1

I want to decode data (Temperature and %RH) from a BLE device. I can get data from it. I know (guessed) where the data is (0x0028). But I don't know how to decode it. Here is what I get when running :

sudo bettercap
ble.enum 60:77:71:60:d1:8f

I then guessed the data is on handles 0x0028. And here is what I get when I run :

sudo gatttool -b 60:77:71:60:d1:8f -I
connect 
char-read-hnd 0x0028

[60:77:71:60:D1:8F][LE]> char-read-hnd 0x0028
Characteristic value/descriptor: 1e 00 8e 41 00 00 00 00 ea 94 3b 42 00 00 00 00 01 01 01 01 
[60:77:71:60:D1:8F][LE]> char-read-hnd 0x0028
Characteristic value/descriptor: c6 e4 8d 41 00 00 00 00 30 73 3b 42 00 00 00 00 01 01 01 01 
[60:77:71:60:D1:8F][LE]> char-read-hnd 0x0028
Characteristic value/descriptor: c6 e4 8d 41 00 00 00 00 30 73 3b 42 00 00 00 00 01 01 01 01 
[60:77:71:60:D1:8F][LE]> char-read-hnd 0x0028
Characteristic value/descriptor: c6 e4 8d 41 00 00 00 00 9a 40 3b 42 00 00 00 00 01 01 01 01 
[60:77:71:60:D1:8F][LE]> char-read-hnd 0x0028
Characteristic value/descriptor: 1e 00 8e 41 00 00 00 00 56 2e 3b 42 00 00 00 00 01 01 01 01 
[60:77:71:60:D1:8F][LE]> char-read-hnd 0x0028
Characteristic value/descriptor: 1e 00 8e 41 00 00 00 00 42 19 3b 42 00 00 00 00 01 01 01 01 
[60:77:71:60:D1:8F][LE]> char-read-hnd 0x0028
Characteristic value/descriptor: c6 e4 8d 41 00 00 00 00 18 23 3b 42 00 00 00 00 01 01 01 01

I think the data (°C and %RH) I'm looking for is in there but I have no idea how to decipher it.

Can somebody help ?

I tried to convert it from hex to dec but I didn't get any conclusive results. °C should be between 17 and 23 and %HR between 20 and 80.

Before warming up the sensor : 1e 00 8e 41 00 00 00 00 ea 94 3b 42 00 00 00 00 01 01 01 01 After warming up the sensor : c6 e4 8d 41 00 00 00 00 30 73 3b 42 00 00 00 00 01 01 01 01

Pierre
  • 11
  • 2
  • 1
    Given that this is a custom characteristic, it would be very difficult to try and decode the data unless you have the format of the data from the manufaturer. One suggestion would be to try and aritificially increase the temperature (e.g. hold the sensor) and see what value drastically changes. – Youssif Saeed Feb 16 '23 at 07:29
  • Thank you for your input Youssif. These digits change : 1e 00 and ea 94 for the first line for example (1e 00 8e 41 00 00 00 00 ea 94 3b 42 00 00 00 00 01 01 01 01). So always the 4 digits before 8e (or 8d) 41 and 3b 42 – Pierre Feb 16 '23 at 15:02
  • I don't get it. Can you please provide the full lines before touching the sensor and after touching the sensor? You can add this as an EDIT to your question. – Youssif Saeed Feb 16 '23 at 16:17
  • I did........... – Pierre Feb 16 '23 at 22:57
  • I am assuming that when you warmed the probe up that you were getting readings on the manufacturer provided app. What values were being reported on the app for the BLE characteristic values? Have you looked at the [BLE snoop log](https://medium.com/@charlie.d.anderson/how-to-get-the-bluetooth-host-controller-interface-logs-from-a-modern-android-phone-d23bde00b9fa) to see what the app is doing? – ukBaz Feb 17 '23 at 08:03
  • It seems that I can connect to the probe with only one device at a time, so when I connect to it with gatttool, it disconnects from the manufacturer device and vice-versa... – Pierre Feb 20 '23 at 21:49

0 Answers0