Nikon Bluetooth LE Reverse Engineering

Sat, Jul 12, 2025

An Unexpected Journey

I have reverse engineered a number of camera bluetooth protocols in the pursuit of making furble¹ a universal remote.

The typical workflow for an unsupported camera or feature is:

install the Android app
enable the HCI snoop log
use the app
analyse the HCI traffic capture with Wireshark²
reimplement the protocol

I assumed the typical workflow would apply to my Nikon camera and would take a week or so.

Canon GPS Reverse Engineering

Sat, Jul 5, 2025

Reverse Engineering Binary Formats

Attempting to decode an unknown format into known output is akin to solving a jigsaw puzzle. The initial state is an incoherent jumble, however, as you slowly simmer off the entropy, a much clearer image emerges.

The satisfaction derived from solving both types of puzzle is also comparable.

I recently collaborated with a fellow developer in decoding the Canon GPS format over Bluetooth Low Energy and decided to describe the process.