Initial commit of working packet logger (idevicebtlogger)
diff --git a/include/libimobiledevice/bt_packet_logger.h b/include/libimobiledevice/bt_packet_logger.h
new file mode 100644
index 0000000..697e879
--- /dev/null
+++ b/include/libimobiledevice/bt_packet_logger.h
@@ -0,0 +1,162 @@
+/**
+ * @file libimobiledevice/bt_packet_logger.h
+ * @brief Capture the Bluetooth HCI trace from a device
+ * \internal
+ *
+ * Copyright (c) 2021 Geoffrey Kruse, All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#ifndef IBT_PACKET_LOGGER_H
+#define IBT_PACKET_LOGGER_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <libimobiledevice/libimobiledevice.h>
+#include <libimobiledevice/lockdown.h>
+
+#define BT_PACKETLOGGER_SERVICE_NAME "com.apple.bluetooth.BTPacketLogger"
+
+/** Error Codes */
+typedef enum {
+	BT_PACKET_LOGGER_E_SUCCESS         =  0,
+	BT_PACKET_LOGGER_E_INVALID_ARG     = -1,
+	BT_PACKET_LOGGER_E_MUX_ERROR       = -2,
+	BT_PACKET_LOGGER_E_SSL_ERROR       = -3,
+	BT_PACKET_LOGGER_E_NOT_ENOUGH_DATA = -4,
+	BT_PACKET_LOGGER_E_TIMEOUT         = -5,
+	BT_PACKET_LOGGER_E_UNKNOWN_ERROR   = -256
+} bt_packet_logger_error_t;
+
+typedef struct bt_packet_logger_client_private bt_packet_logger_client_private;
+typedef bt_packet_logger_client_private *bt_packet_logger_client_t; /**< The client handle. */
+
+/** Receives each character received from the device. */
+typedef void (*bt_packet_logger_receive_cb_t)(uint8_t * data, uint16_t len, void *user_data);
+
+/* Interface */
+
+/**
+ * Connects to the bt_packet_logger service on the specified device.
+ *
+ * @param device The device to connect to.
+ * @param service The service descriptor returned by lockdownd_start_service.
+ * @param client Pointer that will point to a newly allocated
+ *     bt_packet_logger_client_t upon successful return. Must be freed using
+ *     bt_packet_logger_client_free() after use.
+ *
+ * @return BT_PACKET_LOGGER_E_SUCCESS on success, BT_PACKET_LOGGER_E_INVALID_ARG when
+ *     client is NULL, or an BT_PACKET_LOGGER_E_* error code otherwise.
+ */
+bt_packet_logger_error_t bt_packet_logger_client_new(idevice_t device, lockdownd_service_descriptor_t service, bt_packet_logger_client_t * client);
+
+/**
+ * Starts a new bt_packet_logger service on the specified device and connects to it.
+ *
+ * @param device The device to connect to.
+ * @param client Pointer that will point to a newly allocated
+ *     bt_packet_logger_client_t upon successful return. Must be freed using
+ *     bt_packet_logger_client_free() after use.
+ * @param label The label to use for communication. Usually the program name.
+ *  Pass NULL to disable sending the label in requests to lockdownd.
+ *
+ * @return BT_PACKET_LOGGER_E_SUCCESS on success, or an BT_PACKET_LOGGER_E_* error
+ *     code otherwise.
+ */
+bt_packet_logger_error_t bt_packet_logger_client_start_service(idevice_t device, bt_packet_logger_client_t * client, const char* label);
+
+/**
+ * Disconnects a bt_packet_logger client from the device and frees up the
+ * bt_packet_logger client data.
+ *
+ * @param client The bt_packet_logger client to disconnect and free.
+ *
+ * @return BT_PACKET_LOGGER_E_SUCCESS on success, BT_PACKET_LOGGER_E_INVALID_ARG when
+ *     client is NULL, or an BT_PACKET_LOGGER_E_* error code otherwise.
+ */
+bt_packet_logger_error_t bt_packet_logger_client_free(bt_packet_logger_client_t client);
+
+
+/**
+ * Starts capturing the syslog of the device using a callback.
+ *
+ * Use bt_packet_logger_stop_capture() to stop receiving the syslog.
+ *
+ * @param client The bt_packet_logger client to use
+ * @param callback Callback to receive each character from the syslog.
+ * @param user_data Custom pointer passed to the callback function.
+ *
+ * @return BT_PACKET_LOGGER_E_SUCCESS on success,
+ *      BT_PACKET_LOGGER_E_INVALID_ARG when one or more parameters are
+ *      invalid or BT_PACKET_LOGGER_E_UNKNOWN_ERROR when an unspecified
+ *      error occurs or a syslog capture has already been started.
+ */
+bt_packet_logger_error_t bt_packet_logger_start_capture(bt_packet_logger_client_t client, bt_packet_logger_receive_cb_t callback, void* user_data);
+
+/**
+ * Stops capturing the syslog of the device.
+ *
+ * Use bt_packet_logger_start_capture() to start receiving the syslog.
+ *
+ * @param client The bt_packet_logger client to use
+ *
+ * @return BT_PACKET_LOGGER_E_SUCCESS on success,
+ *      BT_PACKET_LOGGER_E_INVALID_ARG when one or more parameters are
+ *      invalid or BT_PACKET_LOGGER_E_UNKNOWN_ERROR when an unspecified
+ *      error occurs or a syslog capture has already been started.
+ */
+bt_packet_logger_error_t bt_packet_logger_stop_capture(bt_packet_logger_client_t client);
+
+/* Receiving */
+
+/**
+ * Receives data using the given bt_packet_logger client with specified timeout.
+ *
+ * @param client The bt_packet_logger client to use for receiving
+ * @param data Buffer that will be filled with the data received
+ * @param size Number of bytes to receive
+ * @param received Number of bytes received (can be NULL to ignore)
+ * @param timeout Maximum time in milliseconds to wait for data.
+ *
+ * @return BT_PACKET_LOGGER_E_SUCCESS on success,
+ *      BT_PACKET_LOGGER_E_INVALID_ARG when one or more parameters are
+ *      invalid, BT_PACKET_LOGGER_E_MUX_ERROR when a communication error
+ *      occurs, or BT_PACKET_LOGGER_E_UNKNOWN_ERROR when an unspecified
+ *      error occurs.
+ */
+bt_packet_logger_error_t bt_packet_logger_receive_with_timeout(bt_packet_logger_client_t client, char *data, uint32_t size, uint32_t *received, unsigned int timeout);
+
+/**
+ * Receives data from the service.
+ *
+ * @param client The bt_packet_logger client
+ * @param data Buffer that will be filled with the data received
+ * @param size Number of bytes to receive
+ * @param received Number of bytes received (can be NULL to ignore)
+ * @param timeout Maximum time in milliseconds to wait for data.
+ *
+ * @return BT_PACKET_LOGGER_E_SUCCESS on success,
+ *  BT_PACKET_LOGGER_E_INVALID_ARG when client or plist is NULL
+ */
+bt_packet_logger_error_t bt_packet_logger_receive(bt_packet_logger_client_t client, char *data, uint32_t size, uint32_t *received);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/Makefile.am b/src/Makefile.am
index 13221b9..1c80ed6 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -57,7 +57,8 @@
 	preboard.c preboard.h  \
 	companion_proxy.c companion_proxy.h \
 	reverse_proxy.c reverse_proxy.h \
-	syslog_relay.c syslog_relay.h
+	syslog_relay.c syslog_relay.h \
+	bt_packet_logger.c bt_packet_logger.h
 
 if WIN32
 libimobiledevice_1_0_la_LDFLAGS += -avoid-version -static-libgcc
diff --git a/src/bt_packet_logger.c b/src/bt_packet_logger.c
new file mode 100644
index 0000000..5391825
--- /dev/null
+++ b/src/bt_packet_logger.c
@@ -0,0 +1,235 @@
+/*
+ * bt_packet_logger.c
+ * com.apple.bt_packet_logger service implementation.
+ *
+ * Copyright (c) 2021 Geoffrey Kruse, All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <string.h>
+#include <stdlib.h>
+
+#include "bt_packet_logger.h"
+#include "lockdown.h"
+#include "common/debug.h"
+
+struct bt_packet_logger_worker_thread {
+	bt_packet_logger_client_t client;
+	bt_packet_logger_receive_cb_t cbfunc;
+	void *user_data;
+};
+
+/**
+ * Convert a service_error_t value to a bt_packet_logger_error_t value.
+ * Used internally to get correct error codes.
+ *
+ * @param err An service_error_t error code
+ *
+ * @return A matching bt_packet_logger_error_t error code,
+ *     BT_PACKET_LOGGER_E_UNKNOWN_ERROR otherwise.
+ */
+static bt_packet_logger_error_t bt_packet_logger_error(service_error_t err)
+{
+	switch (err) {
+		case SERVICE_E_SUCCESS:
+			return BT_PACKET_LOGGER_E_SUCCESS;
+		case SERVICE_E_INVALID_ARG:
+			return BT_PACKET_LOGGER_E_INVALID_ARG;
+		case SERVICE_E_MUX_ERROR:
+			return BT_PACKET_LOGGER_E_MUX_ERROR;
+		case SERVICE_E_SSL_ERROR:
+			return BT_PACKET_LOGGER_E_SSL_ERROR;
+		case SERVICE_E_NOT_ENOUGH_DATA:
+			return BT_PACKET_LOGGER_E_NOT_ENOUGH_DATA;
+		case SERVICE_E_TIMEOUT:
+			return BT_PACKET_LOGGER_E_TIMEOUT;
+		default:
+			break;
+	}
+	return BT_PACKET_LOGGER_E_UNKNOWN_ERROR;
+}
+
+LIBIMOBILEDEVICE_API bt_packet_logger_error_t bt_packet_logger_client_new(idevice_t device, lockdownd_service_descriptor_t service, bt_packet_logger_client_t * client)
+{
+	*client = NULL;
+
+	if (!device || !service || service->port == 0 || !client || *client) {
+		debug_info("Incorrect parameter passed to bt_packet_logger_client_new.");
+		return BT_PACKET_LOGGER_E_INVALID_ARG;
+	}
+
+	debug_info("Creating bt_packet_logger_client, port = %d.", service->port);
+
+	service_client_t parent = NULL;
+	bt_packet_logger_error_t ret = bt_packet_logger_error(service_client_new(device, service, &parent));
+	if (ret != BT_PACKET_LOGGER_E_SUCCESS) {
+		debug_info("Creating base service client failed. Error: %i", ret);
+		return ret;
+	}
+
+	bt_packet_logger_client_t client_loc = (bt_packet_logger_client_t) malloc(sizeof(struct bt_packet_logger_client_private));
+	client_loc->parent = parent;
+	client_loc->worker = THREAD_T_NULL;
+
+	*client = client_loc;
+
+	debug_info("bt_packet_logger_client successfully created.");
+	return 0;
+}
+
+LIBIMOBILEDEVICE_API bt_packet_logger_error_t bt_packet_logger_client_start_service(idevice_t device, bt_packet_logger_client_t * client, const char* label)
+{
+	bt_packet_logger_error_t err = BT_PACKET_LOGGER_E_UNKNOWN_ERROR;
+	service_client_factory_start_service(device, BT_PACKETLOGGER_SERVICE_NAME, (void**)client, label, SERVICE_CONSTRUCTOR(bt_packet_logger_client_new), &err);
+	return err;
+}
+
+LIBIMOBILEDEVICE_API bt_packet_logger_error_t bt_packet_logger_client_free(bt_packet_logger_client_t client)
+{
+	if (!client)
+		return BT_PACKET_LOGGER_E_INVALID_ARG;
+	bt_packet_logger_stop_capture(client);
+	bt_packet_logger_error_t err = bt_packet_logger_error(service_client_free(client->parent));
+	free(client);
+
+	return err;
+}
+
+LIBIMOBILEDEVICE_API bt_packet_logger_error_t bt_packet_logger_receive(bt_packet_logger_client_t client, char* data, uint32_t size, uint32_t *received)
+{
+	return bt_packet_logger_receive_with_timeout(client, data, size, received, 1000);
+}
+
+LIBIMOBILEDEVICE_API bt_packet_logger_error_t bt_packet_logger_receive_with_timeout(bt_packet_logger_client_t client, char* data, uint32_t size, uint32_t *received, unsigned int timeout)
+{
+	bt_packet_logger_error_t res = BT_PACKET_LOGGER_E_UNKNOWN_ERROR;
+	int bytes = 0;
+
+	if (!client || !data || (size == 0)) {
+		return BT_PACKET_LOGGER_E_INVALID_ARG;
+	}
+
+	res = bt_packet_logger_error(service_receive_with_timeout(client->parent, data, size, (uint32_t*)&bytes, timeout));
+	if (res != BT_PACKET_LOGGER_E_SUCCESS && res != BT_PACKET_LOGGER_E_TIMEOUT && res != BT_PACKET_LOGGER_E_NOT_ENOUGH_DATA) {
+		debug_info("Could not read data, error %d", res);
+	}
+	if (received) {
+		*received = (uint32_t)bytes;
+	}
+
+	return res;
+}
+
+void *bt_packet_logger_worker(void *arg)
+{
+	bt_packet_logger_error_t ret = BT_PACKET_LOGGER_E_UNKNOWN_ERROR;
+	struct bt_packet_logger_worker_thread *btwt = (struct bt_packet_logger_worker_thread*)arg;
+
+	if (!btwt)
+		return NULL;
+
+	debug_info("Running");
+
+	while (btwt->client->parent) {
+		uint32_t bytes = 0;
+		uint16_t len;
+
+		ret = bt_packet_logger_receive_with_timeout(btwt->client, &len, 2, &bytes, 100);
+
+		if (ret == BT_PACKET_LOGGER_E_TIMEOUT || ret == BT_PACKET_LOGGER_E_NOT_ENOUGH_DATA || ((bytes == 0) && (ret == BT_PACKET_LOGGER_E_SUCCESS))) {
+			continue;
+		} else if (ret < 0) {
+			debug_info("Connection to bt packet logger interrupted");
+			break;
+		}
+
+		// todo remove magic and move "c" off stack
+		if(bytes > 0 && len > 12) {
+			char c[65535];
+			debug_info("Reading %u bytes\n", len);
+			ret = bt_packet_logger_receive_with_timeout(btwt->client, c, len, &bytes, 500);
+
+			if(len != bytes) {
+				debug_info("Failed Read Expected %u, Received %u\n", len, bytes);
+				continue;
+			}
+
+			if (ret == BT_PACKET_LOGGER_E_TIMEOUT || ret == BT_PACKET_LOGGER_E_NOT_ENOUGH_DATA || ((bytes == 0) && (ret == BT_PACKET_LOGGER_E_SUCCESS))) {
+				continue;
+			} else if (ret < 0) {
+				debug_info("Connection to bt packet logger interrupted");
+				break;
+			}
+
+			btwt->cbfunc(c, len, btwt->user_data);
+		}
+	}
+
+	if (btwt) {
+		free(btwt);
+	}
+
+	debug_info("Exiting");
+
+	return NULL;
+}
+
+LIBIMOBILEDEVICE_API bt_packet_logger_error_t bt_packet_logger_start_capture(bt_packet_logger_client_t client, bt_packet_logger_receive_cb_t callback, void* user_data)
+{
+	if (!client || !callback)
+		return BT_PACKET_LOGGER_E_INVALID_ARG;
+
+	bt_packet_logger_error_t res = BT_PACKET_LOGGER_E_UNKNOWN_ERROR;
+
+	if (client->worker) {
+		debug_info("Another syslog capture thread appears to be running already.");
