Heart Rate measuring using Xiaomi MiBand 1S and BLE

1
votes

I am trying to get heart rate measurement notifications on my computer from Xiaomi MiBand 1S using Python and pygattlib.

I can successfully initialize the device with user info (tapping the sensor to "pair"), using the same user info for following connections, vibrate the device, read device info and step counts and listen for step counts notifications.

But as soon as I change the heart rate sensor control point to manual mode (writing 0x150201 to value handle 0x4e / uuid 0x2a39), optical sensor on the back of the device begins to flash, but I do not receive write response and my Bluetooth connection gets dropped so I can not receive heart rate notifications!

Here is the hcldump log for the session, showing connection details and enumeration of services and characteristics. Skip down to see the issue.

HCI sniffer - Bluetooth packet analyzer ver 5.37
device: hci0 snap_len: 1500 filter: 0xffffffffffffffff
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7
    type 0x00 (passive)
    interval 60.000ms window 30.000ms
    own address: 0x00 (Public) policy: white list only
> HCI Event: Command Complete (0x0e) plen 4
    LE Set Scan Parameters (0x08|0x000b) ncmd 1
    status 0x00
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2
    value 0x01 (scanning enabled)
    filter duplicates 0x01 (enabled)
> HCI Event: Command Complete (0x0e) plen 4
    LE Set Scan Enable (0x08|0x000c) ncmd 1
    status 0x00
> HCI Event: LE Meta Event (0x3e) plen 23
    LE Advertising Report
      ADV_IND - Connectable undirected advertising (0)
      bdaddr C8:0F:10:32:CA:B6 (Public)
      Flags: 0x06
      Unknown type 0xff with 6 bytes data
      RSSI: -65
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2
    value 0x00 (scanning disabled)
    filter duplicates 0x00 (disabled)
> HCI Event: Command Complete (0x0e) plen 4
    LE Set Scan Enable (0x08|0x000c) ncmd 1
    status 0x00
< HCI Command: LE Create Connection (0x08|0x000d) plen 25
    bdaddr C8:0F:10:32:CA:B6 type 0
    interval 96 window 96 initiator_filter 0
    own_bdaddr_type 0 min_interval 40 max_interval 56
    latency 0 supervision_to 42 min_ce 0 max_ce 0
> HCI Event: Command Status (0x0f) plen 4
    LE Create Connection (0x08|0x000d) status 0x00 ncmd 1
> HCI Event: LE Meta Event (0x3e) plen 19
    LE Connection Complete
      status 0x00 handle 64, role master
      bdaddr C8:0F:10:32:CA:B6 (Public)
< HCI Command: LE Read Remote Used Features (0x08|0x0016) plen 2
> HCI Event: Command Status (0x0f) plen 4
    LE Read Remote Used Features (0x08|0x0016) status 0x00 ncmd 1
> HCI Event: LE Meta Event (0x3e) plen 12
    LE Read Remote Used Features Complete
      status 0x00 handle 64
      Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Group req (0x10)
      start 0x0001, end 0xffff
      type-uuid 0x2800
> ACL data: handle 64 flags 0x02 dlen 24
    ATT: Read By Group resp (0x11)
      attr handle 0x0001, end group handle 0x0009
      value 0x00 0x18
      attr handle 0x000c, end group handle 0x000f
      value 0x01 0x18
      attr handle 0x0010, end group handle 0x0039
      value 0xe0 0xfe
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Group req (0x10)
      start 0x003a, end 0xffff
      type-uuid 0x2800
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 24
    ATT: Read By Group resp (0x11)
      attr handle 0x003a, end group handle 0x0048
      value 0xe1 0xfe
      attr handle 0x0049, end group handle 0x004e
      value 0x0d 0x18
      attr handle 0x004f, end group handle 0x0051
      value 0x02 0x18
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Group req (0x10)
      start 0x0052, end 0xffff
      type-uuid 0x2800
> ACL data: handle 64 flags 0x02 dlen 9
    ATT: Error (0x01)
      Error: Attribute not found (10)
      Read By Group req (0x10) on handle 0x0052
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0001, end 0x0009
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0002, value 0x02 0x03 0x00 0x00 0x2a
        handle 0x0004, value 0x02 0x05 0x00 0x01 0x2a
        handle 0x0006, value 0x0a 0x07 0x00 0x02 0x2a
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0007, end 0x0009
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 13
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0008, value 0x02 0x09 0x00 0x04 0x2a
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x000c, end 0x000f
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 13
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x000d, value 0x22 0x0e 0x00 0x05 0x2a
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x000e, end 0x000f
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 9
    ATT: Error (0x01)
      Error: Attribute not found (10)
      Read By Type req (0x08) on handle 0x000e
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0010, end 0x0039
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0011, value 0x02 0x12 0x00 0x01 0xff
        handle 0x0013, value 0x0a 0x14 0x00 0x02 0xff
        handle 0x0015, value 0x12 0x16 0x00 0x03 0xff
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0016, end 0x0039
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0018, value 0x0a 0x19 0x00 0x04 0xff
        handle 0x001a, value 0x08 0x1b 0x00 0x05 0xff
        handle 0x001c, value 0x12 0x1d 0x00 0x06 0xff
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x001d, end 0x0039
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x001f, value 0x12 0x20 0x00 0x07 0xff
        handle 0x0022, value 0x04 0x23 0x00 0x08 0xff
        handle 0x0024, value 0x1a 0x25 0x00 0x09 0xff
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0025, end 0x0039
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0027, value 0x0a 0x28 0x00 0x0a 0xff
        handle 0x0029, value 0x0a 0x2a 0x00 0x0b 0xff
        handle 0x002b, value 0x12 0x2c 0x00 0x0c 0xff
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x002c, end 0x0039
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x002e, value 0x0a 0x2f 0x00 0x0d 0xff
        handle 0x0030, value 0x1a 0x31 0x00 0x0e 0xff
        handle 0x0033, value 0x0a 0x34 0x00 0x0f 0xff
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0034, end 0x0039
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 20
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0035, value 0x10 0x36 0x00 0x10 0xff
        handle 0x0038, value 0x02 0x39 0x00 0xc9 0xfe
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x003a, end 0x0048
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x003b, value 0x08 0x3c 0x00 0xdd 0xfe
        handle 0x003d, value 0x02 0x3e 0x00 0xde 0xfe
        handle 0x003f, value 0x02 0x40 0x00 0xdf 0xfe
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0040, end 0x0048
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0041, value 0x08 0x42 0x00 0xd0 0xfe
        handle 0x0043, value 0x08 0x44 0x00 0xd1 0xfe
        handle 0x0045, value 0x02 0x46 0x00 0xd2 0xfe
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0046, end 0x0048
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 13
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0047, value 0x08 0x48 0x00 0xd3 0xfe
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0049, end 0x004e
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 20
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x004a, value 0x10 0x4b 0x00 0x37 0x2a
        handle 0x004d, value 0x0a 0x4e 0x00 0x39 0x2a
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x004f, end 0x0051
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 1
> ACL data: handle 64 flags 0x02 dlen 13
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0050, value 0x04 0x51 0x00 0x06 0x2a
< ACL data: handle 64 flags 0x00 dlen 9
    ATT: Write req (0x12)
      handle 0x0017 value  0x01 0x00
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 5
    ATT: Write resp (0x13)
< ACL data: handle 64 flags 0x00 dlen 25
    ATT: Read By Type req (0x08)
      start 0x0001, end 0xffff
      type-uuid 0000ff01-0000-1000-8000-00805f9b34fb
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 21
        handle 0x0012, value 0xc8 0x32 0xca 0xb6 0x04 0x00 0x04 0x6c 0x00 0x06 0x00 0x02 0x07 0x03 0x10 0x04 0x12 0x4c 0x03
< ACL data: handle 64 flags 0x00 dlen 27
    ATT: Write req (0x12)
      handle 0x0019 value  0xf6 0xe4 0x63 0x5c 0x01 0x1e 0xc1 0x4a 0x00 0x04 0x00 0x31 0x35 0x35 0x30 0x30 0x35 0x30 0x35 0x00
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 5
    ATT: Write resp (0x13)
< ACL data: handle 64 flags 0x00 dlen 9
    ATT: Write req (0x12)
      handle 0x004c value  0x01 0x00
> ACL data: handle 64 flags 0x02 dlen 8
    ATT: Handle notify (0x1b)
      handle 0x0016
      value 0x05
> ACL data: handle 64 flags 0x02 dlen 5
    ATT: Write resp (0x13)

