describe mechanical(?) glitch in the NOTES
[pulsecounter.git] / NOTES
1 Anaren boosterpack with Emmoco firmware looks like this over BLE:
2
3 [BC:6A:29:AB:2E:31][LE]> primary
4 attr handle: 0x0001, end grp handle: 0x000b uuid: 00001800-0000-1000-8000-00805f9b34fb
5 attr handle: 0x000c, end grp handle: 0x000f uuid: 00001801-0000-1000-8000-00805f9b34fb
6 attr handle: 0x0010, end grp handle: 0xffff uuid: 0000ffe0-0000-1000-8000-00805f9b34fb
7
8 # 1800: Generic Access
9 [BC:6A:29:AB:2E:31][LE]> characteristics 1 0x0b
10 # 2a00: Device Name
11 handle: 0x0002, char properties: 0x02, char value handle: 0x0003, uuid: 00002a00-0000-1000-8000-00805f9b34fb
12 # 2a01: Appearance
13 handle: 0x0004, char properties: 0x02, char value handle: 0x0005, uuid: 00002a01-0000-1000-8000-00805f9b34fb
14 # 2a02: Peripheral Privacy Flag
15 handle: 0x0006, char properties: 0x02, char value handle: 0x0007, uuid: 00002a02-0000-1000-8000-00805f9b34fb
16 # 2a03: Reconnection Address
17 handle: 0x0008, char properties: 0x0a, char value handle: 0x0009, uuid: 00002a03-0000-1000-8000-00805f9b34fb
18 # 2a04: Peripheral Preferred Connection Parameters
19 handle: 0x000a, char properties: 0x02, char value handle: 0x000b, uuid: 00002a04-0000-1000-8000-00805f9b34fb
20 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x01
21 Characteristic value/descriptor: 00 18
22 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x02
23 Characteristic value/descriptor: 02 03 00 00 2a 
24 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x03
25 Characteristic value/descriptor: 
26 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x04
27 Characteristic value/descriptor: 02 05 00 01 2a 
28 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x05
29 Characteristic value/descriptor: 00 00 
30 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x06
31 Characteristic value/descriptor: 02 07 00 02 2a 
32 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x07
33 Characteristic value/descriptor: 00 
34 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x08
35 Characteristic value/descriptor: 0a 09 00 03 2a 
36 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x09
37 Characteristic value/descriptor: 00 00 00 00 00 00 
38 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0a
39 Characteristic value/descriptor: 02 0b 00 04 2a 
40 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0b
41 Characteristic value/descriptor: 50 00 a0 00 00 00 e8 03 
42
43 # 1801: Generic Attribute
44 [BC:6A:29:AB:2E:31][LE]> characteristics 0x0c 0x0f
45 handle: 0x000d, char properties: 0x20, char value handle: 0x000e, uuid: 00002a05-0000-1000-8000-00805f9b34fb
46 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0c
47 Characteristic value/descriptor: 01 18 
48 # 2a05: Service Changed (Indicate)
49 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0d
50 Characteristic value/descriptor: 20 0e 00 05 2a
51 # uint16: Start of Affected Attribute Handle Range
52 # uint16: End of Affected Attribute Handle Range
53 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0e
54 Error: Characteristic value/descriptor read failed: Attribute can't be read
55 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0f
56 Characteristic value/descriptor: 00 00 
57
58 [BC:6A:29:AB:2E:31][LE]> characteristics 0x10
59 handle: 0x0011, char properties: 0x12, char value handle: 0x0012, uuid: 0000ffe1-0000-1000-8000-00805f9b34fb
60 handle: 0x0014, char properties: 0x12, char value handle: 0x0015, uuid: 0000ffe2-0000-1000-8000-00805f9b34fb
61 handle: 0x0017, char properties: 0x0c, char value handle: 0x0018, uuid: 0000ffe3-0000-1000-8000-00805f9b34fb
62 handle: 0x0019, char properties: 0x0c, char value handle: 0x001a, uuid: 0000ffe4-0000-1000-8000-00805f9b34fb
63 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x10
64 Characteristic value/descriptor: e0 ff 
65 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x11
66 Characteristic value/descriptor: 12 12 00 e1 ff 
67 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x12
68 Error: Characteristic value/descriptor read failed: Request attribute has encountered an unlikely error
69 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x13
70 Characteristic value/descriptor: 
71 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x14
72 Characteristic value/descriptor: 
73 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x15
74 Characteristic value/descriptor: 
75 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x16
76 Characteristic value/descriptor: 
77 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x17
78 Characteristic value/descriptor: 
79 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x18
80 Error: Characteristic value/descriptor read failed: Attribute can't be read
81 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x19
82 Characteristic value/descriptor: 
83 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x1a
84 Error: Characteristic value/descriptor read failed: Attribute can't be read
85
86 =============
87
88 [BC:6A:29:AB:2E:31][LE]> primary ffe0
89 Starting handle: 0x0010 Ending handle: 0xffff
90
91 [BC:6A:29:AB:2E:31][LE]> characteristics 0x0010 0xffff
92 handle: 0x0011, char properties: 0x12, char value handle: 0x0012, uuid: 0000ffe1-0000-1000-8000-00805f9b34fb
93 handle: 0x0014, char properties: 0x12, char value handle: 0x0015, uuid: 0000ffe2-0000-1000-8000-00805f9b34fb
94 handle: 0x0017, char properties: 0x0c, char value handle: 0x0018, uuid: 0000ffe3-0000-1000-8000-00805f9b34fb
95 handle: 0x0019, char properties: 0x0c, char value handle: 0x001a, uuid: 0000ffe4-0000-1000-8000-00805f9b34fb
96
97 [BC:6A:29:AB:2E:31][LE]> char-desc 0x0010 0xffff
98 handle: 0x0010, uuid: 00002800-0000-1000-8000-00805f9b34fb      * GATT Primary Service Declaration
99 handle: 0x0011, uuid: 00002803-0000-1000-8000-00805f9b34fb      + GATT Characteristic Declaration
100 handle: 0x0012, uuid: 0000ffe1-0000-1000-8000-00805f9b34fb
101 handle: 0x0013, uuid: 00002902-0000-1000-8000-00805f9b34fb      + Client Characteristic Configuration
102 handle: 0x0014, uuid: 00002803-0000-1000-8000-00805f9b34fb      + GATT Characteristic Declaration
103 handle: 0x0015, uuid: 0000ffe2-0000-1000-8000-00805f9b34fb
104 handle: 0x0016, uuid: 00002902-0000-1000-8000-00805f9b34fb      + Client Characteristic Configuration
105 handle: 0x0017, uuid: 00002803-0000-1000-8000-00805f9b34fb      + GATT Characteristic Declaration
106 handle: 0x0018, uuid: 0000ffe3-0000-1000-8000-00805f9b34fb
107 handle: 0x0019, uuid: 00002803-0000-1000-8000-00805f9b34fb      + GATT Characteristic Declaration
108 handle: 0x001a, uuid: 0000ffe4-0000-1000-8000-00805f9b34fb
109
110 ========================================================================
111
112 After some playing around, the role of the attributes looks like this:
113
114 ffe1 [R,I]: Data read
115         Receives Indicate messages containing variable id in
116         the first byte, zero in second byte, variable value
117         in the rest. Maybe variable id is two-byte (LE).
118
119 ffe2[R,I]: Operation completion code
120         After some writes, esp. into uuid ffe3, this characteristic
121         gets Indicate 32bit long, all zeroes, or with non-zero first
122         byte. Observed 0x07 and 0x33. Looks like return code from the
123         operation initiated by write into ffe3.
124
125 ffe3[W]: Command(?)
126         Write of any length, with the first byte 1 or 2 results in
127         Indicate message on ffe2.
128
129 ffe4[W]: Data write(?)
130         Write seems to affect the Indicate code that arrives in response
131         to subsequent writes to ffe3.
132
133 ======================================================================
134
135 Hypothesis: command may have similar format to the Em_Message that is
136 used to communicate between the MCM and EDR.
137
138 #define Em_Message_INDSIZE 4
139 typedef uint8_t Em_Message_Size;
140 typedef uint8_t Em_Message_Kind;
141 typedef uint8_t Em_Message_ResId;
142 typedef uint8_t Em_Message_Chan;
143  
144 #define Em_Message_NOP 0
145 #define Em_Message_FETCH 1
146 #define Em_Message_FETCH_DONE 2
147 #define Em_Message_STORE 3
148 #define Em_Message_STORE_DONE 4
149 #define Em_Message_INDICATOR 5
150 #define Em_Message_CONNECT 6
151 #define Em_Message_DISCONNECT 7
152 #define Em_Message_ECHO 8
153 #define Em_Message_PAIRING 9
154 #define Em_Message_PAIRING_DONE 10
155 #define Em_Message_OFFLINE 11
156 #define Em_Message_ACCEPT 12
157 #define Em_Message_START 13
158 #define Em_Message_ACTIVE_PARAMS 14
159
160 typedef struct Em_Message_Header {
161     uint8_t size;
162     uint8_t kind;
163     uint8_t resId;
164     uint8_t chan;
165 } Em_Message_Header;
166
167 typedef struct Em_App_Message {
168     uint8_t dummy[3];
169     uint8_t sot;
170     struct Em_Message_Header {
171         uint8_t size;
172         uint8_t kind;
173         uint8_t resId;
174         uint8_t chan;
175     } hdr;
176     uint8_t data[20]; /* 4 for Indicator */
177 } Em_App_Message;
178
179 Write ffe3      Ind ffe2
180 FF              -
181 FE              0D 00                           protocolLevel
182 FD              0D 00                           protocolLevel
183 FC              42 20 79 91 51 01 00 00         Build
184 FB              -
185 FA              bc d0 b8 ea f0 13 c8 32 0b 21 07 09 c0 5c 43 48 0d 00 11 00
186 F9              04 09
187 F8              -
188 F7              -
189 F6              00
190 F5              50 55 4c 53 2d 43 4e 54 52
191
192 00              -
193 01              00 00 00 53     - byte changes after reset (EA)
194 02              00 00 00 53
195
196 After write to ffe4 write to ffe3 stops producing results
197
198 Hypothesis about a match between Em messagas and wire messages was wrong
199
200 =============================================
201
202 Other hardware that looks more promising:
203
204 NUCLEO-L053R8 (STM32L053R8T6)
205 http://www.st.com/web/en/catalog/tools/FM116/SC959/SS1532/LN1847/PF260001
206 X-NUCLEO-IDB05A1 (SPBTLE-RF)
207 http://www.st.com/web/catalog/tools/FM146/CL2167/SC2006/LN1988/PF262191
208
209 ===================
210 Apparent hardware glitch:
211
212 | 2015-12-28 05:48:47 |    95 |
213 | 2015-12-28 06:19:15 |    96 |
214 | 2015-12-28 06:22:01 |    97 |
215 | 2015-12-28 06:24:48 |    98 |
216 | 2015-12-28 06:27:35 |    99 |
217 | 2015-12-28 06:30:23 |   100 |
218 | 2015-12-28 06:33:10 |   101 |
219 | 2015-12-28 06:35:57 |   102 |
220 >>
221 | 2015-12-28 06:56:49 |   103 |
222 | 2015-12-28 06:56:52 |   104 |
223 | 2015-12-28 06:56:54 |   105 |
224 | 2015-12-28 06:56:56 |   106 |
225 | 2015-12-28 06:56:57 |   107 |
226 | 2015-12-28 06:56:59 |   108 |
227 | 2015-12-28 06:57:01 |   109 |
228 | 2015-12-28 06:57:02 |   110 |
229 <<
230 | 2015-12-28 09:34:24 |   111 |
231 | 2015-12-28 09:35:11 |   112 |
232 | 2015-12-28 18:53:29 |   113 |
233
234 selected eight lines are bogus. Mechanical counter reading is less by
235 eight than counted by the software. Apparently triggered by high flow
236 of hot water (still definitely not 500 l/min high!).
237