Connection to YunChen Smart Scale #140
Comments
|
Hi @pkscwc I can't find this scale on the internet. 🤔 Did you read the wiki about how to reverse engineer a Bluetooth scale? You have to analyse the incoming and outcoming values so we know which byte is used for what. Some UUIDs are standard UUIDs but that doesn't mean that the data format are the same (but sure it could be possible). I don't own this scale so its difficult to help in this stage. You have to do analyse the byte structure and the commands which are send from the your scale. Btw. please use the Markdown code tags for posting source code or formatted output messages. Best regards |
|
I have some hci snoop logs.
…On 14 Jan 2018 3:51 p.m., "OliE" ***@***.***> wrote:
Hi @pkscwc <https://github.com/pkscwc>
I can't find this scale on the internet. 🤔
Do you have a link to the vendors website?
Did you read the wiki
<https://github.com/oliexdev/openScale/wiki/How-to-reverse-engineer-a-Bluetooth-4.x-scale>
about how to reverse engineer a Bluetooth scale?
Maybe this
<https://github.com/oliexdev/openScale/wiki/Xiaomi-Bluetooth-Mi-Scale>
helps a bit too how you do it on a real device.
You have to analyse the incoming and outcoming values so we know which
byte is used for what.
Some UUIDs are standard UUIDs but that doesn't mean that the data format
are the same (but sure it could be possible).
I don't own this scale so its difficult to help in this stage. You have to
do analyse the byte structure and the commands which are send from the your
scale.
Btw. please use the Markdown code tags for posting source code or
formatted output messages.
Best regards
oli
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GNx6pfYSUEImLy0IxINtBsXhyWuvhks5tKdUsgaJpZM4Rdh3c>
.
|
|
then try to analyse it with wireshark as described in the wiki. |
|
OK. What data exactly may help us.
…On 14 Jan 2018 5:28 p.m., "OliE" ***@***.***> wrote:
then try to analyse it with wireshark as described in the wiki.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GN7cCJ-0Ee3WSUgZ8-rMCo4t8DhLfks5tKevNgaJpZM4Rdh3c>
.
|
|
I have uploaded the blue pixel ble scan log having UUID s in it.
…On 14 Jan 2018 3:51 p.m., "OliE" ***@***.***> wrote:
Hi @pkscwc <https://github.com/pkscwc>
I can't find this scale on the internet. 🤔
Do you have a link to the vendors website?
Did you read the wiki
<https://github.com/oliexdev/openScale/wiki/How-to-reverse-engineer-a-Bluetooth-4.x-scale>
about how to reverse engineer a Bluetooth scale?
Maybe this
<https://github.com/oliexdev/openScale/wiki/Xiaomi-Bluetooth-Mi-Scale>
helps a bit too how you do it on a real device.
You have to analyse the incoming and outcoming values so we know which
byte is used for what.
Some UUIDs are standard UUIDs but that doesn't mean that the data format
are the same (but sure it could be possible).
I don't own this scale so its difficult to help in this stage. You have to
do analyse the byte structure and the commands which are send from the your
scale.
Btw. please use the Markdown code tags for posting source code or
formatted output messages.
Best regards
oli
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GNx6pfYSUEImLy0IxINtBsXhyWuvhks5tKdUsgaJpZM4Rdh3c>
.
|
|
@pkscwc if your scale uses the FFF1 characteristic I would try to make a copy of the Digoo scale handler code and configure OpenScale to accept your scale. With a bit of luck it will work....if it doesn't you need to do reverse engineering of the hci snoop logs to see what is going on. |
|
Ok. Thanks. I will put in required efforts from my side also.
…On 14 Jan 2018 10:05 p.m., "Dododappere" ***@***.***> wrote:
@pkscwc <https://github.com/pkscwc> if your scale uses the FFF1
characteristic I would try to make a copy of the Digoo scale handler code
and configure OpenScale to accept your scale. With a bit of luck it will
work....if it doesn't you need to do reverse engineering of the hci snoop
logs to see what is going on.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GN7MUO5wrqj_QHuQuE4TetKtWhKWMks5tKizVgaJpZM4Rdh3c>
.
|
|
Hi Olie,
I have done some work today on wireshark and ble snoop.
Perhaps, got the values required.
Hope, it helps.
…On Sun, Jan 14, 2018 at 10:05 PM, Dododappere ***@***.***> wrote:
@pkscwc <https://github.com/pkscwc> if your scale uses the FFF1
characteristic I would try to make a copy of the Digoo scale handler code
and configure OpenScale to accept your scale. With a bit of luck it will
work....if it doesn't you need to do reverse engineering of the hci snoop
logs to see what is going on.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GN7MUO5wrqj_QHuQuE4TetKtWhKWMks5tKizVgaJpZM4Rdh3c>
.
|
|
Hi Olie,
I have attached the ble log file also.
…On Wed, Jan 17, 2018 at 5:05 PM, Pankaj Kr Sharma ***@***.***> wrote:
Hi Olie,
I have done some work today on wireshark and ble snoop.
Perhaps, got the values required.
Hope, it helps.
On Sun, Jan 14, 2018 at 10:05 PM, Dododappere ***@***.***>
wrote:
> @pkscwc <https://github.com/pkscwc> if your scale uses the FFF1
> characteristic I would try to make a copy of the Digoo scale handler code
> and configure OpenScale to accept your scale. With a bit of luck it will
> work....if it doesn't you need to do reverse engineering of the hci snoop
> logs to see what is going on.
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#140 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AB4GN7MUO5wrqj_QHuQuE4TetKtWhKWMks5tKizVgaJpZM4Rdh3c>
> .
>
|
|
@pkscwc you didn't attach anything. Also you have to analyse the protocol format to find the weight and other data in the Bluetooth data packages. |
|
Please check. I can see attachments sent in the email with desired
details...
…On 17 Jan 2018 11:55 p.m., "OliE" ***@***.***> wrote:
@pkscwc <https://github.com/pkscwc> you didn't attached anything. Also
you have to analyse the protocol to find weight and other data in the
Bluetooth data packages.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GN9ym55UiF1JgjN2V9ozjCjkHUCV3ks5tLjspgaJpZM4Rdh3c>
.
|
|
I didn't get the attachment either. Please see https://help.github.com/articles/file-attachments-on-issues-and-pull-requests/ for how to attach files. |
|
OK thanks.
…On 18 Jan 2018 2:18 p.m., "Erik Johansson" ***@***.***> wrote:
I didn't get the attachment either. Please see https://help.github.com/
articles/file-attachments-on-issues-and-pull-requests/ for how to attach
files.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GN5UoXPxy_aqzZz5b1RzNMlYWF-Fmks5tLwVdgaJpZM4Rdh3c>
.
|
|
I have submitted it as a new issue with relevant files. Thanks.
…On Thu, Jan 18, 2018 at 7:23 PM, Pankaj Kr Sharma ***@***.***> wrote:
OK thanks.
On 18 Jan 2018 2:18 p.m., "Erik Johansson" ***@***.***>
wrote:
> I didn't get the attachment either. Please see
> https://help.github.com/articles/file-attachments-on-issues-
> and-pull-requests/ for how to attach files.
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#140 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AB4GN5UoXPxy_aqzZz5b1RzNMlYWF-Fmks5tLwVdgaJpZM4Rdh3c>
> .
>
|
|
@pkscwc
|
|
In a minute.
…On Sun, Jan 21, 2018 at 1:59 PM, OliE ***@***.***> wrote:
@pkscwc <https://github.com/pkscwc>
thanks for the files but I need more information.
1. Please provide a link to the vendors app
2. Please provide a link to the product page of your YunChen scale.
3. I need a photo of your scale for the gallery (same angle like the
others)
4. I need the complete Bluetooth log file. Your YunChen_only_filter.log
file filtered to much out. The commands from the vendors App are missing.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GN9BeQtR3zh692POFBpzDzcSoI7qJks5tMvV8gaJpZM4Rdh3c>
.
|
|
link to the product page of YunChen scale. https://www.amazon.in/gp/product/B071J756ZB/ref=oh_aui_detailpage_o06_s00?ie=UTF8&psc=1 We can copy the photo from amazon itself. |
|
Vendor's app known as KeepFit |
|
The complete log. I just realized that I have filtered the commands from localhost to remote. This is the complete log containing all the bluetooth devices nearby to my mobile. Lot of garbage. |
|
hope it helps. |
|
In this file, I have tried to include both. scale to mobile and mobile to scale. |
|
Another, filtered but having both way traffic log |
|
@pkscwc Some thinks that are not clear yet:
Do you receive any data from the scale with openScale? A toast message should popup with some hex bytes. Please post that here. |
I can't use the Amazon photo due to copyright reasons. Please take a photo of your scale by yourself and post it here. Thanks. |
|
Dear Olie, I have noticed the magic bytes a5:01:2c:ab:50:5a:29 and tried my level best to connect with them date and time formats. So far, there is nothing to link with them date and time. The exact date and time of each packet is logged and can be seen in Wireshark.
|
|
An image of the scale:
|
|
Dear Olie, I am sorry. But, I don't know how to install developer version of openscale on my mobile. Is there any apk to download? I cannot find anything helpful. with regards, |
|
Ok. |
|
Or use this APK file https://github.com/oliexdev/openScale/releases/tag/travis-dev-build |
|
Install openScale-dev-build.apk . Yes found this. Thanks. |
|
In Bluetooth logs, it is recognised as Yunchen only. |
|
App installed without any error. I noticed that app bluetooth search timeout is rather short. Scale remains active for twice more time. |
|
So, no readings for now. |
|
|
|
I used the apk file. It connects but no data comes back from scale to app.
Can we change the magic number and try.
…On Sun, Jan 21, 2018 at 9:40 PM, OliE ***@***.***> wrote:
Or use this APK file https://github.com/oliexdev/
openScale/releases/tag/travis-dev-build
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GNwm0Jn0qDmssdAVzeUAO0zW0mgPgks5tM2GDgaJpZM4Rdh3c>
.
|
|
nRF Connect, 2018-01-22
|
|
Log by nRF logger |
|
please fork the project and edit the |
|
Hi Olie,
App now gets connected with scale. But it is not showing any measurement
yet. Can we increase the bluetooth time-out of the app. It time-outs before
the scale.
Any suggestion.
…On Mon, Jan 22, 2018 at 8:55 PM, OliE ***@***.***> wrote:
please fork the project and edit the BluetoothHesley.java file in Android
Studio. In that file you can see the magic bytes which you can change.
I can't help you much anymore because you have to do some kind of try and
error analyses with your scale.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GNymGEaBoDIMZR8ktoimQDzlFSoKQks5tNKhzgaJpZM4Rdh3c>
.
|
|
@pkscwc |
|
Dear Olie, I would like to express my sincere thanks for all the encouragements and actually writing the BluetoothHesley.java file for users of Hesley scale. Yes, it worked. I studied the logs in wireshark as suggested by you and tweaked the java file. The scale starts broadcasting the data as soon as it is activated. So, the use of magic bytes are still a mystery. Relevant files are attached with screenshot. |
|
Remaining data like fat etc is not present, because scale did not broadcast it. |
|
I implemented your changes into the master repository. Use the latest development version of openScale. I guess to get the remaining data we have to figure out what the magic bytes are. Until then I will close this issue. If you find a solution create a new issue or PR or reply to this issue. |
|
Dear Olie, It looks like that I made a mistake. It is not getting connected. I only read my manually entered data. I have updated some information in the java file. Particularly the data test part, data [1] = 0x01 should be 0xc1. I have altogether removed it. But, still it is not working. Although, in the log file, it clearly shows that scale is returning full data (including fat etc ) after receiving the magic bytes. Your expert opinion is required. |
|
Further, the toast commands are not creating any message window. What to do? |
|
I have posted some issues on the github page. Please have a look.
…On 28 Jan 2018 11:11 p.m., "OliE" ***@***.***> wrote:
I implemented your changes into the master repository. Use the latest
development version of openScale.
I guess to get the remaining data we have to figure out what the magic
bytes are. Until then I will close this issue. If you find a solution
create a new issue or PR or reply to this issue.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GN-fzzyvrtvrBJLeHjJyAqn21iJLoks5tPLFIgaJpZM4Rdh3c>
.
|
|
I have seen your post but I don't know either. |
|
@pkscwc I changed the implemented Bluetooth search algorithm in openScale which use now the new Android API so please test it with the latest development version. |
|
Hi,
Can you give me some idea for debugging the app. It is not picking up the
reading sent by scale. Scale is surely sending the readings as seen in BLE
log.
Bye
…On Thu, Feb 1, 2018 at 2:36 AM, OliE ***@***.***> wrote:
@pkscwc <https://github.com/pkscwc> I changed the implemented Bluetooth
search algorithm in openScale which use now the new Android API so please
test it with the latest development version.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GNy7tftNrn9lV_FbR9n-Sf3-hl9Zjks5tQNXjgaJpZM4Rdh3c>
.
|
|
@pkscwc for debugging see https://developer.android.com/studio/debug/index.html I will remove this try in the master repository until we get working version. For reference the latest implementation in the mater repository was BluetoothHesley.java. |
|
Please check in the new issue. I have uploaded the screenshots and working
java file.
…On 12 Feb 2018 4:55 p.m., "OliE" ***@***.***> wrote:
@pkscwc <https://github.com/pkscwc> for debugging see
https://developer.android.com/studio/debug/index.html
I will remove this try in the master repository until we get working
version.
For reference the latest implementation in the mater repository was
BluetoothHesley.java
<https://github.com/oliexdev/openScale/blob/master/android_app/app/src/main/java/com/health/openscale/core/bluetooth/BluetoothHesley.java>
.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#140 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB4GNxJ5w4P9ySWz843_A53qbeWUK-3uks5tUB-5gaJpZM4Rdh3c>
.
|
Dear Olie,
I have recently purchased this Yunchen Brand smart scale.
Can you add it as one of supported scales in your program.
I have tried using some hcitool and GATTtool commands to get relevant handles and UUIDs for this scale.
It is based on Texas Instrument chip.
Output of GATTTool commands like Primary & char-desc-hnd are given below:
Result of GATTtool log : command "primary"
attrhandle:0x0001,endgrp handle:0x0007 uuid:00001800-0000-1000-8000-00805f9b34fb
attrhandle:0x0008,endgrp handle:0x000a uuid:0000180a-0000-1000-8000-00805f9b34fb
attrhandle:0x000b,endgrp handle:0x000e uuid:00010203-0405-0607-0809-0a0b0c0d1912
attrhandle:0x000f,endgrp handle:0x0013 uuid:0000ffaa-0000-1000-8000-00805f9b34fb
attrhandle:0x0014,endgrp handle:0x001c uuid:0000fff0-0000-1000-8000-00805f9b34fb
Result of GATTtool log : command "char-desc"
handle:0x0001,uuid:00002800-0000-1000-8000-00805f9b34fb
handle:0x0002,uuid:00002803-0000-1000-8000-00805f9b34fb
handle:0x0003,uuid:00002a00-0000-1000-8000-00805f9b34fb
handle:0x0004,uuid:00002803-0000-1000-8000-00805f9b34fb
handle:0x0005,uuid:00002a01-0000-1000-8000-00805f9b34fb
handle:0x0006,uuid:00002803-0000-1000-8000-00805f9b34fb
handle:0x0007,uuid:00002a04-0000-1000-8000-00805f9b34fb
handle:0x0008,uuid:00002800-0000-1000-8000-00805f9b34fb
handle:0x0009,uuid:00002803-0000-1000-8000-00805f9b34fb
handle:0x000a,uuid:00002a50-0000-1000-8000-00805f9b34fb
handle:0x000b,uuid:00002800-0000-1000-8000-00805f9b34fb
handle:0x000c,uuid:00002803-0000-1000-8000-00805f9b34fb
handle:0x000d,uuid:00010203-0405-0607-0809-0a0b0c0d2b12
handle:0x000e,uuid:00002901-0000-1000-8000-00805f9b34fb
handle:0x000f,uuid:00002800-0000-1000-8000-00805f9b34fb
handle:0x0010,uuid:00002803-0000-1000-8000-00805f9b34fb
handle:0x0011,uuid:0000ffab-0000-1000-8000-00805f9b34fb
handle:0x0012,uuid:00002902-0000-1000-8000-00805f9b34fb
handle:0x0013,uuid:00002901-0000-1000-8000-00805f9b34fb
handle:0x0014,uuid:00002800-0000-1000-8000-00805f9b34fb
handle:0x0015,uuid:00002803-0000-1000-8000-00805f9b34fb
handle:0x0016,uuid:0000fff4-0000-1000-8000-00805f9b34fb
handle:0x0017,uuid:00002902-0000-1000-8000-00805f9b34fb
handle:0x0018,uuid:00002901-0000-1000-8000-00805f9b34fb
handle:0x0019,uuid:00002803-0000-1000-8000-00805f9b34fb
handle:0x001a,uuid:0000fff1-0000-1000-8000-00805f9b34fb
handle:0x001b,uuid:00002902-0000-1000-8000-00805f9b34fb
handle:0x001c,uuid:00002901-0000-1000-8000-00805f9b34fb
The values received from each handle above through command "char-read-hnd" in above order are given under:
0018
12
59756e4368656e0000000000000000000000
02
0000
02
140028000000e803
0a18
02
028a2466820100
12190d0c0b0a09080706050403020100
16
00
4f5441
aaff
14
0000000000000000000000000000000000000000
0000
436d64205257
f0ff
10
0000000000000000000000000000000000000000
0000
53707020524f
04
0000000000000000000000000000000000000000
0000
53707020574f
I have browsed through files hosted at openScale/android_app/app/src/main/java/com/health/openscale/core/bluetooth/
and found that four of the java files use these UUIDs.
Like:
BluetoothBeurerBF700_800 and BluetoothSanitasSbf70 use
UUIDs of 00002A00, 01, 04 and 50.
BluetoothDigooDGSO38H and BluetoothExcelvanCF369BLE use UUIDs of 0000FFF0, 1 and 4.
I hope it helps.
The text was updated successfully, but these errors were encountered: