diff --git a/Makefile.tools b/Makefile.tools
index c7bdff8..0f0331b 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -48,7 +48,7 @@ monitor_btmon_SOURCES = monitor/main.c monitor/bt.h \
 				monitor/broadcom.h monitor/broadcom.c \
 				monitor/msft.h monitor/msft.c \
 				monitor/jlink.h monitor/jlink.c \
-				monitor/tty.h
+				monitor/tty.h monitor/emulator.h
 monitor_btmon_LDADD = lib/libbluetooth-internal.la \
 				src/libshared-mainloop.la $(UDEV_LIBS) -ldl
 
diff --git a/emulator/btdev.c b/emulator/btdev.c
index 41410dd..002ebf3 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -34,6 +34,7 @@
 #include "src/shared/queue.h"
 #include "monitor/bt.h"
 #include "monitor/msft.h"
+#include "monitor/emulator.h"
 #include "btdev.h"
 
 #define AL_SIZE			16
@@ -142,6 +143,8 @@ struct btdev {
 	const struct btdev_cmd *cmds;
 	uint16_t msft_opcode;
 	const struct btdev_cmd *msft_cmds;
+	uint16_t emu_opcode;
+	const struct btdev_cmd *emu_cmds;
 	bool aosp_capable;
 
 	uint16_t default_link_policy;
@@ -6586,12 +6589,11 @@ static const struct btdev_cmd *run_cmd(struct btdev *btdev,
 	return NULL;
 }
 
-static const struct btdev_cmd *msft_cmd(struct btdev *btdev, const void *data,
-								uint8_t len)
+static const struct btdev_cmd *vnd_cmd(struct btdev *btdev, uint8_t op,
+					const struct btdev_cmd *cmd,
+					const void *data, uint8_t len)
 {
-	const struct btdev_cmd *cmd;
-
-	for (cmd = btdev->msft_cmds; cmd->func; cmd++) {
+	for (; cmd && cmd->func; cmd++) {
 		if (cmd->opcode != ((uint8_t *)data)[0])
 			continue;
 
@@ -6599,10 +6601,10 @@ static const struct btdev_cmd *msft_cmd(struct btdev *btdev, const void *data,
 	}
 
 	util_debug(btdev->debug_callback, btdev->debug_data,
-			"Unsupported MSFT subcommand 0x%2.2x\n",
+			"Unsupported Vendor subcommand 0x%2.2x\n",
 			((uint8_t *)data)[0]);
 
-	cmd_status(btdev, BT_HCI_ERR_UNKNOWN_COMMAND, btdev->msft_opcode);
+	cmd_status(btdev, BT_HCI_ERR_UNKNOWN_COMMAND, op);
 
 	return NULL;
 }
@@ -6612,8 +6614,11 @@ static const struct btdev_cmd *default_cmd(struct btdev *btdev, uint16_t opcode,
 {
 	const struct btdev_cmd *cmd;
 
+	if (btdev->emu_opcode == opcode)
+		return vnd_cmd(btdev, opcode, btdev->emu_cmds, data, len);
+
 	if (btdev->msft_opcode == opcode)
-		return msft_cmd(btdev, data, len);
+		return vnd_cmd(btdev, opcode, btdev->msft_cmds, data, len);
 
 	for (cmd = btdev->cmds; cmd->func; cmd++) {
 		if (cmd->opcode != opcode)
@@ -7049,3 +7054,50 @@ int btdev_set_aosp_capable(struct btdev *btdev, bool enable)
 