+		return res;
+	}
+
+	/* start worker thread */
+	struct bt_packet_logger_worker_thread *btwt = (struct bt_packet_logger_worker_thread*)malloc(sizeof(struct bt_packet_logger_worker_thread));
+	if (btwt) {
+		btwt->client = client;
+		btwt->cbfunc = callback;
+		btwt->user_data = user_data;
+
+		if (thread_new(&client->worker, bt_packet_logger_worker, btwt) == 0) {
+			res = BT_PACKET_LOGGER_E_SUCCESS;
+		}
+	}
+
+	return res;
+}
+
+
+LIBIMOBILEDEVICE_API bt_packet_logger_error_t bt_packet_logger_stop_capture(bt_packet_logger_client_t client)
+{
+	if (client->worker) {
+		/* notify thread to finish */
+		service_client_t parent = client->parent;
+		client->parent = NULL;
+		/* join thread to make it exit */
+		thread_join(client->worker);
+		thread_free(client->worker);
+		client->worker = THREAD_T_NULL;
+		client->parent = parent;
+	}
+
+	return BT_PACKET_LOGGER_E_SUCCESS;
+}
diff --git a/src/bt_packet_logger.h b/src/bt_packet_logger.h
new file mode 100644
index 0000000..1ad906d
--- /dev/null
+++ b/src/bt_packet_logger.h
@@ -0,0 +1,36 @@
+/*
+ * bt_packet_logger.h
+ * com.apple.bt_packet_logger service header file.
+ *
+ * Copyright (c) 2021 Geoffrey Kruse, All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#ifndef _SYSLOG_RELAY_H
+#define _SYSLOG_RELAY_H
+
+#include "libimobiledevice/bt_packet_logger.h"
+#include "service.h"
+#include "common/thread.h"
+
+struct bt_packet_logger_client_private {
+	service_client_t parent;
+	THREAD_T worker;
+};
+
+void *bt_packet_logger_worker(void *arg);
+
+#endif
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 4740330..d701bab 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -11,6 +11,7 @@
 	$(libplist_LIBS)
 
 bin_PROGRAMS = \
+	idevicebtlogger\
 	idevice_id \
 	ideviceinfo \
 	idevicename \
@@ -30,6 +31,11 @@
 	idevicecrashreport \
 	idevicesetlocation
 
+idevicebtlogger_SOURCES = idevicebtlogger.c
+iidevicebtlogger_CFLAGS = $(AM_CFLAGS)
+idevicebtlogger_LDFLAGS = $(top_builddir)/common/libinternalcommon.la $(AM_LDFLAGS) -lpcap
+idevicebtlogger_LDADD = $(top_builddir)/src/libimobiledevice-1.0.la
+
 ideviceinfo_SOURCES = ideviceinfo.c
 ideviceinfo_CFLAGS = $(AM_CFLAGS) $(limd_glue_CFLAGS)
 ideviceinfo_LDFLAGS = $(AM_LDFLAGS) $(limd_glue_LIBS)
diff --git a/tools/idevicebtlogger.c b/tools/idevicebtlogger.c
new file mode 100644
index 0000000..fc42290
--- /dev/null
+++ b/tools/idevicebtlogger.c
@@ -0,0 +1,360 @@
+/*
+ * idevicebt_packet_logger.c
+ * Capture bt HCI packet log to pcap
+ *
+ * Copyright (c) 2021 Geoffrey Kruse, All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#define TOOL_NAME "idevicebtlogger"
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <getopt.h>
+
+#ifdef WIN32
+#include <windows.h>
+#define sleep(x) Sleep(x*1000)
+#else
+#include <arpa/inet.h>
+#endif
+
+
+#include <libimobiledevice/libimobiledevice.h>
+#include <libimobiledevice/bt_packet_logger.h>
+#include <pcap.h>// todo windows???
+
+#define BT_MAX_PACKET_SIZE 65535
+
+static int quit_flag = 0;
+static int exit_on_disconnect = 0;
+
+static char* udid = NULL;
+static idevice_t device = NULL;
+static bt_packet_logger_client_t bt_packet_logger = NULL;
+static int use_network = 0;
+static char* out_filename = NULL;
+static pcap_dumper_t * dump;
+
+typedef struct {
+	uint32_t length;
+	uint32_t ts_secs;
+	uint32_t ts_usecs;
+} PacketHeaderType;
+
+typedef enum {
+	HCI_COMMAND = 0x00,
+	HCI_EVENT = 0x01,
+	SENT_ACL_DATA = 0x02,
+	RECV_ACL_DATA = 0x03
+} PacketLoggerPacketType;
+
+static void bt_packet_logger_callback(uint8_t * data, uint16_t len, void *user_data)
+{
+	PacketHeaderType * header = (PacketHeaderType *)data;
+	uint16_t offset = sizeof(PacketHeaderType);
+
+	struct pcap_pkthdr pcap_header;
+	pcap_header.caplen = ntohl(header->length);
+	pcap_header.len = len - sizeof(PacketHeaderType);
+	pcap_header.ts.tv_sec = ntohl(header->ts_secs);
+	pcap_header.ts.tv_usec = ntohl(header->ts_usecs);
+
+	// Sanity check incoming data and drop packet if its unreasonable.
+	if(pcap_header.len > BT_MAX_PACKET_SIZE || pcap_header.caplen > BT_MAX_PACKET_SIZE) {
+		fprintf(stderr, "WARNING: Packet length exceeded max size, corruption likely.\n ");
+		return;
+	}
+
+	uint8_t packet_type = data[offset];
+	uint8_t hci_h4_type = 0xff;
+
+	switch(packet_type) {
+		case HCI_EVENT:
+			hci_h4_type = 0x04;
+			break;
+
+		case HCI_COMMAND:
+			hci_h4_type = 0x01;
+			break;
+
+		case SENT_ACL_DATA:
+			hci_h4_type = 0x02;
+			break;
+
+		case RECV_ACL_DATA:
+			hci_h4_type = 0x02;
+			break;
+
+		default:
+			// unknown packet logger type, just pass it on
+			hci_h4_type = packet_type;
+			break;
+	}
+	if(hci_h4_type != 0xff) {
+		data[offset] = hci_h4_type;
+		pcap_dump((unsigned char*)dump, &pcap_header, &data[offset]);
+		pcap_dump_flush(dump);
+	}
+
+	// for(; offset < len; offset++) {
+	// 	if( (offset - sizeof(PacketHeaderType)) % 16 == 0) {
+	// 		printf("\n");
+	// 	}
+	// 	printf("0x%02x, ", 0xff&data[offset]);
+	// }
+	// printf("\n------------------------------------------------------------------------------------------------\n");
+}
+
+static void stop_logging(void)
+{
+	fflush(NULL);
+
+	if (bt_packet_logger) {
+		bt_packet_logger_client_free(bt_packet_logger);
+		bt_packet_logger = NULL;
+	}
+
+	if (device) {
+		idevice_free(device);
+		device = NULL;
+	}
+}
+
+static int start_logging(void)
+{
+	idevice_error_t ret = idevice_new_with_options(&device, udid, (use_network) ? IDEVICE_LOOKUP_NETWORK : IDEVICE_LOOKUP_USBMUX);
+	if (ret != IDEVICE_E_SUCCESS) {
+		fprintf(stderr, "Device with udid %s not found!?\n", udid);
+		return -1;
+	}
+
+	lockdownd_client_t lockdown = NULL;
+	lockdownd_error_t lerr = lockdownd_client_new_with_handshake(device, &lockdown, TOOL_NAME);
+	if (lerr != LOCKDOWN_E_SUCCESS) {
