This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Android DFU library not working for Samsung phones on Android 10

We use both the iOS and Android DFU library to support DFU through our mobile application. Recently we found that Samsung phones running on Android 10 have a problem with DFU both on our app and when using the NFR Toolbox. Strangely it shows DFU disconnected on our app but Gatt error in the NFR Toolbox.

We never had a problem with DFU on iOS before. And after various rounds of testing with different with Android devices we finally narrowed it down to Samsung + Android 10 to cause this DFU failure. On other Android devices that run Android 10 for example Huawei and Xiaomi does not encounter any DFU problems. And Samsung phones on other Android versions do not encounter this DFU problem too. We even had a Samsung phone that was originally running Android 9 and it worked for DFU but after upgrading this same device to Android 10, DFU stopped working.

I wonder if this is a known issue as more and more Samsung devices on Android 10? And any suggestions on how to troubleshoot and fix?

Top Replies

0 Scott--R over 5 years ago

We have just discovered the exact same issue in the last 24 hours. I hope there is a fix for this. We have also discovered that secure DFU works for us using an Samsung phone running Android 10 but a legacy DFU does not. We've tested various phones and have also narrowed it down to specifically Samsung phones running Android 10, and specifically legacy DFU.

Hopefully Bjorn or another Nordic Guru can help. This issue is 100% repeatable in our testing.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 bjorn-spockeli over 5 years ago

Hi Mxoh and Scott,

could you capture a on-air trace with the nRF Sniffer Plugin in Wireshark or with a Bluetooth Low Energy protocol analyzer and attach it to the ticket?

I have seen other customers having issues with Legacy DFU and Android 10 where the nRF52xxx device disconnects either after the DFU start command or the Firmware size is sent by the Android device, see the Message Sequence Chart in the DFU Profile documentation.

I am looking in to this as we speak, so if you can provide on-air traces then I can see if you are experiencing the same issue or not.

Best regards

Bjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 Scott--R over 5 years ago in reply to bjorn-spockeli

Bjorn,

I'm not skilled enough to do that, but would the log from nRF Connect help? See attached. It does appear to show the scenario you're describing.

