hcitool unable to set scan response data

Question

The issue is similar to Using hcitool to set ad packets, but instead of just sending AD data I'm also trying to set a scan response data with OCF 0x0009 (also hinted in one of the answers).

The problem is that I can either send just the AD data or nothing at all, no scan response data whatsoever. I am able to send the same ad + scan using an ESP32, but not with hci.

Here's the full list of commands (the Apple id is just a placeholder for now):

hciconfig hci0 up
hciconfig hci0 piscan
hciconfig hci0 leadv 0
hcitool -i hci0 cmd 0x08 0x0008 1F 02 01 06 1B FF 4C 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
hcitool -i hci0 cmd 0x08 0x0009 1F 1E FF 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02

I'm using my Raspberry Pi 4's built in bluetooth to send the packets and I'm using the BLE Scanner App on my phone to read them.

I was using leadv 3 for just the AD data and it was working fine, but scan response requires a connectable device, so I changed it to leadv 0

What am I missing here?

EDIT here's the result of sudo btmon while running the commands above: https://pastebin.com/B8GG91Wr

Answer 1

My recommendation is to not use hcitool at all as it's a deprecated command that is no longer supported and will be phased out in the future. Instead you should use the btmon command which should allow you to add scan responses in addition to advert response.

You can set a scan response via the btmgmt command as follows:-

sudo btmgmt add-adv -d 02010606084142434400 -s 080954657374204C45

Where the -d option is for setting the advert data, and the -s is for setting the scan response data. The full list of btmgmt add-adv options are:-

Usage: add-adv [options] <instance_id>

Options:
     -u, --uuid <uuid>         Service UUID
     -d, --adv-data <data>     Advertising Data bytes
     -s, --scan-rsp <data>     Scan Response Data bytes
     -t, --timeout <timeout>   Timeout in seconds
     -D, --duration <duration> Duration in seconds
     -P, --phy <phy>           Phy type, Specify 1M/2M/CODED
     -c, --connectable         "connectable" flag
     -g, --general-discov      "general-discoverable" flag
     -l, --limited-discov      "limited-discoverable" flag
     -n, --scan-rsp-local-name "local-name" flag
     -a, --scan-rsp-appearance "appearance" flag
     -m, --managed-flags       "managed-flags" flag
     -p, --tx-power            "tx-power" flag
e.g.:
    add-adv -u 180d -u 180f -d 080954657374204C45 1

BLE data in adverts is decoded as follows (based on the Assigned Numbers Document):-

1st byte = length (n bytes) 2nd byte = Types n-1 bytes = actual data

So the meaning of the advert data I added:-

• 02 Length (2 bytes)
• 01 Type (Flags)
• 06 Flag - 02 && 04 LE General Discoverable && BR/EDR Not supported
• 06 Length (6 bytes)
• 08 Type (Shortened Local Name)
• 4142434400 (ABCD)

And the meaning of the scan response data is:-

• 08 Length (8 bytes)
• 09 Type (Complete Local Name)
• 54657374204C45 (Test LE)

Some relevant links:-

• hcitool advert command not working
• btmgmt add adv not working
• Decoding BLE raw advertising data