seemoo-lab
Alternative firmware
I just created an alternative firmware that is compatible with both nRF51 and nRF52 platforms. It's using the Softdevice S130/S132 2.0.0 from Nordic SDK11.
I already tried it on this modules:
- E104-BT5032A board from EBYTE which can be purchased here https://www.aliexpress.com/item/4000538644215.html
- "AliExpress beacon" which can be purchased here https://www.aliexpress.com/item/32826502025.html
More info here: https://github.com/acalatrava/openhaystack-firmware/tree/main/apps/openhaystack-alternative
@acalatrava could you share the "howto" flash E104-BT5032A board? did you use a special board, adapter or just STLinkV2?
I build openhaystack-alternative_s130.bin replaced public_key and using STLinkv2 to flash into an NRF51822 which you had tested. the module consumes 2.6ma, but there are no advertisements.
please advise, thank you.
Please note that you need to flash the SoftDevice too. You can generate a full bin file by issuing make build, the bin will be at the compiled directory.
Can you share your consume after that? I don’t have the tools to measure it.
@mowtschan I used a JLink-compatible adapter, however you should be able to use the STLinkV2 too. I think it should work if you just issue make && make e104install, this will use nrfjprog to flash the firmware which I think it should work with STLinkV2 too.
@acalatrava with softdevice nrf51_firmware.bin Size around 3.1MB, how to flash into nrf51 chipset?
for openhaystack firmware standby 860uA, and sent advertisements will consume 960uA.
You’re right. I think the problem is that those are not actually bin files but hex ones. I’m not at the computer atm so please try to rename it and flash it that way.
Both bin and hex files are actually the same firmware on a different format. You can’t see the key on the bin file with a simple editor since the firmware is encoded in hexadecimal format (that’s why the file is bigger) instead of binary.
So you can replace the key on the source file, compile, merge it with the SoftDevice and flash the resulting hex file (the compiled file appears as bin but it’s actually a hex file).
I’ll try to fix this naming issue when I’m at home.
@acalatrava can you confirm that compiled nrf51_firmware.bin size is 3.1MB?
I try to flash with ST-LINK v2 but seem to run out of space.
No, it’s not a bin file but a hex one. You should try to rename it to hex and then either flash it with nrfjprog (not sure if you can use it with stlink) or convert it to bin (I think there is a hex2bin.pay tool somewhere)
@acalatrava https://github.com/acalatrava can you confirm that compiled nrf51_firmware.bin size is 3.1MB?
I try to flash with ST-LINK v2 but seem to run out of space.
[image: image] https://user-images.githubusercontent.com/37057723/117548362-7465c700-afe9-11eb-9aaa-1a81d571b593.png
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/openhaystack/issues/57#issuecomment-835442222, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACA3W4OGPOTNPJLK2VI5QT3TMVZPRANCNFSM44JSW4NQ .
finally, I manual merge softdevice hex file got 324kb size hex, flashed with STLINK v2, and keep consume 5uA, so no advertisements yet. I flashed back into openhaystack firmware and got advertisements again. I think need way hex2bin then.
appreciate.
mergehex -m s130_nrf51_2.0.0_softdevice.hex openhaystack-alternative_s130.hex -o softdevice.hex
I use objcopy cmd in Linux can convert hex to a bin, as the same way compiled an example s130-beacon apps it is running, but openhaystack-alternative doesn't run at all.
@junleus I can confirm that something is broken with the nRF51 since it isn’t working on mine either. I’ll try to check what I broke, but since I have it working on another nRF51 for 7 days now it shouldn’t be hard to find.
@jaekim24 I still didn’t put a coin cell on my module but since it’s working for more than 7 days on my nRF51 and the battery is still at 2.96V I expect a very long duration.
I just published the fixed firmware http://github.com/acalatrava/openhaystack-firmware/ This one should work fine on a nRF51 module (tested!)
@junleus please test it and tell me how much it consume. Also, how are you measuring it?
@jaekim24 I'm using this module https://www.aliexpress.com/item/32826502025.html with a CR2032 cell coin battery. Battery still at 2.96V :)
@acalatrava
- I used a multimeter with dc amps to measure.
- I git clone your repository again, compiled new firmware, ether your and mine does not send the advertisements.
- Can you use the LightBlue app to scan the nRF51? when your iPhone beside the nRF51, the signal should be less than 30db.
Yes, I can confirm mine is working. In fact it appears on OpenHaystack app. Can you try with the compiled one from the releases?
https://github.com/acalatrava/openhaystack-firmware/releases/download/0.1/nrf51_firmware.bin
@junleus unfortunately on my iPhone I'm unable to find my nrf51 but with the Macbook it works, I can even see exactly which device is mine:
- copy adv. key:
- run command and see from byte 7 which public key has your device(just 3-4bytes would be enough):
- On mac I'm using BlueSee tool (https://apps.apple.com/de/app/bluesee-ble-debugger/id1336679524?mt=12):
@acalatrava I flash that one too, no luck.
there are a little bit different of mine chip.
@mowtschan
I am using multimeter measure the power consume, the chip keep 5uA, so I pretty sure no advertisements send. seem keep sleeping.
I’m pretty sure it’s working. The thing is that the advertisement is set every 5 seconds. Sometimes on the iPhone won’t appear after 10 or even 20 seconds. Probably you are seeing 5uA because most of the time is sleeping :)
try changing the advertisement interval or try this app which seems to work better to see the device on iPhone https://apps.apple.com/es/app/ebeacon-ble-scanner/id730279939
@mowtschan what kind of chipset you are using? I used the same way of compiled the s130-beacon app, running well.
my chipset info
Info : nRF51822-QFAA(build code: H2) 256kB Flash, 16kB RAM
and
Info : nRF51822-QFAA(build code: H0) 256kB Flash, 16kB RAM
@junleus I bought it by AliExpress here: https://www.aliexpress.com/item/33061215469.html?spm=a2g0s.9042311.0.0.27424c4dgqLbvo P.S.: just to clarify: I’m using original firmware from openhaystack.
@junleus if the s130-beacon is working then my firmware should work too. Did you try to change the advertising interval? Try to change it to 100, that way you should see it on the light blue app or similar https://github.com/acalatrava/openhaystack-firmware/blob/eef0a6b81e405b79027f0cf450c3e4b3322a76b3/apps/openhaystack-alternative/main.c#L10
by the way, your board is the same as mine! So...
Which modules did you order?
you should try the firmware on the nRF51 during the day and check if the location is being updated on the app
https://www.amazon.com/gp/product/B081GYNM2G/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1
im trying to flash the nRF52 but idk where to connect my VCC port from my J-Link debugger to the nRF52 module and also which ground am I supposed to connect to on the nRF52 module
@acalatrava how do I flash the nRF52 chip is it similar to how you flash a ESP32 with open-haystack like this [ ./flash_esp32.sh -p /dev/yourSerialPort "public-key-in-base64"] but a little different ?
@acalatrava just got your custom firmware working on nrf51 device, power consumption is 3,3uA !!! with peak of 66uA, nice!!
@jaekim24 if you have jlink you can just flash it issuing make flash
@mowtschan thats great! Very little consumption!!! If my math are correct a CR2032 220mah battery should last more than 1 year!
@mowtschan what kind of flash cable you are using? I try few days and till got 5uA, no advertisements send yet.
@junleus look at this https://github.com/acalatrava/openhaystack-firmware/issues/2#issuecomment-840596966
Cool! Is this on nRF52 or nRF51? It is considerable more consumption than @mowtschan https://github.com/seemoo-lab/openhaystack/issues/57#issuecomment-840621399 which is weird... Do you know for how long is consuming 25uA and 200uA?
I have nRF51822-QFAA device: 3,3uA for <5 sec 66uA for <1 sec (can't really see that value on multimeter because it appears for a very short time, just able to see it with slow-motion recording)
@mowtschan thats great! Very little consumption!!! If my math are correct a CR2032 220mah battery should last more than 1 year!
@acalatrava if my calculation not wrong then it would last for almost 3 years?!?!? Let's assume we have a battery with a capacity of 230 mAh and we will have ideal temperature of 20°C and also let's 'ignore' battery self-discharging thing. http://products.varta-microbattery.com/applications/MB_DATA/DOCUMENTS/DATA_SHEETS/DS6032.pdf
(230/((0.0033*5+0.066*0.5)/(5+0.5)))/24 = 1064,814^ days!!!
Or am I missing something?
Yeah! I think you’re correct! But I guess it would be a little bit less since it should be something like this
(230/((0.0033*4.5+0.066*0.5)/5))/24 = 1001,393
Since the interval is set every 5 seconds it means that it will use 3,3uA for 4,5 sec and 66uA for 0,5 sec every 5 seconds... right?
