Sending Assisted GNSS (A-GNSS) to Bangle 2 GPS (AT6558)

Posted on
Page
of 4
/ 4
Last Next
  • @Gordon - I wonder if there are any plans to build an App to send
    A-GNSS data to the Bangle 2 GPS chip.s Has there been any attempt
    to do this.

    I found the following if it is any use to you.
    I have been unsuccessful so far in sending any CASIC commands to the B2 GPS.

    If you go to https://www.icofchina.com
    Got to the downloads link
    https://www-icofchina-com.translate.goog/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB

    Download AGPS.zip

    Unzip and there is a file called agps_demo.c
    This shows how to download the A-GNSS information data.

    Unzip and inside the AGPS folder is a CasicAgns.zip file.
    Inside that zip is file called casicAgnsAidIni.c
    This file has the following code at the bottom.

    	ckSum = 0x010B0038;
    	for (i = 0; i < 14; i++)
    	{
    		ckSum += pDataBuff[i];
    	}
    
    	
    	aidIniMsg[0] = 0xBA;
    	aidIniMsg[1] = 0xCE;
    	aidIniMsg[2] = 0x38;		// LENGTH
    	aidIniMsg[3] = 0x00;
    	aidIniMsg[4] = 0x0B;		// CLASS	ID
    	aidIniMsg[5] = 0x01;		// MESSAGE	ID
    	
    	memcpy(&aidIniMsg[6],  (char*)(&aidIni), 56);
    	memcpy(&aidIniMsg[62], (char*)(&ckSum),  4);
    	
    	return;
    }
    

    The code above makes it look like the start of the CHKSUM is calculated as

    sum = (msg_id << 24) + (msg_class << 16) ++ (len_byte1 << 8) + (len_byte0)
    

    This is ties in with the statement in the CASIC document.

    The calculation of the check value can follow the following algorithm:
    ckSum = (id << 24) + (class << 16) + len;
    for (i = 0; i <(len / 4); i++)
    {
    ckSum = ckSum + payload [i];
    }

    The point is - that it looks like the CASIC command should work on our Bangle 2 GPS chip.
    However so far I have been unable to get a response to a basic CFG-PRT command.
    See the other thread by @Mark_M
    http://forum.espruino.com/conversations/371336/#comment16328801

  • did you get some data from their servers? I tried it like half year ago and the trial user/password worked to get agps data, but last time I tried (week ago?) it did not work for me

  • did you get some data from their servers?

    Just tried it and I got.
    I suspect we will have to raise a support case on the site to a trial username and password.
    The code is from 2015, so maybe the trial account is no longer the same.

    $ ./agps_demo 
    AGPS demo.
    Create a socket.
    Get agps server by name.
    Copy agps server information to socket address struct
    Connect to agps server.
    Build agps message.
    Message: user=freetrial;pwd=123456;lat=30.1;lon=120.2;
    Send message to agps server.
    Wait for server transferring agps data.
    Received 25 bytes from agps server.
    All agps data are received.
    Total bytes: 25
    Demostrate agps_buffer, agps_buffer_length = 25.
    
    ERROR: INVALID USER/PWD.
    
    
    Now, you can send these data to gnss module through tty.
    Using code like:
    write(tty_fd, agps_buffer, agps_buffer_length);
    $ 
    
  • yes, same result, this worked for me some (long) time ago. I am not so optimistic about support case but yes we can try to contact them that the example does not work. I guess the right solution in the long run may be to get own user/password for bangle or figure out the one that is used by original Q3 firmware/android app.

  • Please provide the links to the Q3 firmware / App.
    Then I can have a "look" into the code...

  • I use "Join Fit Watch" with Q3, that one was linked in manual that came with it.

  • Ah perfect! Thanks for pointing out, Fanoush :)

  • Thanks user137757 and Fanoush.
    com.sma.smartv3 is for "Q3 / R4 / R5 series watches"
    com.jion.fit is for "F3 / R3 / Q3 / AFWG0720 series watches"
    So there's a big range of watches that seem to share the same AGPS mechanism.

  • That would not surprise me, especially if the watches all use the same chip, plus would expect quite a bit of commonality across manufacturers and suppliers of AGPS data.

  • Thanks - this looks really promising. If you can find a URL @HilmarSt I can set my server up to grab data off it once a day and host locally, which is what I do for UBlox AGPS on Bangle.js 1.

    I'm not sure, but for UBlox you literally just stream the file you downloaded straight to the GPS chip - it contains all the commands already. It is possible that this one is similar too...

  • I read the code and its seems to construct the necessary UBLOX commands in the javacript that is embedded in the HTML interface.

    We would have to work out the necessary CASIC commands to do this. I am working on trying to get a checksum function working for CASIC. Should get back to that soon, but I am back at work now so its the odd hours in the evening now.

  • if you can find a URL

    it is not like ublox which makes it public at http://alp.u-blox.com/
    you need to apply for user/password, see attached PDF (got it from their site and translated via google)
    "AGNSS currently only provides AGNSS services to authorized customers
    • AGNSS only provides assistance to Zhongkewei's GNSS receivers.
    "


    2 Attachments

  • Just a crazy idea:
    If you follow the download link from HughB in #1 ( https://www.icofchina.com/d/file/xiazai/2020-09-22/26ac3f347aca9fc6c3a23db296b0dec0.zip?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB ), you will get a .zip file which contains GnssToolKit3.exe . If you start it, it waits for a connection to a COM port.
    [crazy on]
    Would it be possible to route the internal COM ports of the watch via Bluetooth serial to GnssToolKit3.exe ?
    [/crazy off]
    If this is working, it should be possible to look at the communication with a com port sniffer and eventually get hints for the CASIC communication or (I'm dreaming) AGPS.
    btw: You can set GnssToolKit3.exe to English with the rightmost menu entry, 3rd item and restart of the program.

