAP shell is the "main" shell of Bluetooth and handles connection management, scanning,
5advertising, and more.
6
7
8Identities
9**********
10
11Identities are a Zephyr host concept, allowing a single physical device to behave like multiple
12logical Bluetooth devices.
13
14The shell allows the creation of multiple identities, to a maximum that is set by the Kconfig symbol
15:kconfig:option:`CONFIG_BT_ID_MAX`. To create a new identity, use :code:`bt id-create` command. You
16can then use it by selecting it with its ID :code:`bt id-select <id>`. Finally, you can list all the
17available identities with :code:`id-show`.
18
19Scan for devices
20****************
21
22Start scanning by using the :code:`bt scan on` command. Depending on the environment you're in, you
23may see a lot of lines printed on the shell. To stop the scan, run :code:`bt scan off`, the
24scrolling should stop.
25
26Here is an example of what you can expect:
27
28.. code-block:: console
29
30        uart:~$ bt scan on
31        Bluetooth active scan enabled
32        [DEVICE]: CB:01:1A:2D:6E:AE (random), AD evt type 0, RSSI -78  C:1 S:1 D:0 SR:0 E:0 Prim: LE 1M, Secn: No packets, Interval: 0x0000 (0 us), SID: 0xff
33        [DEVICE]: 20:C2:EE:59:85:5B (random), AD evt type 3, RSSI -62  C:0 S:0 D:0 SR:0 E:0 Prim: LE 1M, Secn: No packets, Interval: 0x0000 (0 us), SID: 0xff
34        [DEVICE]: E3:72:76:87:2F:E8 (random), AD evt type 3, RSSI -74  C:0 S:0 D:0 SR:0 E:0 Prim: LE 1M, Secn: No packets, Interval: 0x0000 (0 us), SID: 0xff
35        [DEVICE]: 1E:19:25:8A:CB:84 (random), AD evt type 3, RSSI -67  C:0 S:0 D:0 SR:0 E:0 Prim: LE 1M, Secn: No packets, Interval: 0x0000 (0 us), SID: 0xff
36        [DEVICE]: 26:42:F3:D5:A0:86 (random), AD evt type 3, RSSI -73  C:0 S:0 D:0 SR:0 E:0 Prim: LE 1M, Secn: No packets, Interval: 0x0000 (0 us), SID: 0xff
37        [DEVICE]: 0C:61:D1:B9:5D:9E (random), AD evt type 3, RSSI -87  C:0 S:0 D:0 SR:0 E:0 Prim: LE 1M, Secn: No packets, Interval: 0x0000 (0 us), SID: 0xff
38        [DEVICE]: 20:C2:EE:59:85:5B (random), AD evt type 3, RSSI -66  C:0 S:0 D:0 SR:0 E:0 Prim: LE 1M, Secn: No packets, Interval: 0x0000 (0 us), SID: 0xff
39        [DEVICE]: 25:3F:7A:EE:0F:55 (random), AD evt type 3, RSSI -83  C:0 S:0 D:0 SR:0 E:0 Prim: LE 1M, Secn: No packets, Interval: 0x0000 (0 us), SID: 0xff
40        uart:~$ bt scan off
41        Scan successfully stopped
42
43As you can see, this can lead to a high number of results. To reduce that number and easily find a
44specific device, you can enable scan filters. There are four types of filters: by name, by RSSI, by
45address and by periodic advertising interval. To apply a filter, use the :code:`bt scan-set-filter`
46command followed by the type of filters. You can add multiple filters by using the commands again.
47
48For example, if you want to look only for devices with the name *test shell*:
49
50.. code-block:: console
51
52        uart:~$ bt scan-filter-set name "test shell"
53
54Or if you want to look for devices at a very close range:
55
56.. code-block:: console
57
58        uart:~$ bt scan-filter-set rssi -40
59        RSSI cutoff set at -40 dB
60
61Finally, if you want to remove all filters:
62
63.. code-block:: console
64
65        uart:~$ bt scan-filter-clear all
66
67You can use the command :code:`bt scan on` to create an *active* scanner, meaning that the scanner
68will ask the advertisers for more information by sending a *scan request* packet. Alternatively, you
69can create a *passive scanner* by using the :code:`bt scan passive` command, so the scanner will not
70ask the advertiser for more information.
