Closed mohammed-nep-group closed 3 years ago
Maybe reverse engineering the apk android app could be the way. There it's solved the communication between the pump through BLE. And finding where the API Rest CareLink is called, the point where to add the upload to Nightscout
On Tue, 19 Jan 2021, 08:26 Ondrej Wisniewski, notifications@github.com wrote:
the Minimd Mobile App stops working with the message : "This app does not work with developer options active"
Looks like Medtronic wants to make this difficult. But we knew this, didn't we? 😞 @mohammed-nep-group https://github.com/mohammed-nep-group got the BLE sniffing working on an iPhone (see above) but seems to have disappeared. I don't know if anyone else tried on Android yet. Unfortunately I have no experience with that.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/nightscout/cgm-remote-monitor/issues/6568#issuecomment-762655508, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABWOHRTCKZXP6A6PKSDPVEDS2UX4DANCNFSM4T7NZNWQ .
Did anyone write Medtronic yet? 🙈
Hi @markxoe : I'm a user of Medtrinic 780G in Spain
Hi again .. I used a Android App called Nordid nRF Logger to snifffer BLE packets from the pump . Here is the log . The real glucose (mg/dL) showed by the pump are :
13:01 -> 142 12:56 -> 140 12:41 -> 139 12:46 -> 137 12:41 -> 133 12:36 -> 129 12:31 -> 121
I try to compare the log and the real glucose real pump values , just to find coincidences... but I have not been able to see them .
Regards
This Line looks promising:
I 12:31:32.773 Notification received from 00002aa7-0000-1000-8000-00805f9b34fb, value: (0x) 76-AE-C0-37-36-8C-E1-77-BC-73-3D-23-73-6D-5C
(Should be BG 121 i think)
We need to translate this ...
I 12:31:32.773 Notification received from 00002aa7-0000-1000-8000-00805f9b34fb, value: (0x) 76-AE-C0-37-36-8C-E1-77-BC-73-3D-23-73-6D-5C
I 12:38:22.759 Notification received from 00002aa7-0000-1000-8000-00805f9b34fb, value: (0x) F3-A9-12-61-BB-7A-1F-AF-E5-6C-A2-F2-93-92-1C
I 12:41:29.749 Notification received from 00002aa7-0000-1000-8000-00805f9b34fb, value: (0x) 42-04-48-86-0A-54-A6-C7-5E-C4-9B-39-A7-A2-82
I 12:45:53.363 Notification received from 00002aa7-0000-1000-8000-00805f9b34fb, value: (0x) 38-C2-D0-5B-79-BB-42-72-A3-48-B2-1F-C6-72-81
I 12:46:29.993 Notification received from 00002aa7-0000-1000-8000-00805f9b34fb, value: (0x) B0-32-F1-B5-E7-FC-9B-B5-0E-ED-16-E8-D2-F2-C3
I 12:51:29.730 Notification received from 00002aa7-0000-1000-8000-00805f9b34fb, value: (0x) F5-39-5F-F8-98-5B-D0-7E-34-FA-04-60-F0-84-1C
I 12:56:29.971 Notification received from 00002aa7-0000-1000-8000-00805f9b34fb, value: (0x) ED-03-E2-18-0B-7B-AE-F1-64-CC-F5-1C-0D-43-89
to this one :
12:31 -> 121
12:36 -> 129
12:41 -> 133
12:47 -> 137
12:51 -> 139
12:56 -> 140
I think it should be a good starting ...