Fullscreen Log%202020-04-10%2009_46_52.txt Download

nRF Connect, 2020-04-10
Tailwind_00000 (EC:4C:71:F3:53:0C)
V	09:45:44.766	Connecting to EC:4C:71:F3:53:0C...
D	09:45:44.766	gatt = device.connectGatt(autoConnect = false, TRANSPORT_LE, preferred PHY = LE 1M)
D	09:45:45.329	[Callback] Connection state changed with status: 0 and new state: CONNECTED (2)
I	09:45:45.329	Connected to EC:4C:71:F3:53:0C
D	09:45:45.353	[Broadcast] Action received: android.bluetooth.device.action.ACL_CONNECTED
V	09:45:45.387	Discovering services...
D	09:45:45.387	gatt.discoverServices()
I	09:45:45.656	Connection parameters updated (interval: 7.5ms, latency: 0, timeout: 5000ms)
D	09:45:46.153	[Callback] Services discovered with status: 0
I	09:45:46.153	Services discovered
V	09:45:46.184	Generic Access (0x1800)
- Device Name [R W] (0x2A00)
- Appearance [R] (0x2A01)
- Peripheral Preferred Connection Parameters [R] (0x2A04)
Generic Attribute (0x1801)
- Service Changed [I] (0x2A05)
   Client Characteristic Configuration (0x2902)
Battery Service (0x180F)
- Battery Level [N R] (0x2A19)
   Client Characteristic Configuration (0x2902)
Device Information (0x180A)
- Manufacturer Name String [R] (0x2A29)
- Model Number String [R] (0x2A24)
- Serial Number String [R] (0x2A25)
- Hardware Revision String [R] (0x2A27)
- Firmware Revision String [R] (0x2A26)
- Software Revision String [R] (0x2A28)
- System ID [R] (0x2A23)
- IEEE 11073-20601 Regulatory Certification Data List [R] (0x2A2A)
Device Firmware Update Service (00001530-1212-efde-1523-785feabcd123)
- DFU Packet [WNR] (00001532-1212-efde-1523-785feabcd123)
- DFU Control Point [N W] (00001531-1212-efde-1523-785feabcd123)
   Client Characteristic Configuration (0x2902)
- DFU Version [R] (00001534-1212-efde-1523-785feabcd123)
Unknown Service (0000ff00-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [N W] (0000ffe0-0000-1000-8000-00805f9b34fb)
   Client Characteristic Configuration (0x2902)
- Unknown Characteristic [R W] (0000ff01-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [R W] (0000ff02-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [R W] (0000ff03-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [R W] (0000ff04-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [R W] (0000ff05-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [N W] (0000ff06-0000-1000-8000-00805f9b34fb)
   Client Characteristic Configuration (0x2902)
- Unknown Characteristic [R W] (0000ff07-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [R W] (0000ff08-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [R W] (0000ff09-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [R W] (0000ff0e-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [W] (0000ff0f-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [R] (0000ff0c-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [R W] (0000ff10-0000-1000-8000-00805f9b34fb)
- Unknown Characteristic [R W] (0000ff11-0000-1000-8000-00805f9b34fb)
D	09:45:46.184	gatt.setCharacteristicNotification(00002a05-0000-1000-8000-00805f9b34fb, true)
D	09:45:46.186	gatt.setCharacteristicNotification(00002a19-0000-1000-8000-00805f9b34fb, true)
D	09:45:46.187	gatt.setCharacteristicNotification(0000ffe0-0000-1000-8000-00805f9b34fb, true)
D	09:45:46.188	gatt.setCharacteristicNotification(0000ff06-0000-1000-8000-00805f9b34fb, true)
I	09:45:46.216	Connection parameters updated (interval: 48.75ms, latency: 0, timeout: 5000ms)
I	09:45:51.005	Connection parameters updated (interval: 75.0ms, latency: 0, timeout: 4000ms)
V	09:45:54.230	Enabling notifications for 0000ff06-0000-1000-8000-00805f9b34fb
D	09:45:54.230	gatt.setCharacteristicNotification(0000ff06-0000-1000-8000-00805f9b34fb, true)
D	09:45:54.232	gatt.writeDescriptor(00002902-0000-1000-8000-00805f9b34fb, value=0x0100)
I	09:45:54.381	Data written to descr. 00002902-0000-1000-8000-00805f9b34fb, value: (0x) 01-00
A	09:45:54.381	"Notifications enabled" sent
V	09:45:54.389	Notifications enabled for 0000ff06-0000-1000-8000-00805f9b34fb
V	09:45:59.155	Writing request to characteristic 0000ff06-0000-1000-8000-00805f9b34fb
D	09:45:59.155	gatt.writeCharacteristic(0000ff06-0000-1000-8000-00805f9b34fb, value=0x5432303138313131)
I	09:45:59.256	Data written to 0000ff06-0000-1000-8000-00805f9b34fb, value: (0x) 54-32-30-31-38-31-31-31, "T2018111"
A	09:45:59.256	"(0x) 54-32-30-31-38-31-31-31, "T2018111"" sent
I	09:45:59.257	Notification received from 0000ff06-0000-1000-8000-00805f9b34fb, value: (0x) 00
A	09:45:59.257	"(0x) 00" received
V	09:46:08.395	[DFU] DFU service started
V	09:46:08.395	[DFU] Opening file...
I	09:46:08.395	[DFU] Firmware file opened successfully
V	09:46:08.395	[DFU] Connecting to DFU target...
D	09:46:08.395	[DFU] gatt = device.connectGatt(autoConnect = false)
I	09:46:08.395	[DFU] Connected to EC:4C:71:F3:53:0C
V	09:46:08.395	[DFU] Discovering services...
D	09:46:08.395	[DFU] gatt.discoverServices()
I	09:46:08.395	[DFU] Services discovered
D	09:46:08.417	[DFU] wait(1000)
V	09:46:09.421	[DFU] Reading DFU version number...
D	09:46:09.422	[DFU] gatt.readCharacteristic(00001534-1212-efde-1523-785feabcd123)
I	09:46:09.531	[DFU] Read Response received from 00001534-1212-efde-1523-785feabcd123, value (0x): 01-00
A	09:46:09.531	[DFU] Version number read: 0.1
W	09:46:09.533	[DFU] Application with buttonless update found
V	09:46:09.533	[DFU] Jumping to the DFU Bootloader...
V	09:46:09.533	[DFU] Enabling notifications for 00001531-1212-efde-1523-785feabcd123
D	09:46:09.533	[DFU] gatt.setCharacteristicNotification(00001531-1212-efde-1523-785feabcd123, true)
D	09:46:09.535	[DFU] gatt.writeDescriptor(00002902-0000-1000-8000-00805f9b34fb, value=0x01-00)
I	09:46:09.682	[DFU] Data written to descr.00001531-1212-efde-1523-785feabcd123, value (0x): 01-00
V	09:46:09.682	[DFU] Notifications enabled for 00001531-1212-efde-1523-785feabcd123
A	09:46:09.682	[DFU] Notifications enabled
D	09:46:09.682	[DFU] wait(1000)
V	09:46:10.714	[DFU] Writing to characteristic 00001531-1212-efde-1523-785feabcd123
D	09:46:10.714	[DFU] gatt.writeCharacteristic(00001531-1212-efde-1523-785feabcd123)
A	09:46:10.809	[DFU] Jump to bootloader sent (Op Code = 1, Upload Mode = 4)
D	09:46:11.270	[Callback] Connection state changed with status: 19 and new state: DISCONNECTED (0)
W	09:46:11.270	Connection terminated by peer (status 19)
I	09:46:11.270	Disconnected
I	09:46:11.270	[DFU] Disconnected by the remote device
D	09:46:11.272	[DFU] gatt.refresh() (hidden)
D	09:46:11.321	[DFU] gatt.close()
D	09:46:11.321	[Broadcast] Action received: android.bluetooth.device.action.ACL_DISCONNECTED
D	09:46:11.344	[DFU] [Broadcast] Action received: android.bluetooth.device.action.ACL_DISCONNECTED
V	09:46:11.344	[DFU] DFU service started
I	09:46:11.344	[DFU] Firmware file opened successfully
D	09:46:11.344	[DFU] wait(1000)
D	09:46:12.334	[DFU] wait(1000)
V	09:46:13.335	[DFU] Connecting to DFU target...
D	09:46:13.380	[DFU] gatt = device.connectGatt(autoConnect = false)
E	09:46:18.386	[DFU] Connection failed (0x85): GATT ERROR
W	09:46:18.386	[DFU] Retrying...
D	09:46:18.386	[DFU] gatt.refresh() (hidden)
D	09:46:18.386	[DFU] gatt.close()
V	09:46:18.408	[DFU] DFU service started
I	09:46:18.408	[DFU] Firmware file opened successfully
D	09:46:18.408	[DFU] wait(1000)
D	09:46:19.409	[DFU] wait(1000)
V	09:46:20.409	[DFU] Connecting to DFU target...
D	09:46:20.421	[DFU] gatt = device.connectGatt(autoConnect = false)
E	09:46:25.435	[DFU] Connection failed (0x85): GATT ERROR
W	09:46:25.435	[DFU] Retrying...
D	09:46:25.435	[DFU] gatt.refresh() (hidden)
D	09:46:25.437	[DFU] gatt.close()
V	09:46:25.469	[DFU] DFU service started
I	09:46:25.469	[DFU] Firmware file opened successfully
D	09:46:25.469	[DFU] wait(1000)
D	09:46:26.492	[DFU] wait(1000)
V	09:46:27.471	[DFU] Connecting to DFU target...
D	09:46:27.475	[DFU] gatt = device.connectGatt(autoConnect = false)
E	09:46:32.515	[DFU] Connection failed (0x85): GATT ERROR
D	09:46:32.518	[DFU] gatt.refresh() (hidden)
D	09:46:32.519	[DFU] gatt.close()
D	09:46:32.524	[DFU] wait(600)
D	09:46:33.140	gatt.close()
D	09:46:33.145	wait(200)
V	09:46:33.349	Connecting to EC:4C:71:F3:53:0C...
D	09:46:33.349	gatt = device.connectGatt(autoConnect = false, TRANSPORT_LE, preferred PHY = LE 1M)
D	09:46:38.375	[Callback] Connection state changed with status: 133 and new state: DISCONNECTED (0)
E	09:46:38.376	Error 133 (0x85): GATT ERROR
I	09:46:38.376	Disconnected

0 bjorn-spockeli over 5 years ago in reply to Scott--R

Hi Scott,

at 09:46:10.809 I see that the Android 10 device is writing the DFU Start OP code to the DFU control point which will trigger the nRF to reset into the bootloader, see Switching to bootloader/DFU mode. The nRF will then start advertising as DfuTarg and the DFU Library on the Android device should then try to connect to the bootloader.

In SDK v11.0.0 the bootloader will increment the address by 1 if the application was not bonded with the central. This is to avoid issues with centrals that cache the GATT table of its peers. If the address was not incremented then the central could still think its connected to the application and use its GATT table when writting and reading characteristics.

If the central is bonded with the application, then the bootloader will use the same address as in the application and perform directed advertisment towards the central that triggered the DFU process. The bootloader will then issue a service changed indication so that the central performs a new service discovery after connecting to make sure that the GATT table is updated before any characteristics are read or written to.

So in your case I would like to know if the nRF is advertising as DfuTarg after theJump to bootloader sent (Op Code = 1, Upload Mode = 4) is sent and the nRF disconnects. You should be able to use the nRF Connect app to scan even though you have initiated the DFU process.

If it is advertising, then which address is it using, the same as the application or the the application address +1 ?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Scott--R over 5 years ago in reply to bjorn-spockeli

Hi Bjorn. I've asked a more knowledgeable person to respond here. This is starting to go above my knowledge level quickly.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel