any ideas about the microcontroller or protocol the tag use? #5
Comments
|
Hi, |
|
Your reference BLE tag you used is same in shape as mine? Oh btw, it might be a good idea to use the wiki to record any findings on the gatt profile of various tags. E.g. what each services exist and how to respond to each of em (maybe one of them have the wrong battery address?) |
|
yes exactly the same… i suppose that the problem is under the android code of your phone :-/ :-/ |
|
True true. Btw what's your guess about "SWS" pin on the PCB? I deduced PWM1 as the LED, and BZ+ to be for the buzzer. But I am not sure what SWS stands for. I wonder if its a way to "program" the microcontroller? Or is it serial output? Then again... there is also a possibility that the IC is hardcoded and locked. |
|
Opened mine (http://i.ebayimg.com/images/g/NUQAAOSw3ydV5nNb/s-l500.jpg) same shape, same pcb, but the chip has different labeling: |
|
My device contains.. Vcc, God, RX, TX, atm?, in, clk |
|
|
|
KLJ-1230 for the buzzer |
|
Man... You got a really beautiful board. It even has rx and tx. Which is Maybe the RST,CLK,IN,DTN is part of a programming interface Could try soldering to GND, RX, and TX to a serial converter and see what it says Google search on the IC: One broken url at eliabieri.com/65 : |
|
hmmm... do you think we should document this in the wiki perhaps? |
|
Oh and btw sylvek, is the packaging for your tag the same as mine? Is the name of the tag the same? Or did it look different? |
you're the first guy to tell me that ^^ |
my packaging was exactly the same ! |
i could, i have the serial 3.3V controller and an arduino if necessary |
|
yea that would be interesting to see |
|
;) Le sam. 7 nov. 2015 à 12:38, mofosyne notifications@github.com a écrit :
|
|
Today is "singles day" on chienese markets and those tags are ~2$ and itag ~5$ so expect new wave of new requests or in worst case incopatibilities:/ |
|
i tried yesterday to weld some wire to the tx-rx "pin" … impossible. I'll try it an another day. |
|
Have you considered asking these suppliers for images of the PCB? |
|
Update: Just recently got another tag of the same shape, but from a different supplier that looked like it had a different PCB inside... it came... but with the same crappy PCB (mcu: ST17H25) that I disassembled before 0.o . Seems like the photo that showed hint of a programming pad is from an older version of the tag. I have a feeling they got to the volume that they just opted for a factory preprogrammed or perhaps even an ASIC based chip (which is only economical in large volumes). Or just any methods that would allow them to do away with a programming pin pads. but there is some slight change: The board version is |
|
do you have a link to buy some iTag? i'm looking for it (needed to develop a version with support of several devices) |
|
it was brought from ebay.com.au from a random selection of buyers. But I suspect all these buyers are buying from the same factory. e.g. alibaba or something search term Oh about soldering to RX and TX pads in your BLE tag, try using 30awg wires, those are nice for tight soldering attempts. Oh and use some flux too. |
|
Mine pcb |
|
hosek, this is your IC's marking ? Looks to have same pinout as the F512ET32 has 512 and 32, which might mean "Flash 512kb and 32bit cpu" or " Flash 512kb and EEPROM 32kb" something like that. ARM inside? Now that I compaired all these tags. The again I am reminded of this: One broken url at eliabieri.com/65 : and this PDF in http://www.docin.com/p-878724807.html that I cannot download for some reason. For now, I'm pinging http://www.telink-semi.com/site/contact#level-1 for any more info... hopefully they reply in english |
|
Does anyone speak chinese here? Can you download the pdf here? http://www.docin.com/p-878724807.html Anyway these are what sticks out to me: Pinout at page 71
... !!!!!! SWS and SWM !!!!! at page 39 !!!!! This looks very very interesting !!!! Ohhh.... so it means.... Single Wire Master and Single Wire Slave
So essentially, it does seem like there is a possibility of programming this... But you need to do it via SWS, using their programming system... Could be an approach if we can somehow emulate the communication. Then the next is what is their compiler etc... Unless we can get Telelink to be friendlier to us :D ? Or is this essentially the 1-wire protocol via MAXIM? http://www.telink-semi.com/site/product_detail/50 TLSR8266/TLSR8266F512 (BLE SoC) Key Features:
Target Applications:
Development tools: lol... that devkit is not going to come cheap |
|
wow great! mine use a Quantic chip (http://electronics360.globalspec.com/article/4758/nxp-buys-wearable-bluetooth-business) ref: Q9021 434NJ OOUME |
|
regarding the beken bk3431n - I found this random keil project in github... unsure of how useful it might be to start a blinky/helloworld with a jlink... (Not sure if the flash lock is permanent or resettable): |
|
Hello, anybody got further with flashing Telink TLSR8266/ST17H25 chip via SWS? I got few nice cheap fitness trackers based on this chip, the SDK with gcc appears to work, I have matching firmware binaries for those bracelets as a backup, but it looks like one would currently need the "Telink EVK OTP/Flash Programmer board" to reflash it. Sadly I can't google this programmer board anywhere being available (aliexpress, ebay). The protocol is poorly documented and only in older versions of the datasheet, later this SWS/SWM part was removed completely. Still, I checked the protocol description and while the basics are good I can't figure our what should be the clock speed for data (unlike with CC2541 where there is extra wire for clock). Also there is only read and write command documented (and begin, end) , how would one actually execute something in the chip via this protocol? How could the tcdb debugger be implemented with this? Maybe backing up and rewriting stack or ISR vectors? Or maybe CPU registers including PC and stack pointers are memory mapped? Would be nice to have some USB debug traces of this EVK programming board doing something. |
