Bluetooth 12v Battery Monitor

Others (MiLight, Hue, Toon etc...)

Moderator: leecollings

Post Reply
Driftvk
Posts: 4
Joined: Wednesday 10 August 2016 8:12
Target OS: Windows
Domoticz version:
Location: South Australia
Contact:

Bluetooth 12v Battery Monitor

Post by Driftvk »

G'Day all

I'm hoping someone with a bit of experience with Bluetooth BLE devices might be able to help me out.
I've picked up a Bluetooth 12v Car Battery Monitor which uses the android/ios app called "BM2"
https://www.aliexpress.com/item/33004648736.html

I'd like to use a Raspberry Pi Zero W to pair with the device & receive the data to then pipe into Domoticz (MQTT etc).

I've been able to connect and receive some data but I'm not sure how to decode it.

On immediate connection with gattool, it receives a line of data once per second:

Code: Select all

pi@RPi-ZeroW:~ $ sudo gatttool -b 90:E2:02:35:30:8E -I
[90:E2:02:35:30:8E][LE]> connect
Attempting to connect to 90:E2:02:35:30:8E
Connection successful
Notification handle = 0x002e value: 66 5a aa e9 8c c9 af c4 7a 04 c3 ff 6f d4 a0 e2 
Notification handle = 0x002e value: 74 04 ba 2b d0 de 7b 14 85 8b e0 93 a2 e2 cb 94 
Notification handle = 0x002e value: ec 6c df 86 8c 9f 3e b2 29 5a 97 eb b8 57 51 b1 
Notification handle = 0x002e value: 28 6e 9a 62 ec 58 8c c3 8e 79 a5 52 c3 68 f5 ee 
Notification handle = 0x002e value: c2 c4 74 81 29 95 2f 49 9d fc 73 3c 50 ae 45 85 
Notification handle = 0x002e value: 43 3b 00 17 2f c2 c3 6f ad 64 93 a8 94 33 31 e2 
Notification handle = 0x002e value: 64 60 71 a7 f8 06 5d b4 91 06 20 26 5b 17 0b fe 
Notification handle = 0x002e value: c5 0f 0d 0b fa 30 76 cc e2 4e d5 61 6c 70 e0 5b 
Notification handle = 0x002e value: c1 3f e4 df ca 08 0c ff 19 87 df 23 dc 34 02 17 
Some other info that might be useful/make sense to someone:

Code: Select all

[90:E2:02:35:30:8E][LE]> primary
attr handle: 0x0001, end grp handle: 0x000b uuid: 00001800-0000-1000-8000-00805f9b34fb
attr handle: 0x000c, end grp handle: 0x000f uuid: 00001801-0000-1000-8000-00805f9b34fb
attr handle: 0x0010, end grp handle: 0x0022 uuid: 0000180a-0000-1000-8000-00805f9b34fb
attr handle: 0x0023, end grp handle: 0x0033 uuid: 0000fff0-0000-1000-8000-00805f9b34fb
attr handle: 0x0034, end grp handle: 0xffff uuid: f000ffc0-0451-4000-b000-000000000000

Code: Select all

[90:E2:02:35:30:8E][LE]> characteristics
Notification handle = 0x002e value: cd 9c 72 23 3e 0b 55 81 5b d0 a6 1d dd 87 5c 88 
handle: 0x0002, char properties: 0x02, char value handle: 0x0003, uuid: 00002a00-0000-1000-8000-00805f9b34fb
handle: 0x0004, char properties: 0x02, char value handle: 0x0005, uuid: 00002a01-0000-1000-8000-00805f9b34fb
handle: 0x0006, char properties: 0x0a, char value handle: 0x0007, uuid: 00002a02-0000-1000-8000-00805f9b34fb
handle: 0x0008, char properties: 0x08, char value handle: 0x0009, uuid: 00002a03-0000-1000-8000-00805f9b34fb
handle: 0x000a, char properties: 0x02, char value handle: 0x000b, uuid: 00002a04-0000-1000-8000-00805f9b34fb
handle: 0x000d, char properties: 0x20, char value handle: 0x000e, uuid: 00002a05-0000-1000-8000-00805f9b34fb
handle: 0x0011, char properties: 0x02, char value handle: 0x0012, uuid: 00002a23-0000-1000-8000-00805f9b34fb
handle: 0x0013, char properties: 0x02, char value handle: 0x0014, uuid: 00002a24-0000-1000-8000-00805f9b34fb
handle: 0x0015, char properties: 0x02, char value handle: 0x0016, uuid: 00002a25-0000-1000-8000-00805f9b34fb
handle: 0x0017, char properties: 0x02, char value handle: 0x0018, uuid: 00002a26-0000-1000-8000-00805f9b34fb
handle: 0x0019, char properties: 0x02, char value handle: 0x001a, uuid: 00002a27-0000-1000-8000-00805f9b34fb
handle: 0x001b, char properties: 0x02, char value handle: 0x001c, uuid: 00002a28-0000-1000-8000-00805f9b34fb
handle: 0x001d, char properties: 0x02, char value handle: 0x001e, uuid: 00002a29-0000-1000-8000-00805f9b34fb
handle: 0x001f, char properties: 0x02, char value handle: 0x0020, uuid: 00002a2a-0000-1000-8000-00805f9b34fb
handle: 0x0021, char properties: 0x02, char value handle: 0x0022, uuid: 00002a50-0000-1000-8000-00805f9b34fb
handle: 0x0024, char properties: 0x0a, char value handle: 0x0025, uuid: 0000fff1-0000-1000-8000-00805f9b34fb
handle: 0x0027, char properties: 0x02, char value handle: 0x0028, uuid: 0000fff2-0000-1000-8000-00805f9b34fb
handle: 0x002a, char properties: 0x08, char value handle: 0x002b, uuid: 0000fff3-0000-1000-8000-00805f9b34fb
handle: 0x002d, char properties: 0x10, char value handle: 0x002e, uuid: 0000fff4-0000-1000-8000-00805f9b34fb
handle: 0x0031, char properties: 0x02, char value handle: 0x0032, uuid: 0000fff5-0000-1000-8000-00805f9b34fb
handle: 0x0035, char properties: 0x1c, char value handle: 0x0036, uuid: f000ffc1-0451-4000-b000-000000000000
handle: 0x0039, char properties: 0x1c, char value handle: 0x003a, uuid: f000ffc2-0451-4000-b000-000000000000