71
72Connecting to a device
73**********************
74
75To connect to a device, you need to know its address and type of address and use the
76:code:`bt connect` command with the address and the type as arguments.
77
78Here is an example:
79
80.. code-block:: console
81
82        uart:~$ bt connect 52:84:F6:BD:CE:48 random
83        Connection pending
84        Connected: 52:84:F6:BD:CE:48 (random)
85        Remote LMP version 5.3 (0x0c) subversion 0xffff manufacturer 0x05f1
86        LE Features: 0x000000000001412f
87        LE PHY updated: TX PHY LE 2M, RX PHY LE 2M
88        LE conn  param req: int (0x0018, 0x0028) lat 0 to 42
89        LE conn param updated: int 0x0028 lat 0 to 42
90
91You can list the active connections of the shell using the :code:`bt connections` command. The shell
92maximum number of connections is defined by :kconfig:option:`CONFIG_BT_MAX_CONN`. You can disconnect
93from a connection with the
94:code:`bt disconnect <address: XX:XX:XX:XX:XX:XX> <type: (public|random)>` command.
95
96.. note::
97
98        If you were scanning just before, you can connect to the last scanned device by
99        simply running the :code:`bt connect` command.
100
101        Alternatively, you can use the :code:`bt connect-name <name>` command to automatically
102        enable scanning with a name filter and connect to the first match.
103
104Advertising
105***********
106
107Begin advertising by using the :code:`bt advertise on` command. This will use the default parameters
108and advertise a resolvable private address with the name of the device. You can choose to use the
109identity address instead by running the :code:`bt advertise on identity` command. To stop
110advertising use the :code:`bt advertise off` command.
111
112To enable more advanced features of advertising, you should create an advertiser using the
113:code:`bt adv-create` command. Parameters for the advertiser can be passed either at the creation of
114it or by using the :code:`bt adv-param` command. To begin advertising with this newly created
115advertiser, use the :code:`bt adv-start` command, and then the :code:`bt adv-stop` command to stop
116advertising.
117
118When using the custom advertisers, you can choose if it will be connectable or scannable. This leads
119to four options: :code:`conn-scan`, :code:`conn-nscan`, :code:`nconn-scan` and :code:`nconn-nscan`.
120Those parameters are mandatory when creating an advertiser or updating its parameters.
121
122For example, if you want to create a connectable and scannable advertiser and start it:
123
124.. code-block:: console
125
126        uart:~$ bt adv-create conn-scan
127        Created adv id: 0, adv: 0x200022f0
128        uart:~$ bt adv-start
129        Advertiser[0] 0x200022f0 set started
130
131You may notice that with this, the custom advertiser does not advertise the device name; you need to
132add it. Continuing from the previous example:
133
134.. code-block:: console
135
136        uart:~$ bt adv-stop
137        Advertiser set stopped
138        uart:~$ bt adv-data dev-name
139        uart:~$ bt adv-start
140        Advertiser[0] 0x200022f0 set started
141
142You should now see the name of the device in the advertising data. You can also set a custom name by
143using :code:`name <custom name>` instead of :code:`dev-name`. It is also possible to set the
144advertising data manually with the :code:`bt adv-data` command. The following example shows how
145to set the advertiser name with it using raw advertising data:
146
147.. code-block:: console
148
149        uart:~$ bt adv-create conn-scan
150        Created adv id: 0, adv: 0x20002348
151        uart:~$ bt adv-data 1009426C7565746F6F74682D5368656C6C
152        uart:~$ bt adv-start
153        Advertiser[0] 0x20002348 set started
154
155The data must be formatted according to the Bluetooth Core Specification (see version 5.3, vol. 3,
156part C, 11). In this example, the first octet is the size of the data (the data and one octet for
157the data type), the second one is the type of data, ``0x09`` is the Complete Local Name and the
158remaining data are the name in ASCII. So, on the other device you should see the name
159*Bluetooth-Shell*.