|
For posterity, I just got these 2, seem to be different revisions
|
hello fanoush. recently i found the company repository https://github.com/17HXX, hope it helps. the EVK board is only available in the company official account in Wechat, but very expensive, 1000RMB. anyone who needs translation or other information, please contact me. i had the idea to make a firmware, and use it as a positioning device for home automation. maybe replacing with a cc2540 is much eaiser. |
Thank you very much, I already searched github repositories for 'tlsr' and 'telink' but forgot 'lenze', however when trying now it wouldn't find this 17HXX anyway so thanks a lot for this pointer! cc254x is 8051, which does not look easier to me, especially with no free compiler, using IAR 30 day trials gets boring very quickly :-) I managed to recompile BlueBasic for it and tested it with JDY-08 module and it is quite nice but both 8051 arch and 8k SRAM just feels too limiting. I'll definitely check stuff in 17HXX out and see whether it helps me with figuring out how to bitbang SWS. I already got JDY-10 TLSR8266 module for this. |
|
Sorry if I'm reviving an old discussion but I came across this chip tearing down a "CSI TECH" beacon and I found a datasheet in English that may be useful for some of you https://share.weiyun.com/5JawPYc |
|
As for the TLSR8266 I am not sure if I missed it previously or they added it later but there is link to wiki http://wiki.telink-semi.cn/dokuwiki/doku.php?id=start directly on main Telink page. It contains datasheets, IDE with compiler, BLE SDK. Also there is documentation about Burning and Debugging Tool (BDT) with downloads containing its schematics and firmware binary. It still does not help me to know more about SWS but at least it is lot of (mostly known) info in one official place. BTW from schematics it looks like BDT itself contains TLSR8266 chip which can natively handle USB - the chip has pins for usb data +/- However the TLSR8266 datasheet has no description of USB functionality. EDIT: the wiki has revision history and most stuff started in October 2018 (and e.g. the TSLR826x page was even updated in March 2019) so it is indeed newer than most comments here. And it is great they are making it available. Also their forum has some interesting bits. |
|
Finally found the right datasheet for the ST17H26: PDF page 23, page 22 in the document |
|
@PlantDaddy not sure what you're after but some version of that datasheet is also in github project mentined above, see https://github.com/17HXX/17HXX_OTP_Plug-in_Flash_SDK_Release/tree/master/doc , there may be more information there |
|
OTP = one-time-programmable = the end of all firmware hacking dreams? |
|
17H26 has OTP yes, 17H25 has flash like TLSR8266 |
|
Maybe something like this https://ru.aliexpress.com/item/33045005525.html?spm=a2g0s.8937460.0.0.7b032e0eC7oFuA could be used to program TLSR8266 |
|
any idea to make this device to always on? |
|
Telink EVK on the E104-BT10-G/N module (TLSR8269). https://aliexpress.com/item/4000032659038.html |
|
So how do you write the EVK firmware to new module without having EVK? Over USB? And then it behaves over USB as EVK? So is there some usb bootloader/flashing mode so you can write different firmware to it even when it is already flashed with EVK (or any other) firmware? An maybe the same procedure could even work with 8266 chip too over USB? There are some USB pins on 8266 too. And the real EVK has 8266 inside too. both 8266 and 8269 datasheet are very similar, however when searching for "USB" the 8269 has small chapter "USB Features" with "3) Supports ISP (in system programming) via USB port." So either only 8269 supports it or they did not mentioned it in 8266 datasheet as otherwise USB is "undocumented" in same way in both of them. |
|
USB only works with software support. |
|
Alternative programmer for TLSR826x on STM32F103C8T6 beta version |
|
To fanoush: |
|
TLSR8266 (AT32) - no SWM pin. TLSR8269 - there is a contact SWM (PA7). Both have USB. |
|
for some of you still interested in ST17H25, here is an english datasheet: |
|
Where can I buy the programmer "Burning EVK" from Telink? |
|
Hey. So i was able to flash and read out the TLSR8266 and TLSR8251 micros with a genuine Telink flasher Also here is a small demo of it https://youtu.be/md-CoIWJ3kc The SDK i am using now is this one: On some TLSR versions its needed to use the SWS pin and on other the SWM pin |
|
Do you mind posting a link where you bought the "genuine Telink flasher"? |
|
Someone asked the same question on YouTube, and was pointed to a sadly now-dead Aliexpress link. It was still in Google's cache though, and following the link to the seller store found this (USD$72): https://www.aliexpress.com/item/33045005525.html The SWS protocol has been figured out though, https://github.com/pvvx/TlsrComSwireWriter bitbangs SWS over a standard USB UART adapter to run programs from memory, and https://github.com/pvvx/TlsrComProg extends this to allow flashing, with the prerequisite that you have the TX and RX pins available (presumably these allow faster I/O than the SWS pin does). Sadly the thing I'm trying to tweak doesn't expose RX, yay. |
|
Was able to Modify the uart flasher to directly flash the TLSR8266 and TLSR8251. That way the genuine flasher is not needed anymore at all. https://github.com/atc1441/ATC_MiThermometer The @pvvx version does need a bootloader to be flashed first Also got the Telink OTA update protocol running in a web flasher, that way its possible to update the devices who have the telink ota characteristic |
|
Here is also a video about that uart flasher The python flasher needs to be edited a bit to work for 8266 right now its for 8251 the SWS protocoll has one aditional byte |
and others
I did a bit of a teardown of the device, but could not find the microcontroller data sheet it uses. How did you work out its communication?
Btw here is the teardown of the iTag PCB . I find no mention of "ST17H25 datasheet" in google for the BLE SoC
The text was updated successfully, but these errors were encountered: