BLE not working for reading certain characteristics with low-level bluetooth module

[RaspberryPiDude314]

I'm having some problems using the low-level bluetooth module. I was able to advertise my device, discover services and peripherals and get their value handles, and read several characteristics from my iPhone (i.e. 0x2a29 Manufacturer Name String: "Apple Inc."). Manufacturer name, model name, appearance, and device name all read perfectly fine using BLE.gattc_read(), but for whatever reason local time information, current time, and battery level do not. All 3 are advertised by the phone and show up when discovering services/characteristics. However, when attempting to read them, nothing happens. The IRQ is not called for the characteristic values, but is called when it finishes (_IRQ_GATTC_READ_DONE ).
I'm completely stumped as to why these characteristics/services won't work when the others do. Let me know if I'm missing something big here. I'll also mention I had the exact same results on a Pi Pico W also running the latest Bluetooth build.

Setup:

• ESP-WROOM-32 dev board
• Latest stable generic build v1.21.0 (2023-10-05)
• Windows 10 with Thonny for programming
• iPhone 13 Pro as client

[jimmo]

What is the status returned with the _IRQ_GATTC_READ_DONE event?

[RaspberryPiDude314]

There's a few, they're read as integers though. Non-zero.
Trying it just now, I only get 257 for those three. Earlier I was getting 261, I believe. There have been a few others as well.
Is there a list of status codes somewhere? The docs just says "varies by implementation".

[jimmo]

On ESP32 it uses NimBLE. So 257 would be "invalid handle", and 261 would be "insufficient authentication" (i.e. pairing required). (I thought this might be the case, it would be privacy-very-bad if you could do unauthenticated read of those characteristics from any random phone because it would allow you to track people... I'm still kind of amazed how much they let you read from an iPhone at all... this is old news, see https://hexway.io/research/apple-bleee/ but still relevant).

Ref: https://github.com/apache/mynewt-nimble/blob/master/nimble/host/include/host/ble_att.h#L62 (NimBLE adds 0x100 to these values before returning them).

[RaspberryPiDude314]

Thank you, much appreciated. I'll go through the error codes for the rest of the numbers. I was reusing handles, and I presume they got recycled. Using the updated ones, I'm only getting 261. I find it odd that you can't do an authenticated read of these, though - the read flag is enabled, and the specifications for both the Current Time Service and Battery Service specify that those chars must be available without authentication. I haven't dived much into the pairing/bonding yet: is that all I would need in order to use these characteristics?

[jimmo]

I haven't dived much into the pairing/bonding yet: is that all I would need in order to use these characteristics?

I cannot confirm for sure, but yes that has worked in the past when dealing with that status code.

[RaspberryPiDude314]

Thanks for the help, I'll report back soon. The docs says it's not available for the ESP32 port of NIMBLE, but I'll give it a try anyways.

[RaspberryPiDude314]

To update: Pairing is successful with io=4,bond=true,mitm=false,le_secure=false. After pairing I can successfully access these values just fine. Unfortunately, none of the pairing related interrupts occur so there is no way to permanently bond the connection, which is what I think that message was referring to. This means the device must be paired every single connection time. I hope that gets fixed in an update at some point because otherwise I love this library.

[RaspberryPiDude314]

Just bumping this because I haven't heard back from my issue #12958 yet. Why isn't ESP32 able to receive these callbacks? Is it a simple as a line of code added in a configuration file or is there a deeper issue?