• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 16 replies
  • Subscribers 74 subscribers
  • Views 4866 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 248232
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

DFU over BLE for Simblee

Tim

Hello,

We have around 700 product in the field based on the Simblee BLE module, which was discontinued 1+ year ago. Application was developed using Simblee's proprietary library and the Arduino IDE. We are switching to Laird's BL652 and now using Nordic SDK 15.3.0.

We have our app, based on Nordic SDK 15.3 and S112, developed and working well on our custom board with Laird's BL652. We are adding a new feature that uses the Timeslot API. This API is not available through Simblee's proprietary library, so we are looking for ways of getting all 700 Simblee-based product in the field updated to a new app based on Nordic SDK 10.0 and S110.

I am confident we can develop the app and flash it to Simblee over USB. This video shows how to erase an RFduino (precursor to Simblee) and flash an app based on Nordic SDK.

What's unclear is whether or not it's possible to push an update out to our users via our iOS app and use DFU over BLE to update the Simblee peripherals. This would be ideal as it would not require that our users send their devices back for update.

Simblee uses nRF51822 revision 3 and I think has 128K flash. See attached Simblee data sheet (block diagram on page 6).

Simblee is flashed using the Arduino IDE and a USB shield. If "#include <ota_bootloader.h>" is in app source, a bootloader capable of legacy DFU over BLE is flashed along with the application. See screen capture of nRF Connect showing legacy DFU service, etc. All 700 devices in the field have OTA bootloader flashed.

I am able to build a new version (hex file) of the Simblee app (using Arduino IDE) and use version 0.5.2 of nrfutil to create a zip file:

nrfutil dfu genpkg new_app.zip --application new_app.hex --application-version 0xffff --dev-revision 0xffff --dev-type 0xffff --sd-req 0xfffe

(Interesting that --sd-req is 0xfffe.) Using iOS-Pods-DFU-Library, I can then use the standard procedure to perform DFU over BLE. Here's the code (objective C):

NSURL *bundledFirmwareURL = [[NSBundle mainBundle] URLForResource:@"new_app" withExtension:@"zip"];
DFUFirmware *selectedFirmware = [[DFUFirmware alloc] initWithUrlToZipFile:bundledFirmwareURL];

DFUServiceInitiator *initiator = [[DFUServiceInitiator alloc] initWithQueue:dispatch_get_main_queue()
delegateQueue:dispatch_get_main_queue()
progressQueue:dispatch_get_main_queue()
loggerQueue:dispatch_get_main_queue()];

[initiator withFirmware:selectedFirmware];
initiator.packetReceiptNotificationParameter = 2; // default is 12
initiator.logger = self; // - to get log info
initiator.delegate = self; // - to be informed about current state and errors
initiator.progressDelegate = self; // - to show progress bar

DFUServiceController *controller = [initiator startWithTarget: myPeripheral];

Here's a log of DFU process:

2020-04-21 09:32:46.898944-0600 myapp[6798:4964585] dfuStateDidChangeTo: DFUStateConnecting
2020-04-21 09:32:46.898999-0600 myapp[6798:4964585] self.centralManager.delegate is <myCentralManager: 0x1c01bed80>
2020-04-21 09:32:46.899737-0600 myapp[6798:4964585] logWith: [Callback] Central Manager did update state to: Powered ON
2020-04-21 09:32:46.899757-0600 myapp[6798:4964585] logWith: Connecting to p1...
2020-04-21 09:32:46.899769-0600 myapp[6798:4964585] logWith: centralManager.connect(peripheral, options: nil)
2020-04-21 09:32:46.900128-0600 myapp[6798:4964585] logWith: [Callback] Central Manager did connect peripheral
2020-04-21 09:32:46.900150-0600 myapp[6798:4964585] logWith: Connected to p1
2020-04-21 09:32:46.900161-0600 myapp[6798:4964585] logWith: Discovering services...
2020-04-21 09:32:46.900171-0600 myapp[6798:4964585] logWith: peripheral.discoverServices(nil)
2020-04-21 09:32:46.901252-0600 myapp[6798:4964585] logWith: Services discovered
2020-04-21 09:32:46.901281-0600 myapp[6798:4964585] logWith: Starting Legacy DFU...
2020-04-21 09:32:46.901292-0600 myapp[6798:4964585] logWith: Connected to p1
2020-04-21 09:32:46.901303-0600 myapp[6798:4964585] logWith: Services discovered
2020-04-21 09:32:46.901312-0600 myapp[6798:4964585] logWith: Legacy DFU Service found
2020-04-21 09:32:46.901322-0600 myapp[6798:4964585] logWith: Discovering characteristics in DFU Service...
2020-04-21 09:32:46.901332-0600 myapp[6798:4964585] logWith: peripheral.discoverCharacteristics(nil, for: 00001530-1212-EFDE-1523-785FEABCD123)
2020-04-21 09:32:47.146054-0600 myapp[6798:4964585] logWith: DFU characteristics discovered
2020-04-21 09:32:47.146596-0600 myapp[6798:4964585] logWith: Reading DFU Version number...
2020-04-21 09:32:47.146757-0600 myapp[6798:4964585] logWith: peripheral.readValue(00001534-1212-EFDE-1523-785FEABCD123)
2020-04-21 09:32:47.202713-0600 myapp[6798:4964585] logWith: Read Response received from 00001534-1212-EFDE-1523-785FEABCD123, value (0x): 0100
2020-04-21 09:32:47.202883-0600 myapp[6798:4964585] logWith: Version number read: 0.1
2020-04-21 09:32:47.203008-0600 myapp[6798:4964585] dfuStateDidChangeTo: DFUStateStarting
2020-04-21 09:32:47.203542-0600 myapp[6798:4964585] self.centralManager.delegate is <myCentralManager: 0x1c01bed80>
2020-04-21 09:32:47.203698-0600 myapp[6798:4964585] logWith: Enabling notifications for 00001531-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:32:47.203836-0600 myapp[6798:4964585] logWith: peripheral.setNotifyValue(true, for: 00001531-1212-EFDE-1523-785FEABCD123)
2020-04-21 09:32:47.323522-0600 myapp[6798:4964585] logWith: Notifications enabled for 00001531-1212-EFDE-1523-785FEABCD123
2020-04-21 09:32:47.323756-0600 myapp[6798:4964585] logWith: DFU Control Point notifications enabled
2020-04-21 09:32:47.323890-0600 myapp[6798:4964585] logWith: Application with buttonless update found
2020-04-21 09:32:47.324011-0600 myapp[6798:4964585] dfuStateDidChangeTo: DFUStateEnablingDfuMode
2020-04-21 09:32:47.324256-0600 myapp[6798:4964585] self.centralManager.delegate is <myCentralManager: 0x1c01bed80>
2020-04-21 09:32:47.324767-0600 myapp[6798:4964585] logWith: Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:32:47.324929-0600 myapp[6798:4964585] logWith: peripheral.writeValue(0x0104, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
2020-04-21 09:32:47.381446-0600 myapp[6798:4964585] logWith: Data written to 00001531-1212-EFDE-1523-785FEABCD123
2020-04-21 09:32:47.381623-0600 myapp[6798:4964585] logWith: Jump to bootloader (Op Code = 1, Upload Mode = 4) request sent
2020-04-21 09:32:47.568087-0600 myapp[6798:4964585] logWith: [Callback] Central Manager did disconnect peripheral
2020-04-21 09:32:47.568292-0600 myapp[6798:4964585] logWith: Disconnected by the remote device
2020-04-21 09:32:47.568425-0600 myapp[6798:4964585] logWith: Connecting to p1...
2020-04-21 09:32:47.568555-0600 myapp[6798:4964585] logWith: centralManager.connect(peripheral, options: nil)
2020-04-21 09:32:47.990087-0600 myapp[6798:4964585] logWith: [Callback] Central Manager did connect peripheral
2020-04-21 09:32:47.990305-0600 myapp[6798:4964585] logWith: Connected to p1
2020-04-21 09:32:47.990439-0600 myapp[6798:4964585] logWith: Discovering services...
2020-04-21 09:32:47.990561-0600 myapp[6798:4964585] logWith: peripheral.discoverServices([00001530-1212-EFDE-1523-785FEABCD123])
2020-04-21 09:32:48.348668-0600 myapp[6798:4964585] logWith: Services discovered
2020-04-21 09:32:48.348880-0600 myapp[6798:4964585] logWith: Legacy DFU Service found
2020-04-21 09:32:48.349146-0600 myapp[6798:4964585] logWith: Discovering characteristics in DFU Service...
2020-04-21 09:32:48.349300-0600 myapp[6798:4964585] logWith: peripheral.discoverCharacteristics(nil, for: 00001530-1212-EFDE-1523-785FEABCD123)
2020-04-21 09:32:48.590536-0600 myapp[6798:4964585] logWith: DFU characteristics discovered
2020-04-21 09:32:48.590722-0600 myapp[6798:4964585] logWith: Reading DFU Version number...
2020-04-21 09:32:48.590997-0600 myapp[6798:4964585] logWith: peripheral.readValue(00001534-1212-EFDE-1523-785FEABCD123)
2020-04-21 09:32:48.648168-0600 myapp[6798:4964585] logWith: Read Response received from 00001534-1212-EFDE-1523-785FEABCD123, value (0x): 0600
2020-04-21 09:32:48.648352-0600 myapp[6798:4964585] logWith: Version number read: 0.6
2020-04-21 09:32:48.648480-0600 myapp[6798:4964585] dfuStateDidChangeTo: DFUStateStarting
2020-04-21 09:32:48.648896-0600 myapp[6798:4964585] self.centralManager.delegate is <myCentralManager: 0x1c01bed80>
2020-04-21 09:32:48.649032-0600 myapp[6798:4964585] logWith: Enabling notifications for 00001531-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:32:48.649222-0600 myapp[6798:4964585] logWith: peripheral.setNotifyValue(true, for: 00001531-1212-EFDE-1523-785FEABCD123)
2020-04-21 09:32:48.769654-0600 myapp[6798:4964585] logWith: Notifications enabled for 00001531-1212-EFDE-1523-785FEABCD123
2020-04-21 09:32:48.769859-0600 myapp[6798:4964585] logWith: DFU Control Point notifications enabled
2020-04-21 09:32:48.770003-0600 myapp[6798:4964585] logWith: Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:32:48.770136-0600 myapp[6798:4964585] logWith: peripheral.writeValue(0x0104, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
2020-04-21 09:32:48.770262-0600 myapp[6798:4964585] logWith: Writing image sizes (0b, 0b, 34376b) to characteristic 00001532-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:32:48.770387-0600 myapp[6798:4964585] logWith: peripheral.writeValue(0x000000000000000048860000, for: 00001532-1212-EFDE-1523-785FEABCD123, type: .withoutResponse)
2020-04-21 09:32:48.826747-0600 myapp[6798:4964585] logWith: Data written to 00001531-1212-EFDE-1523-785FEABCD123
2020-04-21 09:32:48.826945-0600 myapp[6798:4964585] logWith: Start DFU (Op Code = 1, Upload Mode = 4) request sent
2020-04-21 09:32:50.631436-0600 myapp[6798:4964585] logWith: Notification received from 00001531-1212-EFDE-1523-785FEABCD123, value (0x): 100101
2020-04-21 09:32:50.631663-0600 myapp[6798:4964585] logWith: Response (Op Code = 1, Status = 1) received
2020-04-21 09:32:50.631807-0600 myapp[6798:4964585] logWith: Writing Initialize DFU Parameters...
2020-04-21 09:32:50.631932-0600 myapp[6798:4964585] logWith: Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:32:50.632057-0600 myapp[6798:4964585] logWith: peripheral.writeValue(0x0200, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
2020-04-21 09:32:50.632179-0600 myapp[6798:4964585] logWith: Writing to characteristic 00001532-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:32:50.632310-0600 myapp[6798:4964585] logWith: peripheral.writeValue(0xffffffffffff00000100feff0cc0, for: 00001532-1212-EFDE-1523-785FEABCD123, type: .withoutResponse)
2020-04-21 09:32:50.632433-0600 myapp[6798:4964585] logWith: Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:32:50.632555-0600 myapp[6798:4964585] logWith: peripheral.writeValue(0x0201, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
2020-04-21 09:32:50.686862-0600 myapp[6798:4964585] logWith: Data written to 00001531-1212-EFDE-1523-785FEABCD123
2020-04-21 09:32:50.746196-0600 myapp[6798:4964585] logWith: Data written to 00001531-1212-EFDE-1523-785FEABCD123
2020-04-21 09:32:50.748853-0600 myapp[6798:4964585] logWith: Notification received from 00001531-1212-EFDE-1523-785FEABCD123, value (0x): 100201
2020-04-21 09:32:50.749026-0600 myapp[6798:4964585] logWith: Response (Op Code = 2, Status = 1) received
2020-04-21 09:32:50.749217-0600 myapp[6798:4964585] logWith: Initialize DFU Parameters completed
2020-04-21 09:32:50.750442-0600 myapp[6798:4964585] dfuStateDidChangeTo: DFUStateUploading
2020-04-21 09:32:50.750809-0600 myapp[6798:4964585] self.centralManager.delegate is <myCentralManager: 0x1c01bed80>
2020-04-21 09:32:50.750953-0600 myapp[6798:4964585] logWith: Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:32:50.751086-0600 myapp[6798:4964585] logWith: peripheral.writeValue(0x080200, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
2020-04-21 09:32:50.808035-0600 myapp[6798:4964585] logWith: Data written to 00001531-1212-EFDE-1523-785FEABCD123
2020-04-21 09:32:50.808253-0600 myapp[6798:4964585] logWith: Packet Receipt Notif Req (Op Code = 8, Value = 2) request sent
2020-04-21 09:32:50.808391-0600 myapp[6798:4964585] logWith: Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:32:50.808670-0600 myapp[6798:4964585] logWith: peripheral.writeValue(0x03, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
2020-04-21 09:32:50.867842-0600 myapp[6798:4964585] logWith: Data written to 00001531-1212-EFDE-1523-785FEABCD123
2020-04-21 09:32:50.868020-0600 myapp[6798:4964585] logWith: Uploading firmware...
2020-04-21 09:32:50.868156-0600 myapp[6798:4964585] logWith: Sending firmware to DFU Packet characteristic...
2020-04-21 09:32:50.868323-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 0
2020-04-21 09:32:51.348064-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 1
2020-04-21 09:32:51.887798-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 2
2020-04-21 09:32:52.367730-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 3
2020-04-21 09:32:52.907785-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 4
2020-04-21 09:32:53.478040-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 5
2020-04-21 09:32:54.018251-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 6
2020-04-21 09:32:54.557918-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 7
2020-04-21 09:32:55.068485-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 8
2020-04-21 09:32:55.637790-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 9
2020-04-21 09:32:56.117765-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 10
2020-04-21 09:32:56.657789-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 11
2020-04-21 09:32:57.227668-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 12
2020-04-21 09:32:57.707820-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 13
2020-04-21 09:32:58.337878-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 14
2020-04-21 09:32:58.817613-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 15

.
.
.

2020-04-21 09:33:42.047232-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 96
2020-04-21 09:33:42.526689-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 97
2020-04-21 09:33:43.096535-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 98
2020-04-21 09:33:43.576753-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 99
2020-04-21 09:33:44.115962-0600 myapp[6798:4964585] dfuProgressDidChangeFor: 100
2020-04-21 09:33:44.177036-0600 myapp[6798:4964585] logWith: Notification received from 00001531-1212-EFDE-1523-785FEABCD123, value (0x): 100301
2020-04-21 09:33:44.177245-0600 myapp[6798:4964585] logWith: Response (Op Code = 3, Status = 1) received
2020-04-21 09:33:44.177383-0600 myapp[6798:4964585] logWith: Upload completed in 53.31 seconds
2020-04-21 09:33:44.177659-0600 myapp[6798:4964585] dfuStateDidChangeTo: DFUStateValidating
2020-04-21 09:33:44.177920-0600 myapp[6798:4964585] self.centralManager.delegate is <myCentralManager: 0x1c01bed80>
2020-04-21 09:33:44.178052-0600 myapp[6798:4964585] logWith: Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:33:44.178299-0600 myapp[6798:4964585] logWith: peripheral.writeValue(0x04, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
2020-04-21 09:33:44.235144-0600 myapp[6798:4964585] logWith: Data written to 00001531-1212-EFDE-1523-785FEABCD123
2020-04-21 09:33:44.235320-0600 myapp[6798:4964585] logWith: Validate Firmware (Op Code = 4) request sent
2020-04-21 09:33:44.266531-0600 myapp[6798:4964585] logWith: Notification received from 00001531-1212-EFDE-1523-785FEABCD123, value (0x): 100401
2020-04-21 09:33:44.266707-0600 myapp[6798:4964585] logWith: Response (Op Code = 4, Status = 1) received
2020-04-21 09:33:44.266840-0600 myapp[6798:4964585] dfuStateDidChangeTo: DFUStateDisconnecting
2020-04-21 09:33:44.267228-0600 myapp[6798:4964585] self.centralManager.delegate is <myCentralManager: 0x1c01bed80>
2020-04-21 09:33:44.267456-0600 myapp[6798:4964585] logWith: Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
2020-04-21 09:33:44.267631-0600 myapp[6798:4964585] logWith: peripheral.writeValue(0x05, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
2020-04-21 09:33:44.325032-0600 myapp[6798:4964585] logWith: Data written to 00001531-1212-EFDE-1523-785FEABCD123
2020-04-21 09:33:44.325210-0600 myapp[6798:4964585] logWith: Activate and Reset (Op Code = 5) request sent
2020-04-21 09:33:44.512551-0600 myapp[6798:4964585] logWith: [Callback] Central Manager did disconnect peripheral
2020-04-21 09:33:44.512743-0600 myapp[6798:4964585] logWith: Disconnected by the remote device
2020-04-21 09:33:44.512872-0600 myapp[6798:4964585] dfuStateDidChangeTo: DFUStateCompleted
2020-04-21 09:33:44.513096-0600 myapp[6798:4964585] self.centralManager.delegate is <myCentralManager: 0x1c01bed80>

We don't know how Simblee's library was developed, if with the Nordic SDK of the time, which SoftDevice and version was used, if at all. All we know is all Simblee devices in the field have the legacy DFU service installed. Is there a way we can learn more, like which SD is used? If we knew that a SD was used and the version, we could develop our new Nordic SDK-based app for Simblee so that DFU over BLE would work? Perhaps the only DFU over BLE option available is to update all of bootloader, SD and app. Given Simblee is only 128K, not sure if this is possible.

Any guidance would be greatly appreciated.

Many thanks,

Tim

Simblee RFD77101 Datasheet v2.2.pdf

Parents
  • 0

    Hello,

    If the bootloader is a secure bootloader, then you will not be able to generate a packet that the bootloader will accept.

    I have no idea what their bootloader looks like. It may be based on our bootloaders, but they may have done something to it. Either way, what you would want to do is to try to update the bootloader itself to a bootloader that you have control of. I don't know if you have worked with bootloaders before, but I suggest that you check out this getting started blogpost.

    If they have an old bootloader, it may be that it is not protected at all. See if you can generate a dfu image that contains your own bootloader (but practice one time with the guide before you take on that task).

    If the bootloader is protected, you either need to get access to the private key, or else you need to manually program the devices with a programmer.

    Since the device has a bootloader, how would you normally go about to update the firmware?

    BR,

    Edvin

  • 0 in reply to Edvin

    Hello Edvin,

    Thank you. Very helpful.

    Yes, I have implemented a secure DFU bootloader for our nRF52832-based product and all works well.

    I'm pretty sure the bootloader on Simblee is not secure because packages for consumption by the bootloader are generated without the use of a private key. I use version 0.5.2 of nrfutil with this command:

    nrfutil dfu genpkg simblee77-1.zip --application simblee77-1.hex --application-version 0xffff --dev-revision 0xffff --dev-type 0xffff --sd-req 0xfffe

    When I perform DFU update using nRF Connect on iOS, I get the following log:

    File Name: simblee77-1.zip
Parts: 1
Size: 34 KB
Soft Device Size: Zero KB
Bootloader Size: Zero KB
Connecting to p1...
centralManager.connect(peripheral, options: nil)
[Callback] Central Manager did connect peripheral
Connected to p1
Discovering services...
peripheral.discoverServices(nil)
Services discovered
Starting Legacy DFU...
Connected to p1
Services discovered
Legacy DFU Service found
Discovering characteristics in DFU Service...
peripheral.discoverCharacteristics(nil, for: 00001530-1212-EFDE-1523-785FEABCD123)
DFU characteristics discovered
Reading DFU Version number...
peripheral.readValue(00001534-1212-EFDE-1523-785FEABCD123)
Read Response received from 00001534-1212-EFDE-1523-785FEABCD123, value (0x): 0100
Version number read: 0.1
Enabling notifications for 00001531-1212-EFDE-1523-785FEABCD123...
peripheral.setNotifyValue(true, for: 00001531-1212-EFDE-1523-785FEABCD123)
Notifications enabled for 00001531-1212-EFDE-1523-785FEABCD123
DFU Control Point notifications enabled
Application with buttonless update found
Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
peripheral.writeValue(0x0104, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
Data written to 00001531-1212-EFDE-1523-785FEABCD123
Jump to bootloader (Op Code = 1, Upload Mode = 4) request sent
[Callback] Central Manager did disconnect peripheral
Disconnected by the remote device
Connecting to p1...
centralManager.connect(peripheral, options: nil)
[Callback] Central Manager did connect peripheral
Connected to p1
Discovering services...
peripheral.discoverServices([00001530-1212-EFDE-1523-785FEABCD123])
Services discovered
Legacy DFU Service found
Discovering characteristics in DFU Service...
peripheral.discoverCharacteristics(nil, for: 00001530-1212-EFDE-1523-785FEABCD123)
DFU characteristics discovered
Reading DFU Version number...
peripheral.readValue(00001534-1212-EFDE-1523-785FEABCD123)
Read Response received from 00001534-1212-EFDE-1523-785FEABCD123, value (0x): 0600
Version number read: 0.6
Enabling notifications for 00001531-1212-EFDE-1523-785FEABCD123...
peripheral.setNotifyValue(true, for: 00001531-1212-EFDE-1523-785FEABCD123)
Notifications enabled for 00001531-1212-EFDE-1523-785FEABCD123
DFU Control Point notifications enabled
Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
peripheral.writeValue(0x0104, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
Writing image sizes (0b, 0b, 34376b) to characteristic 00001532-1212-EFDE-1523-785FEABCD123...
peripheral.writeValue(0x000000000000000048860000, for: 00001532-1212-EFDE-1523-785FEABCD123, type: .withoutResponse)
Data written to 00001531-1212-EFDE-1523-785FEABCD123
Start DFU (Op Code = 1, Upload Mode = 4) request sent
Notification received from 00001531-1212-EFDE-1523-785FEABCD123, value (0x): 100101
Response (Op Code = 1, Status = 1) received
Writing Initialize DFU Parameters...
Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
peripheral.writeValue(0x0200, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
Writing to characteristic 00001532-1212-EFDE-1523-785FEABCD123...
peripheral.writeValue(0xffffffffffff00000100feff8014, for: 00001532-1212-EFDE-1523-785FEABCD123, type: .withoutResponse)
Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
peripheral.writeValue(0x0201, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
Data written to 00001531-1212-EFDE-1523-785FEABCD123
Data written to 00001531-1212-EFDE-1523-785FEABCD123
Notification received from 00001531-1212-EFDE-1523-785FEABCD123, value (0x): 100201
Response (Op Code = 2, Status = 1) received
Initialize DFU Parameters completed
Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
peripheral.writeValue(0x080c00, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
Data written to 00001531-1212-EFDE-1523-785FEABCD123
Packet Receipt Notif Req (Op Code = 8, Value = 12) request sent
Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
peripheral.writeValue(0x03, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
Data written to 00001531-1212-EFDE-1523-785FEABCD123
Uploading firmware...
Sending firmware to DFU Packet characteristic...
Notification received from 00001531-1212-EFDE-1523-785FEABCD123, value (0x): 100301
Response (Op Code = 3, Status = 1) received
Upload completed in 13.98 seconds
Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
peripheral.writeValue(0x04, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
Data written to 00001531-1212-EFDE-1523-785FEABCD123
Validate Firmware (Op Code = 4) request sent
Notification received from 00001531-1212-EFDE-1523-785FEABCD123, value (0x): 100401
Response (Op Code = 4, Status = 1) received
Writing to characteristic 00001531-1212-EFDE-1523-785FEABCD123...
peripheral.writeValue(0x05, for: 00001531-1212-EFDE-1523-785FEABCD123, type: .withResponse)
Data written to 00001531-1212-EFDE-1523-785FEABCD123
Activate and Reset (Op Code = 5) request sent
[Callback] Central Manager did disconnect peripheral
Disconnected by the remote device

    The new package is generated using an application compiled using the Simblee library and Arduino IDE, so not sure if it uses a SoftDevice or other details. I am also able to perform DFU over BLE with our iOS app that uses the  iOS-Pods-DFU-Library with the same successful results.

    If I understand you correctly, a next helpful step would be to create my own bootloader and attempt to perform DFU to flash it to the Simblee device. It's uncertain at the moment if the bootloader on Simblee will accept a new bootloader. If that succeeds, then, given I have control over the bootloader, I can then enable it to accept S110 and a new app that uses S110. Am I understanding correctly?

    It will take me some time to create a bootloader for nRF51822. I will start with the example included with SDK 10.0. I will proceed if you feel this is the next step in the investigation.

    Again, many thanks,

    Tim

  • 0 in reply to Tim
    Tim said:
    I wonder about trying to create a package that contains an application built using Nordic SDK 10.0 and S110, and seeing if the Simblee bootloader would accept it. Worthy of trying?

    It is worth trying. To be honest, it is a bit old, so I have never tested the bootloader with s110 and SDK10. 

     Is it a serial bootloader or a BLE bootloader? (I suppose serial) If so, I don't think there is any issues using any combination of Softdevice and application, since the bootloader is not dependent on a specific softdevice in order to work. If it is a BLE bootloader, your application will have to use the same softdevice version that the bootloader does.

    I was assigned to your other ticket yesterday. I haven't got time to look into it yet. Hopefully, I'll get time today.

    Best regards,

    Edvin

  • 0 in reply to Edvin

    Hi Edvin,

    Ongoing thanks. I would not be able to do this work without the support of you and other Nordic engineers. We are glad and committed to the Nordic platform. Thanks ..

    This is all about DFU over BLE for the 700 Simblee units we have out in the field, with hope we can update application to an application we develop using Nordic SDK and SD via the DFU bootloader already present on the devices. We can use this DFU bootloader to update to a new application built using the Simblee library and Arduino IDE, but the Simblee library does not expose much of the SoftDevice, including the Timeslot API which we now need to use.

    If the Simblee DFU bootloader will accept an application built using Nordic SDK+SoftDevice (over BLE), as you say, the app must use the same SoftDevice version the bootloader. So I'm trying to guess which SoftDevice that might be. Simblee was initially released in November of 2015. I see that SoftDevice options for nRF51822 are S110, S120 and S130. Version 1 of S130 was released June 2015, so it's a possibility. Version 1 of S120 was released May 2014. Version 1 of S110 was February 2013. So all SoftDevices could've been used.

    S110 and S120 use SDK 10.0. I can start with S130 as it uses SDK 12.3 which is newer. In trying to import and build ble_app_uart example of SDK 12.3 with SES 4.18 (macOS), I get (different) errors which I will post over at other thread.

    Many thanks Edvin,

    Tim

  • 0 in reply to Tim

    Not to upset you, but there are several versions of S130, S110 and S120 as well. So I guess you have a bit of work ahead. One version typically with each SDK release.

    Again, you should look into updating the bootloader itself. Once you do this, you are free to choose any combination of bootloader and softdevice (that is matching, of course).

  • 0 in reply to Edvin

    I understand, Edvin. I find it odd that to generate the DFU package (using version 0.5.2 of nrfutil), the command specifies 0xfffe for --sd-req:

    nrfutil dfu genpkg simblee77-1.zip --application simblee77-1.hex --application-version 0xffff --dev-revision 0xffff --dev-type 0xffff --sd-req 0xfffe

    Does that reveal anything about the SD that might be installed on Simblee? Or does this simple mean the required SD is not specified within the package, but the bootloader will still require a specific SD and version?

    I will focus on creating a DFU bootloader from the SDK 12.3 example and get that working on nRF51 DK. Then will try on a Simblee with fingers crossed.

    Many thanks Edvin,

    Tim

  • 0 in reply to Tim

    Tim said:

    the command specifies 0xfffe for --sd-req:

    nrfutil dfu genpkg simblee77-1.zip --application simblee77-1.hex --application-version 0xffff --dev-revision 0xffff --dev-type 0xffff --sd-req 0xfffe

     Is that specified from simblee?

    0xfffe means "softdevice required, but no version specified". I find it a bit strange, because that means that there is no guarantee that the application will work, if the application doesn't require the same softdevice version as the bootloader. But I guess that if they have their own IDE (or use some version of arduino), then they will always use the same softdevice version. Unfortunately, it doesn't give any hints on what version that is used.

    Do you have the possibility to read out the flash of your device? If you are able to attach a debugger, you can use the command:

    nrfjprog --readcode <file-name>

    e.g.:

    nrfjprog --readcode my_flash_dump.hex

    to read out the flash. Can you do this, and send me the .hex file? I can try to figure out which softdevice that is used. NB: still no guarantee that you can update the bootloader based on this information.

    Tim said:
    I will focus on creating a DFU bootloader from the SDK 12.3 example and get that working on nRF51 DK. Then will try on a Simblee with fingers crossed.

     I agree that this sounds like the best plan. Actually, it isn't certain that you need to know the softdevice being used by the old bootloader for this. When you have a bootloader, try to generate a dfu image like you do for your applications, containing the new bootloader and new softdevice, and see if it is accepted or not.

    Best regards,

    Edvin

Reply
  • 0 in reply to Tim

    Tim said:

    the command specifies 0xfffe for --sd-req:

    nrfutil dfu genpkg simblee77-1.zip --application simblee77-1.hex --application-version 0xffff --dev-revision 0xffff --dev-type 0xffff --sd-req 0xfffe

     Is that specified from simblee?

    0xfffe means "softdevice required, but no version specified". I find it a bit strange, because that means that there is no guarantee that the application will work, if the application doesn't require the same softdevice version as the bootloader. But I guess that if they have their own IDE (or use some version of arduino), then they will always use the same softdevice version. Unfortunately, it doesn't give any hints on what version that is used.

    Do you have the possibility to read out the flash of your device? If you are able to attach a debugger, you can use the command:

    nrfjprog --readcode <file-name>

    e.g.:

    nrfjprog --readcode my_flash_dump.hex

    to read out the flash. Can you do this, and send me the .hex file? I can try to figure out which softdevice that is used. NB: still no guarantee that you can update the bootloader based on this information.

    Tim said:
    I will focus on creating a DFU bootloader from the SDK 12.3 example and get that working on nRF51 DK. Then will try on a Simblee with fingers crossed.

     I agree that this sounds like the best plan. Actually, it isn't certain that you need to know the softdevice being used by the old bootloader for this. When you have a bootloader, try to generate a dfu image like you do for your applications, containing the new bootloader and new softdevice, and see if it is accepted or not.

    Best regards,

    Edvin

Children
  • 0 in reply to Edvin

    Thanks Edvin. I will pursue both angels: 1) determine the SD required by the current Simblee bootloader (on devices in the field) with the possibility of developing a new app using that Nordic SDK and that SD that can be accepted by current bootloader over BLE, and 2) determine if current Simblee bootloader will accept a new bootloader, which would be a better solution because we would then have control over the bootloader and the DFU process.

    I found buried in the Simblee library these files:

    ota_bootloader_dual_bank.hex
    ota_bootloader_single_bank.hex

    These appear to be the bootloaders that allow either single or dual bank DFU. I built a simple blinky app for Simblee using the Simblee library and Arduino IDE that uses the Simblee bootloader. Then using nRF Connect on macOS I connected to my nRF51 DK, then added the dual bank bootloader and compiled blinky app hex files to the file memory layout and see the following regions:

    Seems odd that they place the bootloader at the top of flash. They've probably done a lot to try and hide much of the layout. Of course the app does not run because there's no SD and MBR.

    Today I will try your suggestion of connecting a Simblee (programmed with app, SD and bootloader) to an nRF51 DK and try reading the device memory layout. Will also try to read the hex files from the device but I speculate that they've disabled flash reading.

    Thanks for your guidance Edvin.

    Tim

  • 0 in reply to Edvin

    Hi Edvin. I tried connecting to Simblee via nRF51 DK and it appears that it's readback protected. This is not surprising.

    So will turn my attention to building an nRF51 DFU/BLE bootloader and see if the Simblee DFU bootloader will accept it.

    I don't suppose it's possible to look inside the Simblee DFU bootloader hex file to see which SD is required? I've attached the hex.

    Thanks,

    Tim

    ota_bootloader_dual_bank.hex

  • 0 in reply to Tim

    The bootloader is usually placed in the top of the flash. This is done to minimize the restriction of the application size.

    The bootloader does not contain the softdevice. Check out the memory layout for the bootloader:
    https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v12.3.0/lib_bootloader.html?cp=7_5_8_3_5_0_1#lib_bootloader_memory

  • 0 in reply to Edvin

    Thanks Edvin. Yes, I realize the SD is separate from the BL and app. I wondered, though, if the SD required by the BL might be somehow specified in the BL itself. Please pardon my inexperience.

    Can the location of the application in flash offer a clue of the required SD? The start address of the app allows enough room for the MBR and SD. Each SD version has a particular size.

    Thank you,

    Tim

  • 0 in reply to Tim

    No worries, Tim. It may say something about the version in the BL hex file, but as soon as they change just a tiny thing in the bootloader project, it may change the location of many (!) things in the .hex file. In this case, you are looking at a binary blob that you would have to reverse engineer in some way. Besides, I believe that the softdevice version is stored in the bootloader settings, and not in the bootloader itself. And since the requirement for the dfu image is 0xfffd, I doubt it will say.

    Unfortunately, the flash start is quite generic. It is rounded up to the next page. So this would indicate that the softdevice ends between 0x1E000 and 0x1EFFF.

    Looking at the latest softdevice for nRF51, S130 from SDK12.3.0, the applications from this version starts at 0x1B000, so I am not sure this is actually a hint. Please also note that the start address of an application transferred over DFU doesn't really matter. The bootloader will place it after the softdevice. They may have known this, and just set a "random" address.

    I am not sure why you would need to know what softdevice version they use? Can you remind me? You don't need this in order to transfer the new bootloader (if possible).

Related
Terms of service