Alternative firmware

[acalatrava]

I just created an alternative firmware that is compatible with both nRF51 and nRF52 platforms. It's using the Softdevice S130/S132 2.0.0 from Nordic SDK11.

I already tried it on this modules:

• E104-BT5032A board from EBYTE which can be purchased here https://www.aliexpress.com/item/4000538644215.html
• "AliExpress beacon" which can be purchased here https://www.aliexpress.com/item/32826502025.html

More info here: https://github.com/acalatrava/openhaystack-firmware/tree/main/apps/openhaystack-alternative

[mowtschan]

@acalatrava could you share the "howto" flash E104-BT5032A board? did you use a special board, adapter or just STLinkV2?

[junleus]

I build openhaystack-alternative_s130.bin replaced public_key and using STLinkv2 to flash into an NRF51822 which you had tested. the module consumes 2.6ma, but there are no advertisements.

please advise, thank you.

[acalatrava]

Please note that you need to flash the SoftDevice too. You can generate a full bin file by issuing make build, the bin will be at the compiled directory.

Can you share your consume after that? I don’t have the tools to measure it.

[acalatrava]

@mowtschan I used a JLink-compatible adapter, however you should be able to use the STLinkV2 too. I think it should work if you just issue make && make e104install, this will use nrfjprog to flash the firmware which I think it should work with STLinkV2 too.

[junleus]

@acalatrava with softdevice nrf51_firmware.bin Size around 3.1MB, how to flash into nrf51 chipset?

for openhaystack firmware standby 860uA, and sent advertisements will consume 960uA.

[acalatrava]

You’re right. I think the problem is that those are not actually bin files but hex ones. I’m not at the computer atm so please try to rename it and flash it that way.

[junleus]

the bin comes with the public key, but hex one doesn't have a public key.

[acalatrava]

Both bin and hex files are actually the same firmware on a different format. You can’t see the key on the bin file with a simple editor since the firmware is encoded in hexadecimal format (that’s why the file is bigger) instead of binary.

So you can replace the key on the source file, compile, merge it with the SoftDevice and flash the resulting hex file (the compiled file appears as bin but it’s actually a hex file).

I’ll try to fix this naming issue when I’m at home.

[junleus]

@acalatrava can you confirm that compiled nrf51_firmware.bin size is 3.1MB?

I try to flash with ST-LINK v2 but seem to run out of space.

[acalatrava]

No, it’s not a bin file but a hex one. You should try to rename it to hex and then either flash it with nrfjprog (not sure if you can use it with stlink) or convert it to bin (I think there is a hex2bin.pay tool somewhere)

@acalatrava https://github.com/acalatrava can you confirm that compiled nrf51_firmware.bin size is 3.1MB?

I try to flash with ST-LINK v2 but seem to run out of space.

[image: image] https://user-images.githubusercontent.com/37057723/117548362-7465c700-afe9-11eb-9aaa-1a81d571b593.png

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/openhaystack/issues/57#issuecomment-835442222, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACA3W4OGPOTNPJLK2VI5QT3TMVZPRANCNFSM44JSW4NQ .

[junleus]

finally, I manual merge softdevice hex file got 324kb size hex, flashed with STLINK v2, and keep consume 5uA, so no advertisements yet. I flashed back into openhaystack firmware and got advertisements again. I think need way hex2bin then.

appreciate.

mergehex -m s130_nrf51_2.0.0_softdevice.hex openhaystack-alternative_s130.hex -o softdevice.hex

[jaekim24]

how long did your nRF52 chip last with the coin cell battery @acalatrava

[junleus]

I use objcopy cmd in Linux can convert hex to a bin, as the same way compiled an example s130-beacon apps it is running, but openhaystack-alternative doesn't run at all.

[acalatrava]

@junleus I can confirm that something is broken with the nRF51 since it isn’t working on mine either. I’ll try to check what I broke, but since I have it working on another nRF51 for 7 days now it shouldn’t be hard to find.

@jaekim24 I still didn’t put a coin cell on my module but since it’s working for more than 7 days on my nRF51 and the battery is still at 2.96V I expect a very long duration.

[jaekim24]

what kind of battery did you use the on nRF51 @acalatrava

[acalatrava]

I just published the fixed firmware http://github.com/acalatrava/openhaystack-firmware/ This one should work fine on a nRF51 module (tested!)

@junleus please test it and tell me how much it consume. Also, how are you measuring it?

@jaekim24 I'm using this module https://www.aliexpress.com/item/32826502025.html with a CR2032 cell coin battery. Battery still at 2.96V :)

[junleus]

@acalatrava

• I used a multimeter with dc amps to measure.
• I git clone your repository again, compiled new firmware, ether your and mine does not send the advertisements.
• Can you use the LightBlue app to scan the nRF51? when your iPhone beside the nRF51, the signal should be less than 30db.

[acalatrava]

Yes, I can confirm mine is working. In fact it appears on OpenHaystack app. Can you try with the compiled one from the releases?

https://github.com/acalatrava/openhaystack-firmware/releases/download/0.1/nrf51_firmware.bin

[mowtschan]

@junleus unfortunately on my iPhone I'm unable to find my nrf51 but with the Macbook it works, I can even see exactly which device is mine:

1. copy adv. key:

2. run command and see from byte 7 which public key has your device(just 3-4bytes would be enough):

3. On mac I'm using BlueSee tool (https://apps.apple.com/de/app/bluesee-ble-debugger/id1336679524?mt=12):

[junleus]

@acalatrava I flash that one too, no luck.

there are a little bit different of mine chip.

@mowtschan
I am using multimeter measure the power consume, the chip keep 5uA, so I pretty sure no advertisements send. seem keep sleeping.

[acalatrava]

I’m pretty sure it’s working. The thing is that the advertisement is set every 5 seconds. Sometimes on the iPhone won’t appear after 10 or even 20 seconds. Probably you are seeing 5uA because most of the time is sleeping :)

try changing the advertisement interval or try this app which seems to work better to see the device on iPhone https://apps.apple.com/es/app/ebeacon-ble-scanner/id730279939

[junleus]

@mowtschan what kind of chipset you are using? I used the same way of compiled the s130-beacon app, running well.

my chipset info Info : nRF51822-QFAA(build code: H2) 256kB Flash, 16kB RAM and Info : nRF51822-QFAA(build code: H0) 256kB Flash, 16kB RAM

[mowtschan]

@junleus I bought it by AliExpress here: https://www.aliexpress.com/item/33061215469.html?spm=a2g0s.9042311.0.0.27424c4dgqLbvo P.S.: just to clarify: I’m using original firmware from openhaystack.

[acalatrava]

@junleus if the s130-beacon is working then my firmware should work too. Did you try to change the advertising interval? Try to change it to 100, that way you should see it on the light blue app or similar https://github.com/acalatrava/openhaystack-firmware/blob/eef0a6b81e405b79027f0cf450c3e4b3322a76b3/apps/openhaystack-alternative/main.c#L10

by the way, your board is the same as mine! So...

[junleus]

I ordered 2 nRF52832, will test it then.

[acalatrava]

Which modules did you order?

you should try the firmware on the nRF51 during the day and check if the location is being updated on the app

[junleus]

https://www.amazon.com/gp/product/B081GYNM2G/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1

[jaekim24]

@junleus I bought the same one and it arrived today!

[jaekim24]

im trying to flash the nRF52 but idk where to connect my VCC port from my J-Link debugger to the nRF52 module and also which ground am I supposed to connect to on the nRF52 module

[acalatrava]

You can use any GND because all of them are connected. VCC === VDD

[jaekim24]

thank you!

[jaekim24]

@acalatrava how do I flash the nRF52 chip is it similar to how you flash a ESP32 with open-haystack like this [ ./flash_esp32.sh -p /dev/yourSerialPort "public-key-in-base64"] but a little different ?

[mowtschan]

@acalatrava just got your custom firmware working on nrf51 device, power consumption is 3,3uA !!! with peak of 66uA, nice!!

[acalatrava]

@jaekim24 if you have jlink you can just flash it issuing make flash

@mowtschan thats great! Very little consumption!!! If my math are correct a CR2032 220mah battery should last more than 1 year!

[junleus]

@mowtschan what kind of flash cable you are using? I try few days and till got 5uA, no advertisements send yet.

[acalatrava]

@junleus look at this https://github.com/acalatrava/openhaystack-firmware/issues/2#issuecomment-840596966

[junleus]

awesome!

[junleus]

so far so good. got 5uA -> 25uA -25uA->200uA - 5uA.

[acalatrava]

Cool! Is this on nRF52 or nRF51? It is considerable more consumption than @mowtschan https://github.com/seemoo-lab/openhaystack/issues/57#issuecomment-840621399 which is weird... Do you know for how long is consuming 25uA and 200uA?

[junleus]

1. nRF51
2. Around every 6 seconds for 200uA.

[mowtschan]

I have nRF51822-QFAA device: 3,3uA for <5 sec 66uA for <1 sec (can't really see that value on multimeter because it appears for a very short time, just able to see it with slow-motion recording)

[mowtschan]

@mowtschan thats great! Very little consumption!!! If my math are correct a CR2032 220mah battery should last more than 1 year!

@acalatrava if my calculation not wrong then it would last for almost 3 years?!?!? Let's assume we have a battery with a capacity of 230 mAh and we will have ideal temperature of 20°C and also let's 'ignore' battery self-discharging thing. http://products.varta-microbattery.com/applications/MB_DATA/DOCUMENTS/DATA_SHEETS/DS6032.pdf

(230/((0.0033*5+0.066*0.5)/(5+0.5)))/24 = 1064,814^ days!!!

Or am I missing something?

[acalatrava]

Yeah! I think you’re correct! But I guess it would be a little bit less since it should be something like this

(230/((0.0033*4.5+0.066*0.5)/5))/24 = 1001,393 Since the interval is set every 5 seconds it means that it will use 3,3uA for 4,5 sec and 66uA for 0,5 sec every 5 seconds... right?

[Sn0wfreezeDev]

Thank you @acalatrava I tried the firmware today on an nRF52832 Ali Express Beacon. It works great. Thank you for the effort to make it more energy efficient.

Unfortunately, they increased the price to of the beacon 11$ recently.

[mowtschan]

@Sn0wfreezeDev I bought 4x (but nrf51) here for 16€ https://de.aliexpress.com/item/33061215469.html?spm=a2g0s.9042311.0.0.7b414c4djbmG56 and now they are 22€ but still 50% less than nrf52

[acalatrava]

@Sn0wfreezeDev great! Did you measure consumption?

[Sn0wfreezeDev]

@acalatrava No I do not have the tools here to measure the consumption. But it is lasting for some days now, which would not be the case for the old firmware

@mowtschan Yes, but I wanted to go for the nrf52 to get the updated chip version. However, nrf51 should have all features needed for this application.

[sebi5361]

@mowtschan Could you tell me what multimeter you are using? I am looking for one that can measure low currents (uA, nA) and was wondering if yours could do the job...

[mowtschan]

@sebi5361, here you are https://smile.amazon.de/gp/product/B07DWG59F2/

Measuring range V/DC min. : 0.1 mV 
measuring range V/DC max. : 600 V 
measuring range V/AC min. : 0.1 V 
measuring range V/AC max. : 600V 
Measuring Range A/DC Min. : 0.1 µA 
measuring range A/DC max. : 10 A 
measuring range A/AC min. : 0.1 µA 
measuring range A/AC max. : 10 A

[sebi5361]

@acalatrava @mowtschan I would like to point you to that video that focuses on measuring tiny currents. In a nutshell, it says that a standard multimeter won't do the job properly due to its relatively high internal resistance resulting in a burden voltage, and that a special equipment is needed.

I just bought the NORDIC Power Profiler Kit II that is designed specifically for that purpose. It will take some time to receive it (12 weeks?) but as soon as it arrives, I will measure the power consumption of the AliExpress Beacon and will let you know if the results mach.