Search Flipkart

Friday, November 6, 2015

Bluetooth driver on WinCE (WEC7/WEC2013)

What is Bluetooth?

Bluetooth is a short-range and low power cable-replacement technology originally developed for exchanging data over short distances from fixed and mobile devices, creating personal area networks (PANs).

The word "Bluetooth" is taken from the 10th century Danish King Harald Blatand, he had been influential in uniting Scandinavian tribes(Denmark, southern Sweeden and southern Norway) into a single kingdom.
The Bluetooth logo is a bind rune merging the Younger Futhark runes Runic letter ior.svg (Hagall) (ᚼ) and Runic letter berkanan.svg (Bjarkan) (ᛒ), Harald's initials.

The Bluetooth specification was first developed in 1994 by Sven Mattison and Jaap Haartsen, who were working for Ericsson Mobile Platforms in Sweden.

5 companies (Ericsson, Nokia, IBM, Intel & Toshiba) joined to form the Bluetooth Special Interest Group (SIG) in 1998(now SIG has more than 25,000 member companies).

The IEEE standardized Bluetooth as IEEE 802.15.1, but no longer maintains the standard
Uses the short-wavelength radio waves from 2.4 to 2.485 GHz

It uses 79 designated Bluetooth channels(each channel has a bandwidth of 1 MHz).

Bluetooth 4.0 uses 2 MHz spacing, which accommodates 40 channels

History of Bluetooth

Bluetooth v1.0 and v1.0B:
• It had many problems and manufacturers had difficulty making their products interoperable.
• It also included mandatory Bluetooth hardware device address (BD_ADDR) transmission in the Connecting process, which was a major setback for certain services planned for use in Bluetooth environments.

Bluetooth v1.1:
• Ratified as IEEE Standard 802.15.1-2001
• Many errors found in the v1.0B specifications were fixed.
• Received Signal Strength Indicator (RSSI).
Bluetooth v1.2:
• Ratified as IEEE Standard 802.15.1–2005
• Improved resistance to radio frequency interference by avoiding the use of crowded frequencies in the hopping sequence.
• Higher transmission speeds in practice, up to 721 kbit/s.
• Host Controller Interface (HCI) operation with three-wire UART.
• Introduced Flow Control and Retransmission Modes for L2CAP.

Bluetooth v2.0 + EDR:
• This was released in 2004,for an Enhanced Data Rate (EDR) upto 3 Mbit/s, although the practical data transfer rate is 2.1 Mbit/s.
• EDR can provide a lower power consumption through a reduced duty cycle.
• Aside from EDR, the v2.0 specification contains other minor improvements.
Bluetooth v2.1 + EDR:
• This was adopted by the Bluetooth SIG on 26 July 2007.
• The headline feature of v2.1 is secure simple pairing (SSP).
• Version 2.1 allows various other improvements, including "Extended inquiry response" (EIR), which provides more information during the inquiry procedure to allow better filtering of devices before connection; and sniff subrating, which reduces the power consumption in low-power mode.
Bluetooth v3.0 + HS:
• This was adopted by the Bluetooth SIG on 21 April 2009.
• Bluetooth v3.0 + HS provides theoretical data transfer speeds of up to 24 Mbit/s, though not over the Bluetooth link itself. Instead, the Bluetooth link is used for negotiation and establishment, and the high data rate traffic is carried over a colocated 802.11 link.
• The main new feature is AMP (Alternative MAC/PHY), the addition of 802.11 as a high speed transport.

Bluetooth v4.0:
• This version 4.0 (called Bluetooth Smart) has been adopted on 30 June 2010.
• It includes Classic Bluetooth, Bluetooth high speed and Bluetooth low energy protocols. It provides more security in data transmission than the earlier version.
Bluetooth v4.1:
• The Bluetooth SIG announced formal adoption of the Bluetooth v4.1 specification on 4 December 2013.
• This specification is an incremental software update to Bluetooth Specification v4.0, and not a hardware update.
• These include increased co-existence support for LTE, bulk data exchange rates.
Bluetooth v4.2:
• Bluetooth v4.2 was released on December 2, 2014.
• It Introduces some key features for IoT. Some features, such as Data Length Extension, require a hardware update.

Bluetooth Architecture

(Bluetooth core system architecture)
Generic Access Profile(GAP)
• The Generic Access Profile (GAP) block represents the base functionality common to all Bluetooth devices such as modes and access procedures used by the transports, protocols and application profiles.
• GAP services include device discovery, connection modes, security, authentication, association models and service discovery.
Security Manager Protocol(SMP)
• The Security Manager Protocol (SMP) is the peer-to-peer protocol used to generate encryption keys and identity keys.
• This block is only used in LE systems.
• Similar functionality in the BR/EDR system is contained in the Link Manager block in the Controller.
• The protocol operates over a dedicated fixed L2CAP channel.
• The SMP block also manages storage of the encryption keys and identity keys and is responsible for generating random addresses.
Attribute Protocol(ATT)
• The Attribute Protocol (ATT) block implements the peer-to-peer protocol between an attribute server and an attribute client.
• The ATT client communicates with an ATT server on a remote device over a dedicated fixed L2CAP channel.
Service Discovery Protocol(SDP)
• The Service Discovery Protocol allows a device to discover services offered by other devices, and their associated parameters.
• Each service is identified by a Universally Unique Identifier (UUID), with official services (Bluetooth profiles) assigned a short form UUID (16 bits rather than the full 128).
Advanced Media Protocol(AMP)
• The AMP manager is a layer that uses L2CAP to communicate with a peer AMP Manager on a remote device.
• It is responsible for discovering remote AMP(s), determining their availability and information.
• This information is used to set up and manage AMP physical links.
• The AMP manager uses a dedicated L2CAP signaling channel to communicate with remote AMP manager(s).
Radio Frequency Communication(RFCOMM)
• The Bluetooth protocol RFCOMM is a simple set of transport protocols, made on top of the L2CAP protocol.
• RFCOMM is sometimes called serial port emulation.
• Enforces the security policy for dial-up networking and other services relying on a serial port.
Logical Link Control and Adaptation Protocol(L2CAP)
• Manages the creation and termination of virtual connections called channels with other devices.
• Negotiates and dictates security parameters for channel establishment.
• The Logical Link Control and Adaptation Protocol used to multiplex multiple logical connections between two devices. Provides segmentation and reassembly of on-air packets.
• In Retransmission and Flow Control modes, L2CAP can be configured either for isochronous data or reliable data per channel by performing retransmissions and CRC checks.
• There are two modes which effectively deprecate original Retransmission and Flow Control modes:
• Enhanced Retransmission Mode (ERTM): This mode is an improved version of the original retransmission mode. This mode provides a reliable L2CAP channel.
• Streaming Mode (SM): This is a very simple mode, with no retransmission or flow control. This mode provides an unreliable L2CAP channel.
Adopted Protocols:
Adopted protocols are defined by other standards-making organizations and incorporated into Bluetooth’s protocol stack, allowing Bluetooth to code protocols only when necessary.
Point-to-Point Protocol (PPP): Internet standard protocol for transporting IP datagrams over a point-to-point link.
TCP/IP/UDP: Foundation Protocols for TCP/IP protocol suite.
Object Exchange Protocol (OBEX): Session-layer protocol for the exchange of objects, providing a model for object and operation representation.
Wireless Application Environment/Wireless Application Protocol (WAE/WAP): WAE specifies an application framework for wireless devices and WAP is an open standard to provide mobile users access to telephony and information services.

Bluetooth Profiles

Advanced Audio Distribution Profile (A2DP):
  This profile defines how multimedia audio can be streamed from one device to another over a Bluetooth connection
Audio/Video Remote Control Profile (AVRCP):
  This profile is designed to provide a standard interface to control TVs, all of the A/V equipments to allow a single remote control
Basic Imaging Profile (BIP):
  This profile is designed for sending images between devices and includes the ability to resize, and convert images to make them suitable for the receiving device.
Basic Printing Profile (BPP):
  This allows devices to send text, e-mails, vCards, or other items to printers based on print jobs.
Cordless Telephony Profile (CTP):
  This is designed for cordless phones to work using Bluetooth.
Device ID Profile (DIP):
  It provides identification of the manufacturer, product id, product version, and the version of the Device
Dial-up Networking Profile (DUN):
  This profile provides a standard to access the Internet and other dial-up services over Bluetooth.
Fax Profile (FAX):
  This profile is intended to provide a well-defined interface between a mobile phone or fixed-line phone and a PC with Fax software installed.
File Transfer Profile (FTP):
  Provides the capability to browse, manipulate and transfer objects (files and folders) in an object store (file system) of another system.
Generic Audio/Video Distribution Profile (GAVDP):
  GAVDP provides the basis for A2DP and VDP, the basis of the systems designed for distributing video and audio streams using Bluetooth technology.
Generic Access Profile (GAP):
  Provides the basis for all other profiles. GAP defines how two Bluetooth units discover and establish a connection with each other.
Health Device Profile (HDP):
  Health Thermometer profile (HTP) and Heart Rate Profile (HRP) fall under this category as well.
Hands-Free Profile (HFP):
  This allow car hands-free kits to communicate with mobile phones in the car. It commonly uses Synchronous Connection Oriented link (SCO).
Human Interface Device Profile (HID):
  Provides support for devices such as mice, joysticks, keyboards, as well as sometimes providing support for simple buttons and indicators on other types of devices.
Headset Profile (HSP):
  This is the most commonly used profile, providing support for the popular Bluetooth headsets to be used with mobile phones.
LAN Access Profile (LAP):
  LAN Access profile makes it possible for a Bluetooth device to access LAN, WAN or Internet via another device that has a physical connection to the network.
Message Access Profile (MAP):
  Message Access Profile (MAP) specification allows exchange of messages between devices.
Object Push Profile (OPP):
  A basic profile for sending "objects" such as pictures, virtual business cards, or appointment details. It is called push because the transfers are always instigated by the sender (client), not the receiver (server).
Personal Area Networking Profile (PAN):
  This profile is intended to allow the use of Bluetooth Network Encapsulation Protocol on Layer 3 protocols for transport over a Bluetooth link.
Phone Book Access Profile (PBAP, PBA): 
  Phone Book Access (PBA) or Phone Book Access Profile (PBAP) is a profile that allows exchange of Phone Book Objects between devices.
Serial Port Profile(SPP):
  This profile emulates a serial cable to provide a simple substitute for existing RS-232, including the familiar control signals.

Pairing Process

During pairing, the two devices establish a relationship by creating a shared secret known as a link key. If both devices store the same link key, they are said to be paired or bonded.

Legacy pairing:
This is available in Bluetooth v2.0 and before. Each device must enter a PIN code; pairing is only successful if both devices enter the same PIN code. Any 16-byte UTF-8 string may be used as a PIN code; however, not all devices may be capable of entering all possible PIN codes.
Secure Simple Pairing (SSP):
This is required by Bluetooth v2.1, although a Bluetooth v2.1 device may only use legacy pairing to interoperate with a v2.0 or earlier device. Secure Simple Pairing uses a form of public key cryptography, and some types can help protect against man in the middle, or MITM attacks.

Bluetooth Network configurations

• Two or more Bluetooth units sharing the same channel.
• One device acts as a master and the devices connected to it act as slaves.
• Slaves can not directly send data to each other.
• In effect, the master acts as a switch for the piconet and all traffic must pass through the master.
• There can be up to 7 active slaves in a piconet but only one master.
• A set of two or more interconnected piconets form scatternets
• A Bluetooth unit can be a slave in two or more piconets, but it can be a master in only one.
• Bluetooth units can only transmit and receive data in one piconet at a time.
• Piconets may be identified by the master's identity and clock.

Security concerns

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field to another Bluetooth-enabled device via the OBEX protocol.
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection.This allows access to a calendar, contact list, emails and text messages, and on some phones, users can copy pictures and private videos. While Bluejacking is essentially harmless as it only transmits data to the target device, Bluesnarfing is the theft of information from the target device.
Bluebugging is a form of Bluetooth attack often caused by a lack of awareness,it allows hackers to remotely access a user's phone and use its features, including placing calls and sending text messages, and the user doesn't realize it's happening. 

Bluetooth architecture in WinCE

Host Controller Interface (HCI) Architecture

The HCI provides a command interface to the baseband controller and link manager, and access to configuration parameters. This interface provides a uniform method of accessing the Bluetooth baseband capabilities.
Using HCI, a BT application can access BT Hardware without knowledge of the transport layer or other hardware implementation details.
In systems where the higher layers are run on a host device’s processor and lower layers on a BT device, an interface is needed between the higher and lower layers.
The BT standard defines the HCI.

HCI Packet Types

The BT standard for the host controller interface defines the following:
1.  Command packets used by the host to control the module
2.  Event packets used by the module to inform the host of changes in the lower   layers
3.  Data packets to pass voice and data between host and module

HCI Command packets

The host to control the Bluetooth module and to monitor its status uses HCI commands.  Commands are transferred using HCI command packets
If a command can complete immediately, an HCI_Command_Complete is returned to indicate that the command has been dealt with.
If a command cannot complete immediately, an HCI_Command_Status event is returned immediately, and another event is returned later when the command has completed.
The Opcode parameter is divided into two fields, called the OpCode Group Field (OGF) and OpCode Command Field (OCF).
The OGF occupies the upper 6 bits of the Opcode, while the OCF occupies the remaining 10 bits.

HCI Data packets

HCI ACL Data Packets
HCI ACL Data Packets are used to exchange data between the Host and Controller.

HCI Synchronous Data Packets
HCI synchronous (SCO and eSCO) Data Packets are used to exchange synchronous data between the Host and Controller.

HCI Event packets

The HCI Event Packet is used by the Controller to notify the Host when events occur. The Host must be able to accept HCI Event Packets with up to 255 octets of data excluding the HCI Event Packet header.

HCI Commands - Example

Scanning sequence
HCI Command   : Inquiry (0x0401)
HCI Event     : Command Status (0x0F)
HCI Event     : Inquiry Result (0x02) or Extended Inquiry   Result(0x2F)   and/or Inquiry Result with RSSI (0x22)
HCI Event     : Inquiry Complete (0x01)
HCI Command   : Remote Name Request (0x0419)
HCI Event     : Command Status (0x0F)
HCI Event     : Remote Name Request Complete (0x07)

Pairing / Connection sequence
HCI Command   : Create Connection   (0x0405)
HCI Event     : Command Status   (0x0F)
HCI Event     : Connection Complete   (0x03)
HCI Command   : Read Clock Offset    (0x041F)
HCI Event     : Max Slots Change  (0x1B)
HCI Event     : Read Clock Offset Complete  (0x1C)
HCI Command   : Write Link Policy Settings (0x080D)
HCI Event     : Command Status   (0x0F)
HCI Command   : Read Remote Extended Features    (0x041C)
HCI Event     : Command Status   (0x0F)
HCI Event     : Read Remote Extended Features Complete (0x07)
HCI Command   : Authentication Requested  (0x0411)
HCI Event     : Command Complete   (0x0E)
HCI Event     : IO Capability Request  (0x31)
HCI Command   : IO Capability Request Reply  (0x042B)
HCI Event     : Command Complete   (0x0E)
HCI Event     : IO Capability Response  (0x32)
Will be followed by ACL/SCO data packets...

HCI Transport layer driver in WEC7

This is the only layer in WEC7 which can be modified.

WEC7 provides the HCI transport layer driver for generic bluetooth devices, (CSR BT dongle) though USB and UART.
For SDIO interface, the driver needs to be ported from WinCE6.0 to WEC7.
For non-generic modules such as Redpine 9113 BT module, HCI transport layer should be modified according to the module datasheet/Linux driver.

HCI Transport layer driver - Registry

   "Power"=dword:1                  ; Radio on by default
   "ScanMode"=dword:3               ; Radio is discoverable
   "DisableAutoSuspend"=dword:1     ; Allow suspend when connected

WEC7 Catalog items and SYSGEN variables

Bluetooth Stack with Universal Loadable Driver  SYSGEN_BTH
Bluetooth Settings  SYSGEN_BTH_SETTINGS
Bluetooth HS/HF and Audio Gateway Service  SYSGEN_BTH_AG
Bluetooth Profile Management APIs  SYSGEN_BTH_BTHUTIL
Bluetooth services  SYSGEN_BTH_BTHSSVC
Bluetooth utilities  SYSGEN_BTH_UTILS
Bluetooth audio  SYSGEN_BTH_AUDIO
Bluetooth modem  SYSGEN_BTH_MODEM

Bluetooth vs. Wi-Fi

•Bluetooth works at 2.4GHz frequency while Wi-Fi based networks work at 2.4, 3.6 and 5 GHz .
•Wi-Fi is intended as a replacement for high speed cabling for general local area network access in work areas(wireless local area networks (WLAN)).
•Bluetooth was intended for portable equipment and its applications(wireless personal area network (WPAN)).
•Wi-Fi is usually access point-centered, with an asymmetrical client-server connection with all traffic routed through the access point, while Bluetooth is usually symmetrical, between two Bluetooth devices.
•Wi-Fi Direct was recently developed to add a more Bluetooth-like ad-hoc functionality to Wi-Fi.

Advantages and Disadvantages

The Advantages of Bluetooth:
Widely Used: Companies are taking the benefit by using this in their new and future products to make life much easier for everyone.
Feature Simplicity: You do not need to know much about technology in order to run Bluetooth. Anyone that doesn't have no knowledge about the new technology can still be able to use the Bluetooth feature due to its simplicity and the ease of use.
Go Wireless!: It allows you to stay cord free and do not have to worry about finding the correct place to connect that extra long cord.
The Disadvantages of Bluetooth:
• Though the transfer speeds are impressive at around 25 Mbps, certain other technologies like Wi-Fi Direct can offer speeds up to 250 Mbps.
• Even though the security is good, it is even better on Wi-Fi Direct.
• The battery usage during a single transfer is negligible, but if the device is switched on for long, it will drain the battery.
• Shorter range when compared to WiFi

Note: This is a blog post extracted from a ppt that was prepared and presented by me and my team-mate in iWave Systems.

See ppt slides on Slideshare below:


Please leave your questions or suggestions as comments.
Thanks. :)