Part C. Sample Data
vAtlanta r00
This Part contains sample data for Bluetooth Low Energy. All sample data are provided for reference purpose only. They can be used to check the behavior of an implementation and avoid misunderstandings.
1. Encryption sample data
This section contains sample data for the Low Energy encryption process.
The following scenario describes the start of encryption, followed by the transfer of an encrypted data physical channel data packet in each direction. It describes:
how the derived values are calculated (fixed values are given in red)
which HCI command and events are exchanged (given in italic)
which LL messages are exchanged over the air (given in green).
Note
Note: CRCs are not shown because they depend on a random CRC init value. Scrambling is disabled.
The following parameters are set to the fixed values below:
LTK = 0x4C68384139F574D836BCF34E9DFB01BF (MSO to LSO) EDIV = 0x2474 (MSO to LSO) RAND = 0xABCDEF1234567890 (MSO to LSO) SKD_C = 0xACBDCEDFE0F10213 (MSO to LSO) SKD_P = 0x0213243546576879 (MSO to LSO) IV_C = 0xBADCAB24 (MSO to LSO) IV_P = 0xDEAFBABE (MSO to LSO) HCI_LE_Enable_Encryption (length 0x1C) – Central HCI command Pars (LSO to MSO) 00 08 90 78 56 34 12 ef cd ab 74 24 bf 01 fb 9d 4e f3 bc 36 d8 74 f5 39 41 38 68 4c Handle (2-octet value MSO to LSO) 0x0800 Random (8-octet value MSO to LSO) 0xabcdef1234567890 Encrypted Diversifier (2-octet value MSO to LSO) 0x2474 Long Term Key (16-octet value MSO to LSO) 0x4c68384139f574d836bcf34e9dfb01bf SKD_C (LSO to MSO) :0x13:0x02:0xF1:0xE0:0xDF:0xCE:0xBD:0xAC: IV_C (LSO to MSO) :0x24:0xAB:0xDC:0xBA LL_ENC_REQ 03 17 03 90 78 56 34 12 ef cd ab 74 24 13 02 f1 e0 df ce bd ac 24 ab dc ba Length 0x17 Control Type 0x03 Rand 90 78 56 34 12 ef cd ab EDIV 74 24 SKD_C 13 02 f1 e0 df ce bd ac IV_C 24 ab dc ba SKD_P (LSO to MSO) :0x79:0x68:0x57:0x46:0x35:0x24:0x13:0x02: IV_P (LSO to MSO) :0xBE:0xBA:0xAF:0xDE LL_ENC_RSP 0b 0d 04 79 68 57 46 35 24 13 02 be ba af de Length 0x0D Control Type 0x04 SKD_P 79 68 57 46 35 24 13 02 IV_P be ba af de IV = IV_P || IV_C IV (LSO to MSO) :0x24:0xAB:0xDC:0xBA:0xBE:0xBA:0xAF:0xDE HCI_Long_Term_Key_Request(length 0x0D) – Peripheral event Pars (LSO to MSO)05 01 08 90 78 56 34 12 ef cd ab 74 24 LE_Event_Code 0x05 Handle (2-octet value MSO to LSO) 0x0801 Random (8-octet value MSO to LSO) 0xabcdef1234567890 Encrypted Diversifier (2-octet value MSO to LSO) 0x2474 HCI_LE_Long_Term_Key_Request_Reply (length 0x12) – Peripheral command Pars (LSO to MSO) 01 08 bf 01 fb 9d 4e f3 bc 36 d8 74 f5 39 41 38 68 4c Handle (2-octet value MSO to LSO) 0x0801 Key (16-octet value MSO to LSO) 0x4C68384139F574D836BCF34E9DFB01BF SKD = SKD_P || SKD_C SKD (LSO to MSO) :0x13:0x02:0xF1:0xE0:0xDF:0xCE:0xBD:0xAC:0x79:0x68:0x57:0x46:0x35:0x24:0x13:0x02: SK = Encrypt(LTK, SKD) SK (LSO to MSO) :0x66:0xC6:0xC2:0x27:0x8E:0x3B:0x8E:0x05:0x3E:0x7E:0xA3:0x26:0x52:0x1B:0xAD:0x99: LL_START_ENC_REQ 07 01 05 Length 0x01 Control Type 0x05 LL_START_ENC_RSP1 0f 05 9f cd a7 f4 48 Length 0x05 Control Type Encrypted:0x9F Clear:0x06 MIC (32-bit value MSO to LSO) 0xCDA7F448 (Note: MICs are sent MSO first on the air) LL_START_ENC_RSP2 07 05 a3 4c 13 a4 15 Length 0x05S Control Type Encrypted:0xA3 Clear:0x06 MIC (32-bit value MSO to LSO) 0x4C13A415 HCI_ACL_Data packet Central's Host to Controller 00 08 1b 00 17 00 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 31 32 33 34 35 36 37 38 39 30 Handle (12-bit value MSO to LSO) 0x0800 Data Total Length (16-bit value MSO to LSO) 0x001B (27 dec) Data (LSO to MSO) 17 00 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 31 32 33 34 35 36 37 38 39 30 LL_DATA1 0e 1f 7a 70 d6 64 15 22 6d f2 6b 17 83 9a 06 04 05 59 6b d6 56 4f 79 6b 5b 9c e6 ff 32 f7 5a 6d 33 Length 0x1F (i.e. 27 + 4 = 31 dec) Data (LSO to MSO) Clear 17 00 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 31 32 33 34 35 36 37 38 39 30 Encrypted 7a 70 d6 64 15 22 6d f2 6b 17 83 9a 06 04 05 59 6b d6 56 4f 79 6b 5b 9c e6 ff 32 MIC (32-bit value MSO to LSO) 0xF75A6D33 HCI_ACL_Data_Packet Peripheral's Host to Controller 01 08 1b 00 17 00 37 36 35 34 33 32 31 30 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 Handle (12-bit value MSO to LSO) 0x0801 Data Total Length (16-bit value MSO to LSO) 0x001B (27 dec) Data (LSO to MSO) 17 00 37 36 35 34 33 32 31 30 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 LL_DATA2 06 1f f3 88 81 e7 bd 94 c9 c3 69 b9 a6 68 46 dd 47 86 aa 8c 39 ce 54 0d 0d ae 3a dc df 89 b9 60 88 Length 0x1F (i.e. 27 + 4 = 31 dec) Data (LSO to MSO) Clear 17 00 37 36 35 34 33 32 31 30 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 Encrypted f3 88 81 e7 bd 94 c9 c3 69 b9 a6 68 46 dd 47 86 aa 8c 39 ce 54 0d 0d ae 3a dc df MIC (32-bit value MSO to LSO) 0x89B96088
1.1. Encrypt Command
HCI_LE_Encrypt (length 0x20) – command Pars (LSO to MSO) bf 01 fb 9d 4e f3 bc 36 d8 74 f5 39 41 38 68 4c 13 02 f1 e0 df ce bd ac 79 68 57 46 35 24 13 02 Key (16-octet value MSO to LSO): 0x4C68384139F574D836BCF34E9DFB01BF Plaintext_Data (16-octet value MSO to LSO): 0x0213243546576879acbdcedfe0f10213 HCI_Command_Complete (length 0x14) – event Pars (LSO to MSO) 02 17 20 00 66 c6 c2 27 8e 3b 8e 05 3e 7e a3 26 52 1b ad 99 Num_HCI_Command_Packets: 0x02 Command_Opcode (2-octet value MSO to LSO): 0x2017 Status: 0x00 Encrypted_Data (16-octet value MSO to LSO): 0x99ad1b5226a37e3e058e3b8e27c2c666
1.2. Derivation of the MIC and encrypted data
All B/X/A/S values below follow the notation: LSbyte to MSbyte & msbit to lsbit.
IV = DEAFBABEBADCAB24 SK = 99AD1B5226A37E3E058E3B8E27C2C666 1.START_ENC_RSP1 (packet 0, Central → Peripheral) ---------------- B0 = 49000000008024ABDCBABEBAAFDE0001 B1 = 00010300000000000000000000000000 B2 = 06000000000000000000000000000000 X1 = 712eaaaae60603521d245e50786eefe4 X2 = debc43782a022675fca0aa6f0854f1ab X3 = 6399913fede5fa111bdb993bbfb9be06 => MIC = 6399913f A0 = 01000000008024ABDCBABEBAAFDE0000 A1 = 01000000008024ABDCBABEBAAFDE0001 S0 = ae3e6577f64a8f25408c9c10d53acf8e S1 = 99190d88f4aa1b60b97ecfe6f5fee777 So, encrypted packet payload = 9F encrypted MIC = CDA7F448 Which results in the following packet: LL_START_ENC_RSP1 - 0f 05 9f cd a7 f4 48 Length: 05 Control Type: Clear: 06 Encrypted: 9f MIC: CD A7 F4 48 2.START_ENC_RSP2 (packet 0, Peripheral → Central) ---------------- B0 = 49000000000024ABDCBABEBAAFDE0001 B1 = 00010300000000000000000000000000 B2 = 06000000000000000000000000000000 X1 = ddc86e3094f0c29cf341ef4c2c1e0088 X2 = fe960f5c93fba45a53959842ea8a0c0a X3 = db403db3a32f39156faf6a6b472e1010 => MIC = db403db3 A0 = 01000000000024ABDCBABEBAAFDE0000 A1 = 01000000000024ABDCBABEBAAFDE0001 S0 = 975399a66acdc39124886930d7bca95f S1 = a5add4127b2f43788ddc9cd86b0b89d2 So, encrypted packet payload = A3 encrypted MIC = 4c13a415 Which results in the following packet: LL_START_ENC_RSP2 07 05 a3 4c 13 a4 15 Length: 05 Control Type: Clear: 06 Encrypted: A3 MIC: 4c 13 a4 15 3. Data packet1 (packet 1, Central → Peripheral) --------------- B0 = 49010000008024ABDCBABEBAAFDE001B B1 = 00010200000000000000000000000000 B2 = 1700636465666768696A6B6C6D6E6F70 B3 = 71313233343536373839300000000000 X1 = 7c688612996de101f3eacb68b443969c X2 = e3f1ef5c30161c0a9ec07274a0757fc8 X3 = e7e346f5b7c8a6072890a60dcf4ec20a X4 = 3db113320b182f9fed635db14cac2df0 => MIC = 3db11332 A0 = 01010000008024ABDCBABEBAAFDE0000 A1 = 01010000008024ABDCBABEBAAFDE0001 A2 = 01010000008024ABDCBABEBAAFDE0002 S0 = caeb7e017296dd2fa9a2ce789179501a S1 = 6d70b50070440a9a027de8f66b6a6a29 S2 = 1ae7647c4d5e6dabdec602404c302341 So, encrypted packet payload = 7A70D66415226DF26B17839A060405596BD6564F796B5B9CE6FF32 encrypted MIC = F75A6D33 which results in the following packet: LL_DATA1 0E 1F 7A 70 D6 64 15 22 6D F2 6B 17 83 9A 06 04 05 59 6B D6 56 4F 79 6B 5B 9C E6 FF 32 F7 5A 6D 33 Length: 1F Data: Clear: 17 00 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 31 32 33 34 35 36 37 38 39 30 Encrypted: 7A 70 D6 64 15 22 6D F2 6B 17 83 9A 06 04 05 59 6B D6 56 4F 79 6B 5B 9C E6 FF 32 MIC: F7 5A 6D 33 4. Data packet2 (packet 1, Peripheral → Central) --------------- B0 = 49010000000024ABDCBABEBAAFDE001B B1 = 00010200000000000000000000000000 B2 = 17003736353433323130414243444546 B3 = 4748494A4B4C4D4E4F50510000000000 X1 = 714234d50d6f1da5663be3e78460ad87 X2 = 96df1d97959e6176ac215c7baf90c674 X3 = 6cc52c3dcecdc2fa81eb347887960673 X4 = a776a26be617366496c391e36f6374a1 => MIC = a776a26b A0 = 01010000000024ABDCBABEBAAFDE0000 A1 = 01010000000024ABDCBABEBAAFDE0001 A2 = 01010000000024ABDCBABEBAAFDE0002 S0 = 2ecfc2e31e01875653c0f306fc7bfb96 S1 = e488b6d188a0faf15889e72a059902c0 S2 = edc470841f4140e0758c8e8f708399bd So, encrypted packet payload = F38881E7BD94C9C369B9A66846DD4786AA8C39CE540D0DAE3ADCDF encrypted MIC = 89B96088 Which results in the following packet: LL_DATA2 06 1F F3 88 81 E7 BD 94 C9 C3 69 B9 A6 68 46 DD 47 86 AA 8C 39 CE 54 0D 0D AE 3A DC DF 89 B9 60 88 Length: 1F Data: Clear: 17 00 37 36 35 34 33 32 31 30 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 Encrypted: F3 88 81 E7 BD 94 C9 C3 69 B9 A6 68 46 DD 47 86 AA 8C 39 CE 54 0D 0D AE 3A DC DF MIC: 89 B9 60 88
2. LE Coded PHY sample data
Whenever bits are specified, they are in transmission order irrespective of spacing.