160
161When advertising, if others devices use an *active* scanner, you may receive *scan request* packets.
162To visualize those packets, you can add :code:`scan-reports` to the parameters of your advertiser.
163
164Directed Advertising
165====================
166
167It is possible to use directed advertising on the shell if you want to reconnect to a device. The
168following example demonstrates how to create a directed advertiser with the address specified right
169after the parameter :code:`directed`. The :code:`low` parameter indicates that we want to use the
170low duty cycle mode, and the :code:`dir-rpa` parameter is required if the remote device is
171privacy-enabled and supports address resolution of the target address in directed advertisement.
172
173.. code-block:: console
174
175        uart:~$ bt adv-create conn-scan directed D7:54:03:CE:F3:B4 random low dir-rpa
176        Created adv id: 0, adv: 0x20002348
177
178After that, you can start the advertiser and then the target device will be able to reconnect.
179
180Extended Advertising
181====================
182
183Let's now have a look at some extended advertising features. To enable extended advertising, use the
184``ext-adv`` parameter.
185
186.. code-block:: console
187
188        uart:~$ bt adv-create conn-nscan ext-adv name-ad
189        Created adv id: 0, adv: 0x200022f0
190        uart:~$ bt adv-start
191        Advertiser[0] 0x200022f0 set started
192
193This will create an extended advertiser, that is connectable and non-scannable.
194
195Encrypted Advertising Data
196==========================
197
198Zephyr has support for the Encrypted Advertising Data feature. The :code:`bt encrypted-ad`
199sub-commands allow managing the advertising data of a given advertiser.
200
201To encrypt the advertising data, key materials need to be provided, that can be done with :code:`bt
202encrypted-ad set-keys <session key> <init vector>`. The session key is 16 bytes long and the
203initialisation vector is 8 bytes long.
204
205You can add advertising data by using :code:`bt encrypted-ad add-ad` and :code:`bt encrypted-ad
206add-ead`. The former will take add one advertising data structure (as defined in the Core
207Specification), when the later will read the given data, encrypt them and then add the generated
208encrypted advertising data structure. It's possible to mix encrypted and non-encrypted data, when
209done adding advertising data, :code:`bt encrypted-ad commit-ad` can be used to apply the change to
210the data to the selected advertiser. After that the advertiser can be started as described
211previously. It's possible to clear the advertising data by using :code:`bt encrypted-ad clear-ad`.
212
213On the Central side, it's possible to decrypt the received encrypted advertising data by setting the
214correct keys material as described earlier and then enabling the decrypting of the data with
215:code:`bt encrypted-ad decrypt-scan on`.
216
217.. note::
218
219        To see the advertising data in the scan report :code:`bt scan-verbose-output` need to be
220        enabled.
221
222.. note::
223
224        It's possible to increase the length of the advertising data by increasing the value of
225        :kconfig:option:`CONFIG_BT_CTLR_ADV_DATA_LEN_MAX` and
226        :kconfig:option:`CONFIG_BT_CTLR_SCAN_DATA_LEN_MAX`.
227
228Here is a simple example demonstrating the usage of EAD:
229
230.. tabs::
231
232        .. group-tab:: Peripheral
233
234                .. code-block:: console
235
236                        uart:~$ bt init
237                        ...
238                        uart:~$ bt adv-create conn-nscan ext-adv
239                        Created adv id: 0, adv: 0x81769a0
240                        uart:~$ bt encrypted-ad set-keys 9ba22d3824efc70feb800c80294cba38 2e83f3d4d47695b6
241                        session key set to:
242                        00000000: 9b a2 2d 38 24 ef c7 0f  eb 80 0c 80 29 4c ba 38 |..-8$... ....)L.8|
243                        initialisation vector set to:
244                        00000000: 2e 83 f3 d4 d4 76 95 b6                          |.....v..         |
245                        uart:~$ bt encrypted-ad add-ad 06097368656C6C
246                        uart:~$ bt encrypted-ad add-ead 03ffdead03ffbeef
247                        uart:~$ bt encrypted-ad commit-ad
248                        Advertising data for Advertiser[0] 0x81769a0 updated.
249                        uart:~$ bt adv-start
250                        Advertiser[0] 0x81769a0 set started
251
252        .. group-tab:: Central
253
254                .. code-block:: console
255
256                        uart:~$ bt init
257                        ...