+		fprintf(stderr, "ERROR: Could not connect to lockdownd: %d\n", lerr);
+		idevice_free(device);
+		device = NULL;
+		return -1;
+	}
+
+	/* start bt_packet_logger service */
+	lockdownd_service_descriptor_t svc = NULL;
+	lerr = lockdownd_start_service(lockdown, BT_PACKETLOGGER_SERVICE_NAME, &svc);
+	if (lerr == LOCKDOWN_E_PASSWORD_PROTECTED) {
+		fprintf(stderr, "*** Device is passcode protected, enter passcode on the device to continue ***\n");
+		while (!quit_flag) {
+			lerr = lockdownd_start_service(lockdown, BT_PACKETLOGGER_SERVICE_NAME, &svc);
+			if (lerr != LOCKDOWN_E_PASSWORD_PROTECTED) {
+				break;
+			}
+			sleep(1);
+		}
+	}
+	if (lerr != LOCKDOWN_E_SUCCESS) {
+		fprintf(stderr, "ERROR: Could not connect to lockdownd: %d\n", lerr);
+		fprintf(stderr, "Please ensure the target device has a valid Bluetooth logging profile installed\n");
+		idevice_free(device);
+		device = NULL;
+		return -1;
+	}
+	lockdownd_client_free(lockdown);
+
+	/* connect to bt_packet_logger service */
+	bt_packet_logger_error_t serr = BT_PACKET_LOGGER_E_UNKNOWN_ERROR;
+	serr = bt_packet_logger_client_new(device, svc, &bt_packet_logger);
+	lockdownd_service_descriptor_free(svc);
+	if (serr != BT_PACKET_LOGGER_E_SUCCESS) {
+		fprintf(stderr, "ERROR: Could not start service %s.\n", BT_PACKETLOGGER_SERVICE_NAME);
+		fprintf(stderr, "Please ensure the target device has a valid Bluetooth logging profile installed\n");
+		idevice_free(device);
+		device = NULL;
+		return -1;
+	}
+
+	/* start capturing bt_packet_logger */
+	serr = bt_packet_logger_start_capture(bt_packet_logger, bt_packet_logger_callback, NULL);
+	if (serr != BT_PACKET_LOGGER_E_SUCCESS) {
+		fprintf(stderr, "ERROR: Unable to start capturing bt_packet_logger.\n");
+		bt_packet_logger_client_free(bt_packet_logger);
+		bt_packet_logger = NULL;
+		idevice_free(device);
+		device = NULL;
+		return -1;
+	}
+
+	fprintf(stdout, "[connected:%s]\n", udid);
+	fflush(stdout);
+
+	return 0;
+}
+
+static void device_event_cb(const idevice_event_t* event, void* userdata)
+{
+	if (use_network && event->conn_type != CONNECTION_NETWORK) {
+		return;
+	} else if (!use_network && event->conn_type != CONNECTION_USBMUXD) {
+		return;
+	}
+	if (event->event == IDEVICE_DEVICE_ADD) {
+		if (!bt_packet_logger) {
+			if (!udid) {
+				udid = strdup(event->udid);
+			}
+			if (strcmp(udid, event->udid) == 0) {
+				if (start_logging() != 0) {
+					fprintf(stderr, "Could not start logger for udid %s\n", udid);
+				}
+			}
+		}
+	} else if (event->event == IDEVICE_DEVICE_REMOVE) {
+		if (bt_packet_logger && (strcmp(udid, event->udid) == 0)) {
+			stop_logging();
+			fprintf(stdout, "[disconnected:%s]\n", udid);
+			if (exit_on_disconnect) {
+				quit_flag++;
+			}
+		}
+	}
+}
+
+/**
+ * signal handler function for cleaning up properly
+ */
+static void clean_exit(int sig)
+{
+	fprintf(stderr, "\nExiting...\n");
+	quit_flag++;
+}
+
+static void print_usage(int argc, char **argv, int is_error)
+{
+	char *name = NULL;
+	name = strrchr(argv[0], '/');
+	fprintf(is_error ? stderr : stdout, "Usage: %s [OPTIONS] <FILE>\n", (name ? name + 1: argv[0]));
+	fprintf(is_error ? stderr : stdout,
+		"\n" \
+		"Capture HCI packets from a connected device.\n" \
+		"\n" \
+		"OPTIONS:\n" \
+		"  -u, --udid UDID  target specific device by UDID\n" \
+		"  -n, --network    connect to network device\n" \
+		"  -x, --exit       exit when device disconnects\n" \
+		"  -h, --help       prints usage information\n" \
+		"  -d, --debug      enable communication debugging\n" \
+		"  -v, --version    prints version information\n" \
+		"\n" \
+		"Homepage:    <" PACKAGE_URL ">\n"
+		"Bug Reports: <" PACKAGE_BUGREPORT ">\n"
+	);
+}
+
+int main(int argc, char *argv[])
+{
+	int c = 0;
+	const struct option longopts[] = {
+		{ "debug", no_argument, NULL, 'd' },
+		{ "help", no_argument, NULL, 'h' },
+		{ "udid", required_argument, NULL, 'u' },
+		{ "network", no_argument, NULL, 'n' },
+		{ "exit", no_argument, NULL, 'x' },
+		{ "version", no_argument, NULL, 'v' },
+		{ NULL, 0, NULL, 0}
+	};
+
+	signal(SIGINT, clean_exit);
+	signal(SIGTERM, clean_exit);
+#ifndef WIN32
+	signal(SIGQUIT, clean_exit);
+	signal(SIGPIPE, SIG_IGN);
+#endif
+
+	while ((c = getopt_long(argc, argv, "dhu:nxv", longopts, NULL)) != -1) {
+		switch (c) {
+		case 'd':
+			idevice_set_debug_level(1);
+			break;
+		case 'u':
+			if (!*optarg) {
+				fprintf(stderr, "ERROR: UDID must not be empty!\n");
+				print_usage(argc, argv, 1);
+				return 2;
+			}
+			free(udid);
+			udid = strdup(optarg);
+			break;
+		case 'n':
+			use_network = 1;
+			break;
+		case 'x':
+			exit_on_disconnect = 1;
+			break;
+		case 'h':
+			print_usage(argc, argv, 0);
+			return 0;
+		case 'v':
+			printf("%s %s\n", TOOL_NAME, PACKAGE_VERSION);
+			return 0;
+		default:
+			print_usage(argc, argv, 1);
+			return 2;
+		}
+	}
+
+	if (optind < argc) {
+		out_filename = argv[optind];
+		printf("Output File: %s\n", out_filename);
+	}
+	else {
+		print_usage(argc, argv, 1);
+		return 2;
+	}
+
+	int num = 0;
+	idevice_info_t *devices = NULL;
+	idevice_get_device_list_extended(&devices, &num);
+	idevice_device_list_extended_free(devices);
+	if (num == 0) {
+		if (!udid) {
+			fprintf(stderr, "No device found. Plug in a device or pass UDID with -u to wait for device to be available.\n");
+			return -1;
+		} else {
+			fprintf(stderr, "Waiting for device with UDID %s to become available...\n", udid);
+		}
+	}
+
+	dump = pcap_dump_open(pcap_open_dead(187, BT_MAX_PACKET_SIZE), out_filename);
+	idevice_event_subscribe(device_event_cb, NULL);
+
+	while (!quit_flag) {
+		sleep(1);
+	}
+
+	idevice_event_unsubscribe();
+	stop_logging();
+
+	free(udid);
+
+	return 0;
+}