2.1. Reference information packet
The reference packet is described as bytes in transmission order (the leftmost byte in a line is transmitted first). Inside a byte, bits are transmitted LSB first.
Access address: D6 BE 89 8E PDU: 00 03 42 4C 45 CRC: 29 0A CE
2.2. Forward Error Correction encoder
This data shows the bits input to and output by the FEC encoder and its internal state.
The encoder state is expressed in octal notation where the LSB represents the rightmost bit store in Figure 3.6 of [Vol 6] Part B, Section 3.3.1. The state specified is that after the bits are output and the shift operations have taken place.
Access address Input: 0 1 1 0 1 0 1 1 0 1 1 1 1 1 0 1 1 0 0 1 0 0 0 1 0 1 1 1 0 0 0 1 State: 0 4 6 3 5 2 5 6 3 5 6 7 7 7 3 5 6 3 1 4 2 1 0 4 2 5 6 7 3 1 0 4 Output: 0 0 1 1 0 1 0 1 1 1 0 1 0 0 1 0 0 1 1 1 1 0 1 0 0 1 0 1 1 0 1 1 1 0 0 1 0 0 0 0 1 0 1 1 1 1 1 1 1 0 0 0 1 0 1 0 1 0 0 0 1 1 1 1 CI If S=2 If S=8 Input: 1 0 0 0 State: 6 3 2 1 Output: 0 1 0 1 1 0 1 1 TERM1 If S=2 If S=8 Input: 0 0 0 0 0 0 State: 1 0 0 0 0 0 Output: 0 0 1 1 0 0 1 1 0 0 0 0 PDU Input: 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 1 1 0 0 1 0 1 0 1 0 0 0 1 0 State: 0 0 0 0 0 0 0 0 4 6 3 1 0 0 0 0 0 4 2 1 0 0 4 2 1 0 4 6 3 1 4 2 5 2 5 2 1 0 4 2 Output: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 0 1 0 0 1 1 0 0 0 0 0 0 0 0 1 1 1 0 1 1 1 1 0 0 1 1 1 0 1 1 1 1 1 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 1 1 1 1 1 1 1 1 0 CRC Input: 1 0 0 1 0 1 0 0 0 1 0 1 0 0 0 0 0 1 1 1 0 0 1 1 State: 5 2 1 4 2 5 2 1 0 4 2 5 2 1 0 0 0 4 6 7 3 1 4 6 Output: 0 0 0 1 1 1 0 0 1 0 0 0 0 1 1 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 0 1 1 0 1 0 0 0 0 0 0 1 TERM2 Input: 0 0 0 State: 3 1 0 Output: 0 1 0 0 1 1
2.3. Transmitted symbols (S=2)
Preamble 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 Access Address 0011 0011 1100 1100 0011 1100 0011 1100 1100 1100 0011 1100 0011 0011 1100 0011 0011 1100 1100 1100 1100 0011 1100 0011 0011 1100 0011 1100 1100 0011 1100 1100 1100 0011 0011 1100 0011 0011 0011 0011 1100 0011 1100 1100 1100 1100 1100 1100 1100 0011 0011 0011 1100 0011 1100 0011 1100 0011 0011 0011 1100 1100 1100 1100 CI 0011 1100 0011 1100 TERM1 0011 0011 1100 1100 0011 0011 PDU 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 0 1 0 0 1 1 0 0 0 0 0 0 0 0 1 1 1 0 1 1 1 1 0 0 1 1 1 0 1 1 1 1 1 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 1 1 1 1 1 1 1 1 0 CRC 0 0 0 1 1 1 0 0 1 0 0 0 0 1 1 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 0 1 1 0 1 0 0 0 0 0 0 1 TERM2 0 1 0 0 1 1
Total Packet Duration 510 µs
2.4. Transmitted symbols (S=8)
