Database Users

SGS, glgps, jupiter.xml, and you (how we can control the GPS behavior better)

OK. Here we go for a long post, this is the work that came from disassembling glgps daemon and spending quite a few hours/nights driving around to test things. I also drew on my knowledge of GPS systems and used my Bluetooth GPS as a comparison.
The glgps daemon is responsible for communication between the GPS chipset in the SGS and the android userspace. It pulls settings both from NVRAM and some files in /data/gps and /etc. It uses this information to initalize the GPS system at startup and hold it ready to service location requests. This is where all the tweaking that will make a difference regarding GPS output should take place. (If we can get into NVRAM there's more stuff there too.)
I've attached to this post an update.zip with the latest build of the glgps daemon (/vendor/bin/gpsd from nexus s), relocated to /system/bin/gpsd/glgps_samsungJupiter where it sits on the SGS ROMs. I've also included secgps.conf and jupiter.xml, which i've commented with all possible values I could find disassembling it, and the various effects I observed testing them. I also outfitted the jupiter.xml with the most optimal settings I ran into.
A simple breakdown of what I did was to turn off smoothing and interpolation, by using pedestrian mode and a few new variables available in the nexus s daemon. This yields an output as close to what the GPS chip is seeing as possible. It doesn't necessarily mean that it will be more accurate to reality, only that the firmware and daemon won't filter out results that it thinks don't match what it should see. This behavior is more desireable for me than the GPS chip trying to guess, I can be aware of the variations by looking at the accuracy indicator.
[size=+2]How to get logging out of the glgps daemon so you can observe the effects of tweaks, environmental effects, etc. (A.K.A. lets not stab at the dark!)[/size]
1. Root your device
2. adb shell
3. $ su
#
4. cd /system/bin/gpsd
5. mv glgps_samsungJupiter glgps
6. reboot
Now the glgps daemon won't load at startup. After your device reboots, repeat steps 2-4. Then:
7. cp /system/etc/jupiter.xml /sdcard/
8. adb pull /sdcard/jupiter.xml .
9. edit jupiter.xml on your pc as desired.
10. adb push jupiter.xml /sdcard/
11. adb shell
12. su
13. cd /system/bin/gpsd/
14. ./glgps -c /sdcard/jupiter.xml
alternate command line for activating a "job" in glgps:
11. ./glgps -c /sdcard/jupiter.xml jobname <---------- jobname can be anything defined in your jupiter.xml as a job. Examples from mine: normal cold-single-supl freq-aid-test sim-cold-auto. Some jobs will exit immediately after you stop attempting a fix.
Now the glgps will be loaded, and if bPrintToConsole="true" cLogEnabled="true" are both set, you will start seeing debug output in the console. It will indicate the file it is saving log data to, all initialization information, and display info throughout the time you are connected with adb.
To revert glgps back so that it starts again at bootup as normal, rename glgps back to it's original name. It will then continue to load /system/etc/jupiter.xml on the next reboot as normal. (replace this file with your edited one if you want to continue using the settings)
NOTE: Occaisionally i've had the logging verbosity so high that the GPS cannot get a lock at all. To a certain extent you can work around this by adjusting the "niceness" of the process using the program "renice" (which makes it "meaner" giving it a higher priority over other processes (thus more CPU power to work with) - "renice -20 -p $(pidof glgps)" to make it highest priority.
[size=+2]How do I change what goes in the log file (verbosity)?[/size]
<gll LogPriMask="LOG_FLAG | LOG_FLAG2" LogFacMask="LOG_FLAG | LOG_FLAG2" > control this. Possible LOG_FLAGs are as follows, seperated by a | (pipe)
LOG_EMERG | LOG_ALERT | LOG_CRIT | LOG_ERR | LOG_WARNING | LOG_NOTICE | LOG_INFO | LOG_DEBUG | LOG_GLLAPI | LOG_NMEA | LOG_RAWDATA | LOG_ASIC_IO | LOG_RF_DEBUG | LOG_BBTEST | LOG_DEVCV | LOG_DEVET | LOG_DEVJG | LOG_DEVIA | LOG_DEVKF | LOG_DEVMR | LOG_DEVMS | LOG_DEVSP | LOG_DEVDH | LOG_DEVRA | LOG_DEVRS | LOG_DEVVG | LOG_USR1 | LOG_USR2 | LOG_USR3 | LOG_USR4 | LOG_USR5 | LOG_USR6 | LOG_UNITTEST | LOG_DEFAULT
I've documented some of the logging switches in the jupiter.xml comments. Some of these generate HUGE logs. (large enough to use so much I/O and CPU that glgps can't determine your location at all) - be aware that using full verbosity will also probably result in never getting a fix
LOG_DEVVG output: GetSigMeasForClockModel:: SvId 23 Snr 0.000000 mode 1 accepted!
LOG_DEVRA output: GlMeasEng::EnableLowPowerExt(F) GlMechanMgr::UpdateTo12Chan() - Update to 12 full channels AcqMgr::LogAgc() vga_ctrl=0x18 agc=9
LOG_DEVDH output: Raw calculation data (large log)
LOG_DEVMS output: Raw calculation data (large log)
LOG_DEVMR output: #240355D BlndMgr TerminateSearches(2) #240366D BlndMgr(otLstOfSvIdScanNonTrk:686): #240366D BlndMgr(otLstOfSvIdDrillNonTrk:687): #240367D BlndMgr(otSvIdKillLst:691):
LOG_DEVKF output: Fix Data (Lat, Long, Alt, Estimated Accuracy
LOG_DEVIA output: SNR, Latency, Vector, Measurement (large log)
LOG_DEVJG output: Per channel SNR, Latency, Vector, Measurement (large log)
LOG_DEVET output: TCXO calibration data, Doppler calculations (large log)
LOG_DEVCV output: SATAID data, Oscillator data
LOG_DEFAULT output: All on! Realllllllllllllllllly Big!
NOTE: For NMEA output, set LOG_NMEA and also set "GPS Logging" to ON in lbstestmode app. This will generate /sdcard/gps/tracking/NMEA-<DATESTAMP>-<TIMESTAMP>.txt files for each track (from the time you are using the gps til the time you release it) - These .txt files follow the NMEA standard and you can use them to generate tracklogs or do other nifty GPS related things (check out the PC program gpsbabel, for example)
NOTE2: If you want to restart the glgps daemon on the fly, to load new jupiter.xml settings for testing, open a concurrent adb shell connection in root, and type: "kill $(pidof glgps)" this will kill the glgps daemon in the other shell window and you can restart it with a new jupiter.xml
[size=+2]Sample output from logging:[/size]
Code:
H187754I OpenFifo: Opened "/data/gps/glgpsctrl"
H187765I Certificate Path : /system/bin/gpsd/
H187765I TLS enable = 1
H187768I Certificate Path : /system/bin/gpsd/
H187768I TLS enable = 1
H187768I LBS_A: starting event handler
H187768I LBS_I: ASN1 manager: 1237d4, 2044 bytes
H187768I LBS_I: Encode/decode buffer: 123fd4, 6120 bytes
H187768I LBS_I: Dynamic memory buffer: 1257bc, 24480 bytes
H187769I LBS_I: @(#)Broadcom LBS ver. 2.1.0.0 86303, 2010/Nov/07, 13:12:55
H187769I LBS_I: API: gllbs_init(32768)
H187769I LBS_I: CB: nv_open
H187769I LBS_I: CB: nv_read
H187769I LBS_I: CB: nv_close
H187769I LBS_I: 3 cells loaded
Take a look at my provided jupiter.xml for more info on the possible parameters. I've documented it as I went along with comments. I'll update the 2nd post here with more info soon.
[size=+3]Attached file[/size]: CWM update.zip with new glgps daemon from nexus s, jupiter.xml with pedestrian mode settings
NOTE: CWM update.zips will not work in eclair, you must change the following:
Code:
gpioNStdbyPath="/sys/class/sec/gps/GPS_PWR_EN/value"
gpioNResetPath="/sys/class/sec/gps/GPS_nRST/value"
to:
Code:
gpioNStdbyPath="/sys/class/gpio/gpio121/value"
gpioNResetPath="/sys/class/gpio/gpio120/value"
[size=+2]Notable Settings[/size]:
<hal acEEDir="/data/gps/" acEEFileName="xtra.bin" /> : Defines an Extended Ephemeris file for the glgps daemon to load for AGPS data. The drivers normally do not appear to download this file successfully and the daemon says it is corrupt.
<hal bPrintToConsole="true" cLogEnabled="false acLogDirectory="/sdcard/gps/log"" /> : Determines of the logging output should be printed to console and/or to a text file. The text file will be placed in the directory provided and named gl-<TIMESTAMP>.txt. Inside will be the logging output at the verbosity you defined using LOG_FLAGs in <gll LogPriMask="LOG_FLAG | LOG_FLAG2" LogFacMask="LOG_FLAG | LOG_FLAG2" >
<hal arp-supl-enable="true" arp-supl-cap-msb="true" arp-supl-cap-msa="false" arp-supl-cap-ecid="true" arp-supl-reaiding-time-sec = "600" /> : These settings tell the glgps daemon what the SUPL AGPS server provided next is capable of. MS-B means Mobile Station Based, MS-A is Mobile Station Assisted, ECID is unknown. Reaiding time defines the minimum amount of time before attempting to re-inject AGPS data to keep the fix tight in seconds.
<hal acSuplServer="h-slp.mnc410.mcc310.pub.3gppnetwork.org" SuplPort="7275" tlsCertPath="/system/bin/gpsd/" /> : This defines the AGPS server to use for SUPL data (only used if enhanced-assisted="true") - if cp-enhanced-assisted="true" is set, will use the providers control plane rather than normal packet data to access SUPL server. Note that the provided SUPL server is AT&T's SUPL server, which is only accessible within their network. Use google's if you are not on AT&T's network. tlsCertPath defines the location in the filesystem to search for SSL certificates used when connecting to the AGPS server. Most ROMs come with AT&T's, if yours doesn't have it, you'll need to add it for the connection to work.
<hal LbsEnable="true" LbsLocal="true" LbsServer="bcmls2.glpals.com" LbsPort="7275" LbsSyncTimeSec = "60" LbsSyncLto="true" LbsSyncCells="true" /> : These settings tell the glgps daemon to use this server for LBS aiding (Location Based Services.) When LbsLocal is true, the glgps daemon will record all cell sites it sees and your reported GPS location at the time. Any future fix attempt will use these coordinates to seed your fix if the current cell tower you are on matches one the glgps daemon has seen before. This data is stored by default in /data/gps/, so note that it will get erased if you clear the /data partition. It might be useful for frequent flashers to modify the jupiter.xml to store data in /sdard/gps/ or some other less volatile location instead, so the local cell db gets a chance to populate.
<gll CNoSmoothEnable="true" > : This disables some of the glgps daemon's internal smoothing algorithms, makes the GPS a little more accurate to its readings. POSSIBLE VALUES: true false
<gll DynMode="DYN_PEDESTRIAN" > : Defaults to automatic mode which makes the glgps daemon determine on the fly if you are on foot or in a vehicle. This affects the interpolation algorithms used (In GPS land, pedestrian mode means the GPS will report each fix it gets, usually 1 per second.) Vehicle mode will not report movement under a certain amount (usually 3-5 meters) in order to keep the indicator more "stable" POSSIBLE VALUES: DYN_AUTOMATIC DYN_PEDESTRIAN DYN_VEHICLE
<gll RfAtt="GL_RF_ATT_DISABLED" > : I haven't tested this enough to be sure if the chip actually has a built in attenuator you can adjust with this parameter, but if so, it goes all the way up to 18dB. The function of an attenuator is to lower the overall incoming signal in order to better compensate for enviornmental noise. Cordless phones, WiFi, Microwaves, and any number of devices work on frequencies close enough to GPS to cause interference. Assuming there is an attenuation circuit present and it's controllable via this parameter, it will yield better performance for various people in various situations. Requires testing
<gll RfType="GL_RF_4751_DANUBE" > : GL_RF_4751_BLUEFIN GL_RF_4751_DANUBE GL_RF_4751_DANUBE_EXT_LNA are values that I have tested working with our GPS. _EXT_LNA comes default on Nexus S, DANUBE default on ours. BLUEFIN I haven't seen set anywhere, but does work. Danube and Bluefin are likely different revisions of the 4751 chipset.
[size=+2]Other settings not found in jupiter.xml[/size]
glgps also seems to heed what the user has set in Settings -> Location and Security, for "Use wireless networks" and "Use sensor aiding". Wireless networks causes nearby WiFi access point info to be used for a faster first fix, and Use sensor aiding attempts to save power by putting the GPS in low power mode when it sees you moving in a straight line, and shutting off entirely when the accelerometer detects that the phone is stationary. This can cause issues when the compass or accelerometer are providing false values (due to interference, mismatched kernel, etc.)
Also, glgps reads settings from NVRAM that are set by the lbstestmode app. These settings are also stored in secgps.conf, but the settings in NVRAM do NOT necessarily match up. Make sure you set your lbstestmode to "standalone" operation so that Android relies on the glgps daemon for AGPS support. My settings are:
Code:
Session Type: Tracking
Test Mode: S/W
Operation Mode: Standalone
Start Mode: Hot Start
GPS Plus: ON
Dynamic Accuracy: ON
Accuracy: 80
GPS Logging: OFF (use ON and LOG_NMEA to get NMEA logs)
Server FQDN Type: Custom Config
Server: h-slp.mnc410.mcc310.pub.3gppnetwork.org <MATCH THIS WITH YOUR JUPITER.XML>
Server Port: 7275 <MATCH THIS WITH YOUR JUPITER.XML>
SUPL Secure Socket: ON <VARIES WITH SERVER, GOOGLE IS OFF>
AGPS Mode: SUPL <OR CONTROL PLANE, MATCH WITH JUPITER.XML>

