• State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 66 subscribers
  • Views 1900 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 277945
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sniffing a Bosch laser tape 2

Dainius G

Hi.

I`m trying to figure out a way I can control a Bosch GLM120C laser measure device using a micro controller.

I`m a stage where I can activate  the laser(1st command) and take a measurement(2nd command) using NRF connect app on my phone.

Service UUID: 2A6C0D0-0451-4000-B000-FB3210111989

Command I`m writing "c05601001e"  first time it activates the laser and 2nd time it takes a measurement. 

While the app from Bosch does get the distance value. I can`t seem to figure out what packet  the data is being sent back in, I`m using Wireshark and BLE sniffer(52 dongle).

https://www.dropbox.com/s/z97dv8qdbm8emja/514mm%282%29.pcapng?dl=0

Any input would be much appreciated. 

Thanks Guys.

Parents
  • 0

    Hi Dainius G,

    your post was quite interesting. I scanned for BLE devices in my house and realized that there was a device with the 128 bit UUID you described here. I couldn't make out what it was until I found the service number in your post.

    Thanks to you, I figured that my Bosch GLM120C is advertising ALTHOUGH IT IS TURNED OFF (advertising interval is 8 seconds)!! The only scenario I see, where this could make sense, is if you could (fully) turn on the GLM120C remotely via BLE.
    I never notived a feature in the Bosch Measuring Master app, that would allow that. Anyway, there might be some hidden features (or bad design decisions).

    Another thing I noticed is, that Bosch does not seem to do advertising manufacturer specific data (0xFF) in the right way. They seem to violate the standard and skip the mandatory 16 bit company identifier (0x02A6 for Robert Bosch GmbH) and send their data - the 48 bit BLE address - right away. There is an additional byte in the manufacturer specific data after the 48 bit address, which is 0x00 in my case.

    I probably won't look deeper into the communication of the GLM120C. Anyway, good luck!

    Regards,
    Sparkybert

Reply
  • 0

    Hi Dainius G,

    your post was quite interesting. I scanned for BLE devices in my house and realized that there was a device with the 128 bit UUID you described here. I couldn't make out what it was until I found the service number in your post.

    Thanks to you, I figured that my Bosch GLM120C is advertising ALTHOUGH IT IS TURNED OFF (advertising interval is 8 seconds)!! The only scenario I see, where this could make sense, is if you could (fully) turn on the GLM120C remotely via BLE.
    I never notived a feature in the Bosch Measuring Master app, that would allow that. Anyway, there might be some hidden features (or bad design decisions).

    Another thing I noticed is, that Bosch does not seem to do advertising manufacturer specific data (0xFF) in the right way. They seem to violate the standard and skip the mandatory 16 bit company identifier (0x02A6 for Robert Bosch GmbH) and send their data - the 48 bit BLE address - right away. There is an additional byte in the manufacturer specific data after the 48 bit address, which is 0x00 in my case.

    I probably won't look deeper into the communication of the GLM120C. Anyway, good luck!

    Regards,
    Sparkybert

Children
No Data
Related