No stats after firmware update

[jj05y]

Hey,
I just cloned the repo and while the app connects fine, there's no stats available. It may be the firmware update. Can you repro?

[COM8]

To me it looks like the Onewheel now requires some kind of initialistaion to send values.
Else it will just report 0 as value for each characteristic.

[COM8]

[beeradmoore]

Just noticed the same thing with Onewheel Community Edition app. I only get firmware and hardware revision.

Almost all properties in LightBlue are also unnamed now.

Going to investigate today with a phantom board and will let you know if I find anything useful.

[kwatkins]

Hmm well that's a bit annoying. If not solved I'll tackle in a few days, my XR is out as I change to a new treaded tire (currently stuck at the dismount step, it isn't easy as YouTube peeps show). I doubt the GUIDS changed but hard to say ... Likely will just reverse the official app.

[beeradmoore]

GUIDs are the same. Only firmware and hardware revisions have values via LightBlue.

The latest official app doesn’t detect my phantom board for doing the reverse engineering of their BLE anymore. Previous app versions still work fine.

Another thing is the URL path for the new firmware has changed. And a few other things about the apps are different. I wonder if all of this is FM trying to prevent these 3rd party apps existing?

EDIT: I updated my Android device to the latest OW app. I enabled HCI logging and then connected to the board and then sent the log to my computer and am stepping through it with Wireshark. I can see the app fetching ride mode fine and on the correct characteristic uuid. I am looking up back further to see if the board is sending any specific data to allow it to send the other data. Will update when I know more.

[jj05y]

Using gatttool its reading 0 for alot of handles, some have data but how is one to map them to meaningful names?

[beeradmoore]

Inspecting a bluetooth log, I am 99% confident the uuids have not changed and don’t need to be renamed.

The board is doing something else.

Should also be noted the old OW app can’t connect to the new OW board, much like the same issue we are in.

[COM8]

Yes I can confirm this. The characteristics are still the same.
Never the less they added 4:
e659f31d-ea98-11e3-ac10-0800200c9a66 labeled Data29
e659f31e-ea98-11e3-ac10-0800200c9a66 labeled Data30
e659f31f-ea98-11e3-ac10-0800200c9a66 labeled Data31
e659f320-ea98-11e3-ac10-0800200c9a66 labeled Data32
Guess they are for the custom riding mode.

[COM8]

Inspecting a bluetooth log, I am 99% confident the uuids have not changed and don’t need to be renamed.

The board is doing something else.

Should also be noted the old OW app can’t connect to the new OW board, much like the same issue we are in.

Do you mind uploading your HCI log?
Don't have an Adroid device on hand, only Android x86 😉 and it's not letting me log traffic.

[beeradmoore]

e659f31d through to e659f320 are not new. LightBlue used to have named properties and it would call them unknown 1 to unknown 4. I don't believe I've ever seen them change value, but they could very we be used now though.

Log is attached, it can be opened by Wireshark. It also shows my device picking up a bunch of other devices so need to double check for service UUID and then compare it. From memory board connects in frame 117.
btsnoop_hci.log.zip

EDIT: There is also bluetooth logging for iOS. I didn't know it was a thing otherwise I probably would have tried this. https://developer.apple.com/bug-reporting/profiles-and-logs/

[COM8]

Ok thanks, maybe I can spot something new.

[COM8]

So that's what I've discovered:
The app based on your logs provided sends the following data to the board:

1. Write 00 to e659f319-ea98-11e3-ac10-0800200c9a66 // Set live time odometer to 0
2. Write 0fc2 to e659f311-ea98-11e3-ac10-0800200c9a66 // Set firmware revision to 4034 (BASE10)
3. Write 43:52:58:d8:82:11:d1:26:96:5f:9f:aa:72:fc:de:92:f3:25:3d:20 to e659f3ff-ea98-11e3-ac10-0800200c9a66 // Write Q1JYw5jCghHDkSbCll/Cn8KqcsO8w57CksOzJT0g (BASE64) to serial write
4. Write 00 to e659f319-ea98-11e3-ac10-0800200c9a66 // Set live time odometer to 0
5. Write 007 to e659f302-ea98-11e3-ac10-0800200c9a66 // Sets ride mode to 7
6. Write 00 to e659f319-ea98-11e3-ac10-0800200c9a66 // Set live time odometer to 0
7. Write 00 to e659f319-ea98-11e3-ac10-0800200c9a66 // Set live time odometer to 0
8. Write 00 to e659f319-ea98-11e3-ac10-0800200c9a66 // Set live time odometer to 0
9. Write 00 to e659f319-ea98-11e3-ac10-0800200c9a66 // Set live time odometer to 0

The interresting one is the serial data. I couldn't make sence of it, but it's probably just in a wrong endian right now.