any ideas about the microcontroller or protocol the tag use?

[mofosyne]

I did a bit of a teardown of the device, but could not find the microcontroller data sheet it uses. How did you work out its communication?

Btw here is the teardown of the iTag PCB . I find no mention of "ST17H25 datasheet" in google for the BLE SoC

[sylvek]

Hi,
the only information that i have is the name "Quintic PROXR".
your link is very interesting.

[mofosyne]

Your reference BLE tag you used is same in shape as mine?

---

Oh btw, it might be a good idea to use the wiki to record any findings on the gatt profile of various tags. E.g. what each services exist and how to respond to each of em (maybe one of them have the wrong battery address?)

[sylvek]

yes exactly the same… i suppose that the problem is under the android code of your phone :-/ :-/

[mofosyne]

True true. Btw what's your guess about "SWS" pin on the PCB? I deduced PWM1 as the LED, and BZ+ to be for the buzzer.

But I am not sure what SWS stands for. I wonder if its a way to "program" the microcontroller? Or is it serial output? Then again... there is also a possibility that the IC is hardcoded and locked.

[hosek]

Opened mine (http://i.ebayimg.com/images/g/NUQAAOSw3ydV5nNb/s-l500.jpg) same shape, same pcb, but the chip has different labeling:
TL SR8266
F512ET32
CK1526
cfapom 1p

[sylvek]

My device contains.. Vcc, God, RX, TX, atm?, in, clk

[sylvek]

[sylvek]

KLJ-1230 for the buzzer
Q902t
434NJ

[mofosyne]

Man... You got a really beautiful board. It even has rx and tx. Which is
probably the serial port.

sylvek's tag:

VCC = Positive Voltage Source
GND = Ground Voltage
RX = UART receive?
TX = UART transmit?
DT(N?) = ?
IN = Input something?
CLK = Input Clock Signal
RST = reset

Maybe the RST,CLK,IN,DTN is part of a programming interface

Could try soldering to GND, RX, and TX to a serial converter and see what it says

Google search on the IC:

One broken url at eliabieri.com/65 :

my attempt on reverse engineering the cheapest bluetooth ...
eliabieri.com/65
Aug 19, 2015 - Inside I found the TLSR8266 which is produced by TELINK semiconductor. Besides that, theres a small buzzer inside, which can be used to ...

* TLSR8266/TLSR8266F512 

* datasheet in http://www.docin.com/p-878724807.html (can somebody download this and rehost it?)

[mofosyne]

hmmm... do you think we should document this in the wiki perhaps?

[mofosyne]

Oh and btw sylvek, is the packaging for your tag the same as mine? Is the name of the tag the same? Or did it look different?

[sylvek]

Man... You got a really beautiful board. It even has rx and tx. Which is
probably the serial port.

you're the first guy to tell me that ^^

[sylvek]

Oh and btw sylvek, is the packaging for your tag the same as mine? Is the name of the tag the same? Or did it look different?

my packaging was exactly the same !

[sylvek]

Could try soldering to GND, RX, and TX to a serial converter and see what it says

i could, i have the serial 3.3V controller and an arduino if necessary