More data to analize ;-) : two blocks of BLE packets corresponding to two "glucose sent" from pump to mobile (179 and 180 mg/ml):
nRF Connect, 2021-01-19
Pump 2421559H (00:23:F7:9A:30:50)
---> 179 mg / mL
I 17:46:27.753 Notification received from 00000400-0000-1000-0000-009132591325, value: (0x) 55, "U"
I 17:46:28.378 Indication received from 00000101-0000-1000-0000-009132591325, value: (0x) 93-41-B5-69-55-5E-02
I 17:46:28.759 Indication received from 00000105-0000-1000-0000-009132591325, value: (0x) 48-EE-CC-AA-FA-56-82-E5
I 17:46:30.630 Notification received from 00000108-0000-1000-0000-009132591325, value: (0x) E0-8B-24-F0-1D-AA-84-70-D4-FE-39-12-62-D4-59-EB-D9
I 17:46:30.631 Indication received from 00002a52-0000-1000-8000-00805f9b34fb, value: (0x) 0F-0F-33-F0
I 17:46:31.256 Indication received from 00000101-0000-1000-0000-009132591325, value: (0x) 1D-3A-B2-4E-5A-BB-E8
I 17:46:31.633 Notification received from 00000108-0000-1000-0000-009132591325, value: (0x) 16-FB-8F-99-BB-1C-31-F3-CA-12-6D-F3-65-2B-2A-97-5B-DF-A3
I 17:46:31.634 Indication received from 00002a52-0000-1000-8000-00805f9b34fb, value: (0x) 0F-0F-33-F0
I 17:46:32.384 Indication received from 00000105-0000-1000-0000-009132591325, value: (0x) B5-40-80-A7-8A-5C-3A-7C
I 17:46:33.256 Indication received from 00000101-0000-1000-0000-009132591325, value: (0x) BA-E8-7D-19-5E-8A-5C
I 17:46:33.631 Indication received from 00000105-0000-1000-0000-009132591325, value: (0x) 5E-CF-BA-EC-CF-5F-38-3B
I 17:46:34.256 Notification received from 00000108-0000-1000-0000-009132591325, value: (0x) 48-C1-9B-AF-1F-4D-9B-C2-8D-C9-DB-95-5F-61-94-3B
I 17:46:34.269 Indication received from 00002a52-0000-1000-8000-00805f9b34fb, value: (0x) 0F-0F-33-F0
--> 180 mg / mL
I 17:51:27.747 Notification received from 00000400-0000-1000-0000-009132591325, value: (0x) 55, "U"
I 17:51:28.870 Indication received from 00000101-0000-1000-0000-009132591325, value: (0x) 75-F1-82-C2-6B-47-2A
I 17:51:29.379 Indication received from 00000105-0000-1000-0000-009132591325, value: (0x) BC-20-C1-2C-8C-6C-C0-8C
I 17:51:31.247 Indication received from 00000101-0000-1000-0000-009132591325, value: (0x) 6E-43-E1-F3-6F-0C-F4
I 17:51:31.750 Notification received from 00000108-0000-1000-0000-009132591325, value: (0x) 27-F8-C1-CB-8C-AA-C2-5D-AE-5D-9D-1F-5E-FC-70-9C-06
I 17:51:31.751 Indication received from 00002a52-0000-1000-8000-00805f9b34fb, value: (0x) 0F-0F-33-F0
I 17:51:32.372 Notification received from 00000108-0000-1000-0000-009132591325, value: (0x) 9A-89-E7-30-6A-B9-72-AC-6E-6B-D6-28-7C-70-52-D1-71-28-09
I 17:51:32.374 Indication received from 00002a52-0000-1000-8000-00805f9b34fb, value: (0x) 0F-0F-33-F0
I 17:51:33.249 Indication received from 00000105-0000-1000-0000-009132591325, value: (0x) 2E-65-DF-1D-AB-72-34-29
I 17:51:33.496 Indication received from 00000101-0000-1000-0000-009132591325, value: (0x) 0E-09-E6-13-73-22-69
I 17:51:34.260 Indication received from 00000105-0000-1000-0000-009132591325, value: (0x) 93-7E-C4-20-FA-75-A4-E6
I 17:51:35.246 Indication received from 00000101-0000-1000-0000-009132591325, value: (0x) EC-8B-D6-DA-77-DA-EC
I 17:51:35.619 Indication received from 00000105-0000-1000-0000-009132591325, value: (0x) 05-A8-13-2B-26-78-5C-AC
I 17:51:36.244 Notification received from 00000108-0000-1000-0000-009132591325, value: (0x) C2-F9-99-74-C7-E2-CA-94-1D-EF-71-AF-DE-7A-72-6F
I 17:51:36.245 Indication received from 00002a52-0000-1000-8000-00805f9b34fb, value: (0x) 0F-0F-33-F0
@ClifClimber does the Medtronic App upload to CareLink portal the values automatically? My son will soon change from 640G to 780G, currently we are using NightScout to monitor his Glucose values during school, and will be great if a smartwatch that runs Android could receive and upload his values to NightScout. We will increase the readings dramatically!
More data to analize ;-) : two blocks of BLE packets corresponding to two "glucose sent" from pump to mobile (179 and 180 mg/ml):
I'm afraid things a bit more complicated. On the 670G the glucose values are sent in a "Pump status response" message which is documented here. So assuming the 780G uses the same message structure, the glucose value would by 2 consecutive bytes e.g. 00 B3
in case of the 179 value. But these 2 bytes are nowhere to be found in the captured messages.
The data we are looking at is probably encrypted just like on the 670G.
The 7X0G uploads to the CareLink portal all data every 24 hours when connected phone has internet connectivity. There is a app for the pump user that is what does the uploading and alerts the pump user. The app also sends all alerts to CareLink if you have a caregiver partner set up. Each caregiver has their own unique sign in to CareLink. There is a Medtronic app that runs on caregiver phones to get the alerts. There is some limited watch ability that I am not familiar with.
So then it's just only decrypt and you know what's there or not? @ondrej1024
I've try decompiling APK, I think it has lot of interesting info, but still not able to analyze it. For example on class PumpConnectionApiImpl.java seems to have all methods to connect to pump using BLE. The source code its offuscated, but readeable.
So then it's just only decrypt and you know what's there or not? @ondrej1024
Maybe it should be made clear that there is nothing simple in reverse engineering a complex communications protocol. Everything we have discussed here so far is based in assumptions, nothing is certain at this point.
Even if it would be "just only decrypt" the payload of the messages we have, how would you do this? You need to know the encryptions method, the keys, ecc. Please have a look at the 670G communications protocol to get an idea of how complex things are.
@gerardoabal I'm wondering if it wouldn't be easier to patch the app to remove device check and broadcast to xDrip like it's been done for Dexcom... I don't have the skills though.
@gerardoabal I'm wondering if it wouldn't be easier to patch the app to remove device check and broadcast to xDrip like it's been done for Dexcom... I don't have the skills though.
Not easy but reachable, I hope.
What you say it's similar what I'm looking for, I would like to be able to modify the app to upload the glucose values and other pump info to Nightscout, and the app runs on a Android 4G smartwatch will be great. Im developer but do not have experience in Android platform yet. The screen shoot I've share it's a piece of the decrypt algorithm, maybe to read values from the pump. The minimed mobile app also upload the values to CareLink via an API REST, so trying to find these methods also can help to us in our goal.
I'll try to export all source code to upload here
Having readable source code of the Minimed Mobile app would be a huge step forward. Please keep us updated.
With ApkTool I manage to decompile, change only one text, recompile and try... Did you see the difference?
Not a huge change, now I'll try to change behavior and do not block my device
Let's reorganize our efforts efficiently. Nightscout's cgm-remote-monitor has never pulled directly from a medical device. Instead, some application responsible for talking to the device, such as a radio or a modem, used by a mobile application collects the data and then uploads it to cgm-remote-monitor using the REST API. Openaps uses decocare (short for decoding-carelink), mmeowlink, while Loop uses RileyLink. When I was doing reverse engineering I found it best practice to make a project specifically focused on that one device. For example, if 7780G uses BLE, you will need repo related to the BLE communications. Does one exist? Or is this an augmentation and extension of decoding-contour-next-link? https://github.com/pazaan/decoding-contour-next-link Is there a suitable location to pose the well framed question: "how do we get data form 780G?" I don't want to close the issue without having some place for the discussion to take place, but am concerned this is not the right place for it.
If the question is how to get data from Carelink web portal, the mmconnect plugin contains updates to allow this to work.
Let's reorganize our efforts efficiently. Nightscout's cgm-remote-monitor has never pulled directly from a medical device. Instead, some application responsible for talking to the device, such as a radio or a modem, used by a mobile application collects the data and then uploads it to cgm-remote-monitor using the REST API. Openaps uses decocare (short for decoding-carelink), mmeowlink, while Loop uses RileyLink. When I was doing reverse engineering I found it best practice to make a project specifically focused on that one device. For example, if 7780G uses BLE, you will need repo related to the BLE communications. Does one exist? Or is this an augmentation and extension of decoding-contour-next-link? https://github.com/pazaan/decoding-contour-next-link Is there a suitable location to pose the well framed question: "how do we get data form 780G?" I don't want to close the issue without having some place for the discussion to take place, but am concerned this is not the right place for it.
Very usefull your comments Ben, thanks a lot. I agree maybe this is not the place for this conversation perhaps could be moved to https://github.com/pazaan/600SeriesAndroidUploader/issues/296. In my oppinion you can close this issue if you consider, but I wassent the one who create it, maybe mohammed-nep-group could refocus the topic.
As you say "Nightscout's cgm-remote-monitor has never pulled directly from a medical device" and has based other software-hardware "pieces" to do this necessary job in benefic of the whole system. I'm just looking to a new uploader "piece" that can work with 780G pump (so as far as I know is not compatible with the current uploader) and also improve the capabilities of the current solution. Perhaps I'm a idealist but having a Smartwatch (or similar wereable) with 4G/5G connectivity with the ability to pull data from pump and upload to NightScout will be a great step forward. From the point os view of a T1D child's father (my point of view) the NightScout and 600SeriesAndroidUploader system gave us a lot of calm and improve the health of our son during school time. THANKS ALL. But as anyone may imagine having all the time the uploader (smartphone+ContourNext) at 10m range from the kid is not real world situation. So provide the child with a wereable uploader is my dream.
The approach of using "mmconnect" plugin is an alternative workaround but not my first choice.
If the question is how to get data from Carelink web portal, the mmconnect plugin contains updates to allow this to work.
@bewest Are you saying that this mmconnect plugin already works with the 780G insulin pump? I had understood that it was not compatible..
Lots to unpack: My advice is to make a new repo called decompiled-medtronic-carelink-connect, to store the decompiled source for analysis purposes. Make this repo private and invite everyone involved as collaborators in order to avoid DMCA. It looks like 780G supports native BLE, designed to connect with smartphones.
Medtronic's design is that the data will go to their web portal, supported by their own mobile apps. Once the data is in Medtronic's web portal, the mmconnect plugin can copy it into Nightscout. I'm not aware of any specific problems creating compatibility issues with different pumps models in terms of data coming out of carelink. If there is an issue, I'd like to get it documented in minimed-connect-to-nightscout so we can fix it. To my knowledge there were some issues earlier this year, not due to 780g but due to changes in carelink itself, and the cloud interfaces changing. Since we support carelink in general, it would be surprising to learn that 780g is incompatible with carelink. Maybe I'm missing an important detail here?
I also recommend starting a decoding-mmble (decoding medtronic minimed's bluetooth low energy). This project would focus solely on understanding the new BLE messages and be useful in a future mm780-watch-uploader project. There's a lot of worthwhile and high value discussion happening and want to make sure it all gets organized and supported.
"Once the data is in Medtronic's web portal, the mmconnect plugin can copy it into Nightscout." AFAIK this is factually incorrect. The Medtronic portal and the older follow app do not get real time updates from the 780G app that syncs to the new API and the Carelink website asks users to use the new apps that use the new API to see data in real time. As is, there is no browser-based solution to see the data for 780G users.
Actually there is if you take your phone/tablet and go https://carelink.minimed.com/app/login and log in with your personal caregiver account. Then you will be redirected and you can see the live data from 7X0G This only works from a mobile browser, the display is completely different from a desktop. The above picture is from Safari on my iPhone.
With ApkTool I manage to decompile, change only one text, recompile and try... Did you see the difference?
Not a huge change, now I'll try to change behavior and do not block my device
Keep us updated if you find a way to unblock our devices :)
Actually there is if you take your phone/tablet and go https://carelink.minimed.com/app/login and log in with your personal caregiver account. Then you will be redirected and you can see the live data from 7X0G This only works from a mobile browser, the display is completely different from a desktop. The above picture is from Safari on my iPhone.
Didn't work for me. I'm getting the same "Please download the mobile application to view device data and receive care partner notifications." I have been using only 780G for several months (didn't use anything else before). I tried with iPhone (Safari) and Android Phone (Chrome).
Didn't work for me. I'm getting the same "Please download the mobile application to view device data and receive care partner notifications." I have been using only 780G for several months (didn't use anything else before). I tried with iPhone (Safari) and Android Phone (Chrome).
@polarfish : there is a discussion about this ongoing here
Didn't work for me. I'm getting the same "Please download the mobile application to view device data and receive care partner notifications." I have been using only 780G for several months (didn't use anything else before). I tried with iPhone (Safari) and Android Phone (Chrome).
@polarfish, we are actually just discussing this now over on #nightscout/minimed-connect-to-nightscout#11
It looks to me like it might be related to where you're located (EU vs US, specifically).
Hmm as I understand it's maybe wisely to move this conversation to the minimed-connect-to-nightscout project.
It looks to me like it might be related to where you're located (EU vs US, specifically).
I'm in EU.
It looks to me like it might be related to where you're located (EU vs US, specifically).
I'm in EU.
