A guide to Bluetooth Low Energy hacking

Bluetooth is a wireless technology that enables devices to connect and exchange data over short distances. It has become ubiquitous in daily life, from smartphones and tablets to headphones and smart home systems. However, Bluetooth also introduces security vulnerabilities. To understand how Bluetooth works, one must comprehend the anatomy of radio waves, including amplitude, wavelength, frequency, and cycle. Bluetooth operates using frequency shift keying, where devices transmit binary data between each other by shifting frequencies. The transmission process involves generating a carrier wave, encoding 1s and 0s into different frequencies, assembling packets, and using channels to avoid collisions. There are two variants of Bluetooth: Classic (BR/EDR) for streaming audio and Low Energy (BLE) for more versatile applications. BLE uses a hierarchical structure called Generic Attribute Profile (GATT) to organize attribute data, which includes profiles, services, characteristics, and descriptors. The Bleak Python library provides a cross-platform API for interacting with GATT servers and can be used to discover devices, list services and characteristics, read and write values, and rescan.