The goal of this dissector is to dissect the Nexxtender specific BLE GATT messages that are exchanged between the Nexxtmove app and the Nexxtender chargers, according to Nexxtender Charger Information. It was developed based on the Gaai app project.
For more information see Analyzing Bluetooth Low Energy Traffic.
Choosing a short distinctive name for a project is always difficult. A bird name was chosen. Fuut is Dutch for the Great crested grebe.
- Only requires Wireshark
- No build required
- Parses all Nexxtender specific BLE GATT messages
Make sure that Wireshark is already installed.
Copy the fuut.lua file to one of Wireshark's lua script directories.
In Wireshark, open Help->About->Folders.
Any of the directories that includes Lua scripts in the Typical files directory will do.
I use the Personal Lua Plugins directory that expands to
C:\Users\Frank\AppData\Roaming\Wireshark\plugins on my PC.
It is also recommended to configure The BLE names and characteristics as explained in Wireshark: add Nexxtender Home BLE UUIDs.
The fuut.lua dissector parses all Wireshark BT ATT messages that are linked to the Nexxtender charger
and adds the parsed result to the Wireshark Packet Details view.
The following messages are parsed by fuut.lua:
| Protocol | Service | Characteristic | Type |
|---|---|---|---|
| NEXXTENDER_CBD | Charging | Charging Basic Data | NA |
| NEXXTENDER_CGD | Charging | Charging Grid Data | NA |
| NEXXTENDER_CCD | Charging | Charging Car Data | NA |
| NEXXTENDER_CAD | Charging | Charging Advanced Data | NA |
| NEXXTENDER_GC | Generic | Command | NA |
| NEXXTENDER_GCL | Generic | Command | Loader |
| NEXXTENDER_GCE | Generic | Command | Event |
| NEXXTENDER_GCM | Generic | Command | Metric |
| NEXXTENDER_GCB | Generic | Command | Badge |
| NEXXTENDER_GCT | Generic | Command | Time |
| NEXXTENDER_GCC | Generic | Command | Config |
| NEXXTENDER_GS | Generic | Status | NA |
| NEXXTENDER_GSL | Generic | Status | Loader |
| NEXXTENDER_GSE | Generic | Status | Event |
| NEXXTENDER_GSM | Generic | Status | Metric |
| NEXXTENDER_GSB | Generic | Status | Badge |
| NEXXTENDER_GST | Generic | Status | Time |
| NEXXTENDER_GSC | Generic | Status | Config |
| NEXXTENDER_GD | Generic | Data | NA |
| NEXXTENDER_GDL | Generic | Data | Loader |
| NEXXTENDER_GDE | Generic | Data | Event |
| NEXXTENDER_GDM | Generic | Data | Metric |
| NEXXTENDER_GDB | Generic | Data | Badge |
| NEXXTENDER_GDT | Generic | Data | Time |
| NEXXTENDER_GDC1_0 | Generic | Data | Config |
| NEXXTENDER_GDC1_1 | Generic | Data | Config |
| NEXXTENDER_GDCCBOR | Generic | Data | Config |
| NEXXTENDER_CDRC | CDR | Command | NA |
| NEXXTENDER_CDRS | CDR | Status | NA |
| NEXXTENDER_CDRR | CDR | Record | NA |
| NEXXTENDER_CCDTC | CCDT | Command | NA |
| NEXXTENDER_CCDTS | CCDT | Status | NA |
| NEXXTENDER_CCDTR | CCDT | Record | NA |
| NEXXTENDER_FWC | Firmware | Command | NA |
| NEXXTENDER_FWS | Firmware | Status | NA |
| NEXXTENDER_FWWC | Firmware | Wanted Chunk | NA |
| NEXXTENDER_FWDC | Firmware | Data Chunk | NA |
The Nexxtender Mobile chargers use the Services as indicated in this table. But the Nexxtender Home charger sends all these characteristics under the Generic (C1) service!
The type of message is shown in the Protocol column of the Wireshark Packet List view.
The values parsed by the fuut.lua dissector are shown in the Wireshark Packet Details view,
under the node Bluetooth Attribute Protocol,
under the sub node that starts with Nexxtender.
For messages with a CRC, the CRC is verified and flagged as an error when wrong; the CRC line will show red and a message is attached stating that the CRC is wrong, including the correct CRC.
Only the GATT message direction that carries a GATT characteristic content is shown as being part of the NEXXTENDER_ protocol. The other direction is still shown as part of the ATT protocol. The following diagram shows an example for the Charging Advanced Data characteristic:
Packet 1526 is the ATT read request for the Charging Advanced Data characteristic. Packet 1528 is the NEXXTENDER.CAD read response with the parsed Charging Advanced Data in the packet detail window.
For more information on the Nexxtender BLE protocol, see
Nexxtender Charger Information, Frank HJ Cuypers.
The fuut.lua dissector uses the names and values from that document.
Wireshark display filters can be used to only show specific packets. Some examples:
_ws.col.protocol contains "NEXXTENDER_": only shows the NEXXTENDER_* protocol messagesbtatt.handle == 0x0022: only shows ATT protocol messages for handle 0x22 (GENERIC/CDT: CCDT_COMMAND)btatt.uuid128 == fd:47:41:6a:95:fb:42:06:88:b5:b4:a8:04:5f:75:c6: only shows ATT protocol messages for the specific UUID (GENERIC/CDT: CCDT_COMMAND)nexxtender.ccdtr: only shows Nexxtender CCDT_RECORD messages.nexxtender.ccdtr.l1 > 10: only shows Nexxtender CCDT_RECORD messages with l1 > 10.
All field filter names that can be used in Wireshark are available in the Wireshark menu item option Analyze->Display Filter Expressions. Those relevant in the Nexxtender protocol stack are listed in the following table.
| Protocol name | Protocol description | Field filter names |
|---|---|---|
| Bluetooth | Bluetooth | bluetooth.* |
| HCI_H4 | Bluetooth HCI H4 | hci_h4.* |
| HCI_ACL | Bluetooth HCI ACL Packet | bthci_acl.* |
| BT L2CAP | Bluetooth L2CAP Protocol | btl2cap.* |
| BT ATT | Bluetooth Attribute Protocol | btatt.* |
| NEXXTENDER_* | Nexttender * | nexxtender.*.* |
The NEXXTENDER_* level consists of the following "sub" protocols. For each Nexxtender BLE characteristic, a new Wireshark protocol was defined.
| Protocol name | Protocol description | Field filter names |
|---|---|---|
| NEXXTENDER_CBD | Nexxtender Charging Basic Data | nexxtender.cbd.* |
| NEXXTENDER_CGD | Nexxtender Charging Grid Data | nexxtender.cgd.* |
| NEXXTENDER_CCD | Nexxtender Charging Car Data | nexxtender.ccd.* |
| NEXXTENDER_CAD | Nexxtender Charging Advanced Data | nexxtender.cad.* |
| NEXXTENDER_GC | Nexxtender Generic Command | NA |
| NEXXTENDER_GCL | Nexxtender Generic Command [Loader] | nexxtender.gcl.* |
| NEXXTENDER_GCE | Nexxtender Generic Command [Event] | nexxtender.gce.* |
| NEXXTENDER GCM | Nexxtender Generic Command [Metrics] | nexxtender.gcm.* |
| NEXXTENDER_GCB | Nexxtender Generic Command [Badge] | nexxtender.gcb.* |
| NEXXTENDER_GCT | Nexxtender Generic Command [Time] | nexxtender.gct.* |
| NEXXTENDER_GCC | Nexxtender Generic Command [Config] | nexxtender.gcc.* |
| NEXXTENDER_GS | Nexxtender Generic Status | nexxtender.NA |
| NEXXTENDER_GSL | Nexxtender Generic Status [Loader] | nexxtender.gsl.* |
| NEXXTENDER_GSE | Nexxtender Generic Status [Event] | nexxtender.gse.* |
| NEXXTENDER_GSM | Nexxtender Generic Status [Metrics] | nexxtender.gsm.* |
| NEXXTENDER_GSB | Nexxtender Generic Status [Badge] | nexxtender.gsb.* |
| NEXXTENDER_GST | Nexxtender Generic Status [Time] | nexxtender.gst.* |
| NEXXTENDER_GSC | Nexxtender Generic Status [Config] | nexxtender.gsc.* |
| NEXXTENDER_GD | Nexxtender Generic Data | NA |
| NEXXTENDER_GDL | Nexxtender Generic Data [Loader] | nexxtender.gdl.* |
| NEXXTENDER_GDE | Nexxtender Generic Data [Event] | nexxtender.gde.* |
| NEXXTENDER_GDM | Nexxtender Generic Data [Metrics] | nexxtender.gdm.* |
| NEXXTENDER_GDB | Nexxtender Generic Data [Badge] | nexxtender.gdb.* |
| NEXXTENDER_GDT | Nexxtender Generic Data [Time] | nexxtender.gdt.* |
| NEXXTENDER_GDC | Nexxtender Generic Data [Config] | NA |
| NEXXTENDER_GDC1_0 | Nexxtender Generic Data [Config 1.0] | nexxtender.gdc1_0.* |
| NEXXTENDER_GDC1_1 | Nexxtender Generic Data [Config 1.1] | nexxtender.gdc1.1.* |
| NEXXTENDER_GDCCBOR | Nexxtender Generic Data [Config CBOR] | nexxtender.gdcCBOR.* |
| NEXXTENDER_CDRC | Nexxtender CDR Command | nexxtender.cdrc.* |
| NEXXTENDER_CDRS | Nexxtender CDR Status | nexxtender.cdrs.* |
| NEXXTENDER_CDRR | Nexxtender CDR Record | nexxtender.cdrr.* |
| NEXXTENDER_CCDTC | Nexxtender CCDT Command | nexxtender.ccdtc.* |
| NEXXTENDER_CCDTS | Nexxtender CCDT Status | nexxtender.ccdts.* |
| NEXXTENDER_CCDTR | Nexxtender CCDT Record | nexxtender.ccdtr.* |
| NEXXTENDER_FWC | Nexxtender Firmware Command | nexxtender.fwc.* |
| NEXXTENDER_FWS | Nexxtender Firmware Status | nexxtender.fws.* |
| NEXXTENDER_FWWC | Nexxtender Firmware Wanted Chunck | nexxtender.fwwc.* |
| NEXXTENDER_FWDC | Nexxtender Firmware Data Chunck | nexxtender.fwdc.* |
The Protocol name is used as display value in the Protocol column of the Wireshark packet list pane
(_ws.col.protocol).
When filtering on this column, the protocol name must be in upper case, like in
_ws.col.protocol contains "NEXXTENDER_.
When filtering on the real protocol name of fields (so not via _ws.col),
the protocol name and fields must be in lower case, like in nexxtender.ccdtr.
fuut.lua extends the Wireshark btgatt dissector
packet-btatt.c.
It adds dissectors to the bluetooth.uid table defined in proto_reg_handoff_btgatt().
Useful information can be found at
- Nexxtender Charger Information, Frank HJ Cuypers
- Analyzing Bluetooth Low Energy Traffic
- Wireshark
- Creating a Wireshark dissector in Lua
- Gaai app project
- Gaai app github
This project is licensed under the GNU AGPLv3 License. See the LICENSE file for details.