Keychain with chip ST17H66B (iSearching) #94
Comments
|
I have such key fobs, but they have ST17H66T chip. Is support planned? |
|
ST17H66T is a chip without the ability to reflash. It uses one-time programmable memory, which is produced at the factory. |
pvvx
changed the title
|
Thanks for the information. |
|
This looks great, going to try this as soon as I find my Lenze programming jig. Do you mind if I link to this on biemster/FindMy? |
Программирование брелка с ST17H66BПотребуется адаптер USB-COM с выходами на 3.3В Талица соединений:
Пример строки запуска скрипта:Остальные варианты описаны в README Последовательность программирования.
|
Интеграция в Home Assistant.После прошивки брелка прошивкой “KEY2” в Home Assistant отобразится новое устройство:
Добавляем и нажимаем кнопку на брелке – появится новое Событие: “Button”.
Брелок зарегистрирован. Переключение на шифрованную рекламу BTHome BLE v2 (encrypted).
На этом всё – теперь брелок работает с шифрованной рекламой. |
|
My advertisement keys are 28 bytes (see here) but when I try your flasher it complains that it must be 22 bytes. |
|
In fact nrf connect shows 28 bytes, the first six are 38 1f 8d 09 af 89 and the remaining 22 are the ones I put in your flasher (edit: the mac of the device is f8 1f 8d 09 af 89) |
|
Firmware (v2.0 beta4) and PHY62x2BTHome.html program (v1.8) have been updated. FindMy key Base64: EiM0RVZneImaq7zN3u/+7dzLuqmYh3ZlVEMyIQ== The FindMy beacon has been supplemented with battery status transmission.
So far, no new information about the FindMy bacon format has been found. There are no publications or descriptions from the creators of the “reverse engineering” of FindMy on the Internet. |
|
Really nice, with the latest firmware flashed I actually got a report from Apple 👍 . |
|
Depends heavily on the beacon transmission interval.
Average current consumption as a function of beacon period. With a 3.0 V source. At longer intervals the chip sleep current (chip leakage) has a greater effect. Average sleep current - 2.8..3.5 uA - depends on the chip quality. At short intervals there is a large dependence on the set transmitter power in dBm. |
|
Cool, I set a 3s advertising interval but I see @biemster's code uses 5s, I'll change it. |
|
Is there a way to protect OTA access, with a password or something? I would not like if someone else passes by and changes the key.. |
|
If the button is not pressed, it is impossible to connect. The FindMy beacon does not have a connection request reception... |
ah sorry, I missed that! I just flashed an E2XT2319, as mentioned in the issue above, which went fine. But it does not have a button :D |
|
Button processing (FindMy mode): When the button is pressed, LED turns on, the FindMy beacon switches to transmitting BLE advertising with the AdvEventType = LL_ADV_CONNECTABLE_UNDIRECTED_EVT attributes. A first packet of BLE advertising events is transmitted in the quantity specified in "Number of event transmissions". The period of advertising events is 95 ms. Data in the packet is in BTHome format with "Button" = "1". If the button is released, the LED goes out. After the packet has been transmitted N*95ms, the speaker quietly clicks, the LED turns off regardless of the button (saving battery). If the button is still pressed, the first packet is transmitted again. If the button is released, the second packet of BLE "Number of Event Transmissions" announcements is transmitted, but with "Button" = "0". After the second packet is transmitted, the FindMy beacon with the AdvEventType attribute = LL_ADV_NONCONNECTABLE_UNDIRECTED_EVT begins to be transmitted. PS: I barely wrote it in English - Google translate is terrible :) |
|
@biemster - Now, to support "Find My" in Home Assistant, you'll have to fight with the writers of "Bluetooth" integration. But there you'll be sent to "Bluez", and there you'll be sent to the kernel, and there's Linus Torvalds :P |
😭 |
|
This integration does not receive the Find My beacon. For the BTHome mode option, an addition is planned - a key fob search. Upon request, when connected, it will give a sound signal... |
|
I forgot how frustrating it is to program these chips, I'm on it for three hours now and managed a grand total of 2! The third one I flashed only half, @pvvx your OTA bootloader does not replace the entire bootloader right? |
The question is not clear. Firmware installation via USB-COM adapter takes several minutes with soldering of wires. OTA: |
|
I'm just installing BOOT_KEY2_v20.hex. Getting the chip to start in firmware upload mode has always been an issue for me, probably due to the hacky setup I'm using. When the flasher gets to The question was if flashing BOOT_KEY2_v20.hex only partially due to lost connection will brick the chip? |
|
Flash writing on PHY62x2/ST17H66B chips is always available. |
Looking at the PCB, it seems similar to the one I have. It looks like it's the OTP type that can't be re-flashed.
|
Что "заливается" через веб страницу? Кроме "BOOT" для брелоков ничего не требуется, т.е. не обязательно. Функционал "BOOT" и "APP" для них одинаков. |
|
конекчусь через блютус далее ота app firmware : key2_v20.bin start и все тухнет |
|
Проверил только что: Всё ok.
Может что-то не то с чипом. Не пишите в него "APP", оставьте только "BOOT" |
|
я прошиваю воот прошивку отсоединяю адаптер com-ttl и прошивка сбрасываеться |
|
Ничего заново не надо. |
|
|
Странный какой-то Flash ID: 1124485, но всё остальное нормальное... Перед сканированием или последующим соединением кнопку нажимаете?
Устаревшие адаптеры BT плохо видят устройства BLE с большим интервалом маяка. |
|
вот прям сейчас залил воот |
|
Windows и прочие ОС вообще не помещают FindMy устройства в список соединения. У него нет атрибута в маяке для соединения. Нажатие кнопки аналогично – временно, на 80 секунд переключает в режим BTHome с коротким интервалом передачи для соединения. |
|
я не устанавливал FindMy |
|
Значит битый чип. Больше нечего предположить. Пробуйте записать в него оригинальную прошивку - https://pvvx.github.io/iSearching2/bin/fullflash.bin |
|
а её лить после бот или сразу её |
Описано выше Может там неподдерживаемая в SDK Flash... Это последнее предположение... |
|
три раза это |
И при вставке log заключайте его в три обратные кавычки "```". |
|
три раза =========================================================
PHY62x2/ST17H66B Utility version 20.12.24
---------------------------------------------------------
Connecting...
PHY62x2: Release RST_N if RTS is not connected...
ST17H66B: Turn on the power...
Chip Reset Ok. Response: b'cmd>>:'
Revision: b'01124485 6222M005'
FlashID: 1124485, size: 256 kbytes
PHY62x2 - connected Ok
Erase All Chip Flash... ok
Write Flash data 0x00000000 to 0x00040000 from file: fullflash.bin ...
Write 0x00002000 bytes to Flash at 0x00000000... error!
Error: Write Flash! |
|
Чип не хочет стирать разметку в начале Flash или снять флаг защиты начальных секторов Flash. Что-то с ним не то. Или очередная ревизия чипа... |
=========================================================
PHY62x2/ST17H66B Utility version 20.12.24
---------------------------------------------------------
Connecting...
PHY62x2: Release RST_N if RTS is not connected...
ST17H66B: Turn on the power...
Chip Reset Ok. Response: b'cmd>>:'
Revision: b'01124485 6222M005'
FlashID: 1124485, size: 256 kbytes
PHY62x2 - connected Ok
Erase All Chip Flash... ok
C:\Python311>rdwr_phy62x2.py -p COM3 -e -r we 0 fullflash.bin
=========================================================
PHY62x2/ST17H66B Utility version 20.12.24
---------------------------------------------------------
Connecting...
PHY62x2: Release RST_N if RTS is not connected...
ST17H66B: Turn on the power...
Chip Reset Ok. Response: b'cmd>>:'
Revision: b'01124485 6222M005'
FlashID: 1124485, size: 256 kbytes
PHY62x2 - connected Ok
Erase Flash work area... ok
Write Flash data 0x00000000 to 0x00040000 from file: fullflash.bin ...
Write 0x00002000 bytes to Flash at 0x00000000... error!
Error: Write Flash! |
|
ну ладно вроде все понятно фокус с двумя чипами не удался |
|
Желательно всё доделывать до конца. Необходимо выяснить тип Flash по ID. Может есть PDF... |
|
PDF есть только такой ST17H66B2_BLE_SoC_Datasheet_v1.1.2.pdf но тут я ничего не вижу про ID чипа мой чип
|
|
У меня в ST17H66B кристалл SPI-Flash имеет ID: 0B6012. "0B60" -> spi-Flash XT25W02E "12" -> 256KB
В PHY6222 чипах обычно установлена Flash GD25WD40C (ID: C86413) |
|
ну моих знаний тут не хватает |
|
https://aliexpress.ru/item/1005007131402237.html
Тогда ждать когда придут и я посмотрю что там за чип ST17H66B. |
|
нет я брал SP621E по 164р SP002E без bluetooth |
Я уже заказал все, на всякий случай :) @rif63 - Я кое что нарыл. В ST17H66B не инициализируется интерфейс кеширования Flash, названый у РНY как "spifs". |
залил оригинальную прошивку. брелок не сканиться. на кнопку не реагирует |
Key fob on chip ST17H66B with firmware "KEY2"
iSearching - BLE, Flash
iSearching2 - BLE, Flash
iSearching3 - BLE, OTP (!)
There are a large number of variations of this device.
Switching to “FindMy” mode
FindMy
Select "Connect" and press the button on the key fob again.
The text was updated successfully, but these errors were encountered: