$30 off During Our Annual Pro Sale. View Details »

TEPRA Lite ではじめる BLE リバースエンジニアリング / tepra-lite-ble-reverse-engineering

Takumi Sueda
September 26, 2021
9
5.6k

TEPRA Lite ではじめる BLE リバースエンジニアリング / tepra-lite-ble-reverse-engineering

第54回 情報科学若手の会 #wakate2021

Takumi Sueda

September 26, 2021
Tweet

More Decks by Takumi Sueda

See All by Takumi Sueda
AST as Black Magic
puhitaku
0
46
次世代の足下を舗装するコミュニティ
puhitaku
5
1.4k
電子辞書で学ぶ Linux のサスペンド
puhitaku
0
340
USB PD で迎える AC アダプター大統一時代
puhitaku
2
2.3k
電子辞書のアイデンティティを消す方法
puhitaku
3
3.4k
リセットとフリーズで解析する電子辞書リバエン記 / reverse-engineer-e-dictionaries-with-reset-and-freeze
puhitaku
2
5.7k
詳解・電子辞書で Linux がブートするまで / boot-linux-on-sharp-brain-explained
puhitaku
5
3.5k
MicroPython × BLE × テプラ 〜リバースエンジニアリングを添えて〜 /micropython-ble-tepra
puhitaku
1
630
勢いあるハックと勢いあるコミュニティの試行
puhitaku
0
830

Featured

See All Featured
What's in a price? How to price your products and services
michaelherold
236
10k
[RailsConf 2023] Rails as a piece of cake
palkan
17
3.2k
Optimizing for Happiness
mojombo
368
68k
Documentation Writing (for coders)
carmenintech
55
3.5k
Learning to Love Humans: Emotional Interface Design
aarron
265
39k
Adopting Sorbet at Scale
ufuk
66
8.2k
Ruby is Unlike a Banana
tanoku
93
10k
Scaling GitHub
holman
455
140k
Atom: Resistance is Futile
akmur
257
24k
Making Projects Easy
brettharned
105
5.2k
Designing Experiences People Love
moore
133
23k
A Tale of Four Properties
chriscoyier
150
22k

Transcript

  1. TEPRA Lite BLE
    54 #wakate
    2021
    @puhitaku

    View Slide

  2. Takumi Sueda @puhitaku




    NICT ( )




    HOMMA














    2014 2018


    2020

    Linux

    View Slide

  3. TEPRA
    3

    View Slide

  4. https://twitter.com/ejo
    090
    /status/
    425
    52
    334
    04
    306
    96
    448
    4

    View Slide

  5. https://twitter.com/okayan
    08
    /status/
    7
    972
    55
    664
    46
    460
    10
    89
    5

    View Slide

  6. https://twitter.com/okayan
    08
    /status/
    5
    658
    60
    495
    74
    418
    43
    22
    6

    View Slide

  7. 1000
    https://www.kingjim.co.jp/products/tepra/
    7

    View Slide

  8. 8

    View Slide

  9. :
    9

    View Slide

  10. https://www.kingjim.co.jp/products/tepra/sr
    37
    0
    .html
    10

    View Slide

  11. 100
    https://www.kingjim.co.jp/products/tepra/sr
    37
    0
    .html
    11

    View Slide




  12. 12

    View Slide

  13. https://www.kingjim.co.jp/products/brand/tepra-pro.html
    13

    View Slide

  14. OS 15,000
    https://www.kingjim.co.jp/products/brand/tepra-pro.html
    14

    View Slide

  15. 1




    15

    View Slide

  16. 1




    16

    View Slide

  17. TEPRA Lite LR
    30 

    TEPRA Lite LR
    30
    17

    View Slide

  18. TEPRA Lite LR
    30
    https://www.kingjim.co.jp/sp/lr
    3
    0
    /
    18

    View Slide

  19. TEPRA Lite LR
    30
    https://www.kingjim.co.jp/sp/lr
    3
    0
    /
    19

    View Slide

  20. TEPRA Lite LR
    30
    https://www.kingjim.co.jp/sp/lr
    3
    0
    /
    20

    View Slide

  21. TEPRA Lite LR
    30
    21

    View Slide

  22. TEPRA Lite LR
    30
    22

    View Slide

  23. TEPRA Lite LR
    30
    https://www.kingjim.co.jp/products/tepra/sr
    37
    0
    .html
    23

    View Slide

  24. TEPRA Lite LR
    30



    24

    View Slide

  25. TEPRA Lite LR
    30
    25

    View Slide

  26. TEPRA Lite LR
    30





    26

    View Slide

  27. TEPRA Lite BLE
    54 #wakate
    2021
    @puhitaku

    View Slide

  28. Bluetooth Low Energy (BLE)
    https://www.kingjim.co.jp/sp/lr
    3
    0
    /feature/index.html
    28

    View Slide

  29. 1
    . Android APK


    2
    . BLE sni
    ff
    er


    2
    BLE
    29
    Bluefruit LE Sni
    ff
    er
    https://www.switch-science.com/catalog/
    3
    34
    7
    /

    View Slide

  30. PC Bluetooth


    2


    Bluetooth


    Bluez Linux BT Python


    OS


    😇
    BLE PC
    30

    View Slide

  31. PC


    Bluetooth


    API




    MicroPython


    Wi-Fi BLE


    🥰
    BLE
    31
    ESPr® Developer
    32
    https://www.switch-science.com/catalog/
    3
    21
    0
    /

    View Slide

  32. 1
    .


    2
    . BLE Service Characteristic



    3
    .


    4
    .


    5
    . 2 4


    6
    . API


    7
    .
    32

    CC BY
    2
    .
    0
    https://www.
    fl
    ickr.com/photos/inucara/
    4
    809
    4
    81634

    View Slide

  33. 1.
    33

    View Slide

  34. 1. 34

    View Slide

  35. 1.
    Nordic

    Wireshark sni
    ff
    er Python
    2


    Apple Silicon Mac pyenv Python
    2
    .
    7
    .
    18


    pyenv PR


    macOS + Apple Silicon + pyenv


    Python
    3
    Bluefruit LE Sni
    ff
    er
    Python
    2
    Bluefruit LE Sni
    ff
    er macOS (Apple Silicon)
    35

    View Slide

  36. 2
    . BLE Service

    Characteristic
    36

    View Slide

  37. 2
    . GATT Service Characteristic
    ATT (ATTribute Protocol)

    512 Attribute Handle 2


    GATT (Generic ATTribute Protocol)

    Attribute Service
    Characteristic ATT


    Service


    Characteristic

    Service

    37
    ATT
    GATT
    Service Service
    Declaration Declaration
    Characteristic Characteristic
    Declaration
    Value
    Descriptor
    Declaration
    Value
    Descriptor
    Characteristic Characteristic

    View Slide

  38. 2
    . GATT Service Characteristic
    MicroPython


    Python


    (REPL)




    Bluetooth API


    bluetooth import


    BLE IRQ
    API


    gattc_discover_services
    Service discovery
    prop_write_without_response
    Characteristic
    MicroPython BLE
    38

    View Slide

  39. 2
    . GATT Service Characteristic
    0x180f Battery Service


    0x2a19 Battery Level Characteristic


    0xfff0 TEPRA Lite Service


    0xfff1 TEPRA Lite Char.

    Notify (RX)


    0xfff2 TEPRA Lite Char.

    Write Without Response (TX)
    Service Characteristic
    39
    Service Characteristic

    View Slide

  40. 2
    . GATT Service Characteristic
    0x180f Battery Service


    0x2a19 Battery Level Characteristic


    0xfff0 TEPRA Lite Service


    0xfff1 TEPRA Lite Char.

    Notify (RX)


    0xfff2 TEPRA Lite Char.

    Write Without Response (TX)
    Service Characteristic
    40
    Characteristic


    View Slide

  41. 3.

    41

    View Slide

  42. 3. 42

    View Slide

  43. 3. 43

    View Slide

  44. 3. 44
    0 5

    View Slide

  45. 3. 45
    f0 5c = 2


    00 03 00 00 00 00 00 00 = 1


    00 03 00 00 00 00 00 00 = 2

    View Slide

  46. 3. 46
    00 03 00 00 00 00 00 00
    2 Bytes (word)


    After
    00 00 00 00 00 00 00 03
    Before
    After

    View Slide

  47. 4.
    47

    View Slide

  48. 4.




    48

    View Slide

  49. 4.
    1
    49

    View Slide

  50. 6.

    API
    50

    View Slide

  51. 6. API 51
    0 5
    REST API
    zlib /prints POST

    View Slide

  52. 6. API 52
    0 5
    CLI
    Pillow QR

    View Slide

  53. 7.
    53

    View Slide

  54. 7.
    https://github.com/puhitaku/tepra-lite-esp32
    54
    GitHub

    View Slide

  55. 55

    View Slide


  56. API CLI
    56

    View Slide

  57. Bluetooth



    57
    Sni
    ff
    er API Bluetooth
    MicroPython

    View Slide

  58. 
 


    58

    View Slide

  59. View Slide