djensenius/Backfire

additional protocol info

Opened this issue · 0 comments

Hi David,
thank you for the great app, screenshots look great, although I'm on Android, so I had to investigate myself :)
I've done a small basic proof of concept using Chrome Bluetooth API in Javascript and it works,
I was looking at your implementation to get data from raw bytes, thank you!

But then I wondered how the original app tracks total odometer... and why the raw numbers I get for speed don't match, although change together with speed, so there should be some hidden formula.

So I disassembled the original apk using apktool and found that the original app is not native, but written in Javascript + some "multi-platform" wrapper, but more importantly, I've found the implementation logic to parse messages from a remote :)

I'm not sure if you still maintain this repo and whether it will be useful for you, but maybe for others...

So, the protocol:

  • there are two messages transmitted again and again, one 20 bytes, next one 5 bytes long
  • those are not two messages but a single one - 25 bytes long, convert bytes to hex and concatenate them together
  • last 4 bytes - is a checksum, crc16, referenced as "modbus crc16"
  • pay attention, those are 0-indexed byte numbers
  • speed - two values, each 2-byte long, bytes 6 and 7, original app takes whatever is greater from those two, and divides by 1k
  • last trip - 2 bytes, in hectometers, bytes: 16, 17
  • odometer - 3 bytes, in hectometers, bytes: 18, 19, 20
  • batter voltage - 2 bytes, millivolts, bytes: 10, 11
  • battery percentage - 1 byte, byte 5
Screenshot 2023-06-19 at 00 23 35

0/0/0 - speed1, speed2, biggest of those - for debugging
the rest is pretty self-explanatory