Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/kirwinrmk/bluetooth
Go Bluetooth is a cross-platform package for using Bluetooth Low Energy hardware from the Go programming language.
It works on typical operating systems such as Linux, macOS, and Windows.
It can also be used running "bare metal" on microcontrollers produced by Nordic Semiconductor or using the Bluetooth Host Controller Interface (HCI) by using TinyGo.
The Go Bluetooth package can be used to create both Bluetooth Low Energy Centrals as well as to create Bluetooth Low Energy Peripherals.
A typical Bluetooth Low Energy Central would be your laptop computer or mobile phone.
This example shows a central that scans for peripheral devices and then displays information about them as they are discovered:
package main
import (
"tinygo.org/x/bluetooth"
)
var adapter = bluetooth.DefaultAdapter
func main() {
// Enable BLE interface.
must("enable BLE stack", adapter.Enable())
// Start scanning.
println("scanning...")
err := adapter.Scan(func(adapter *bluetooth.Adapter, device bluetooth.ScanResult) {
println("found device:", device.Address.String(), device.RSSI, device.LocalName())
})
must("start scan", err)
}
func must(action string, err error) {
if err != nil {
panic("failed to " + action + ": " + err.Error())
}
}
A typical Bluetooth Low Energy Peripheral would be a temperature sensor or heart rate sensor.
This example shows a peripheral that advertises itself as being available for connection:
package main
import (
"time"
"tinygo.org/x/bluetooth"
)
var adapter = bluetooth.DefaultAdapter
func main() {
// Enable BLE interface.
must("enable BLE stack", adapter.Enable())
// Define the peripheral device info.
adv := adapter.DefaultAdvertisement()
must("config adv", adv.Configure(bluetooth.AdvertisementOptions{
LocalName: "Go Bluetooth",
}))
// Start advertising
must("start adv", adv.Start())
println("advertising...")
for {
// Sleep forever.
time.Sleep(time.Hour)
}
}
func must(action string, err error) {
if err != nil {
panic("failed to " + action + ": " + err.Error())
}
}
Linux | macOS | Windows | Nordic Semi | ESP32 (NINA-FW) | |
---|---|---|---|---|---|
API used | BlueZ | CoreBluetooth | WinRT | SoftDevice | HCI |
Scanning | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Connect to peripheral | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Write peripheral characteristics | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Receive notifications | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Advertisement | :heavy_check_mark: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: |
Local services | :heavy_check_mark: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: |
Local characteristics | :heavy_check_mark: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: |
Send notifications | :heavy_check_mark: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: |
Go Bluetooth support for Linux uses BlueZ via the D-Bus interface. This should work with most distros that support BlueZ such as Ubuntu, Debian, Fedora, and Arch Linux, among others.
Linux can be used both as a BLE Central or as a BLE Peripheral.
You need to have a fairly recent version of BlueZ, for example v5.48 is the latest released version for Ubuntu/Debian.
sudo apt update
sudo apt install bluez
Once you have done this, you can obtain the Go Bluetooth package using Git:
git clone https://github.com/tinygo-org/bluetooth.git
After you have followed the installation, you should be able to compile/run the "scanner" test program:
cd bluetooth
go run ./examples/scanner
Go Bluetooth support for macOS uses the CoreBluetooth libraries thanks to the https://github.com/tinygo-org/cbgo fork of the cbgo
package.
As a result, it should work with most versions of macOS, although it will require compiling using whatever specific version of XCode is required by your version of the operating system.
The macOS support only can only act as a BLE Central at this time, with some additional development work needed for full functionality.
In order to compile Go Bluetooth code targeting macOS, you must do so on macOS itself. In other words, we do not currently have cross compiler support. You must also have XCode tools installed:
xcode-select --install
Once you have done this, you can obtain the Go Bluetooth package using Git:
git clone https://github.com/tinygo-org/bluetooth.git
After you have followed the installation, you should be able to compile/run the "scanner" test program:
cd bluetooth
go run ./examples/scanner
There is a known issue with iTerm2 and the Bluetooth package. If you are getting a message like abort: trap
, try whitelisting iTerm2 manually through System Settings -> Privacy & Security -> Bluetooth.
Go Bluetooth support for Windows uses the WinRT Bluetooth interfaces by way of the https://github.com/saltosystems/winrt-go package.
The Windows support only can only act as a BLE Central at this time, with some additional development work needed for full functionality.
Only the Go compiler itself is needed to compile Go Bluetooth code targeting Windows.
You can obtain the Go Bluetooth package using Git:
git clone https://github.com/tinygo-org/bluetooth.git
After you have followed the installation, you should be able to compile/run the "scanner" test program:
cd bluetooth
go run .\examples\scanner
Go Bluetooth has bare metal support for several chips from Nordic Semiconductor that include a built-in Bluetooth Low Energy radio.
This support requires compiling your programs using TinyGo.
You must also use firmware provided by Nordic Semiconductor known as the "SoftDevice". The SoftDevice is a binary blob that implements the BLE stack. There are other (open source) BLE stacks, but the SoftDevices are pretty solid and have all the qualifications you might need. Other BLE stacks might be added in the future.
The Nordic Semiconductor SoftDevice can be used both as a BLE Central or as a BLE Peripheral, depending on which chip is being used. See the "Supported Chips" section below.
You must install TinyGo to be able to compile bare metal code using Go Bluetooth. Follow the instructions for your operating system at https://tinygo.org/getting-started/
Once you have installed TinyGo, you can install the Go Bluetooth package by running:
git clone https://github.com/tinygo-org/bluetooth.git
Check your desired target board for any additional installation requirements.
The line of "Bluefruit" boards created by Adafruit already have the SoftDevice firmware pre-loaded. This means you can use TinyGo and the Go Bluetooth package without any additional steps required. Supported Adafruit boards include:
After you have installed TinyGo and the Go Bluetooth package, you should be able to compile/run code for your device.
For example, this command can be used to compile and flash an Adafruit Circuit Playground Bluefruit board with the example we provide that turns it into a BLE server to control the built-in NeoPixel LEDs:
tinygo flash -target circuitplay-bluefruit ./examples/circuitplay
There are other boards with TinyGo support that also use the same UF2 bootloader with pre-loaded SoftDevice. They include:
The BBC micro:bit uses an nRF51 chip with a CMSIS-DAP interface.
You will need to install OpenOCD (http://openocd.org/) to flash the board.
First, flash the SoftDevice firmware by copying the .hex file to the device. For example (on Linux):
cd bluetooth
cp ./s110_nrf51_8.0.0/s110_nrf51_8.0.0_softdevice.hex /media/yourusername/MICROBIT/
Once you have copied the SoftDevice firmware to the BBC micro:bit, you can then flash your TinyGo program:
tinygo flash -target=microbit-s110v8 ./examples/heartrate
The BBC micro:bit v2 uses an nRF52833 chip with a CMSIS-DAP interface.
Support for the v2 will be available soon.
The following Nordic Semiconductor chips are currently supported:
To use a board that uses one of the above supported chips from Nordic Semiconductor, other then those already listed, you will probably need to install the SoftDevice firmware on the board yourself in order to use it with TinyGo and the Go Bluetooth package.
Flashing the SoftDevice can sometimes be tricky. If you have nrfjprog installed, you can erase the flash and flash the new BLE firmware using the following commands. Replace the path to the hex file with the correct SoftDevice, for example s132_nrf52_6.1.1/s132_nrf52_6.1.1_softdevice.hex
for S132 version 6.
nrfjprog -f nrf52 --eraseall
nrfjprog -f nrf52 --program path/to/softdevice.hex
After that, don't reset the board but instead flash a new program to it. For example, you can flash the Heart Rate Sensor example using tinygo
(modify the -target
flag as needed for your board):
tinygo flash -target=pca10040-s132v6 ./examples/heartrate
Flashing will normally reset the board.
Go Bluetooth has bare metal support for boards that include a separate ESP32 Bluetooth Low Energy radio co-processor. The ESP32 must be running the Arduino or Adafruit nina_fw
firmware.
Several boards created by Adafruit and Arduino already have the nina-fw
firmware pre-loaded. This means you can use TinyGo and the Go Bluetooth package without any additional steps required.
Currently supported boards include:
After you have installed TinyGo and the Go Bluetooth package, you should be able to compile/run code for your device.
For example, this command can be used to compile and flash an Arduino Nano RP2040 Connect board with the example we provide that turns it into a BLE peripheral to act like a heart rate monitor:
tinygo flash -target nano-rp2040 ./examples/heartrate
If you want more information about the nina-fw
firmware, or want to add support for other ESP32-equipped boards, please see https://github.com/arduino/nina-fw
The API is not stable! Because many features are not yet implemented and some platforms (e.g. Windows and macOS) are not yet fully supported, it's hard to say what a good API will be. Therefore, if you want stability you should pick a particular git commit and use that. Go modules can be useful for this purpose.
Some things that will probably change:
Scan
method, for example to filter on UUID.Enable
function, to request particular features (such as the number of peripheral connections supported).This package will probably remain unstable until the following has been implemented:
Your contributions are welcome!
Please take a look at our CONTRIBUTING.md document for details.
Q. Where can I get an introduction to Bluetooth Low Energy, GAP, GATT, etc.?
A. Please see this excellent article from our friends at Adafruit: https://learn.adafruit.com/introduction-to-bluetooth-low-energy
Q. What is a client and server in BLE?
A. Please see https://devzone.nordicsemi.com/f/nordic-q-a/71/what-is-a-client-and-server-in-ble
Q. Can a device be both a GATT client and GATT server?
A. Yes, but this is not currently supported by Go Bluetooth. Current support is either to act as a central in client mode, or as a peripheral in server mode.
This project is licensed under the BSD 3-clause license, see the LICENSE file for details.
The SoftDevices from Nordic are licensed under a different license, check the license file in the SoftDevice source directory.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.