[SIZE=+3]To summarize the problem i've identified with our GPS so far:[/SIZE]
AGPS was not properly deployed at the factory, or in any of the updates pushed to the Captivate. Only Control Plane AGPS mode is properly configured, but not active by default. As a result, out of the box, the phone is essentially always in standalone mode regardless of settings (without a modified jupiter.xml)
The GPS chip appears to be receiving some kind of interference from other component(s) on the mainboard. This appears to only manifest itself when the handset is under a heavy usage pattern (such as G Maps/G My Tracks plotting your position, scrolling the map, using cell data, reading gps). This interference is causing the GPS chip to have a major drop in performance. I suspect the phones that don't experience this have an exceptional unit that can perform regardless of this interference (I suspect if they tested with raw signal strength showing, the drop would show)
The glgps daemon attempts to do post processing on the data received in the stream from the GPS chip. Because the data received is generally already incorrect, this further compounds the issue. My jupiter.xml already has these post processing algorithms disabled.
That drop in GPS signal due to interference is the kicker. I haven't yet narrowed down the exact cause of the interference, but suspects are:
1.) Cellular Radio - if this is the case, testing with wifi on and the cell radio off should yield a more desireable result (although hard to test while moving in that situation without another device to tether to for mobile data)
2.) CPU Usage on Host CPU - I don't think this is the case. The only CPU intensive thing that runs on the Host CPU is the glgps daemon, and if this were the case, "renice -20 -p $(pidof glgps_samsungJupiter)" would fix the problem. It does not.
3.) GPU usage - This is a possibility.
4.) CPU usage on baseband CPU - There are also some GPS functions handled in the baseband. I doubt this is the cause but possible.
5.) EM leakage from other system components - I'm leaning towards this right now. I'll have to open up the captivate and throw an EM shield over the GPS chip and see what the results are.

reserved for more two

Sweet! Trying this out now. Will post results. Thanks Da_g

Been watching the progress on this lately and have to say big props on all the research. Will try it out and see how it goes
Sent from my SAMSUNG-SGH-I897 using XDA App

I'll try it and see how well it does when I get home from work..
Mac

So just install it through CWM?

Yes, the attached zip is a CWM zip. Note that these settings are only what I found optimum, and as this is the development forum, I encourage you to tinker with the possible values (commented inside the jupiter.xml) to figure out what works best for you

Just walked from inside heavy building to outside...after 10 Seconds I had a full lock while walking showing 5m distance...holy [email protected]$#& s&$#$ that is already amazing. I'll use it driving home after work....mad props
Sent from my SAMSUNG-SGH-I897 using XDA App

Da_G said:
<hal acSuplServer="h-slp.mnc410.mcc310.pub.3gppnetwork.org" SuplPort="7275" tlsCertPath="/system/bin/gpsd/" /> : This defines the AGPS server to use for SUPL data (only used if enhanced-assisted="true") - if cp-enhanced-assisted="true" is set, will use the providers control plane rather than normal packet data to access SUPL server. Note that the provided SUPL server is AT&T's SUPL server, which is only accessible within their network. Use google's if you are not on AT&T's network. tlsCertPath defines the location in the filesystem to search for SSL certificates used when connecting to the AGPS server. Most ROMs come with AT&T's, if yours doesn't have it, you'll need to add it for the connection to work.
Click to expand...
Click to collapse
So can I change this before flashing the rom? if so, how? is it possible you can push a "AT&T" version and a "Google" version?