258                        uart:~$ bt scan-verbose-output on
259                        uart:~$ bt encrypted-ad set-keys 9ba22d3824efc70feb800c80294cba38 2e83f3d4d47695b6
260                        session key set to:
261                        00000000: 9b a2 2d 38 24 ef c7 0f  eb 80 0c 80 29 4c ba 38 |..-8$... ....)L.8|
262                        initialisation vector set to:
263                        00000000: 2e 83 f3 d4 d4 76 95 b6                          |.....v..         |
264                        uart:~$ bt encrypted-ad decrypt-scan on
265                        Received encrypted advertising data will now be decrypted using provided key materials.
266                        uart:~$ bt scan on
267                        Bluetooth active scan enabled
268                        [DEVICE]: 68:49:30:68:49:30 (random), AD evt type 5, RSSI -59   shell C:1 S:0 D:0 SR:0 E:1 Prim: LE 1M, Secn: LE 2M, Interval: 0x0000 (0 us), SID: 0x0
269                                [SCAN DATA START - EXT_ADV]
270                                Type 0x09:    shell
271                                Type 0x31: Encrypted Advertising Data: 0xe2, 0x17, 0xed, 0x04, 0xe7, 0x02, 0x1d, 0xc9, 0x40, 0x07, uart:~0x18, 0x90, 0x6c, 0x4b, 0xfe, 0x34, 0xad
272                                [START DECRYPTED DATA]
273                                Type 0xff: 0xde, 0xad
274                                Type 0xff: 0xbe, 0xef
275                                [END DECRYPTED DATA]
276                                [SCAN DATA END]
277                        ...
278
279Filter Accept List
280******************
281
282It's possible to create a list of allowed addresses that can be used to
283connect to those addresses automatically. Here is how to do it:
284
285.. code-block:: console
286
287        uart:~$ bt fal-add 47:38:76:EA:29:36 random
288        uart:~$ bt fal-add 66:C8:80:2A:05:73 random
289        uart:~$ bt fal-connect on
290
291The shell will then connect to the first available device. In the example, if both devices are
292advertising at the same time, we will connect to the first address added to the list.
293
294The Filter Accept List can also be used for scanning or advertising by using the option :code:`fal`.
295For example, if we want to scan for a bunch of selected addresses, we can set up a Filter Accept
296List:
297
298.. code-block:: console
299
300        uart:~$ bt fal-add 65:4B:9E:83:AF:73 random
301        uart:~$ bt fal-add 73:72:82:B4:8F:B9 random
302        uart:~$ bt fal-add 5D:85:50:1C:72:64 random
303        uart:~$ bt scan on fal
304
305You should see only those three addresses reported by the scanner.
306
307Enabling security
308*****************
309
310When connected to a device, you can enable multiple levels of security, here is the list for
311Bluetooth LE:
312
313* **1** No encryption and no authentication;
314* **2** Encryption and no authentication;
315* **3** Encryption and authentication;
316* **4** Bluetooth LE Secure Connection.
317
318To enable security, use the :code:`bt security <level>` command. For levels requiring authentication
319(level 3 and above), you must first set the authentication method. To do it, you can use the
320:code:`bt auth all` command. After that, when you will set the security level, you will be asked to
321confirm the passkey on both devices. On the shell side, do it with the command
322:code:`bt auth-passkey-confirm`.
323
324Pairing
325=======
326
327Enabling authentication requires the devices to be bondable. By default the shell is bondable. You
328can make the shell not bondable using :code:`bt bondable off`. You can list all the devices you are
329paired with using the command :code:`bt bonds`.
330
331The maximum number of paired devices is set using :kconfig:option:`CONFIG_BT_MAX_PAIRED`. You can
332remove a paired device using :code:`bt clear <address: XX:XX:XX:XX:XX:XX> <type: (public|random)>`
333or remove all paired devices with the command :code:`bt clear all`.
334