I am currently running some tests on the Legacy DFU protocol and notice that even valid firmware images are unable to be transmitted. My setup is as follows:
- Peripheral BLE device: nRF 52 DK advertising as example "DfuTarg"
- The bootloader and softdevice being used are from SDK11's example directory. Specifically, the "dfu_dual_bank_ble_s132_pca10040" bootloader and the "s132" softdevice.
- Central BLE Device: Android phone
- Note that the reason why I use a smartphone is because legacy DFU is not supported on modern versions of nRF Connect or nrfutil
The firmware image is created using the following command:
nrfutil dfu genpkg --application .\hrs.hex --key-file .\private.pem FW.zip
Note that the "hrs.hex" file is generated by using Keil uVision5 to compile the example located here with no modifications:
C:(HOME_DIRECTORY)\nRF5_SDK_11.0.0_89a8197\examples\ble_peripheral\ble_app_hrs\pca10040\s132_with_dfu\arm5_no_packs\ble_app_hrs_s132_with_dfu_pca10040.uvprojx
However, when trying to upload the firmware image, the operation fails. Here is the log output:
nRF Connect, 2021-08-03 DfuTarg (CF:EC:59:14:F9:8E) V 17:02:59.003 Connecting to CF:EC:59:14:F9:8E... D 17:02:59.003 gatt = device.connectGatt(autoConnect = false, TRANSPORT_LE, preferred PHY = LE 1M) D 17:02:59.240 [Broadcast] Action received: android.bluetooth.device.action.ACL_CONNECTED D 17:02:59.267 [Callback] Connection state changed with status: 0 and new state: CONNECTED (2) I 17:02:59.267 Connected to CF:EC:59:14:F9:8E V 17:02:59.304 Discovering services... D 17:02:59.304 gatt.discoverServices() I 17:02:59.992 Connection parameters updated (interval: 30.0ms, latency: 0, timeout: 4000ms) I 17:03:00.188 Connection parameters updated (interval: 7.5ms, latency: 0, timeout: 5000ms) D 17:03:00.266 [Callback] Services discovered with status: 0 I 17:03:00.266 Services discovered V 17:03:00.275 Generic Access (0x1800) - Device Name [R W] (0x2A00) - Appearance [R] (0x2A01) - Peripheral Preferred Connection Parameters [R] (0x2A04) Generic Attribute (0x1801) - Service Changed [I] (0x2A05) Client Characteristic Configuration (0x2902) Device Firmware Update Service (00001530-1212-efde-1523-785feabcd123) - DFU Packet [WNR] (00001532-1212-efde-1523-785feabcd123) - DFU Control Point [N W] (00001531-1212-efde-1523-785feabcd123) Client Characteristic Configuration (0x2902) - DFU Version [R] (00001534-1212-efde-1523-785feabcd123) D 17:03:00.275 gatt.setCharacteristicNotification(00002a05-0000-1000-8000-00805f9b34fb, true) I 17:03:00.318 Connection parameters updated (interval: 30.0ms, latency: 0, timeout: 4000ms) I 17:03:00.903 Connection parameters updated (interval: 30.0ms, latency: 0, timeout: 4000ms) V 17:03:03.783 [DFU] DFU service started V 17:03:03.784 [DFU] Opening file... I 17:03:03.784 [DFU] Firmware file opened successfully V 17:03:03.784 [DFU] Connecting to DFU target... D 17:03:03.784 [DFU] gatt = device.connectGatt(autoConnect = false, TRANSPORT_LE, preferredPhy = LE_1M | LE_2M) I 17:03:03.791 [DFU] Connected to CF:EC:59:14:F9:8E V 17:03:03.791 [DFU] Discovering services... D 17:03:03.791 [DFU] gatt.discoverServices() I 17:03:03.794 [DFU] Services discovered D 17:03:03.802 [DFU] wait(1000) V 17:03:04.818 [DFU] Reading DFU version number... D 17:03:04.819 [DFU] gatt.readCharacteristic(00001534-1212-efde-1523-785feabcd123) I 17:03:04.878 [DFU] Read Response received from 00001534-1212-efde-1523-785feabcd123, value (0x): 08-00 A 17:03:04.878 [DFU] Version number read: 0.8 D 17:03:04.878 [DFU] wait(1000) V 17:03:05.897 [DFU] Enabling notifications for 00001531-1212-efde-1523-785feabcd123 D 17:03:05.897 [DFU] gatt.setCharacteristicNotification(00001531-1212-efde-1523-785feabcd123, true) D 17:03:05.897 [DFU] gatt.writeDescriptor(00002902-0000-1000-8000-00805f9b34fb, value=0x01-00) I 17:03:05.941 [DFU] Data written to descr.00001531-1212-efde-1523-785feabcd123, value (0x): 01-00 V 17:03:05.941 [DFU] Notifications enabled for 00001531-1212-efde-1523-785feabcd123 