Sure, you can edit the file /system/etc/jupiter.xml in the zip before flashing it to the device. I'll make one with settings for google and control plane and post them in a sec.

Da_G said:
Sure, you can edit the file /system/etc/jupiter.xml in the zip before flashing it to the device. I'll make one with settings for google and control plane and post them in a sec.
Click to expand...
Click to collapse
given i'm in Australia, is there any value at all to changing my ntp servers to local ones (0.au.pool.ntp.org) as opposed to US ones?

Edit I'm posting to slow lol
Sent from my SAMSUNG-SGH-I897 using XDA App

I would soooo try this out right now if I was not overseas atm. It'll be 3 weeks before I can try this out but to Da_G thank you for doing something that Samsung should be working on the most!

Ok, updated first post with AT&T, Google, and Control Plane versions. Control Plane should work on any cellular provider (if they have implemented it, which all should have)
Regarding changing the NTP server that can't hurt, but should only affect the TTFF (Time To First Fix) as it should sync up to the GPS satellites after that.

Da_G said:
Ok, updated first post with AT&T, Google, and Control Plane versions. Control Plane should work on any cellular provider (if they have implemented it, which all should have)
Click to expand...
Click to collapse
Is there any value of Control Plane vs Google SUPL? should one be "better" than the other?
Da_G said:
Regarding changing the NTP server that can't hurt, but should only affect the TTFF (Time To First Fix) as it should sync up to the GPS satellites after that.
Click to expand...
Click to collapse
Cool. Didn't quite understand how it was used in relation to GPS.
Is there a rough laymans terms of why having WIFI on (and connected to an AP) leads to far more accurate results faster, when its a new AP that i've not connected to before? I was thinking it might have something to do with Time Servers and Latency (as latency to an NTP would be *dramatically* lower over Wifi VS any form of cellular comms) - given your explanation re NTP, I don't think thats the case now.
It certainly can't be "google knows where the AP's are", given that I work in IT Services and create/delete/move AP's all the time.

In the case of AGPS, your current CellID, along with MNC and MCC are sent to the database (your cell providers control plane server, google, or any other SUPL server provided in jupiter.xml) in order to obtain approximate Latitude/Longitude for an initial fix. (due to the nature of GPS, having an initial "guess" as to your current location helps to seed a faster initial fix, which is the main function of AGPS) The reason your Cellular Provider's database could be better is that it is more likely to be up to date than googles. But of course this varies! Some providers don't even maintain a CP server for AGPS.
The reason WiFi helps the time to first fix is similar. Google actually does have your phone report its visible APs (by MAC address) and current best-guess location to its servers. Everyone else's does this too (assuming they have the wireless tick box on) - This allows them to build a large database with which to seed AGPS from. You may have noticed the first time you turn on "Use wireless networks" in Settings - Location and Security, you get a boilerplate disclaimer about allowing google to collect anonymous connection data. That's what this is for
Adding some info to the first post about "Use sensor aiding" and "Use wireless networks" now.

Da_G said:
In the case of AGPS, your current CellID, along with MNC and MCC are sent to the database (your cell providers control plane server, google, or any other SUPL server provided in jupiter.xml) in order to obtain approximate Latitude/Longitude for an initial fix. (due to the nature of GPS, having an initial "guess" as to your current location helps to seed a faster initial fix, which is the main function of AGPS) The reason your Cellular Provider's database could be better is that it is more likely to be up to date than googles. But of course this varies! Some providers don't even maintain a CP server for AGPS.
The reason WiFi helps the time to first fix is similar. Google actually does have your phone report its visible APs (by MAC address) and current best-guess location to its servers. Everyone else's does this too (assuming they have the wireless tick box on) - This allows them to build a large database with which to seed AGPS from. You may have noticed the first time you turn on "Use wireless networks" in Settings - Location and Security, you get a boilerplate disclaimer about allowing google to collect anonymous connection data. That's what this is for
Adding some info to the first post about "Use sensor aiding" and "Use wireless networks" now.
Click to expand...
Click to collapse
Pardon my ignorance...but does this mean after the initial boot with google it is no longer needed to have wi-fi on to get good locks ?
Mac

With stock settings (JF6/JH7), all the aiding data was not saved, but with the proper settings in jupiter.xml, aiding data should be saved into /data/gps and NVRAM so that the GPS chip can use it on the next fixes. This data is only good for a short period of time (hours to days) so unless you are using the GPS that frequently, WiFi on is still beneficial. You only need to have it on at the time you get the first fix, after that you can shut it off.

Da_G said:
With stock settings (JF6/JH7), all the aiding data was not saved, but with the proper settings in jupiter.xml, aiding data should be saved into /data/gps and NVRAM so that the GPS chip can use it on the next fixes. This data is only good for a short period of time (hours to days) so unless you are using the GPS that frequently, WiFi on is still beneficial. You only need to have it on at the time you get the first fix, after that you can shut it off.
Click to expand...
Click to collapse
Cool...thanks for that detailed explaination
Mac

[Q][GalaxyS] USB UART console=...

I've been using a bus pirate (v3) to get usb uart on my Galaxy S 4G (SGH-T959V) for some time.
On a normal linux system, if I set console=ttyUSB0 and plug in a usb to serial adapter (where the kernel has the driver built-in), I will see all of the kernel messages (KERN_EMERG to whatever loglevel= is set to or KERN_WARNING/KERN_DEFAULT) up until init. Init has to have an inittab entry to redirect /dev/console to the usb serial line.
I've noticed on android, specifically with galaxy s phones, that with the usb uart you don't get all of the kernel messages.
For instance, I enabled the mtd onenand(audi) driver for my phone. I can see the kernel messages in dmesg, but not on usb uart.
I was wondering if there is something I have to do to get all kernel messages on usb uart, and then it would also be nice to get init to redirect the console to the usb uart.
Is this possible?

From http://forum.xda-developers.com/showthread.php?t=1065318 :
UART Kernel debug log AND shell terminal (like adb shell without adb active) On the captivate you can get into the SBL prompt, then type
Code:
printenv
setenv SWITCH_SEL 6543
printenv
saveenv
This changes the SWITCH_SEL value from 65 to 6543 and enables extra output. This will give you a kernel debug output and drop you into a shell prompt.
Click to expand...
Click to collapse
It references the Captivate, but it's the SBL so it should work the same on the SGS4G.
EDIT: Also try:
Code:
setenv PHONE_DEBUG_ON 1

TeenDev said:
From http://forum.xda-developers.com/showthread.php?t=1065318 :
It references the Captivate, but it's the SBL so it should work the same on the SGS4G.
EDIT: Also try:
Code:
setenv PHONE_DEBUG_ON 1
Click to expand...
Click to collapse
I realize that the sbl is a cut down u-boot. So...
setenv SWITCH_SEL 765431
setenv PHONE_DEBUG_ON 1
saveenv
...is what I use (for some reason SWITCH_SEL 2 does not work on this bootloader). But I still do not get all of the kernel messages. Sorry. I should have been more specific.
As a trivial side note, the eraseall command erases everything but the sbl/sbl2 and reservoir. So the pbl, pit, param, kernel, recovery, factoryfs, data, cache, and modem get wiped. This is handy if you are having problems porting to/from mtd from bml.

AOSP blocks UART with the silly FIQ debugger. Is this the possibly? I haven't played too much with UART since I switched to ICS. I also have no idea how to use the FIQ debugger.
Try internal UART.
The console is ttySAC2 not usb0
A 150kOhm resistor is used on the usb port for kernel only... this may or may not help.

Hey! I have been going to hell and back trying to figure out a similar problem on the SGS2, over here, but involving getting (AT) console on the modem. Any clues would be very much appreciated!
Also I don't know what the exact definitions are for the SWITCH_SEL variable. I asked about that some time ago, but I can't recall getting a useful answer. I don't these kind of variables, because they don't tell you whose actually pulling the strings... (unless you happen to know what file/device/process its connected to?)
Regarding more debug output, I believe you have a few things to check. First some of the properties and then also make sure you have enabled every damn possible debug option in the "secret" menus. [Are those available to you?] I have an entire thread about this over here.
But the first thing that come to my mind, is trying to set: debuglevel=7 in the /init.rc file. [Or do you need it at an even earlier stage?]
Also I suppose you need to enable:
Code:
ro.debuggable [0]
ro.factorytest [0]
But they are both read-only, but can probably (?) be made persistent by writing them in the /init.rc file. But I'm not sure if that is overwritten with flash data in during bootup... Alternatively, I suspect the ServiceMenu knows how to do it. [Would have been great if someone could pull that service menu apart, to find out whats happening behind the scenes. It is modem dependable though!]
Can you do this:
1) Could you post your censored output from getprop?
2) Try to enable as many "hidden menu" debug options as possible.
3) If you use adb, try:
Code:
$ adb shell stop
$ adb shell setprop log.redirect-stdio true
$ adb shell start
4) Post the output of:
Code:
# cat /proc/sys/kernel/printk
4 4 1 7
Each of these values defines a different rule for dealing with error messages.
The first value, called the console loglevel, defines the lowest priority of
messages printed to the console. (Note that, the lower the priority, the
higher the loglevel number.) The second value sets the default loglevel for
messages without an explicit loglevel attached to them. The third value sets
the lowest possible loglevel configuration for the console loglevel. The
last value sets the default value for the console loglevel.
where:
0 — Kernel emergency. The system is unusable.
1 — Kernel alert. Action must be taken immediately.
2 — Condition of the kernel is considered critical.
3 — General kernel error condition.
4 — General kernel warning condition.
5 — Kernel notice of a normal but significant condition.
6 — Kernel informational message.
7 — Kernel debug-level messages.
However, I'm not sure if its possible to write to that file...but you could try.
5) Find out what modem you have in there and try to play with the MUX setting from AT command interface (if you can get one).
I have another question for you. Is this debug console available for you when using a native/local shell your phone or only from outside (PC connected) terminal?
AdamOutler said:
AOSP blocks UART with the silly FIQ debugger.
Click to expand...
Click to collapse
Could you remind us what this FIQ thing is again? I remember seeing it somewhere, but not more than that...
How do you get to it?

After a lot of looking around, I think I need the internal uart.
Maybe I'd be willing to risk danger to send my phone to Adam again to see if he can do it.

bhundven said:
After a lot of looking around, I think I need the internal uart.
Maybe I'd be willing to risk danger to send my phone to Adam again to see if he can do it.
Click to expand...
Click to collapse
I can do it.. but it does not come out pretty.. I melt solid core wire into the back case then solder the back side to the board via very tiny wires... however, between that and UnBrickable Mod, there can be no better development device.
When viewing on UART the kernel starts, here's what you see:
Code:
<hit enter to activate fiq debugger>
I have no idea how to use it... I hit enter and it just sits there.

AdamOutler said:
I can do it.. but it does not come out pretty.. I melt solid core wire into the back case then solder the back side to the board via very tiny wires... however, between that and UnBrickable Mod, there can be no better development device.
Click to expand...
Click to collapse
I'm not really worried about the visual aesthetics of the phone. I will be switching to a different phone soon, and this phone (SGH-T959V) will be a full time dev phone.
AdamOutler said:
When viewing on UART the kernel starts, here's what you see:
Code:
<hit enter to activate fiq debugger>
I have no idea how to use it... I hit enter and it just sits there.
Click to expand...
Click to collapse
From usb-uart, that 'hit enter to activate fiq debugger' does not respond, which makes me think I need the jtag uart.
Might also need jtag pins for bootloader development. Not sure if it is possible to just solder the wires in and cover the leads, and let them hang out behind the battery cover until I can buy a bdi3000.
I'm still reading through the kernel-sec-debug code (its in assorted spots, but it's entry point is in kernel/kernel_sec_debug.c) that controls fiq debugger in the kernel, to try to understand it more, but I haven't had time lately.
I'm going to spend a few hours today reading through this some more, and I'll update on my findings.
I've found many bugs in the kernel source drop we got for this phone from samsung, and it might also be possible that fiq debugger for our kernel is crippled. I will also look at some other s5pc110/exynos3110 source drops to verify this.
I know that the 'drivers/misc/level' driver controls the debug level for kernel-sec-debug. In our source drop there are two 'level' drivers. One in 'drivers/misc/level' and one in 'drivers/level'... kinda strange.

