This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to distinguish between random and public GAP addresses?

Hello, I am writing an application in Qt that runs on the computer and interacts with a nRF51422 via BLE. Now I have noticed, that I have to tell the framework, which address type is used. When I try to connect to the nRF51 with Qt set to PublicAddress, I simply get a timeout.

I wanted to establish a connection to the nRF51 and scan for the services to determine if the device is the right one. But then I need to know what type of address I am dealing with.

Is there any algorithm to check if a BLE address is public or random? In the TI forums I read that the two MSBs differ for the three types of random addresses. But is there a similar code to distinguish a random address from a public address?

  • Hi Andi G.,

    Luckily all that is explained in BT SIG specification. E.g. in v4.2 spec see Volume 6 (Low Energy) Part B (Link Layer) section 1.3 (Device Address) and Volume 3 (Host) Part C (GAP) section 10.8 (Random Device Address). If you want to stick with other spec version you will find similar chapter there.

    If we want to be precise we should talk about Address (MAC) field on 3 layers of BT LE:

    • Link Layer (simple 48-bit field + 2 TxAdd/RxAdd fields in PDU header - see BT SIG specification v4.2 Volume 6 (Low Energy) Part B (Link Layer) section 2.3 (Advertising Channel PDU))
    • Security Manager (providing way how to resolve Private address to Publicly known within installation base)
    • Generic Access Profile (clarifying how each type is tight to device role)

    To make it faster I leave here screenshot from official BT SIG BLE training slides, it should be evident what options are for 48-bit MAC address coding in BLE (note that BLE is using little endian so right-most bytes and bits are in fact most significant aka MSB;)

    BT LE Link Layer:

    image description

    image description

    BT LE Security Manager:

    image description

    BT LE Geneeric Access Profile:

    image description

    image description

    You obviously also could find this kind of question already answered on this forum, e.g. here;).

    Cheers Jan


    Edit 06-July-2015

    I've added few more slides and clarification about Address field role in Low Energy Link Layer, Security Manager and Generic Access profile.

  • Thanks for your reply. I already knew that the three types of random addresses are distinguishable with their two MSBs. The only way to recognize a public address is this 49th bit with the caption TxAdd/RxAdd. Is this right? But what is the name of this bit? With those keywords, I can not find anything interesting in the Bluetooth SIG document...

  • Hi,

    I've amended my answer above. You can also find description of these TxAdd/RxAdd flags in BT SIG specification v4.2 Volume 6 (Low Energy) Part B (Link Layer) section 2.3 (Advertising Channel PDU).

    Please note few important details:

    • Address field has always 48 bits (6 Bytes) so if there are some flags on two most significant bits these are part of the Address while TxAdd/RxAdd bits are part of PDU header and does not make together 49-bit field (there are actually another data in between and also TxAdd and RxAdd are two fields;).
    • As this is happening in the end on LE LL and I assume you are using Nordic SoftDevice implementing BLE stack including this low layer then you should rather look into SD documentation and find the right API call to set the address correctly between your app and stack.

    Cheers Jan

  • Wow! Hi endnode, where did you get these pictures about the packets?

    Is it from a book? Can you give me a link??


    Added : I really appreciate your help. Thanks a Million!!!