A 17:03:05.942 [DFU] Notifications enabled D 17:03:05.943 [DFU] wait(1000) V 17:03:06.959 [DFU] Writing to characteristic 00001531-1212-efde-1523-785feabcd123 D 17:03:06.959 [DFU] gatt.writeCharacteristic(00001531-1212-efde-1523-785feabcd123) I 17:03:07.000 [DFU] Data written to 00001531-1212-efde-1523-785feabcd123, value (0x): 01-04 A 17:03:07.000 [DFU] DFU Start sent (Op Code = 1, Upload Mode = 4) V 17:03:07.000 [DFU] Writing to characteristic 00001532-1212-efde-1523-785feabcd123 D 17:03:07.000 [DFU] gatt.writeCharacteristic(00001532-1212-efde-1523-785feabcd123) I 17:03:07.004 [DFU] Data written to 00001532-1212-efde-1523-785feabcd123, value (0x): 00-00-00-00-00-00-00-00-F4-5B-00-00 A 17:03:07.004 [DFU] Firmware image size sent (0b, 0b, 23540b) I 17:03:07.839 [DFU] Notification received from 00001531-1212-efde-1523-785feabcd123, value (0x): 10-01-01 A 17:03:07.840 [DFU] Response received (Op Code = 1 Status = 1) A 17:03:07.840 [DFU] Writing Initialize DFU Parameters... V 17:03:07.840 [DFU] Writing to characteristic 00001531-1212-efde-1523-785feabcd123 D 17:03:07.840 [DFU] gatt.writeCharacteristic(00001531-1212-efde-1523-785feabcd123) I 17:03:07.897 [DFU] Data written to 00001531-1212-efde-1523-785feabcd123, value (0x): 02-00 V 17:03:07.903 [DFU] Writing to characteristic 00001532-1212-efde-1523-785feabcd123 D 17:03:07.905 [DFU] gatt.writeCharacteristic(00001532-1212-efde-1523-785feabcd123) I 17:03:07.909 [DFU] Data written to 00001532-1212-efde-1523-785feabcd123, value (0x): FF-FF-FF-FF-FF-FF-FF-FF-01-00-FE-FF-02-00-00-00-F4-5B-00-00 V 17:03:07.911 [DFU] Writing to characteristic 00001532-1212-efde-1523-785feabcd123 D 17:03:07.911 [DFU] gatt.writeCharacteristic(00001532-1212-efde-1523-785feabcd123) I 17:03:07.917 [DFU] Data written to 00001532-1212-efde-1523-785feabcd123, value (0x): CA-47-1C-0B-00-C7-CA-34-D6-D3-30-6C-4F-9E-E7-56-2F-09-7C-5E V 17:03:07.918 [DFU] Writing to characteristic 00001532-1212-efde-1523-785feabcd123 D 17:03:07.919 [DFU] gatt.writeCharacteristic(00001532-1212-efde-1523-785feabcd123) I 17:03:07.922 [DFU] Data written to 00001532-1212-efde-1523-785feabcd123, value (0x): 7A-C5-E5-D6-14-B5-66-BA-38-80-16-55-ED-C5-38-24-2F-F0-E0-80 V 17:03:07.923 [DFU] Writing to characteristic 00001532-1212-efde-1523-785feabcd123 D 17:03:07.923 [DFU] gatt.writeCharacteristic(00001532-1212-efde-1523-785feabcd123) I 17:03:07.926 [DFU] Data written to 00001532-1212-efde-1523-785feabcd123, value (0x): 2B-67-BF-0A-EA-17-88-53-7C-F6-22-64-1D-AF-CF-05-CC-F1-60-19 V 17:03:07.926 [DFU] Writing to characteristic 00001532-1212-efde-1523-785feabcd123 D 17:03:07.927 [DFU] gatt.writeCharacteristic(00001532-1212-efde-1523-785feabcd123) I 17:03:07.929 [DFU] Data written to 00001532-1212-efde-1523-785feabcd123, value (0x): 49-F3-CC-96-89-3C-AC-D6-ED-3D-7C-26-91-B5-02-A7-EB-B5-92-EE V 17:03:07.929 [DFU] Writing to characteristic 00001532-1212-efde-1523-785feabcd123 D 17:03:07.930 [DFU] gatt.writeCharacteristic(00001532-1212-efde-1523-785feabcd123) I 17:03:07.936 [DFU] Data written to 00001532-1212-efde-1523-785feabcd123, value (0x): BA-B8-DC-C4-7B-BB-8C-EA-B0-CF-26-BD-2E-92-86-9E V 17:03:07.940 [DFU] Writing to characteristic 00001531-1212-efde-1523-785feabcd123 D 17:03:07.940 [DFU] gatt.writeCharacteristic(00001531-1212-efde-1523-785feabcd123) D 17:03:11.993 [Callback] Connection state changed with status: 8 and new state: DISCONNECTED (0) E 17:03:11.993 Error 8 (0x8): GATT CONN TIMEOUT I 17:03:11.993 Disconnected E 17:03:11.996 [DFU] Error (0x85): GATT ERROR D 17:03:12.034 [DFU] gatt.refresh() (hidden) D 17:03:12.034 [DFU] gatt.disconnect() D 17:03:12.034 [DFU] gatt.close()
It seems that the update process stops halfway through due to a GATT Error. What exactly is causing this issue? I've tested this problem multiple times and have seen that simply not signing the Firmware results in a successful update. However, it is when the firmware is signed in which this error occurs.
Any help or insight would be deeply appreciated!
