What is Pebble talking about?

The Pebble smartwatch is one of the most popular smartwatches. Sofar 1 million smartwatches  have been sold, which made the Pebble the second best selling smartwatch of 2014 according to the Smartwatch Group. Probably due to the relative low price point of the Pebble, and their tech oriented user/developer community,  the company seems to stay a bit under the rader in terms of market share. At this moment Pebble has started a new chapter in their story with a new kickstarter campaign for the Pebble Time, a smartwatch with a color display. With their second Kickstarter campaign they recaptured the position as most funded project with more than $18 million dollars in pledges.

Due to the availability of SDK’s, a large developer community, onlin development environments, lots of samples, the Pebble smartwatch is a very developer friendly smartwatch. But it’s always interesting to explore the possibilities and inner workings of the Pebble even further.  For example, the wireless communication between Pebble and your telephone. How does it work?

When a Pebble is coupled to a smartphone, they communicate via an emulated serial port (RFCOMM) where both the watch and phone exchange binary encoded messages with each other. The innner workings of this protocol was disclosed by Hexxeh (Liam McLoughlin) with his release of the LibPebble library, a Pebble communication library written in Python. While most of the data communication between Pebble and Smartphone is known, the communication pattern i.e. ‘when to say what’ is not completely clear.

Messages sent from phone or Pebble have a variable length and make use of the same encoding. All messages start with a four byte header that specify length and endpoint. The first two bytes contain the length (unsigned integer) of the encapsulated message. The total message length is thus, this length specified in the header plus, the four bytes of the header itself. The last two bytes of the header contain the endpoint (unsigned int) of the communication, and specify the communication type of the encapsulated message. Examples of endpoints are: application messages, logs, and time. And each endpoint makes use of its own message structure.

 

Pebble message structure
Pebble message structure

 

While LibPebble is great, it seems that it does not implement the complete Pebble bluetooth protocol. For instance DATA_LOG type messages (endpoint 6778) are not described. And that is where Android developer mode, and Wireshark come to the rescue. With an android phone, all bluetooth traffic can be captured in a logfile. This logfile can be loaded by the Wireshark network sniffer and protocol analyser. And on top of that we can add a custom dissector for the Pebble protocol so that we can closely follow what the Pebble is talking about!

In order to get it all working, you need to have an Android smartphone with developer mode enabled. If you don’t know how to do that, It is probably better to stop reading this post, and find your luck elsewhere.  The Developer options contain an option to enable logging of all bluetooth traffic. When this option is checked, a file (located at: /sdcard/btsnoop_hci.log) is created that traces all bluetooth traffic.

enabling bluetooth logging on Android

When you think you have traced enough, transfer the btsnoop_hci.log file to your PC and open the file in Wireshark.

The only thing we need to do is create a dissector for Pebblish, the protocol spoken by the Pebble, and make this dissector available for Wireshark. For this purpose I wrote a minimalistic dissector in Lua that extracts the length, endpoint of each message, and the start of application messages.  The code for this dissector is available on Github

I’m not going to explain how to add the dissector to Wireshark. There are more than enough good tutorials available on the web that explain how to do this (for example here).

When the  dissector is enabled and the btsnoop_hci.log is loaded in Wireshark, use ‘pebble’ (without quotes) as the filter expression to show only the messages sent/received by the Pebble smartwatch. The result is shown below in the screenshot that displays the conversation between Pebble and smartphone.

Wireshark showing a Pebble conversation

Although the dissector is far from complete, it already gives a lot of insight in the conversation between the Pebble and Smartphone.

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *