As you’d expect, a Bluetooth device has a MAC address assigned to it, however the BD_ADDR (Bluetooth Device Address), at least in my experiments, doesn’t necessarily map to the MAC address you see in, for example, the Window Device Manager properties page for the Bluetooth device. I will update this document if I find my findings have changed.
The information listed below is taken from a few sources, some of which I’ve referenced at the end of the post, my knowledge on the subject is taken from those and my own experiments.
The BD_ADDR is a unique identifier using 48-bit address space. For example
The address denotes several pieces of information, as follows
The Non-significant Address Part is denoted by the first 16 bits, using our example this would be the 11:22 value. The NAP is used in Frequency Hopping Synchronization frames/packets.
The Upper Address Part is denoted by the next 8 bits, using our example this would be the 33 value. The UAP is used for seeding various Bluetooth specification algorithms.
The Organizationally Unique Identifier (the first 24 bits) is actually the combination of the NAP and UAP, hence in our example the NAP + UAP gives us the OU which is 11:22:33
With the knowledge on the make up of the BD_ADDR, we can see that by taking the OUI value, we should be able to fairly easily lookup the manufacturer of a device. For example using the OUI List.
The Lower Address Part is made up of the final 24-bits, hence in our example this would be the 44:55:66 and is allocated by the device vendor. The LAP identifies a Bluetooth device and is transmitted with each frame/packet as part of the packet header.
Bluetooth: Defining NAP + UAP + LAPBluetooth MAC Address Changer for Windows
BD_ADDR – how do you get one?
Discovering the Bluetooth UAP
Does each Bluetooth device has its own unique MAC Address? How can we access it in an app?