    While searching the internet for "gnss-aide.com" it seems that also ublox devices use this service. Which AGPS provider does the Bangle.js 1 use?

  • There's a working bit of code that does a AGPS load written in C for the AT6558 that demonstrates how to send the CASIC commands for AGPS. What we need are the checksum calculation writing and the AGPS Bangle1 app cloning to use the CASIC commands. If a simple bit of javascript can be written that will load 1 set of AGPS data onto the B2 then I am sure someone would be able to do the web wrap. There is a lot of stuff I dont understand in the web wrap for the Bangle1 AGPS App, but I can see how it works from a UBLOX perspective. I was working on the checksum function but got sidetracked with analogue clocks etc :)

  • ther is no standard for com port over BLE but it could work with something like https://github.com/Jakeler/ble-serial if bangle would make gps serial available over bluetooth as one of those ble serial adapters (like HM-10) which is quite easy.

    However I guess the data received from that password protected agps service could be simply written to the gps as is. But still that GnssToolKit3 tool could be interesting to use.

  • It would be very nice to have such gateway. Because that would allow to update AT6558 firmware. Currently it is quite outdated. Some CASIC commands work, some do not. I even cannot figure out how to see SW version.

    //MON-VER
    Serial2.write([0xBA,0xCE, 0x00,0x00, 0x0A,0x04, 0x00,0x00,0x0A,0x04]);
    //MON-HW
    Serial2.write([0xBA,0xCE, 0x00,0x00, 0x0A,0x09, 0x00,0x00,0x0A,0x09]);
    

    It returns ACK-NACK

  • It would be very nice to have such gateway. Because that would allow to update AT6558 firmware. Currently it is quite outdated. Some CASIC commands work, some do not. I even cannot figure out how to see SW version.

    //MON-VER
    Serial2.write([0xBA,0xCE, 0x00,0x00, 0x0A,0x04, 0x00,0x00,0x0A,0x04]);
    //MON-HW
    Serial2.write([0xBA,0xCE, 0x00,0x00, 0x0A,0x09, 0x00,0x00,0x0A,0x09]);
    

    It returns ACK-NACK

    When I try to query via CFG-MSG, it again returns ACK-NACK

    Serial2.write([186, 206, 4, 0, 6, 1, 10, 4, 255, 255, 14, 4, 5, 1])
    

    Some messages return ACK-ACK, but never return result payload.
    I suspect that there is very early version of CASIC.

  • If you can find a URL...

    I've tried to find one in the .apk and in .dex -> .jar -> .java but with no success.

    As the communication with http://www.gnss-aide.com seems to be not encrypted, there should be a good chance to find the URL in the communication of the Android App with help of the Wireshark protocol analyzer.
    For a working Android App, some original hardware (e.g. an original Q3) is needed - Gordon, if you can send me one I will try again to find a URL ;-)

  • As the communication with http://www.gnss-aide.com seems to be not encrypted, there should be a good chance to find the URL in the communication of the Android App with help of the Wireshark protocol analyzer.

    you can also just setup a http proxy for network connection in android an check proxy logs

    For a working Android App, some original hardware (e.g. an original Q3) is needed - Gordon, if you can send me one I will try again to find a URL ;-)

    If you can use SWD it is possible to flash original Q3 firmware to bangle 2 and later revert back. With a bit of luck and experience it is possible also without SWD, but you already know that if it is your case ;-) I can PM you direct link to Q3 firmware DFU zip on their servers if you know what to do with it. It needs softdevice S140 6.1.1 which is not the one used currently for Espruino.

  • Well that's irritating - I just tried here with an unflashed Q3 and despite setting up a proxy with a trusted certificate, the app doesn't trust it.

    However when I try to update the AGPS it requests some API at SMA by the look of it, so I doubt it goes direct. Although we may be able to get the GPS data second-hand from SMA's servers.

    @HilmarSt were you looking in the code for a gnss-aide.com address? What about if you try and look for some GPS-related API access?

  • Well that's irritating - I just tried here with an unflashed Q3 and despite setting up a proxy with a trusted certificate, the app doesn't trust it.

    I think you need rooted phone and put certificate to system partition for it to work for android 7 and up. however proxy only for http could work? https://stackoverflow.com/a/22040887 or see https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/

    but I guess using device with android <7 may be easier?

  • fanoush, thank you very much for the offer.
    I can't do SWD and it feels I'm currently out of "a bit of luck and experience" ;-)

  • were you looking in the code for a gnss-aide.com address?

    I've used a .dex to .java decompiler and did a full text search in the sources.
    But now I think that SMA isn't so unexperienced to allow this:
    If I were SMA and wanted to protect my credentials I would authenticate the watch via API, wait for the SMA server to download from gnss-aide.com and provide the AGPS data via API - I think, thats what you observed.
    I'm not experienced enough to find the AGPS data in the protocol, so I give up.

    Maybe someone is able to solder 2 wires to the serial port of the GPS hardware in the Q3 watch and capture the AGPS data from there...

  • Well that was painful, but: https://api.smawatch.cn/epo/ble_epo_offline.bin

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Sending Assisted GNSS (A-GNSS) to Bangle 2 GPS (AT6558)

Posted by Avatar for HughB @HughB

Actions