Preamble 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 0011 1100 Access Address 0011 0011 1100 1100 0011 1100 0011 1100 1100 1100 0011 1100 0011 0011 1100 0011 0011 1100 1100 1100 1100 0011 1100 0011 0011 1100 0011 1100 1100 0011 1100 1100 1100 0011 0011 1100 0011 0011 0011 0011 1100 0011 1100 1100 1100 1100 1100 1100 1100 0011 0011 0011 1100 0011 1100 0011 1100 0011 0011 0011 1100 1100 1100 1100 CI 1100 0011 1100 1100 TERM1 1100 1100 0011 0011 0011 0011 PDU 0011 0011 0011 0011 0011 0011 0011 0011 0011 0011 0011 0011 0011 0011 0011 0011 1100 1100 0011 1100 0011 1100 0011 0011 1100 1100 0011 0011 0011 0011 0011 0011 0011 0011 1100 1100 1100 0011 1100 1100 1100 1100 0011 0011 1100 1100 1100 0011 1100 1100 1100 1100 1100 1100 0011 1100 0011 1100 0011 0011 0011 0011 1100 0011 0011 0011 0011 1100 0011 0011 0011 1100 1100 1100 1100 1100 1100 1100 1100 0011 CRC 0011 0011 0011 1100 1100 1100 0011 0011 1100 0011 0011 0011 0011 1100 1100 1100 1100 1100 1100 1100 1100 0011 0011 0011 0011 1100 1100 1100 1100 1100 0011 0011 0011 0011 1100 1100 0011 1100 1100 0011 1100 0011 0011 0011 0011 0011 0011 1100 TERM2 0011 1100 0011 0011 1100 1100
Total Packet Duration 912 µs
3. LE Channel Selection algorithm #2 sample data
This section contains two sets of sample data with different channel maps for the LE Channel Selection Algorithm #2.
The test access address is 0x8E89BED6, meaning the channelIdentifier is 0x305F.
3.1. Sample data 1 (37 used channels)
Channel map [36:0] = 0b11111_11111111_11111111_11111111_11111111.
The minimum channel distance d = 11.
Event Counter | 0 | 1 | 2 | 3 | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ACL or Periodic advertising event / CIS or BIS subevent 1 | prn_e | 56857 | 1685 | 38301 | 27475 | ||||||||||||||||||||||||||||||||||||||||||||
unmappedChannel | 25 | 20 | 6 | 21 | |||||||||||||||||||||||||||||||||||||||||||||
mappedChannel [1] | 25 | 20 | 6 | 21 | |||||||||||||||||||||||||||||||||||||||||||||
Subevent 2 | remappingIndexOfLastUsedChannel | 25 | 20 | 6 | 21 | ||||||||||||||||||||||||||||||||||||||||||||
prnSubEvent_se | 11710 | 20925 | 6541 | 40400 | |||||||||||||||||||||||||||||||||||||||||||||
subEventIndex | 1 | 36 | 18 | 4 | |||||||||||||||||||||||||||||||||||||||||||||
mappedSubEventChannel [1] | 1 | 36 | 18 | 4 | |||||||||||||||||||||||||||||||||||||||||||||
Subevent 3 | prnSubEvent_se | 16649 | 11081 | 14597 | 30015 | ||||||||||||||||||||||||||||||||||||||||||||
subEventIndex | 16 | 12 | 32 | 22 | |||||||||||||||||||||||||||||||||||||||||||||
mappedSubEventChannel [1] | 16 | 12 | 32 | 22 | |||||||||||||||||||||||||||||||||||||||||||||
Subevent 4 | prnSubEvent_se | 38198 | 48920 | 62982 | 49818 | ||||||||||||||||||||||||||||||||||||||||||||
subEventIndex | 36 | 34 | 21 | 8 | |||||||||||||||||||||||||||||||||||||||||||||
mappedSubEventChannel [1] | 36 | 34 | 21 | 8 | |||||||||||||||||||||||||||||||||||||||||||||
[1] These values are the general purpose channel indices actually used for transmitting and receiving the relevant event or subevent. | |||||||||||||||||||||||||||||||||||||||||||||||||
3.2. Sample data 2 (9 used channels)
Channel map [36:0] =0b11110_00000000_11100000_00000110_00000000.
The remapping table is [9, 10, 21, 22, 23, 33, 34, 35, 36].
The minimum channel distance d = 3.
Event Counter | 6 | 7 | 8 | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ACL or Periodic advertising event / CIS or BIS subevent 1 | prn_e | 10975 | 5490 | 46970 | |||||||||||||||||||||||||||||||||||||||||||||
unmappedChannel | 23 | 14 | 17 | ||||||||||||||||||||||||||||||||||||||||||||||
mappedChannel [1] | 23 | 9 | 34 | ||||||||||||||||||||||||||||||||||||||||||||||
Subevent 2 | remappingIndexOfLastUsedChannel | 4 | 0 | 6 | |||||||||||||||||||||||||||||||||||||||||||||
prnSubEvent_se | 14383 | 4108 | 7196 | ||||||||||||||||||||||||||||||||||||||||||||||
subEventIndex | 7 | 3 | 0 | ||||||||||||||||||||||||||||||||||||||||||||||
mappedSubEventChannel [1] | 35 | 22 | 9 | ||||||||||||||||||||||||||||||||||||||||||||||
Subevent 3 | prnSubEvent_se | 28946 | 45462 | 33054 | |||||||||||||||||||||||||||||||||||||||||||||
subEventIndex | 2 | 8 | 5 | ||||||||||||||||||||||||||||||||||||||||||||||
mappedSubEventChannel [1] | 21 | 36 | 33 | ||||||||||||||||||||||||||||||||||||||||||||||
Subevent 4 | prnSubEvent_se | 61038 | 64381 | 42590 | |||||||||||||||||||||||||||||||||||||||||||||
subEventIndex | 8 | 5 | 1 | ||||||||||||||||||||||||||||||||||||||||||||||
mappedSubEventChannel [1] | 36 | 33 | 10 | ||||||||||||||||||||||||||||||||||||||||||||||
[1] These values are the general purpose channel indices actually used for transmitting and receiving the relevant event or subevent. | |||||||||||||||||||||||||||||||||||||||||||||||||
4. Complete packets
Examples in this section assume use of the LE 1M PHY. For the LE 2M PHY, the packet will be identical except for the longer preamble and longer (in number of bits) Constant Tone Extension. For the LE Coded PHY, examples of converting from the form used on the uncoded PHYs to those used on the air are shown in Section 2.
Bit sequences are always in transmission order irrespective of spacing. Decimal and hexadecimal numbers are in their normal form.
4.1. Whitening sequences
The whitening sequence (see [Vol 6] Part B, Section 3.2) depends only on the physical channel index of the channel being used. The sequence repeats after 127 bits.
Channel First 64 bits of the whitening sequence 0 00000010 01001101 00111101 11000011 11111000 11101100 01010010 11111010 1 10010001 00000010 01001101 00111101 11000011 11111000 11101100 01010010 2 01001011 11101010 10000101 10111100 11100101 01100110 00001101 10101110 3 11011000 10100101 11110101 01000010 11011110 01110010 10110011 00000110 4 00100110 10011110 11100001 11111100 01110110 00101001 01111101 01010000 5 10110101 11010001 10010001 00000010 01001101 00111101 11000011 11111000 6 01101111 00111001 01011001 10000011 01101011 10100011 00100010 00000100 7 11111100 01110110 00101001 01111101 01010000 10110111 10011100 10101100 8 00010000 00100100 11010011 11011100 00111111 10001110 11000101 00101111 9 10000011 01101011 10100011 00100010 00000100 10011010 01111011 10000111 10 01011001 10000011 01101011 10100011 00100010 00000100 10011010 01111011 11 11001010 11001100 00011011 01011101 00011001 00010000 00100100 11010011 12 00110100 11110111 00001111 11100011 10110001 01001011 11101010 10000101 13 10100111 10111000 01111111 00011101 10001010 01011111 01010100 00101101 14 01111101 01010000 10110111 10011100 10101100 11000001 10110101 11010001 15 11101110 00011111 11000111 01100010 10010111 11010101 00001011 01111001 16 00001011 01111001 11001010 11001100 00011011 01011101 00011001 00010000 17 10011000 00110110 10111010 00110010 00100000 01001001 10100111 10111000 18 01000010 11011110 01110010 10110011 00000110 11010111 01000110 01000100 19 11010001 10010001 00000010 01001101 00111101 11000011 11111000 11101100 20 00101111 10101010 00010110 11110011 10010101 10011000 00110110 10111010 21 10111100 11100101 01100110 00001101 10101110 10001100 10001000 00010010 22 01100110 00001101 10101110 10001100 10001000 00010010 01101001 11101110 23 11110101 01000010 11011110 01110010 10110011 00000110 11010111 01000110 24 00011001 00010000 00100100 11010011 11011100 00111111 10001110 11000101 25 10001010 01011111 01010100 00101101 11100111 00101011 00110000 01101101 26 01010000 10110111 10011100 10101100 11000001 10110101 11010001 10010001 27 11000011 11111000 11101100 01010010 11111010 10100001 01101111 00111001 28 00111101 11000011 11111000 11101100 01010010 11111010 10100001 01101111 29 10101110 10001100 10001000 00010010 01101001 11101110 00011111 11000111 30 01110100 01100100 01000000 10010011 01001111 01110000 11111110 00111011 31 11100111 00101011 00110000 01101101 01110100 01100100 01000000 10010011 32 00000110 11010111 01000110 01000100 00001001 00110100 11110111 00001111 33 10010101 10011000 00110110 10111010 00110010 00100000 01001001 10100111 34 01001111 01110000 11111110 00111011 00010100 10111110 10101000 01011011 35 11011100 00111111 10001110 11000101 00101111 10101010 00010110 11110011 36 00100010 00000100 10011010 01111011 10000111 11110001 11011000 10100101 37 10110001 01001011 11101010 10000101 10111100 11100101 01100110 00001101 38 01101011 10100011 00100010 00000100 10011010 01111011 10000111 11110001 39 11111000 11101100 01010010 11111010 10100001 01101111 00111001 01011001
4.2. Advertising Physical channel PDUs
4.2.1. Legacy advertising PDUs
Example: ADV_NONCONN_IND PDU
PDU Type: 2
ChSel: RFU
TxAdd: 1 (random)
RxAdd: RFU
AdvA: 0xC1A2A3A4A5A6 (a static device address)
AdvData: (3 octets) 0x01 0x02 0x03
Channel index: 38
PDU header: 0100 0 0 1 0 10010000
PDU body: 01100101 10100101 00100101 11000101 01000101 10000011
10000000 01000000 11000000
CRC: 10110101 00101101 11010111
PDU and CRC before whitening:
01000010 10010000 01100101 10100101 00100101 11000101 01000101
10000011 10000000 01000000 11000000 10110101 00101101 11010111
PDU and CRC after whitening:
00101001 00110011 01000111 10100001 10111111 10111110 11000010
01110010 01011000 11100101 00110101 11110111 11110011 10100101
Complete packet:
01010101
01101011 01111101 10010001 01110001
00101001 00110011 01000111 10100001 10111111 10111110 11000010
01110010 01011000 11100101 00110101 11110111 11110011 10100101
4.2.2. Extended advertising PDUs
Example: connectable undirected AUX_ADV_IND PDU with AdvA, ADI, TxPower, and AdvData fields.
PDU Type: 7
ChSel: RFU
TxAdd: 0 (public)
RxAdd: RFU
AdvA: 0xA9AAABACADAE (a public device address)
Advertising DID: 0xABC
Advertising SID: 0xE
TxPower: 0xD6 (-42 dBm)
AdvData: (5 octets) 0x05 0x07 0x09 0x0B 0x0D
Channel index: 7
PDU header: 1110 0 0 0 0 00001000
Extended header length: 010100
AdvMode: 10
Extended header:
Flags: 1 0 0 1 0 0 1 0
AdvA: 01110101 10110101 00110101 11010101 01010101 10010101
ADI: 001111010101 0111
TxPower: 01101011
AdvData: 10100000 11100000 10010000 11010000 10110000
PDU: 11100000 00001000 01010010 10010010 01110101 10110101 00110101
11010101 01010101 10010101 00111101 01010111 01101011 10100000
11100000 10010000 11010000 10110000
CRC: 00011011 11000100 01110101
PDU and CRC after whitening:
00011100 01111110 01111011 11101111 00100101 00000010 10101001
01111001 10010100 00100000 11101100 11000110 01101001 11101101
11011101 01010011 00101000 01011100 01001001 00111110 11010100
Complete packet:
01010101
01101011 01111101 10010001 01110001
00011100 01111110 01111011 11101111 00100101 00000010 10101001
01111001 10010100 00100000 11101100 11000110 01101001 11101101
11011101 01010011 00101000 01011100 01001001 00111110 11010100
4.3. Data channel PDUs
Note
Note: The examples in this section are unencrypted. Examples of the encryption process can be seen in section 1.
4.3.1. LL data PDUs
Access address: 0xAA08192B
CRCInit: 0xC4C181
LLID: 2
NESN: 1
SN: 0
MD: 1
Payload: 0x01 0x02 0x03 0x04 0x05
No Constant Tone Extension
Channel index 16
PDU header: 01 1 0 1 0 00 10100000
PDU: 01101000 10100000 10000000 01000000 11000000 00100000 10100000
CRC: 10100010 00001011 01001011
PDU and CRC after whitening:
01100011 11011001 01001010 10001100 11011011 01111101 10111001
10110010 00101111 10011000
Complete packet:
10101010
11010100 10011000 00010000 01010101
01100011 11011001 01001010 10001100 11011011 01111101 10111001
10110010 00101111 10011000
4.3.2. LL control PDUs
Access address: 0xAA173C42
CRCInit: 0xCD3F6C
Type: LL_CHANNEL_MAP_IND
NESN: 0
SN: 1
MD: 1
Map: channels 2, 5, and 33 to 36 unused, all other channels used
Instant: 0x4321
AoD Constant Tone Extension, length 40 μs, 2 μs switching and sampling
Channel index 29
PDU header: 11 0 1 1 1 00 00010000 10100 0 01
PDU: 11011100 00010000 10100001 10000000 11011011 11111111 11111111
11111111 10000000 10000100 11000010
CRC: 10011100 01000111 00101001
PDU and CRC after whitening:
01110010 10011100 00101001 10010010 10110010 00010001 11100000
00111000 11100010 00010011 00010111 10010111 00111110 11100011
Complete packet:
01010101
01000010 00111100 11101000 01010101
01110010 10011100 00101001 10010010 10110010 00010001 11100000
00111000 11100010 00010011 00010111 10010111 00111110 11100011
11111111 11111111 11111111 11111111 11111111
5. Access Address generation for BISes
The Access Addresses for the various BISes in a BIG with the SeedAccessAddress 0x78E52493 are:
Num_BIS | Access Address |
|---|---|
1 | 0x85E32493 |
2 | 0x79D52493 |
3 | 0x86752493 |
4 | 0x7A572493 |
5 | 0x85F12493 |
6 | 0x79D32493 |
7 | 0x86732493 |
8 | 0x7B652493 |
9 | 0x85C72493 |
10 | 0x78E12493 |
11 | 0x86412493 |
12 | 0x7B632493 |
13 | 0x85D52493 |
14 | 0x78F72493 |
15 | 0x86572493 |
16 | 0x7B712493 |
17 | 0x85D32493 |
18 | 0x78C52493 |
19 | 0x87652493 |
20 | 0x7B472493 |
21 | 0x84E12493 |
22 | 0x78C32493 |
23 | 0x87632493 |
24 | 0x7B552493 |
25 | 0x84F72493 |
26 | 0x78D12493 |
27 | 0x87712493 |
28 | 0x7B532493 |
29 | 0x84C52493 |
30 | 0x79E72493 |
31 | 0x87472493 |
The Access Address of the BIG Control logical link is 0x7A412493.
6. Group Session Key derivation for BIG
In each data set in this section, the bytes are ordered from most significant on the left to least significant on the right.
Group Session Key Derivation Function h8
K ec0234a3 57c8ad05 341010a6 0a397d9b
S 1536d18d e3d20df9 9b7044c1 2f9ed5ba
keyID cc030148
IK fe77ab4e fa982991 c1486a3b 281fd4bc
h8 e5e5beba ae7228e7 22a38904 ed350f6d
Derivation of Group Session Key from Broadcast Code
Bluetooth Broadcast Code: "Børne House"
Broadcast Code 00000000 6573756f 4820656e 72b8c342
GSKD 55188b3d 32f6bb9a 900afcfb eed4e72a
"BIG1" 00000000 00000000 00000000 42494731
"BIG2" 42494732
"BIG3" 42494733
IGLTK 4c0dd74c 2b19aa95 d8982385 5f1001b8
GLTK c4cd4b83 49b5a18a 02de6620 9017aed3
GSK be2a16fc 7ac464e7 52301bcc c818812c