How to distinguish between random and public GAP addresses?

Ooch1 gravatar image

asked 2015-07-05 20:17:44 +0200

endnode gravatar image

updated 2016-03-04 10:27:49 +0200

Hello, I am writing an application in Qt that runs on the computer and interacts with a nRF51422 via BLE. Now I have noticed, that I have to tell the framework, which address type is used. When I try to connect to the nRF51 with Qt set to PublicAddress, I simply get a timeout.

I wanted to establish a connection to the nRF51 and scan for the services to determine if the device is the right one. But then I need to know what type of address I am dealing with.

Is there any algorithm to check if a BLE address is public or random? In the TI forums I read that the two MSBs differ for the three types of random addresses. But is there a similar code to distinguish a random address from a public address?

edit retag flag offensive close delete report spam

1 answer

Sort by ยป oldest newest most voted
endnode gravatar image

answered 2015-07-05 23:25:15 +0200

updated 2016-03-04 10:26:21 +0200

Hi Andi G.,

Luckily all that is explained in BT SIG specification. E.g. in v4.2 spec see Volume 6 (Low Energy) Part B (Link Layer) section 1.3 (Device Address) and Volume 3 (Host) Part C (GAP) section 10.8 (Random Device Address). If you want to stick with other spec version you will find similar chapter there.

If we want to be precise we should talk about Address (MAC) field on 3 layers of BT LE:

  • Link Layer (simple 48-bit field + 2 TxAdd/RxAdd fields in PDU header - see BT SIG specification v4.2 Volume 6 (Low Energy) Part B (Link Layer) section 2.3 (Advertising Channel PDU))
  • Security Manager (providing way how to resolve Private address to Publicly known within installation base)
  • Generic Access Profile (clarifying how each type is tight to device role)

To make it faster I leave here screenshot from official BT SIG BLE training slides, it should be evident what options are for 48-bit MAC address coding in BLE (note that BLE is using little endian so right-most bytes and bits are in fact most significant aka MSB;)

BT LE Link Layer:

image description

image description

BT LE Security Manager:

image description

BT LE Geneeric Access Profile:

image description

image description

You obviously also could find this kind of question already answered on this forum, e.g. here;).

Cheers Jan


Edit 06-July-2015

I've added few more slides and clarification about Address field role in Low Energy Link Layer, Security Manager and Generic Access profile.

edit flag offensive delete publish link more


Thanks for your reply. I already knew that the three types of random addresses are distinguishable with their two MSBs. The only way to recognize a public address is this 49th bit with the caption TxAdd/RxAdd. Is this right? But what is the name of this bit? With those keywords, I can not find anything interesting in the Bluetooth SIG document...

Andi G. ( 2015-07-06 22:21:13 +0200 )editconvert to answer


I've amended my answer above. You can also find description of these TxAdd/RxAdd flags in BT SIG specification v4.2 Volume 6 (Low Energy) Part B (Link Layer) section 2.3 (Advertising Channel PDU).

Please note few important details:

  • Address field has always 48 bits (6 Bytes) so if there are some flags on two most significant bits these are part of the Address while TxAdd/RxAdd bits are part of PDU header and does not make together 49-bit field (there are actually another data in between and also TxAdd and RxAdd are two fields;).
  • As this is happening in the end on LE LL and I assume you are using Nordic SoftDevice implementing BLE stack including this low layer then you should rather look into SD documentation and find the right API call to set the address correctly between your app and stack.

Cheers Jan

endnode ( 2015-07-06 23:53:17 +0200 )editconvert to answer

Wow! Hi endnode, where did you get these pictures about the packets?

Is it from a book? Can you give me a link??

-Regards, Mango922

Added : I really appreciate your help. Thanks a Million!!!

MANGO ( 2015-07-07 04:09:06 +0200 )editconvert to answer

Hi Mango922, I recommend this original presentation by BT SIG from 2010 during official introduction of LE as part of BT 4.0 (member login required but registration is for free).

endnode ( 2015-07-07 09:32:14 +0200 )editconvert to answer

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer. Do not ask a new question or reply to an answer here.

[hide preview]

Question Tools



Asked: 2015-07-05 20:17:44 +0200

Seen: 5,952 times

Last updated: Mar 04 '16