Sebastian Muszynski

``` # Frame: 2 Bytes: Start of frame (0x55 0xAA) 1 Bytes: Address (0x11) 1 Bytes: Read or write 2 Bytes: Command 2 Bytes: Data length n Bytes: Data 1...

I know. I just tried to inform you if you own the device some day we could give it a try to add device support.

Are you sure the `bug.zip` did not contain a "*btsnoot*log"? ``` unzip bug.zip find . -name btsnoop_hci.log ```

I will provide some additional instructions tomorrow. I assume some important steps of the capturing process are missing. I've to verify some steps locally to provide better instructions. Probably just...

Alright. I will ping you tomorrow!

Could you tell me the Android version of your device?

I tried the following with my Android 9 phone: 1. Enable ADB 2. Enable Bluetooth HCI snoop log 3. Turn off bluetooth + turn on bluetooth 4. Start the BMS...

Is your phone rooted? If yes we could try this approach: https://stackoverflow.com/a/58384046

Awesome! It looks like your capture contains everything I'm looking for. I will try to extract some requests & responses.

``` 1. Command Write response (0x13) 2. Write command (0x52) Service UUID: 0xffe0 Char: 0xffe1 Value: aa5511010100140000000000000000000000faff More commands: aa5511010400140000000000000000000000ffff aa5511010200001400000000000000000000f9ff aa551100050d140000000000000000000000f2ff aa551100050d140000000000000000000000f2ff aa551100050d140001000000000000000000f3ff aa551100050d140001000000000000000000f3ff Notifications (32 bytes per chunk,...