Thank you @acalatrava I tried the firmware today on an nRF52832 Ali Express Beacon. It works great. Thank you for the effort to make it more energy efficient.
Unfortunately, they increased the price to of the beacon 11$ recently.
@Sn0wfreezeDev I bought 4x (but nrf51) here for 16€ https://de.aliexpress.com/item/33061215469.html?spm=a2g0s.9042311.0.0.7b414c4djbmG56 and now they are 22€ but still 50% less than nrf52
@acalatrava No I do not have the tools here to measure the consumption. But it is lasting for some days now, which would not be the case for the old firmware
@mowtschan Yes, but I wanted to go for the nrf52 to get the updated chip version. However, nrf51 should have all features needed for this application.
@mowtschan Could you tell me what multimeter you are using? I am looking for one that can measure low currents (uA, nA) and was wondering if yours could do the job...
@sebi5361, here you are https://smile.amazon.de/gp/product/B07DWG59F2/
Measuring range V/DC min. : 0.1 mV
measuring range V/DC max. : 600 V
measuring range V/AC min. : 0.1 V
measuring range V/AC max. : 600V
Measuring Range A/DC Min. : 0.1 µA
measuring range A/DC max. : 10 A
measuring range A/AC min. : 0.1 µA
measuring range A/AC max. : 10 A
@acalatrava @mowtschan I would like to point you to that video that focuses on measuring tiny currents. In a nutshell, it says that a standard multimeter won't do the job properly due to its relatively high internal resistance resulting in a burden voltage, and that a special equipment is needed.
I just bought the NORDIC Power Profiler Kit II that is designed specifically for that purpose. It will take some time to receive it (12 weeks?) but as soon as it arrives, I will measure the power consumption of the AliExpress Beacon and will let you know if the results mach.
I just measured the consumption of OpenHaystack (ultra low power) alternative firmware on an nRF51822 board equipped with a low frequency crystal (Holyiot YJ-14001 BLE module) using my freshly received NORDIC Power Profiler Kit II. This board's hardware is similar to the official AliExpress Beacon (nRF51822, crystal).
Below are the results:
Full cycle:
Broadcasting mode:
Sleep mode:
Zoom on sleep mode:
According to those readings, the average power consumption is 7.85uA which makes a 3V CR2032 230mAh battery last more than 3 years:
230/0.00785 = 29299 hours = 1220 days = 3.34 years.
Those results seem to be coherent with the multimeter measurements done by @mowtschan and the battery duration computed by @acalatrava .
To compare current consumptions, I compiled the OpenHaystack (ultra low power) alternative firmware firmware for my Holyiot YJ-14001 BLE module (nRF51822) using the internal RC oscillator instead of the low frequency 32768 kHz external crystal oscillator.
I used NRF_MODEL=nrf51 BOARD_SIMPLE make build to generate the firmware and it works fine as the beacon can be found in the OpenHaystack map.
Here is a comparison chart:
| Low Frequency Oscillator | Average Current Consumption @ 3V |
|---|---|
| External 32768 kHz crystal | 7.85 uA |
| Internal RC circuit | 8.24 uA (14% more) |
This result corroborates this external Crystal vs internal RC oscillator comparison discussion.
In a nutshell it is better to have a board equipped with a low-frequency 32768 kHz external crystal oscillator to save a little bit of power.
The optional low-frequency 32768 kHz external crystal oscillator is this component below (red arrow):
The other oscillator on the board (larger, squarish) is the high-frequency 32 MHz oscillator mandatory for the MCU to function.
I measured the consumption of OpenHaystack ultra low power alternative firmware on an nRF52832 board equipped with NO external low frequency crystal (Holyiot YJ-17095):
This board's hardware is similar to the official eByte E104-BT5032A's hardware (nRF52832, NO crystal).
Thus I used NRF_MODEL=nrf52 BOARD_E104BT5032A make build to generate the firmware.
Note that: e104bt5032a_board.h and simple_board.h are the same and correspond to boards with low frequency internal RC oscillators.
My board seems to broadcast correctly as it can be found in the OpenHaystack map.
Hower power consumption is over the charts compared to previous results: It is 37uA in average (4x more than for my nRF51822 board).
Current consumption looks like this:
There is a spike every ~12.5ms.
Any idea why I observe such a high power consumption?
I put the firmware on a E104-BT5032A one month ago and it seems that the battery is depleting quickly, so it seems this is also happening on this board.... not sure why though. Can you test with some other program?
@acalatrava: If you send me firmwares for nRF52832 with NO crystal you are developing to solve this consumption issue, I can patch them with my advertisement key, test them and measure their current consumptions. Is this what you mean by "test with some other program" (firmware)?
@acalatrava: BTW, did you enable the built-in DC/DC regulator to save some energy (if the boards support it)? See this explanation and this schematic. Here someone claims enabling the DC/DC regulator can save up to 40% power consumption...
Average Power Consumption (in uA @ 3V)
I compared the power consumption of my Holyiot YJ-14001 BLE module (nRF51822) with different settings:
| Low-Frequency Oscillator / Internal Power Supply Regulator | LDO (Default) | DC/DC |
|---|---|---|
| Internal RC Circuit (Default) | 9.21 | 9.64 |
| External 32.768 kHz Crystal | 7.60 | 7.98 |
Note: to enable the DC/DC regulator I added line sd_power_dcdc_mode_set(1); before the while loop in main.c. This could be done as the Holyiot YJ-14001 BLE module is populated with the proper LC components required to enable this feature (see Nordic InfoCenter for explanations). I don't know about the official AliExpress beacon. Contrary to what I read, switching the regulator from LDO to DC/DC didn't improve power consumption.
TLDR
The lowest power consumption was obtained enabling the external 32.768 kHz crystal together with the LDO regulator.
Current Measurement Screenshots
Below are screenshots of the measurements made using my NORDIC Power Profiler Kit II for the different settings. Note the spikes due to clock calibrations here and there (see explanations from the Nordic DevZone) when selecting the internal RC oscillator.
N51-RC-LDO
N51-XTAL-LDO
N51-RC-DCDC
N51-XTAL-DCDC
An additional comment:
Not all AliExpress beacons are populated with the low frequency external crystal.
Check it out before enabling the external low-frequency 32.768 kHz crystal.
I checked this before, per the beacon do not need the 32k crystal.so all beacon device will not have this 32k crystal.
Note the 4s interval spikes due to the clock calibration involved when using the internal low-frequency RC oscillator (see figure N51-RC-LDO blue rectangles) (orange rectangles correspond to 5s interval broadcasting spikes):
Those spikes are responsible for the extra average power consumption compared to enabling the external low-frequency 32.768kHz crystal (9.21uA vs 7.60uA).
Hi all! Good stuff in here, thanks for all your good work! đź’Ż đź‘Ť QQ: I am not really sure if I've done the right thing.
I've copied the main.c content from this file:
moved inside the openhaystack-main folder of the openhaystack application (see blow), pasted the "modded low power" main.c script inside the original one and saved.
Is my understanding correct that whenever I will now generate the FW from the screen here below, the .bin will now be a modded one with the low power consumpiton feature?
Note: I've checked the shasum between the first original .bin firmware and the second modded .bin file and I can see 2 different ashes, this would make me think that I may be right...
Please let me know if I am doing it correctly or if I am completely on the wrong way :)
Thanks!
Deo
Hi @Furtivo360,
Please follow @acalatrava's Readme to compile the firmware and install it on your device. It does not work to move it into the OpenHaystack app since the installation is more involved here.
Kind regards Alexander
Hi @Furtivo360,
Please follow @acalatrava's Readme to compile the firmware and install it on your device. It does not work to move it into the OpenHaystack app since the installation is more involved here.
Kind regards Alexander
I just bought one of these for testing
https://www.aliexpress.com/item/32826502025.html
My question is, @acalatrava provides precompiled NRF51 firmware at
https://github.com/acalatrava/openhaystack-firmware/tree/main/apps/openhaystack-alternative/compiled
So I moved it into the app as such Openhaystack --> Contents --> NRF.
NRF folder only seemed to contain firmware for NRF52 so I renamed the format on my file to NRF51_NRF51822.openHayStack.hex.
First thing I noted. His compiled firmware seemed big at 2.2mb vs the 500k for the existing ones
Second question. Do I have the naming format correct. i.e will Openhaystack detect the device as being a NRF51822 and pick up and use the new firmware.
Finally the most important newbie question. How to program it. Am I correct in assuming just connecting the STlink V2 up to the correct pins, I will be able to flash the device directly from the Openhaystack app with the option "Deploy NRF device"?
Apologies for the N00b questions.
