What I want to do:
I want to connect my Raspberry Pi 2 to a Bluetooth Smart Weight Scale (Medisana BS440) and receive my Data.
What I know:
There is just one interesting Primary Service with 5 Characteristics:
- handle: 0x001a
- properties: 0x20 (Indication), char value handle: 0x1b uuid:00008a21-0000-1000-8000-00805f9b34fb
- handle: 0x001d
- properties: 0x20 (Indication), char value handle: 0x1e uuid:00008a22-0000-1000-8000-00805f9b34fb
- handle: 0x0020
- properties: 0x02 (Read-Only), char value handle: 0x21 uuid:00008a20-00..
- handle: 0x0022
- properties: 0x08 (Write-Only), char value handle: 0x23 uuid:00008a81-00..
- handle: 0x0024
- properties: 0x20 (Indication), char value handle: 0x25 uuid:00008a82-00..
I used the HCI-Snoop-Developer-Funktion of my Android-Phone, to see how the corresponding app communicates to my scale.
- Write 0200 -> 0x1f (enable Indication 0x1d)
- read 0x21 -> 0x21 (value: 37fb)
- write 0200 -> 0x1c (enable Indication 0x1a)
- write 0200 -> 0x26 (enable Indication 0x24)
- write 02a31e2c0b -> 0x23 (I don't fully understand this here, but I know if you take the bytes after 02 (a3 1e 2c 0b -> 0b 2c 1e a3 -> this is the current Unix-timestamp but for the year ?1975?)
after step 4. there is the first Indication (handle 0x25) which give me the stored personal data of me (my height, gender, age etc)
after step 5. there are some Indications (handle 0x1b and handle 0x1e) which should transfer my measured data. (Didn't analyze the hex-values at this time)
What I did:
I installed bluez.5.32 on my raspi (kernel 4.1.13), and did step 1 - 5 with gatttool and everything works fine till step 5. I don't get any Indication-messages from handle 0x1b and 0x1e) Nothing happens after step 5.
gatttool -t random -b DE:70:4A:XX:XX:XX -I
char-write-cmd 0x1f 0200
char-read-hnd 0x21 (37fb)
char-write-cmd 0x1c 0200
char-write-cmd 0x26 0200
char-write-cmd 0x23 0000000000
(I even do the thing with unix-timestamp-for 1975.. doesnt worked out)
After billions of hours I was getting bluetoothctl work on my raspi (there was a dbus-problem) and I tried the same with bluetoothctl. I enabled all Indications and write 0000000000 to hnd=0x23. Switched to handle 0x1a and it worked! I receive many hex-values that should be the data I'm searching for.
So whats the problem? I want to use gatttool for my purpose or at least I want to understand, why it doesnt worked out with gatttool
When I use bluetoothctl, I just can select and watch one attribute, and after receiving the data, my scale automatically disconnects to my raspberry. So when I select characteristic 0x1a, I cant see the indication-messages of characteristic 0x01d et vice versa.
Is there another connection between my Pi and my Scale when I'm using gatttool or when I'm using bluetoothctl? Or is there a difference in the way, how they communicate to my scale?