Open Cyl0nius opened 1 year ago
biemster
commented
1 year ago Nice find! Following the link I noticed that I put it on my wishlist as well already a while ago, but never ordered it :) Great that you took out the solder iron and started slashing to a minimum, does that mean there was an LED and a switch originally? And what is the fifth test pad connected to?
Cyl0nius
commented
1 year ago Out of the box (plastic bag) there was no switch and no led soldered on PCB. It was like on picture 2 and 3. Picture 1 shows the tag how I use it now. The fifth test pad is connected to P7 (pin4 of ST17H66). Details see schematic (picture 4).
At the schematic we see there are 4 different tags/behavioral for the original firmware selectable by solder bridge. I did not tested any of these. I just flashed your Open-Haystack-Firmware.
Cyl0nius
commented
1 year ago More cheap tags available ...
biemster
commented
1 year ago Nice :+1: Those I have as well, in fact they were the first vadimkozhin managed to flash :1st_place_medal: And probably the cheapest at the moment
Cyl0nius
commented
1 year ago For easy programming the tags (button type as seen in first picture), even in bulk ... programming jig for 1mm pogo-pins.
STL is not supported, so I attach it as ZIP.
drott
commented
1 year ago For easy programming the tags (button type as seen in first picture), even in bulk ... programming jig for 1mm pogo-pins.
Nice jig, thanks for sharing that.
@Cyl0nius What are B and the button connected to? Were button presses required for you? Do you need to keep the button pressed on power on or what do you do with it? And on which OS did you run the flashing script, Linux or Mac OS? So far I failed to flash ST17H66B and C tags that I have here.
Cyl0nius
commented
1 year ago B = black = GND The button is simply a switch for power supply. After(!) starting the flash-script just press the button and hold it until flash is done. I'm running the flash-script on Windows10. Just run CMD as administrator (otherwise USB communication will not work) and execute the script with: python3 flash_st17h66.py After(!) starting the flash-script wait for a second, connect power (3VCD) till end of flash.
biemster
commented
1 year ago So far I failed to flash ST17H66B and C tags that I have here.
@drott How do you power your tags while flashing? They require more than some usb uarts can provide, as you might have already read in issue #5. Where does the flash script fail?
drott
commented
1 year ago @drott How do you power your tags while flashing? They require more than some usb uarts can provide, as you might have already read in issue #5. Where does the flash script fail?
I do connect a separate 3.3V power supply (based on a RD DPS5005 and a Makita battery) to the 3v3 pad or clamped the battery + metal. The flash script starts running, first I hear the buzzer with less volume, then with more when I connect the power, but I don't get much serial data back from the to-be-flashed tag: Occassionally I see some '\x00" serial responses printed, but not getting to the required cmd>> (or similar). I know ordered some SOP16 programming testing clips to see if I can make it work with those.
biemster
commented
1 year ago Sorry I have to ask to eliminate, did you try swapping RX and TX? (I had them wrong way round for quite a while)
Cyl0nius
commented
1 year ago I just want to mention it.
The chip must be complete powerless (even no battery connected) when the script starts. Supply power only after a few seconds after the start of the flashing script.
aproxtimedev
commented
1 year ago @Cyl0nius where is the place to get flash_st17h66.py script ? Thanks before
aproxtimedev
commented
1 year ago Sorry, i forgot to check this repo on folder Lenze_ST17H66
ggaljoen
commented
1 year ago New pcb version, works perfect! 
Pogopins do their job fine: 
Added a switch for the power to the board.
olivluca
commented
1 year ago @ggaljoen nice, but from the photo I'm not sure I understand which pogo pin touches which point (red, yellow and orange should be on the same line, yet one of them is slightly displaced), please tell me if my interpretation in the following photo is correct. Also, how do you keep the jig aligned?
ggaljoen
commented
1 year ago @olivluca
Also, how do you keep the jig aligned?
Alignment is angled free hand practice, like this:
Contact with P9 and 3V3 Vcc from button as guideline;
biemster
commented
1 year ago I finally received my tags like in the first post of this issue, they look really nice! By far the best of all the versions I have, tiny and tight pcb. Let's see if I manage this weekend to flash them, did anybody here try those airtag cases / holders / keychain things on these?
alexoltean61
commented
1 year ago Thank you Cyl0nius for the instructions, and biemster and vadimkozhin for the files in this repo. I flashed three devices like the ones in the first post with no issues, and they seem to be working fine atm.
Regarding those keychains sold on Aliexpress, I would advise against it. I bought one with my tags and it's too tight -- the tags don't fit. And looking through the reviews on Aliexpress, I am not the only person who faced this problem.
biemster
commented
1 year ago Regarding those keychains sold on Aliexpress, I would advise against it. I bought one with my tags and it's too tight -- the tags don't fit. And looking through the reviews on Aliexpress, I am not the only person who faced this problem.
Thanks for reporting this. Is it the tags being a different size than the original airtags, or are the keychains just not good for either?
alexoltean61
commented
1 year ago I haven't compared the size to the original yet, but I will in the next few days and I'll write back.
big-mak
commented
1 year ago I haven't compared the size to the original yet, but I will in the next few days and I'll write back.
Any update? Did a proof of concept on one like @Cyl0nius has, now looking to buy a bunch of airtag lookalikes.
vadimkozhin
commented
1 year ago Just to confirm, that this item (which was mentioned by @Cyl0nius) works. It has an original airtag formfactor and should be compatible with airtag accesories. The board have marked pads for TX and RX pins, so soldering will be a lot easier.
gammadog808
commented
1 year ago Hi guys, I'm trying to flash a ST17H66(in windows), looks to be the same from the first post. When I run the flash program, wait a few seconds and apply 3v3 to the board, I get this error in python:
Traceback (most recent call last):
File "C:\dit\FindMy-monterey\Lenze_ST17H66\flash_st17h66.py", line 80, in
Not sure why I get this error - I'm logged in as thee administrator, ran pycharm(or cmd) as admin, but no dice. Even moved the default COM port on the usb flasher, still no luck.
Modified the COM line in the .py:
uart = serial.Serial('COM6', 9600, timeout=0.01, inter_byte_timeout=0.01)
BTW, I'm using the Monterey branch and newer 3.9/3.10.3.11 versions of python.
Any ideas?
biemster
commented
1 year ago @gammadog808 this seems to be an issue with serial on your machine indeed, and not with the script. Please try to get that running first with a simple test program (connect tx directly to rx, and see if it echos the characters) Also, please open a separate issue if you continue having problems.
danhuanggt
commented
1 year ago @drott How do you power your tags while flashing? They require more than some usb uarts can provide, as you might have already read in issue #5. Where does the flash script fail?
I do connect a separate 3.3V power supply (based on a RD DPS5005 and a Makita battery) to the 3v3 pad or clamped the battery + metal. The flash script starts running, first I hear the buzzer with less volume, then with more when I connect the power, but I don't get much serial data back from the to-be-flashed tag: Occassionally I see some '\x00" serial responses printed, but not getting to the required
cmd>>(or similar). I know ordered some SOP16 programming testing clips to see if I can make it work with those.
@drott Did you ever get your tags flashed?
I'm encountering the same issue of not reaching the cmd>>: and getting b'\x00 responses back. Your experience mimics mine here (#23)!
Here is how my device is hooked up to a CP2102 attached to my M1 MacBook Air: 3v3 -> 3.3v+ GND -> GND TXD -> P9 RXD -> P10
drott
commented
1 year ago @drott Did you ever get your tags flashed?
@danhuanggt so far no, I did not succeed so far and didn't have patience during summer to try again. When there's more rain now, I may try again some time in autumn. Do let us know if you succeed, please.
humpataa
commented
10 months ago Maybe I should have opened another "issue" but it somehow belongs here, so ... Do these chinese AirTag clones actually work like Apple's AirTags? I have tried to change the manufacturer bytes of Apple (0x004c) to 0x0501 (cheap chinese iTag). But this results in the tag not being reported to Apple's server anymore. At least requested reports no longer include info for it anymore. I have not changed anything else, just the manufacturer bytes. I can see using nRFConnect that the original iTag is using a much shorter advertising string – 15 bytes instead 30 bytes ... Has anyone looked into this? How are they "using" Apple's network? Or do I have to change the request for reports to get info about tags with different manufacturers? Any hint is appreciated.
biemster
commented
10 months ago @humpataa This should go to another issue indeed, where you might explain your question in a bit more detail. Changing the manufacturer bytes would obviously cause the tag not to be reported anymore. Cheap chinese iTags do not participate in Apple's FindMy network (but it is possible I don't understand your question)
humpataa
commented
10 months ago Thanks for the quick reply. So what network do they use? Android, Samsung, Google – I didn't know that there actually IS someone else doing this like Apple does ...
biemster
commented
10 months ago those cheap iTags don't use any distributed network, the registered phone just remembers where it saw them last.
humpataa
commented
10 months ago oh really? that really sounds like "chinese" ... and makes them rather useless if not flashed. thank you!
biemster
commented
10 months ago Apple's FindMy network seems to be the only current solution, besides smaller networks that require dedicated apps like Tile or Chipolo. Although Android might join the game soon: https://www.zdnet.com/article/is-googles-find-my-device-network-for-android-nearing-settings-signs-point-to-yes/
steve-m
commented
9 months ago Unfortunately the tags from the first post are not available anymore. I ordered similar looking ones, but unfortunately they have the ST17H66T variant with OTP ROM, so they are useless. Does anyone have a source for tags with the B2 flash variant?
isibizi
commented
5 months ago Unfortunately the tags from the first post are not available anymore. I ordered similar looking ones, but unfortunately they have the ST17H66T variant with OTP ROM, so they are useless. Does anyone have a source for tags with the B2 flash variant?
Are you sure that the T variant not working with script? @Cyl0nius do you have any news about this issue?
zjonesz
commented
2 weeks ago
Seems they have changed the chip to a ST17H66T
Is this possible to flash?
I cant seem to flash it with the script😓
Apple-Airtag clone with ST17H66 on Aliexpress (https://www.aliexpress.com/item/1005004495296995.html)
Runs with Open-Haystack-App with no problems.
The minimal assembly of the pcb is interesting. No capacitors at the xtal and no antenna matching at all (see schematic). I also removed all components that were not necessary for me, so only 4 components (ST17H66, xtal and 2 capacitors) remained. The resistor near the antenna (r6) is just a bridge (0 ohm).
Flashed with STC Auto-Programmer (CH340) without any problem.
All connection points are exposed on PCB.