I'm not sure where to go from here. Any help would be appreciated!
Software: Win2012R2, Domoticz, Mosquitto, Koenkk Zigbee2MQTT, Broadlink Python Plugin.
Hardware:CurrentCost128 3x IAMs, 5x Temperature sensor Wemos D1 Mini with 'ESPEasy', Zigbee via CC2531, ArduinoMega RFLink Gateway, Broadlink RM Mini3
KiwiME
Posts: 1
Joined: Tuesday 02 February 2021 1:14
Target OS: Raspberry Pi / ODroid
Domoticz version:
Location: New Zealand
Contact:

Re: Bluetooth 12v Battery Monitor

Post by KiwiME »

Have you made any progress on this device? I'm pretty much at the same roadblock. I can't decode the hex into anything recognisable.

-Paul
Driftvk
Posts: 4
Joined: Wednesday 10 August 2016 8:12
Target OS: Windows
Domoticz version:
Location: South Australia
Contact:

Re: Bluetooth 12v Battery Monitor

Post by Driftvk »

Hi Paul

Project got abandoned but I did get a couple of responses over on the raspberry pi forum.
https://www.raspberrypi.org/forums/view ... 8#p1514658

Let us know how you go!
I've since added a Victron Smartsolar MPPT controller to my setup which has inbuilt bluetooth + android/windows apps. Its nice to compare the Victron & other Bluetooth batt monitor to see how the system is performing

Cheers.
Software: Win2012R2, Domoticz, Mosquitto, Koenkk Zigbee2MQTT, Broadlink Python Plugin.
Hardware:CurrentCost128 3x IAMs, 5x Temperature sensor Wemos D1 Mini with 'ESPEasy', Zigbee via CC2531, ArduinoMega RFLink Gateway, Broadlink RM Mini3
MrKaietronPirate
Posts: 1
Joined: Tuesday 07 November 2023 0:19
Target OS: Linux
Domoticz version:
Contact:

Re: Bluetooth 12v Battery Monitor

Post by MrKaietronPirate »

Ahoy,

Pardon mi late.

Noticed you did not get too far, from what I see, you have just connected to the device, listed primary and characteristics.

The data you have there is hardcoded and do not represent anything other than the bluetooth HANDLES, this is not your data, is WHAT STORES DATA.
That is why you could not decoded it into anything recognizable.

But what to do with these?

Let me tell you.
Spoiler: show
HELP

I do not have access to your device to read what those handles contain, but here is a similar example.

This is from a CADA LEGO (chinese lego technic knokoff with powerfunction and bluetooth) model C83001W cada Bot > look it up on google

The principle should be the same.

Code: Select all

[dc:XX:XX:XX:1b:f2][LE]> help
help                                           Show this help
exit                                           Exit interactive mode
quit                                           Exit interactive mode
connect         [address [address type]]       Connect to a remote device
disconnect                                     Disconnect from a remote device
primary         [UUID]                         Primary Service Discovery
included        [start hnd [end hnd]]          Find Included Services
characteristics [start hnd [end hnd [UUID]]]   Characteristics Discovery
char-desc       [start hnd] [end hnd]          Characteristics Descriptor Discovery
char-read-hnd   <handle>                       Characteristics Value/Descriptor Read by handle   <<<<<<<<< Right HERE
char-read-uuid  <UUID> [start hnd] [end hnd]   Characteristics Value/Descriptor Read by UUID
char-write-req  <handle> <new value>           Characteristic Value Write (Write Request)
char-write-cmd  <handle> <new value>           Characteristic Value Write (No response)
sec-level       [low | medium | high]          Set security level. Default: low
mtu             <value>                        Exchange MTU for GATT/ATT
==============================================================================================================================

Code: Select all

[LE]> characteristics
handle: 0x0002, char properties: 0x02, char value handle: 0x0003, uuid: 00002a00-0000-1000-8000-00805f9b34fb
handle: 0x0004, char properties: 0x02, char value handle: 0x0005, uuid: 00002a01-0000-1000-8000-00805f9b34fb
handle: 0x0006, char properties: 0x02, char value handle: 0x0007, uuid: 00002a04-0000-1000-8000-00805f9b34fb
handle: 0x0008, char properties: 0x02, char value handle: 0x0009, uuid: 00002aa6-0000-1000-8000-00805f9b34fb
handle: 0x000d, char properties: 0x22, char value handle: 0x000e, uuid: 00002a05-0000-1000-8000-00805f9b34fb
handle: 0x0011, char properties: 0x10, char value handle: 0x0012, uuid: 0000fff1-0000-1000-8000-00805f9b34fb
handle: 0x0015, char properties: 0x04, char value handle: 0x0016, uuid: 0000fff2-0000-1000-8000-00805f9b34fb
handle: 0x0018, char properties: 0x18, char value handle: 0x0019, uuid: 0000fff3-0000-1000-8000-00805f9b34fb
handle: 0x001d, char properties: 0x04, char value handle: 0x001e, uuid: 0000fd01-0000-1000-8000-00805f9b34fb
handle: 0x001f, char properties: 0x18, char value handle: 0x0020, uuid: 0000fd02-0000-1000-8000-00805f9b34fb
.........................................................|HERE |......................................................
These are the handles and UUIDS for this fake lego BT toy, we are interested in CHAR VALUE HANNDLE (not HANDLE)

What these do? We need to find out, as some are for write to the device, some for read, some for ACK/notif.

we take the first one 0x0003 and try to read from it

==============================================================================================================

Code: Select all

[LE]> char-read-hnd 0x0003
Characteristic value/descriptor: 48 69 2d 43 61 44 41 5f 50 41 49 52 2d 31 32 47 5a 50 d4 97 67 2e b2 1d   ### <<<< here we got a read
but what is this confusing long bunch of numbers? >> it's HEX DATA

This can be converted to numbers (value for your heart rate monitor or current\voltage of your battery, intensity of a vib**r :) who knows)
Or text (name of the device, description of something, a text value EG "alert", any text really)
Or binary (the device could comunicate with other device in binary data. EG 1001 1100 which could set functions, turn on or off things in the other device)

But since you own the device you shoud know what to expect more or less, if it's a watch, you would expect HEX DATA to represent numbers (decimals) right?


===============================================================================================================

So, we need to convert this to decimal or text (usually, it sometimes can be binary data which can be harder to find meaning for)

First we eliminate spaces >>> 48692d436144415f504149522d3132475a50d497672eb21d

Then we go to a website that can convert HEX to text/decimal/binary etc >>>> google up hex to text convertor online

mine is too long to be decimal (no pun intended) so I've tried to convert HEX to text (could also be decimal but didn't make too much sense)

this resullted the name of the device (it's bluetooth SSID)

Code: Select all

48692d436144415f504149522d3132475a50d497672eb21d    >>>  From Website HEX TO TEXT      >>>>      Hi-CaDA_PAIR-12GZPԗg.²

You can write your own small code that can convert a HEX data to text or other type but, 
since there are a lot of websites at a click distance that can to this for you, it would make sense to use those for simple reads.

===============================================================================================================

You can now go to the next handle (char handle) and try to read it... until you find what you need

some of them are not meant to be read so you will get error, which is expected and normal
================================================================================================================

To read is easy, you get the values, but to write not so much. You will have to know the value to write and that is not something you can read from the device so you can write it back.

You will need a BT sniffer for that and interact with the device so you can captute the values sent/received, analize them in wireshark........ this is another story mates. Let me know if you are interested in this...I'll make another post.



I gave you power, now go plunder!! :lol: 8-)

Log DATE: 7 November 2023 by MrKaietron
Last edited by MrKaietronPirate on Tuesday 07 November 2023 12:47, edited 1 time in total.
irritateknockback
Posts: 1
Joined: Wednesday 30 August 2023 12:34
Target OS: Windows
Domoticz version:
Contact:

Re: Bluetooth 12v Battery Monitor

Post by irritateknockback »

Hi Driftvk,

It looks like you've made some progress connecting your Bluetooth 12v Car Battery Monitor to your Raspberry Pi Zero W. To decode the data, you'll need to understand the data format being sent in those notifications. The values you're seeing are likely in hexadecimal.

You may want to consult the manufacturer's documentation for the Bluetooth device or reach out to their support for information on the data format. Once you know the format, you can write a Python script on your Raspberry Pi to decode and process the data before sending it to Domoticz via MQTT.

Good luck with your project, and I hope you find the information you need to decode the data effectively!
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests