GATT command service
Description
The GATT command service facilitates command transmission to the device via a Bluetooth connection, superseding the traditional MQTT method. This service operates without the necessity for a script and employs a variant of the BCE IOTM protocol. The Command service UUID is 00000100-0000-1000-8000-00805f9b34fb, and it encompasses two characteristics:
Command TX characteristic. UUID:
00000101-0000-1000-8000-00805f9b34fb.This characteristic is utilized for sending commands to the device.
It is write-only.
Command RX characteristic. UUID:
00000102-0000-1000-8000-00805f9b34fbThis characteristic serves as a command response after transmitting a command to the device, confirming whether it has been executed successfully.
It can be either read or subscribed to.
Prerequisites:
GATT-compatible device firmware. This functionality is enabled from the 01_132 main firmware version and 2.1.8 Bluetooth firmware version.
A compatible settings template with Bluetooth/GATT server properties must be utilized. The minimum required version is V8.
Command service security:
A HMACSHA256 access token is appended in front of the payload. It consists of the IMEI, message expiry time, and key that are hashed using the HMACSHA256 algorithm. The access token also serves as a device identifier as it encompasses the device IMEI.
A six-digit passkey is recommended. This enables Bluetooth communication to be encrypted and is essential for protection against MITM attacks.
GATT output control sequence
Command TX characteristic (00000101-0000-1000-8000-00805f9b34fb)
Command message structure
The command message consists of two fields:
HMACSHA256 - access token generated using:
IMEI - IMEI of the device receiving the command.
EXPIRY TIME - expiry time of the message - identical to that used in command message data (XG IOTM protocol).
KEY - Up to 32-character key string. It must be configured in device settings.
COMMAND MESSAGE DATA - The actual command message in XG IOTM protocol format. Refer to the BT IOTM output command generation section.
Example:
Command RX characteristic (00000102-0000-1000-8000-00805f9b34fb)
This characteristic is employed to receive the command response from the device. It features a straightforward protocol structure that includes output ID to identify which output command was requested, a unique ID to differentiate between commands with the same output ID, and the result.
Command response structure
Record type - Output command return record type (It will always be 04h).
Record length - The remaining length of the record.
System time - Time when the response was generated.
Output ID - Output command ID from the last received command message. It will be 0 if the message format is incorrect. Refer to the response code field for the exact reason.
Unique ID - Unique command ID from the last received command message. It will be 0 if the message format is incorrect. Refer to the response code field for the exact reason.
Response length - Length of the response code data. (It will always be 1).
Response code - Result of the last GATT command. Zero indicates success. For other return codes, refer to the table below:
Response code (hex) | Description |
|---|---|
00h | Output command successful. |
01h | Output command expired. |
02h | Unknown output command. |
03h | Invalid output data. |
04h | Repeated output command - two consecutive messages have the same unique ID. |
05h | Incorrect message length - the message is most likely missing the access token. |
06h | Access tokens do not match - IMEI, expiry time, command key, or a combination of all three is incorrect. |
07h | The GATT command module is not yet ready, or the last output command is still being processed. |
Successful command response example in little-endian hexadecimal format: