secdev · antoniovazquezblanco · Apr 8, 2025 · May 29, 2025 · May 29, 2025
diff --git a/scapy/contrib/ibeacon.py b/scapy/contrib/ibeacon.py
@@ -102,5 +102,5 @@ class IBeacon_Data(Packet):
 
 
 bind_layers(EIR_Manufacturer_Specific_Data, Apple_BLE_Frame,
-            company_id=APPLE_MFG)
+            company_identifier=APPLE_MFG)
 bind_layers(Apple_BLE_Submessage, IBeacon_Data, subtype=2)
diff --git a/scapy/data.py b/scapy/data.py
@@ -574,6 +574,14 @@ def _process_data(fdesc):
     return manufdb
 
 
+@scapy_data_cache("bluetoothids")
+def load_bluetoothids(filename=None):
+    # type: (Optional[str]) -> Dict[int, str]
+    """Load Bluetooth IDs into the cache"""
+    from scapy.libs.bluetoothids import DATA
+    return cast(Dict[int, str], DATA)
+
+
 def select_path(directories, filename):
     # type: (List[str], str) -> Optional[str]
     """Find filename among several directories"""
@@ -613,6 +621,8 @@ def select_path(directories, filename):
         )
     )
 
+BLUETOOTH_CORE_COMPANY_IDENTIFIERS = load_bluetoothids()
+
 
 #####################
 #  knowledge bases  #

diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py
@@ -21,7 +21,8 @@
 from scapy.data import (
     DLT_BLUETOOTH_HCI_H4,
     DLT_BLUETOOTH_HCI_H4_WITH_PHDR,
-    DLT_BLUETOOTH_LINUX_MONITOR
+    DLT_BLUETOOTH_LINUX_MONITOR,
+    BLUETOOTH_CORE_COMPANY_IDENTIFIERS
 )
 from scapy.packet import bind_layers, Packet
 from scapy.fields import (
@@ -266,6 +267,24 @@ class HCI_PHDR_Hdr(Packet):
     'extended_features',
 ]
 
+_bluetooth_core_specification_versions = {
+    0x00: '1.0b',
+    0x01: '1.1',
+    0x02: '1.2',
+    0x03: '2.0+EDR',
+    0x04: '2.1+EDR',
+    0x05: '3.0+HS',
+    0x06: '4.0',
+    0x07: '4.1',
+    0x08: '4.2',
+    0x09: '5.0',
+    0x0a: '5.1',
+    0x0b: '5.2',
+    0x0c: '5.3',
+    0x0d: '5.4',
+    0x0e: '6.0',
+}
+
 
 class HCI_Hdr(Packet):
     name = "HCI header"
@@ -1153,9 +1172,13 @@ class EIR_PeripheralConnectionIntervalRange(EIR_Element):
 
 class EIR_Manufacturer_Specific_Data(EIR_Element):
     name = "EIR Manufacturer Specific Data"
+    deprecated_fields = {
+        "company_id": ("company_identifier", "2.6.2"),
+    }
     fields_desc = [
         # https://www.bluetooth.com/specifications/assigned-numbers/company-identifiers
-        XLEShortField("company_id", None),
+        LEShortEnumField("company_identifier", None,
+                         BLUETOOTH_CORE_COMPANY_IDENTIFIERS),
     ]
 
     registered_magic_payloads = {}
@@ -2445,10 +2468,10 @@ class HCI_Cmd_Complete_Read_Local_Version_Information(Packet):
     """
     name = 'Read Local Version Information'
     fields_desc = [
-        ByteField('hci_version', 0),
+        ByteEnumField('hci_version', 0, _bluetooth_core_specification_versions),
         LEShortField('hci_subversion', 0),
-        ByteField('lmp_version', 0),
-        LEShortField('company_identifier', 0),
+        ByteEnumField('lmp_version', 0, _bluetooth_core_specification_versions),
+        LEShortEnumField('company_identifier', 0, BLUETOOTH_CORE_COMPANY_IDENTIFIERS),
         LEShortField('lmp_subversion', 0)]
 
 

diff --git a/scapy/libs/bluetoothids.py b/scapy/libs/bluetoothids.py
diff --git a/scapy/tools/generate_bluetooth.py b/scapy/tools/generate_bluetooth.py
@@ -0,0 +1,41 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# This file is part of Scapy
+# See https://scapy.net/ for more information
+# Copyright (C) Gabriel Potter <gabriel[]potter[]fr>
+
+"""
+Generate the bluetoothids.py file based on blueooth_sig's public listing
+"""
+
+import yaml
+import json
+import gzip
+import urllib.request
+
+from base64 import b85encode
+
+URL = "https://bitbucket.org/bluetooth-SIG/public/raw/main/assigned_numbers/company_identifiers/company_identifiers.yaml"  # noqa: E501
+
+with urllib.request.urlopen(URL) as stream:
+    DATA = yaml.safe_load(stream.read())
+
+COMPILED = {}
+
+for company in DATA["company_identifiers"]:
+    COMPILED[company["value"]] = company["name"]
+
+# Compress properly
+COMPILED = gzip.compress(json.dumps(COMPILED).encode())
+# Encode in Base85
+COMPILED = b85encode(COMPILED).decode()
+# Split
+COMPILED = "\n".join(COMPILED[i : i + 79] for i in range(0, len(COMPILED), 79)) + "\n"
+
+
+with open("../libs/bluetoothids.py", "r") as inp:
+    data = inp.read()
+
+with open("../libs/bluetoothids.py", "w") as out:
+    ini, sep, _ = data.partition("DATA = _d(\"\"\"")
+    COMPILED = ini + sep + "\n" + COMPILED + "\"\"\")\n"
+    print("Written: %s" % out.write(COMPILED))
diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts
@@ -532,7 +532,8 @@ scan_resp_raw_data = \
 scapy_packet = HCI_Hdr(scan_resp_raw_data)
 
 assert raw(scapy_packet[EIR_Manufacturer_Specific_Data].payload) == b'\x00_B31147D2461\xfc\x00\x03\x0c\x00\x00'
-assert scapy_packet[EIR_Manufacturer_Specific_Data].company_id == 0x154
+assert scapy_packet[EIR_Manufacturer_Specific_Data].company_identifier == 0x154
+assert scapy_packet[EIR_Manufacturer_Specific_Data].sprintf("%company_identifier%") == "Pebble Technology"
 
 = Parse EIR_Manufacturer_Specific_Data with magic
 
@@ -561,13 +562,13 @@ EIR_Manufacturer_Specific_Data.register_magic_payload(ScapyManufacturerPacket2)
 p = EIR_Hdr(b'\x0b\xff\xff\xffSCAPY!\xab\x12')
 
 p.show()
-assert p[EIR_Manufacturer_Specific_Data].company_id == 0xffff
+assert p[EIR_Manufacturer_Specific_Data].company_identifier == 0xffff
 assert p[ScapyManufacturerPacket].x == 0xab12
 
 p = EIR_Hdr(b'\x0b\xff\xff\xff!SCAPY\x12\x34')
 
 p.show()
-assert p[EIR_Manufacturer_Specific_Data].company_id == 0xffff
+assert p[EIR_Manufacturer_Specific_Data].company_identifier == 0xffff
 assert p[ScapyManufacturerPacket2].y == 0x1234
 
 # Test encode
@@ -702,7 +703,7 @@ b.show()
 assert b[HCI_Event_Hdr].len > 0
 assert b[EIR_CompleteLocalName].local_name == b"scapy"
 assert b[HCI_LE_Meta_Advertising_Report].addr == "a1:b2:c3:d4:e5:f6"
-assert b[EIR_Manufacturer_Specific_Data].company_id == 0xffff
+assert b[EIR_Manufacturer_Specific_Data].company_identifier == 0xffff
 assert raw(b[EIR_Manufacturer_Specific_Data].payload) == b"ypacs"
 assert b[EIR_TX_Power_Level].level == 10
 assert b[EIR_CompleteList128BitServiceUUIDs].svc_uuids[0] == UUID("01234567-89ab-cdef-1023-456789abcdfe")
@@ -739,7 +740,7 @@ a = HCI_Hdr()/HCI_Event_Hdr()/HCI_Event_LE_Meta()/HCI_LE_Meta_Extended_Advertisi
       rssi = -85,
       data=[
          EIR_Hdr()/EIR_Manufacturer_Specific_Data(
-            company_id = 0xffff,
+            company_identifier = 0xffff,
          ) / Raw(b"scapy\x00\x01\x02\x03\x04")
       ]
    ),
@@ -758,7 +759,7 @@ assert b[HCI_LE_Meta_Extended_Advertising_Report][0].data_length > 0
 assert b[EIR_CompleteList16BitServiceUUIDs].svc_uuids == [0xffff]
 assert b[EIR_ServiceData16BitUUID].svc_uuid == 0xffff
 assert raw(b[EIR_ServiceData16BitUUID].payload) == b"scapy\x00\x00\x00"
-assert b[EIR_Manufacturer_Specific_Data].company_id == 0xffff
+assert b[EIR_Manufacturer_Specific_Data].company_identifier == 0xffff
 assert raw(b[EIR_Manufacturer_Specific_Data].payload) == b"scapy\x00\x01\x02\x03\x04"
 
 

diff --git a/tox.ini b/tox.ini
@@ -96,7 +96,7 @@ changedir = {toxinidir}/doc/scapy
 deps = sphinx
        cryptography
 commands =
-  sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/voip.py ../../scapy/modules/krack/ ../../scapy/libs/winpcapy.py ../../scapy/libs/ethertypes.py ../../scapy/libs/m*.py ../../scapy/libs/structures.py ../../scapy/libs/test_pyx.py ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/scada/* ../../scapy/layers/msrpce/raw/ ../../scapy/layers/msrpce/all.py ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py
+  sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/voip.py ../../scapy/modules/krack/ ../../scapy/libs/winpcapy.py ../../scapy/libs/ethertypes.py ../../scapy/libs/bluetoothids.py ../../scapy/libs/m*.py ../../scapy/libs/structures.py ../../scapy/libs/test_pyx.py ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/scada/* ../../scapy/layers/msrpce/raw/ ../../scapy/layers/msrpce/all.py ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py
 
 
 [testenv:mypy]
@@ -136,7 +136,7 @@ description = "Check code for Grammar mistakes"
 skip_install = true
 deps = codespell
 # inet6, dhcp6 and the ipynb files contains french: ignore them
-commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*manuf.py,*tcpros.py,*.ipynb,*.svg,*.gif,*.obs,*.gz" scapy/ doc/ test/ .github/
+commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*manuf.py,*tcpros.py,*bluetoothids.py,*.ipynb,*.svg,*.gif,*.obs,*.gz" scapy/ doc/ test/ .github/
 
 
 [testenv:twine]