97c40c2fcb24643dcd3fcf77e90773e3ae5a3ad2
[pulsecounter.git] / NOTES
1 Anaren boosterpack with Emmoco firmware looks like this over BLE:
2
3 [BC:6A:29:AB:2E:31][LE]> primary
4 attr handle: 0x0001, end grp handle: 0x000b uuid: 00001800-0000-1000-8000-00805f9b34fb
5 attr handle: 0x000c, end grp handle: 0x000f uuid: 00001801-0000-1000-8000-00805f9b34fb
6 attr handle: 0x0010, end grp handle: 0xffff uuid: 0000ffe0-0000-1000-8000-00805f9b34fb
7
8 # 1800: Generic Access
9 [BC:6A:29:AB:2E:31][LE]> characteristics 1 0x0b
10 # 2a00: Device Name
11 handle: 0x0002, char properties: 0x02, char value handle: 0x0003, uuid: 00002a00-0000-1000-8000-00805f9b34fb
12 # 2a01: Appearance
13 handle: 0x0004, char properties: 0x02, char value handle: 0x0005, uuid: 00002a01-0000-1000-8000-00805f9b34fb
14 # 2a02: Peripheral Privacy Flag
15 handle: 0x0006, char properties: 0x02, char value handle: 0x0007, uuid: 00002a02-0000-1000-8000-00805f9b34fb
16 # 2a03: Reconnection Address
17 handle: 0x0008, char properties: 0x0a, char value handle: 0x0009, uuid: 00002a03-0000-1000-8000-00805f9b34fb
18 # 2a04: Peripheral Preferred Connection Parameters
19 handle: 0x000a, char properties: 0x02, char value handle: 0x000b, uuid: 00002a04-0000-1000-8000-00805f9b34fb
20 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x01
21 Characteristic value/descriptor: 00 18
22 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x02
23 Characteristic value/descriptor: 02 03 00 00 2a 
24 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x03
25 Characteristic value/descriptor: 
26 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x04
27 Characteristic value/descriptor: 02 05 00 01 2a 
28 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x05
29 Characteristic value/descriptor: 00 00 
30 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x06
31 Characteristic value/descriptor: 02 07 00 02 2a 
32 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x07
33 Characteristic value/descriptor: 00 
34 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x08
35 Characteristic value/descriptor: 0a 09 00 03 2a 
36 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x09
37 Characteristic value/descriptor: 00 00 00 00 00 00 
38 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0a
39 Characteristic value/descriptor: 02 0b 00 04 2a 
40 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0b
41 Characteristic value/descriptor: 50 00 a0 00 00 00 e8 03 
42
43 # 1801: Generic Attribute
44 [BC:6A:29:AB:2E:31][LE]> characteristics 0x0c 0x0f
45 handle: 0x000d, char properties: 0x20, char value handle: 0x000e, uuid: 00002a05-0000-1000-8000-00805f9b34fb
46 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0c
47 Characteristic value/descriptor: 01 18 
48 # 2a05: Service Changed (Indicate)
49 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0d
50 Characteristic value/descriptor: 20 0e 00 05 2a
51 # uint16: Start of Affected Attribute Handle Range
52 # uint16: End of Affected Attribute Handle Range
53 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0e
54 Error: Characteristic value/descriptor read failed: Attribute can't be read
55 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x0f
56 Characteristic value/descriptor: 00 00 
57
58 [BC:6A:29:AB:2E:31][LE]> characteristics 0x10
59 handle: 0x0011, char properties: 0x12, char value handle: 0x0012, uuid: 0000ffe1-0000-1000-8000-00805f9b34fb
60 handle: 0x0014, char properties: 0x12, char value handle: 0x0015, uuid: 0000ffe2-0000-1000-8000-00805f9b34fb
61 handle: 0x0017, char properties: 0x0c, char value handle: 0x0018, uuid: 0000ffe3-0000-1000-8000-00805f9b34fb
62 handle: 0x0019, char properties: 0x0c, char value handle: 0x001a, uuid: 0000ffe4-0000-1000-8000-00805f9b34fb
63 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x10
64 Characteristic value/descriptor: e0 ff 
65 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x11
66 Characteristic value/descriptor: 12 12 00 e1 ff 
67 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x12
68 Error: Characteristic value/descriptor read failed: Request attribute has encountered an unlikely error
69 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x13
70 Characteristic value/descriptor: 
71 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x14
72 Characteristic value/descriptor: 
73 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x15
74 Characteristic value/descriptor: 
75 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x16
76 Characteristic value/descriptor: 
77 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x17
78 Characteristic value/descriptor: 
79 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x18
80 Error: Characteristic value/descriptor read failed: Attribute can't be read
81 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x19
82 Characteristic value/descriptor: 
83 [BC:6A:29:AB:2E:31][LE]> char-read-hnd 0x1a
84 Error: Characteristic value/descriptor read failed: Attribute can't be read
85
86 =============
87
88 [BC:6A:29:AB:2E:31][LE]> primary ffe0
89 Starting handle: 0x0010 Ending handle: 0xffff
90
91 [BC:6A:29:AB:2E:31][LE]> characteristics 0x0010 0xffff
92 handle: 0x0011, char properties: 0x12, char value handle: 0x0012, uuid: 0000ffe1-0000-1000-8000-00805f9b34fb
93 handle: 0x0014, char properties: 0x12, char value handle: 0x0015, uuid: 0000ffe2-0000-1000-8000-00805f9b34fb
94 handle: 0x0017, char properties: 0x0c, char value handle: 0x0018, uuid: 0000ffe3-0000-1000-8000-00805f9b34fb
95 handle: 0x0019, char properties: 0x0c, char value handle: 0x001a, uuid: 0000ffe4-0000-1000-8000-00805f9b34fb
96
97 [BC:6A:29:AB:2E:31][LE]> char-desc 0x0010 0xffff
98 handle: 0x0010, uuid: 00002800-0000-1000-8000-00805f9b34fb      * GATT Primary Service Declaration
99 handle: 0x0011, uuid: 00002803-0000-1000-8000-00805f9b34fb      + GATT Characteristic Declaration
100 handle: 0x0012, uuid: 0000ffe1-0000-1000-8000-00805f9b34fb
101 handle: 0x0013, uuid: 00002902-0000-1000-8000-00805f9b34fb      + Client Characteristic Configuration
102 handle: 0x0014, uuid: 00002803-0000-1000-8000-00805f9b34fb      + GATT Characteristic Declaration
103 handle: 0x0015, uuid: 0000ffe2-0000-1000-8000-00805f9b34fb
104 handle: 0x0016, uuid: 00002902-0000-1000-8000-00805f9b34fb      + Client Characteristic Configuration
105 handle: 0x0017, uuid: 00002803-0000-1000-8000-00805f9b34fb      + GATT Characteristic Declaration
106 handle: 0x0018, uuid: 0000ffe3-0000-1000-8000-00805f9b34fb
107 handle: 0x0019, uuid: 00002803-0000-1000-8000-00805f9b34fb      + GATT Characteristic Declaration
108 handle: 0x001a, uuid: 0000ffe4-0000-1000-8000-00805f9b34fb
109
110 ========================================================================
111
112 After some playing around, the role of the attributes looks like this:
113
114 ffe1 [R,I]: Data read
115         Receives Indicate messages containing variable id in
116         the first byte, zero in second byte, variable value
117         in the rest. Maybe variable id is two-byte (LE).
118
119 ffe2[R,I]: Operation completion code
120         After some writes, esp. into uuid ffe3, this characteristic
121         gets Indicate 32bit long, all zeroes, or with non-zero first
122         byte. Observed 0x07 and 0x33. Looks like return code from the
123         operation initiated by write into ffe3.
124
125 ffe3[W]: Command(?)
126         Write of any length, with the first byte 1 or 2 results in
127         Indicate message on ffe2.
128
129 ffe4[W]: Data write(?)
130         Write seems to affect the Indicate code that arrives in response
131         to subsequent writes to ffe3.
132
133 ======================================================================
134
135 Hypothesis: command may have similar format to the Em_Message that is
136 used to communicate between the MCM and EDR.
137
138 #define Em_Message_INDSIZE 4
139 typedef uint8_t Em_Message_Size;
140 typedef uint8_t Em_Message_Kind;
141 typedef uint8_t Em_Message_ResId;
142 typedef uint8_t Em_Message_Chan;
143  
144 #define Em_Message_NOP 0
145 #define Em_Message_FETCH 1
146 #define Em_Message_FETCH_DONE 2
147 #define Em_Message_STORE 3
148 #define Em_Message_STORE_DONE 4
149 #define Em_Message_INDICATOR 5
150 #define Em_Message_CONNECT 6
151 #define Em_Message_DISCONNECT 7
152 #define Em_Message_ECHO 8
153 #define Em_Message_PAIRING 9
154 #define Em_Message_PAIRING_DONE 10
155 #define Em_Message_OFFLINE 11
156 #define Em_Message_ACCEPT 12
157 #define Em_Message_START 13
158 #define Em_Message_ACTIVE_PARAMS 14
159
160 typedef struct Em_Message_Header {
161     uint8_t size;
162     uint8_t kind;
163     uint8_t resId;
164     uint8_t chan;
165 } Em_Message_Header;
166
167 typedef struct Em_App_Message {
168     uint8_t dummy[3];
169     uint8_t sot;
170     struct Em_Message_Header {
171         uint8_t size;
172         uint8_t kind;
173         uint8_t resId;
174         uint8_t chan;
175     } hdr;
176     uint8_t data[20]; /* 4 for Indicator */
177 } Em_App_Message;
178
179 Write ffe3      Ind ffe2
180 FF              -
181 FE              0D 00                           protocolLevel
182 FD              0D 00                           protocolLevel
183 FC              42 20 79 91 51 01 00 00         Build
184 FB              -
185 FA              bc d0 b8 ea f0 13 c8 32 0b 21 07 09 c0 5c 43 48 0d 00 11 00
186 F9              04 09
187 F8              -
188 F7              -
189 F6              00
190 F5              50 55 4c 53 2d 43 4e 54 52
191
192 00              -
193 01              00 00 00 53     - byte changes after reset (EA)
194 02              00 00 00 53
195
196 After write to ffe4 write to ffe3 stops producing results
197
198 Hypothesis about a match between Em messagas and wire messages was wrong
199
200 =============================================
201
202 Other hardware that looks more promising:
203
204 NUCLEO-L053R8 (STM32L053R8T6)
205 http://www.st.com/web/en/catalog/tools/FM116/SC959/SS1532/LN1847/PF260001
206 X-NUCLEO-IDB05A1 (SPBTLE-RF)
207 http://www.st.com/web/catalog/tools/FM146/CL2167/SC2006/LN1988/PF262191