HCI sniffer - Bluetooth packet analyzer ver 5.37
device: hci0 snap_len: 1500 filter: 0xffffffffffffffff
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7
    type 0x00 (passive)
    interval 60.000ms window 30.000ms
    own address: 0x00 (Public) policy: white list only
> HCI Event: Command Complete (0x0e) plen 4
    LE Set Scan Parameters (0x08|0x000b) ncmd 1
    status 0x00
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2
    value 0x01 (scanning enabled)
    filter duplicates 0x01 (enabled)
> HCI Event: Command Complete (0x0e) plen 4
    LE Set Scan Enable (0x08|0x000c) ncmd 1
    status 0x00
> HCI Event: LE Meta Event (0x3e) plen 23
    LE Advertising Report
      ADV_IND - Connectable undirected advertising (0)
      bdaddr C8:0F:10:32:CA:B6 (Public)
      Flags: 0x06
      Unknown type 0xff with 6 bytes data
      RSSI: -65
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2
    value 0x00 (scanning disabled)
    filter duplicates 0x00 (disabled)
> HCI Event: Command Complete (0x0e) plen 4
    LE Set Scan Enable (0x08|0x000c) ncmd 1
    status 0x00
< HCI Command: LE Create Connection (0x08|0x000d) plen 25
    bdaddr C8:0F:10:32:CA:B6 type 0
    interval 96 window 96 initiator_filter 0
    own_bdaddr_type 0 min_interval 40 max_interval 56
    latency 0 supervision_to 42 min_ce 0 max_ce 0
> HCI Event: Command Status (0x0f) plen 4
    LE Create Connection (0x08|0x000d) status 0x00 ncmd 1
> HCI Event: LE Meta Event (0x3e) plen 19
    LE Connection Complete
      status 0x00 handle 64, role master
      bdaddr C8:0F:10:32:CA:B6 (Public)
< HCI Command: LE Read Remote Used Features (0x08|0x0016) plen 2
> HCI Event: Command Status (0x0f) plen 4
    LE Read Remote Used Features (0x08|0x0016) status 0x00 ncmd 1
> HCI Event: LE Meta Event (0x3e) plen 12
    LE Read Remote Used Features Complete
      status 0x00 handle 64
      Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Group req (0x10)
      start 0x0001, end 0xffff
      type-uuid 0x2800
> ACL data: handle 64 flags 0x02 dlen 24
    ATT: Read By Group resp (0x11)
      attr handle 0x0001, end group handle 0x0009
      value 0x00 0x18
      attr handle 0x000c, end group handle 0x000f
      value 0x01 0x18
      attr handle 0x0010, end group handle 0x0039
      value 0xe0 0xfe
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Group req (0x10)
      start 0x003a, end 0xffff
      type-uuid 0x2800
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 24
    ATT: Read By Group resp (0x11)
      attr handle 0x003a, end group handle 0x0048
      value 0xe1 0xfe
      attr handle 0x0049, end group handle 0x004e
      value 0x0d 0x18
      attr handle 0x004f, end group handle 0x0051
      value 0x02 0x18
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Group req (0x10)
      start 0x0052, end 0xffff
      type-uuid 0x2800
> ACL data: handle 64 flags 0x02 dlen 9
    ATT: Error (0x01)
      Error: Attribute not found (10)
      Read By Group req (0x10) on handle 0x0052
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0001, end 0x0009
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0002, value 0x02 0x03 0x00 0x00 0x2a
        handle 0x0004, value 0x02 0x05 0x00 0x01 0x2a
        handle 0x0006, value 0x0a 0x07 0x00 0x02 0x2a
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0007, end 0x0009
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 13
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0008, value 0x02 0x09 0x00 0x04 0x2a
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x000c, end 0x000f
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 13
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x000d, value 0x22 0x0e 0x00 0x05 0x2a
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x000e, end 0x000f
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 9
    ATT: Error (0x01)
      Error: Attribute not found (10)
      Read By Type req (0x08) on handle 0x000e
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0010, end 0x0039
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0011, value 0x02 0x12 0x00 0x01 0xff
        handle 0x0013, value 0x0a 0x14 0x00 0x02 0xff
        handle 0x0015, value 0x12 0x16 0x00 0x03 0xff
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0016, end 0x0039
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0018, value 0x0a 0x19 0x00 0x04 0xff
        handle 0x001a, value 0x08 0x1b 0x00 0x05 0xff
        handle 0x001c, value 0x12 0x1d 0x00 0x06 0xff
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x001d, end 0x0039
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x001f, value 0x12 0x20 0x00 0x07 0xff
        handle 0x0022, value 0x04 0x23 0x00 0x08 0xff
        handle 0x0024, value 0x1a 0x25 0x00 0x09 0xff
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0025, end 0x0039
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0027, value 0x0a 0x28 0x00 0x0a 0xff
        handle 0x0029, value 0x0a 0x2a 0x00 0x0b 0xff
        handle 0x002b, value 0x12 0x2c 0x00 0x0c 0xff
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x002c, end 0x0039
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x002e, value 0x0a 0x2f 0x00 0x0d 0xff
        handle 0x0030, value 0x1a 0x31 0x00 0x0e 0xff
        handle 0x0033, value 0x0a 0x34 0x00 0x0f 0xff
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0034, end 0x0039
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 20
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0035, value 0x10 0x36 0x00 0x10 0xff
        handle 0x0038, value 0x02 0x39 0x00 0xc9 0xfe
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x003a, end 0x0048
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x003b, value 0x08 0x3c 0x00 0xdd 0xfe
        handle 0x003d, value 0x02 0x3e 0x00 0xde 0xfe
        handle 0x003f, value 0x02 0x40 0x00 0xdf 0xfe
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0040, end 0x0048
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0041, value 0x08 0x42 0x00 0xd0 0xfe
        handle 0x0043, value 0x08 0x44 0x00 0xd1 0xfe
        handle 0x0045, value 0x02 0x46 0x00 0xd2 0xfe
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0046, end 0x0048
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 13
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0047, value 0x08 0x48 0x00 0xd3 0xfe
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x0049, end 0x004e
      type-uuid 0x2803
> ACL data: handle 64 flags 0x02 dlen 20
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x004a, value 0x10 0x4b 0x00 0x37 0x2a
        handle 0x004d, value 0x0a 0x4e 0x00 0x39 0x2a
< ACL data: handle 64 flags 0x00 dlen 11
    ATT: Read By Type req (0x08)
      start 0x004f, end 0x0051
      type-uuid 0x2803
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 1
> ACL data: handle 64 flags 0x02 dlen 13
    ATT: Read By Type resp (0x09)
      length: 7
        handle 0x0050, value 0x04 0x51 0x00 0x06 0x2a
< ACL data: handle 64 flags 0x00 dlen 9
    ATT: Write req (0x12)
      handle 0x0017 value  0x01 0x00
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 5
    ATT: Write resp (0x13)
< ACL data: handle 64 flags 0x00 dlen 25
    ATT: Read By Type req (0x08)
      start 0x0001, end 0xffff
      type-uuid 0000ff01-0000-1000-8000-00805f9b34fb
> ACL data: handle 64 flags 0x02 dlen 27
    ATT: Read By Type resp (0x09)
      length: 21
        handle 0x0012, value 0xc8 0x32 0xca 0xb6 0x04 0x00 0x04 0x6c 0x00 0x06 0x00 0x02 0x07 0x03 0x10 0x04 0x12 0x4c 0x03

This is where the fun starts! First I authenticate with the device by reading device info and writing the same user info as when initializing the device, for which I receive 0x05 ("authentication ok") on the notification handle 0x1b / uuid 0xff03.

Then I enable heart rate notifications on handle 0x4c / uuid 0x2a37.

< ACL data: handle 64 flags 0x00 dlen 27
    ATT: Write req (0x12)
      handle 0x0019 value  0xf6 0xe4 0x63 0x5c 0x01 0x1e 0xc1 0x4a 0x00 0x04 0x00 0x31 0x35 0x35 0x30 0x30 0x35 0x30 0x35 0x00
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> ACL data: handle 64 flags 0x02 dlen 5
    ATT: Write resp (0x13)
< ACL data: handle 64 flags 0x00 dlen 9
    ATT: Write req (0x12)
      handle 0x004c value  0x01 0x00
> ACL data: handle 64 flags 0x02 dlen 8
    ATT: Handle notify (0x1b)
      handle 0x0016
      value 0x05
> ACL data: handle 64 flags 0x02 dlen 5
    ATT: Write resp (0x13)

Finally I write to heart rate sensor control point. For this write request I do not receive write response (0x13) and connection gets dropped:

< ACL data: handle 64 flags 0x00 dlen 10
    ATT: Write req (0x12)
      handle 0x004e value  0x15 0x02 0x01
> HCI Event: Number of Completed Packets (0x13) plen 5
    handle 64 packets 2
> HCI Event: Disconn Complete (0x05) plen 4
    status 0x00 handle 64 reason 0x08
    Reason: Connection Timeout

As you can see, instead of receiving 0x13 write response, I get HCI event Disconn Complete (0x05) with reason code 0x08.

What am I doing wrong here?


Writing 0x150200 to the handle works fine. Writing 0x150001 (enable sleep readout), 0x150101 (enable cont. readout) or 0x150201 (start manual readout) causes immediate disconnect. The device continues to blink sensor lights periodically when sleep or cont. readout is set, so it looks like my command is reaching the device but I can not find why the connection gets dropped.


I am using Ubuntu, Linux kernel version is 4.4.0-22-generic with bluez version 5.37-0ubuntu5. Command btmgmt info returns:

$ sudo btmgmt info
Index list with 1 item
hci0:   Primary controller
        addr 14:2D:27:E4:82:04 version 6 manufacturer 15 class 0x0c010c
        supported settings: powered connectable fast-connectable discoverable bondable link-security ssp br/edr hs le advertising secure-conn debug-keys privacy configuration static-addr 
        current settings: powered bondable ssp br/edr le secure-conn 
        name smokva
        short name
1
pythonbluetoothbluetooth-lowenergygatt
If you always get Connection Timeout (0x08) after writing some command packet, it's nothing wrong in your computer's bluetooth stack or so. It rather seems your heart rate monitor device freaks out when it receives that command. Do you want to write 0x150201 in little endian? Then you should write 0x01 0x02 0x15 rather than 0x15 0x02 0x01. - Emil
According to this source code and the Bluetooth log I can get from my phone while using the official xiaomi miband app the sequence is 0x15 0x02 0x01. - Goran Rakic
It is very possible that I am missing to send some command before this one, or that I am failing to correctly initialize the sensor. But compared with other source online and the recorded log, it looks like I am doing everything that is required. It would be great if someone has experience with this device or can share some other reason why am I receiving disconnection event... - Goran Rakic

1 Answers

0
votes

I managed to make a measurement, coping the packages sniffed from the official application, but when I tried to do the same a bit later it didn't work anymore, and now I have your same problem. Did you solved the problem about disconnection after the writing command in handle 0x004c?

Here are the shell commands which worked one time:

root@raspberrypi:/# gatttool -b C8:0F:10:3C:7E:51 -I
[C8:0F:10:3C:7E:51][LE]> connect
[C8:0F:10:3C:7E:51][LE]> char-read-hnd 0x0012
Characteristic value/descriptor: c8 3c 7e 51 04 00 04 07 00 06 00 02 16 04 10 04 16 4c 03 01 
[C8:0F:10:3C:7E:51][LE]> char-write-req 0x0019 74bef4600019af41000400746573740000000043
Characteristic value was written successfully
ffff0F:10:3C:7E:51][LE]> char-write-req 0x0028 10071f110138ffffffffffff
Characteristic value was written successfully
[C8:0F:10:3C:7E:51][LE]> char-write-req 0x002d 0100
Characteristic value was written successfully
[C8:0F:10:3C:7E:51][LE]> char-write-req 0x001e 0100
Characteristic value was written successfully
[C8:0F:10:3C:7E:51][LE]> char-write-req 0x001b 06
Characteristic value was written successfully
[C8:0F:10:3C:7E:51][LE]> char-write-req 0x001b 0a10071f1101300000
Characteristic value was written successfully
Notification handle = 0x001d value: 00 00 00 00 
Notification handle = 0x001d value: 00 00 00 00 
[C8:0F:10:3C:7E:51][LE]> char-write-req 0x004c 0100
Characteristic value was written successfully
[C8:0F:10:3C:7E:51][LE]> char-write-req 0x004e 150201
Characteristic value was written successfully
Notification handle = 0x004b value: 06 47

and the heart rate is 0x47, the last number.