Appendix: Tools

Here is a list of tools used while working on the reverse engineering.

BLE Mobile Applications

I use several mobile applications to quickly check the presence of a BLE peripheral and do basic interactions. I rarely do anything sophisticated in this way, but it’s sometime quicker or more convenient than the tools listed later. I didn’t really use them much for this study, but I’m listing them here to be complete:

• CySmart, from Cypress (now Infineon)

  • CySmart iOS

  • CySmart Android

• LightBlue

  • LightBlue iOS

  • LightBlue Android

• nRF Connect & other tool from Nordic Semiconductor

  • nRF Tools iOS

  • nRF Tools Android

BLE Applications on Windows

On Windows, I used 2 main BLE debugging tools.

Cypress CY5677 USB Dongle

I’ve been using CY5677 USB Dongle and predecessors since my first PSoC 4 BLE-based design in 2014 and they have never failed me. I use different kinds of interfaces to these dongle, depending on the situation:

CySmart Desktop

The simplest way to interface with the CY5677 is to use the CySmart Desktop Application. It provides an intuitive GUI for testing and debugging BLE peripherals. It acts as a BLE Central and can scan, connect to and interact with BLE Peripherals. I use the CY5677 + CySmart Desktop whenever I want to perform some manual interactions with a Peripheral, or when I’m discovering how a new BLE Peripheral works.

CySmart C# API

The Dongle can also be used with scripts and bindings for certain programming languages. The BLE Dongle communicates with the host using some form of HCI over USB. I have never taken the time to make my own clean library for this, and so my goto solution is copying an old .NET Visual Studio solution that gives me OK-ish results for some data-logging, including:

• Scanning and logging Advertisement data

• Connecting automatically to a certain BLE Peripheral

• Automating characteristic Read/Write operations

• Enabling and receiving BLE Notification and Indications

I don’t provide any links to the C# .NET project because it seems to be completely gone from the internet, butyou can find all the necessary DLLs when installing CySmart along with the API reference documentation.

CY5677 Python Scripts

I was looking for a nice Python script recently, and I was surprised to find close to nothing:

• mazent/CY5677 is OK. I automated a couple things based on this.

• odwdinc/Cy_BleBridge avoid this: it’s almost empty, and broken.

nRF52840-DK + Wireshark Sniffer

For sniffing (i.e. not interacting directly with a BLE Peripheral, but eavesdropping on the protocol), I’ve had excellent results with the nRF52840 Development Kit, coupled with the Wireshark Network Analyser.

Follow this installation guide to convert an nRF52840 into a powerful BLE Sniffing Tool. This is my preferred low-cost solution to analyse data sent by a BLE Peripheral, or to observe a bidirectionnal communication in connected mode between a BLE Central and Peripheral.

The packet dissector in Wireshark is very well done and is aware of all the BLE packet formats. It’s also a practical way of storing and re-loading captures for future inspection, using the .pcapng file format.

Lab Hardware

As a professional embedded systems developer specialized in firmware, I often find myself debugging someone else’s PCB during early stages of development. I also occasionally design simple PCBs myself. I’ve gradually acquired mid-priced-ranged equipment over the years, but none of these tools were pushed even remotely close to their limits for this teardown. Much cheaper adequate alternatives exist.

Some are self-explanatory:

• Keysight 34465A 6 1/2 digits Digital Multi Meter (great for µA measurements with on-screen plotting)

• BK Precision 2831E 4 1/2 digits Digital Multi Meter

• Keysight MSOX3104T Mixed Signal Oscilloscope

• Weller PU81 soldering iron

Others deserve a few comments.

Weller WMRT soldering tweezers + DIY station.

Soldering tweezers are great for unsoldering components, and the Weller tweezers are amazing but the WMRT-compatible stations are horribly expensive. My tweezers are hooked up to a custom solering iron station based on this DIY Weller WMRP and WMRT compatible soldering station. A friend assembled 20 of these a few years ago and I was lucky to be able to buy 2 units from him.

Digital Microscope

For taking close-up pictures of PCBs, I spent years using a really cheap lens that fits on smartphone camera. It was more of a “light funnel” than a magnifier and I rarely got good results. It was difficult to get enough light, there was a lot of distoring on the sides and the magnification was bad. Nowadays I use the excellent Andonstar AD409 Microscope, which can send photos and even live videos to a smartphone or PC, great for this kind of work or for sharing images live during a videocall.

pH / ORP Test Kits

I own a few reference pH and ORP solutions from Atlas Scientific. Anyone interested in pH and ORP measurements should have a read through their excellent documentation. I obtained these solutions from a local reseller a few years ago, and they are just past their expiry date (but working well enough for my needs).

Other 3rd-Party Software

• This documentation is written with Sphinx.

• Hand-drawn images are done with a Wacom Intous tablet and Xournal++, a more-than-worthy successor of the excellent Xournal application.

Probe Emulator

Todo

document the probe emulator hardware, firmware + python GUI