 	return 0;
 }
+
+static int cmd_emu_test_event(struct btdev *dev, const void *data, uint8_t len)
+{
+	const struct emu_cmd_test_event *cmd = data;
+	uint8_t status = BT_HCI_ERR_SUCCESS;
+
+	if (len < sizeof(*cmd)) {
+		status = BT_HCI_ERR_INVALID_PARAMETERS;
+		goto done;
+	}
+
+	send_event(dev, cmd->evt, cmd->data, len - sizeof(*cmd));
+
+done:
+	cmd_complete(dev, dev->emu_opcode, &status, sizeof(status));
+
+	return 0;
+}
+
+#define CMD_EMU \
+	CMD(EMU_SUBCMD_TEST_EVENT, cmd_emu_test_event, NULL)
+
+static const struct btdev_cmd cmd_emu[] = {
+	CMD_EMU,
+	{}
+};
+
+int btdev_set_emu_opcode(struct btdev *btdev, uint16_t opcode)
+{
+	if (!btdev)
+		return -EINVAL;
+
+	switch (btdev->type) {
+	case BTDEV_TYPE_BREDRLE:
+	case BTDEV_TYPE_BREDRLE50:
+	case BTDEV_TYPE_BREDRLE52:
+		btdev->emu_opcode = opcode;
+		btdev->emu_cmds = cmd_emu;
+		return 0;
+	case BTDEV_TYPE_BREDR:
+	case BTDEV_TYPE_LE:
+	case BTDEV_TYPE_AMP:
+	case BTDEV_TYPE_BREDR20:
+	default:
+		return -ENOTSUP;
+	}
+}
diff --git a/emulator/btdev.h b/emulator/btdev.h
index 9493938..228bf20 100644
--- a/emulator/btdev.h
+++ b/emulator/btdev.h
@@ -102,3 +102,4 @@ bool btdev_del_hook(struct btdev *btdev, enum btdev_hook_type type,
 
 int btdev_set_msft_opcode(struct btdev *btdev, uint16_t opcode);
 int btdev_set_aosp_capable(struct btdev *btdev, bool enable);
+int btdev_set_emu_opcode(struct btdev *btdev, uint16_t opcode);
diff --git a/emulator/main.c b/emulator/main.c
index 3c215ef..bd98314 100644
--- a/emulator/main.c
+++ b/emulator/main.c
@@ -193,6 +193,7 @@ int main(int argc, char *argv[])
 		if (debug_enabled)
 			vhci_set_debug(vhci, vhci_debug, UINT_TO_PTR(i), NULL);
 
+		vhci_set_emu_opcode(vhci, 0xfc10);
 		vhci_set_msft_opcode(vhci, 0xfc1e);
 	}
 
diff --git a/emulator/vhci.c b/emulator/vhci.c
index 014df87..4295e30 100644
--- a/emulator/vhci.c
+++ b/emulator/vhci.c
@@ -252,3 +252,8 @@ int vhci_set_aosp_capable(struct vhci *vhci, bool enable)
 
 	return vhci_debugfs_write(vhci, "aosp_capable", &val, sizeof(val));
 }
+
+int vhci_set_emu_opcode(struct vhci *vhci, uint16_t opcode)
+{
+	return btdev_set_emu_opcode(vhci->btdev, opcode);
+}
diff --git a/emulator/vhci.h b/emulator/vhci.h
index a601d39..c42e8bd 100644
--- a/emulator/vhci.h
+++ b/emulator/vhci.h
@@ -27,3 +27,4 @@ int vhci_set_force_suspend(struct vhci *vhci, bool enable);
 int vhci_set_force_wakeup(struct vhci *vhci, bool enable);
 int vhci_set_msft_opcode(struct vhci *vhci, uint16_t opcode);
 int vhci_set_aosp_capable(struct vhci *vhci, bool enable);
+int vhci_set_emu_opcode(struct vhci *vhci, uint16_t opcode);
diff --git a/monitor/emulator.h b/monitor/emulator.h
new file mode 100644
index 0000000..dc9351e
--- /dev/null
+++ b/monitor/emulator.h
@@ -0,0 +1,18 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/*
+ *
+ *  BlueZ - Bluetooth protocol stack for Linux
+ *
+ *  Copyright (C) 2011-2014  Intel Corporation
+ *  Copyright (C) 2002-2010  Marcel Holtmann <marcel@holtmann.org>
+ *
+ *
+ */
+
+#define EMU_SUBCMD_TEST_EVENT 0x00
+
+struct emu_cmd_test_event {
+	uint8_t subcmd;
+	uint8_t evt;
+	uint8_t data[];
+} __attribute__((packed));