Same over here (NL), I think it's indeed some regulations based on your location EU/US
Hi guys, someone has made some progress to be able to track the 780g on Nightscout
Hi everyone, I am going to close this issue as it doesn't directly pertain to CGM in the cloud. Please Direct all conversation to the mmconnect issue here: https://github.com/nightscout/minimed-connect-to-nightscout/issues/11
With ApkTool I manage to decompile, change only one text, recompile and try... Did you see the difference? Not a huge change, now I'll try to change behavior and do not block my device
Keep us updated if you find a way to unblock our devices :)
Hi, maybe interesting for you: I just see that the Minimed Mobile app has an update or something, as I can now load the app on my Xperia 5ii, where a few weeks back I still got the "device not supported" message. So check it out, maybe it now works for you?
For me however I can open the app, do the Carelink login, see my mobile on the pump, but pairing does not finish successful :(. Strange thing is that I get twice the popup on my phone to allow the pump to pair (I confirm), but no luck. Even with a full restart, new app install, removing from BT list. Any ideas?
@Troxelke That message is most likely coming from Server not local app. I have seen multiple cases on Android when that message appears and then a few days later its gone and the Android App version has not change. It is a matter of testing a device with the current app and then enabling it. If something is incompatible then you would need a new version of the app but from experience that is rare.
@Troxelke That message is most likely coming from Server not local app. I have seen multiple cases on Android when that message appears and then a few days later its gone and the Android App version has not change. It is a matter of testing a device with the current app and then enabling it. If something is incompatible then you would need a new version of the app but from experience that is rare.
Hi Paul, thanks! So you think it is still the Medtronic app? Well at the start it states that my device (Xperia 5ii) is accepted, but not yet tested on Android 11. So it may need another update from Medtronic side (FYI I tested on my wife's phone, Samsung S10e with Android 11, there all works).
I was thinking of hard-resetting my device, so you think that does not make sense to do? Thanks again!
@Troxelke I don't think it is the app, I think the server is blocking your device/Android version combination because it is untested. And if and when they test it and it passes they will stop blocking it and it will just work with no changes on your side.
@Troxelke I don't think it is the app, I think the server is blocking your device/Android version combination because it is untested. And if and when they test it and it passes they will stop blocking it and it will just work with no changes on your side.
Thanks again Paul, so only thing to have patience here ;). I was only surprised as at the start of the app it now suddenly continues, where it now stops in the pairing process, so weird.
Hope they test/enable my device soon!
Hi I own 780G in EU and managed to use a unsopported ROOTED device (xiaomi mi a2 - android One device with Android 10). Root with Magisk, MagiskHide (to hide root) + [XPosed]DevOptsHide (to hide developer options if you have enabled). Then used the MagiskHidePropsConf module to change the phone to Google Pixel 4.
fingerprint=google/flame/flame:10/RQ3A.210905.001/7511028:user/release-keys brand=google manufacturer=Google model=Pixel 4
@eschweighofer Why dangerous? The phone in not used to control the pump in any mode. The phone just reports and uploads to CareLink.
@eschweighofer Why dangerous? The phone in not used to control the pump in any mode. The phone just reports and uploads to CareLink.
yep @paul1956 , I already removed that part of my comment :)
@Troxelke I don't think it is the app, I think the server is blocking your device/Android version combination because it is untested. And if and when they test it and it passes they will stop blocking it and it will just work with no changes on your side.
Thanks again Paul, so only thing to have patience here ;). I was only surprised as at the start of the app it now suddenly continues, where it now stops in the pairing process, so weird.
Hope they test/enable my device soon!
Update guys! The Minimed Mobile app received an update which now allows my phone to install and connect! For my case a Sony Xperia 5ii, maybe other phones will also be enabled!
If you need support for Nightscout, PLEASE DO NOT FILE A TICKET HERE For support, please post a question to the "CGM in The Cloud" group in Facebook (https://www.facebook.com/groups/cgminthecloud) or visit the WeAreNotWaiting Discord at https://discord.gg/zg7CvCQ
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Yeah I can't get data from my current system/from carelink to Nightscout
Describe the solution you'd like A clear and concise description of what you want to happen.
I would like to pull data from carelink which stores the 780G and Guardian Link 3 Or maybe even pull it from the pump since this is an Bluetooth enabled one. Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered. Pull data from the insulin pump itself since this is Bluetooth enabled, don't know if this is already possible. Additional context Add any other context or screenshots about the feature request here.