Closed PSenfft closed 3 months ago
BT Notes Filtering BT devices by advertising number in Wireshark (Rizer Elite) btle.advertising_address == fc:12:65:28:cb:44
First try to sniff connection between smartphone and Rizer Elite. SCN_REQ and SCAN_RSP is probably the interesting stuff
First try to sniff connection between smartphone and Rizer Elite. SCN_REQ and SCAN_RSP is probably the interesting stuff
Frame 192773: 38 bytes on wire (304 bits), 38 bytes captured (304 bits) on interface COM4-4.2, id 0 Section number: 1 Interface id: 0 (COM4-4.2) Encapsulation type: nRF Sniffer for Bluetooth LE (186) Arrival Time: Mar 21, 2024 17:17:08.108476000 Mitteleuropäische Zeit UTC Arrival Time: Mar 21, 2024 16:17:08.108476000 UTC Epoch Arrival Time: 1711037828.108476000 [Time shift for this packet: 0.000000000 seconds] [Time delta from previous captured frame: 0.000503000 seconds] [Time delta from previous displayed frame: 0.000503000 seconds] [Time since reference or first frame: 649.014506000 seconds] Frame Number: 192773 Frame Length: 38 bytes (304 bits) Capture Length: 38 bytes (304 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: nordic_ble:btle] nRF Sniffer for Bluetooth LE Board: 4 Header Version: 3, Packet counter: 19048 Length of payload: 31 Protocol version: 3 Packet counter: 19048 Packet ID: 2 Length of packet: 10 Flags: 0x01 .... ...1 = CRC: Ok .... ..0. = Reserved: 0 .... .0.. = Reserved: 0 .... 0... = Address Resolved: No .000 .... = PHY: LE 1M (0) 0... .... = Reserved: 0 Channel Index: 38 RSSI: -38 dBm Event counter: 0 Timestamp: 1187318866µs [Packet time (start to end): 176µs] [Delta time (end to start): 151µs] [Delta time (start to start): 503µs] Bluetooth Low Energy Link Layer Access Address: 0x8e89bed6 Packet Header: 0x0cc3 (PDU Type: SCAN_REQ, TxAdd: Random, RxAdd: Random) Scanning Address: 54:3f:83:63:47:a6 (54:3f:83:63:47:a6) Advertising Address: fc:12:65:28:cb:44 (fc:12:65:28:cb:44) CRC: 0x531a21
Frame 192774: 32 bytes on wire (256 bits), 32 bytes captured (256 bits) on interface COM4-4.2, id 0
Section number: 1
Interface id: 0 (COM4-4.2)
Interface name: COM4-4.2
Interface description: nRF Sniffer for Bluetooth LE COM4
Encapsulation type: nRF Sniffer for Bluetooth LE (186)
Arrival Time: Mar 21, 2024 17:17:08.108802000 Mitteleuropäische Zeit
UTC Arrival Time: Mar 21, 2024 16:17:08.108802000 UTC
Epoch Arrival Time: 1711037828.108802000
[Time shift for this packet: 0.000000000 seconds]
[Time delta from previous captured frame: 0.000326000 seconds]
[Time delta from previous displayed frame: 0.000326000 seconds]
[Time since reference or first frame: 649.014832000 seconds]
Frame Number: 192774
Frame Length: 32 bytes (256 bits)
Capture Length: 32 bytes (256 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: nordic_ble:btle]
nRF Sniffer for Bluetooth LE
Board: 4
Header Version: 3, Packet counter: 19049
Length of payload: 25
Protocol version: 3
Packet counter: 19049
Packet ID: 2
Length of packet: 10
Flags: 0x01
.... ...1 = CRC: Ok
.... ..0. = Reserved: 0
.... .0.. = Reserved: 0
.... 0... = Address Resolved: No
.000 .... = PHY: LE 1M (0)
0... .... = Reserved: 0
Channel Index: 38
RSSI: -74 dBm
Event counter: 0
Timestamp: 1187319192µs
[Packet time (start to end): 128µs]
[Delta time (end to start): 150µs]
[Delta time (start to start): 326µs]
Bluetooth Low Energy Link Layer
Access Address: 0x8e89bed6
Packet Header: 0x0644 (PDU Type: SCAN_RSP, TxAdd: Random)
Advertising Address: fc:12:65:28:cb:44 (fc:12:65:28:cb:44)
Scan Response Data:
BT debugging log from Android Smartphone when I change the value of the rizer with the App.
Here is the BT debugging log again. Connection between my Android Phone (Google Pixel 7) between the Elite Rizer. I changed the Value to the maximum (20% gradient) to the minimum. After that, I connected with the Headwind device and changed the speed manual (with the buttons on the device) from the lowest to the highest value
I was able to replicate till here but I am facing issue while connecting IOS phone.
I think we don't need the nrf sniffer. I got better results with the log files from my phone. when you use the filter btatt.opcode == 0x12 in wireshark, when you open my last log files you can see we have package 472-482 with different Handle code. I think that's a handshake or something like that.
and after that, we have just two different packages. The first one to increase the gradient and the second package typ to decrease the gradient. Just like in the app with + and -
This Hex Stream should be the value for up:
060102
and this for down:
060402
to activate python venv source ./.env/Scripts/activate
Nicely done!! Is this issue still in progress?
Nicely done!! Is this issue still in progress?
Yeah. The last task is still in progress.
Alright! Narrowed down the issue to just one assignee as this reflects the current state of work distribution
Sniff GATT Packages between smartphone app and rizer elite