Thanks...

bhundven said:
...I'm still reading through the kernel-sec-debug code (its in assorted spots, but it's entry point is in kernel/kernel_sec_debug.c) that controls fiq debugger in the kernel, to try to understand it more, but I haven't had time lately....
Click to expand...
Click to collapse
Do you have some link to these sources? I'd like to have a look as well...

E:V:A said:
Do you have some link to these sources? I'd like to have a look as well...
Click to expand...
Click to collapse
https://github.com/teamacid/android_kernel_galaxys4gmtd

AdamOutler said:
... you see: "<hit enter to activate fiq debugger>" ... I have no idea how to use it... I hit enter and it just sits there.
Click to expand...
Click to collapse
The "hit enter to activate fiq debugger" message come from "fiq_debugger.c". This code is found here and here, but seem to have an issue as mentioned here. In any case, also try to send a <CTRL-Break> and/or <CTRL-SysRequest>, at least twice. To summarize enormously, FIQ is one of 7 ARM processor modes. These modes are:
Code:
-------------------------------------------------------------------------------
Vector Exception Mode Description
-------------------------------------------------------------------------------
0x10/0c Abort ABT - is used when there is a failed attempt to access memory.
0x1c FIQ FIQ - Fast Interrupt Request Mode, usually used with device drivers like UARTs.
0x18 IRQ IRQ - Interrupt Request Mode is used for all other interrupts.
0x00/08 Supervisor SVC - Standard OS Kernel execution mode and the processor state after a RESET.
0x04 Undefined UND - When the processor encounters an undefined instruction, like an illegal opcode.
-- System SYS - Allows full read\write access to CPSR. It is also targeted for supervisory applications.
-- User USR - Used by normal programs and applications. Once in user mode, the CPSR cannot be written to and modes can only be changed when an exception is generated.
-------------------------------------------------------------------------------
"The difference between IRQ and FIQ is with FIQ you have to process your
stuff as quickly as possible and then get the .... out of there. An IRQ
may be interrupted by an FIQ but an IRQ cannot interrupt an FIQ. To make
FIQs faster, they have more shadow registers. FIQs cannot call SWIs. FIQs
must also disable interrupts. If it becomes necessary for an FIQ routine
to re-enable interrupts, it's too slow and should be IRQ not FIQ."
Sources:
http://www.botskool.com/user-pages/tutorials/electronics/arm-7-tutorial-part-2
http://www.heyrick.co.uk/assembler/regs.html
But the best descriptions are found here:
http://www.eetimes.com/design/embedded/4006695/How-to-use-ARM-s-data-abort-exception
http://aelmahmoudy.users.sourceforge.net/electronix/arm/chapter3.htm
http://osdevnotes.blogspot.com/2011/03/fiq-debugger-kgdb-support.html

Check for unit on network

Hello
I need a way to ping my android devices from my home control system. If the unit answers (as simple as possible, ping IP) i use it to change a variable that controls the lights. The control system is using LUA.
For now im using Sonos App because it opens a port that answers to ping but there should be a simple way to do that without the sonos app i think. Both phones are Samsung Galaxy S2, one stock ROM and one Cyanogenmod ROM.
The code i use today with sonos app
Code:
tcpSocket = Net.FTcpSocket("192.168.1.67", 3500)
tcpSocket:setReadTimeout(250)
bytes, errorCode = tcpSocket:write("ping")
sleep(250)
if errorCode == 0
then
-- printing log under virtual device
fibaro:log("Ping OK")
fibaro:debug("Ping OK")
fibaro:setGlobal("LastSeenMathias",os.time())
fibaro:setGlobal("MathiasHemma", "1")
else
fibaro:log("Ping failed")
fibaro:setGlobal("LastSeenMathias", "0")
fibaro:setGlobal("MathiasHemma", "0")
end
tcpSocket:disconnect()

Can't set BAUD rate for USB-Serial device

I have an RK3066-based generic 2-DIN Android head unit (see here). I've managed to install a rooted image on it (Yay!).
I want to connect it to a vehicle CAN bus, and I'm trying with an ELM327-based USB to OBD2 adaptor (which includes CAN as one of its protocols).
When I plug it into Ubuntu desktop, I get a "/dev/ttyUSB0". I can access it with Putty terminal and send commands as per the ELM documentation. For primitive access from the command line, I can do this (just to see whether it works at a basic level, without any terminal program):
Code:
sudo stty -F /dev/ttyUSB0 speed 38400
sudo cat /dev/ttyUSB0
And in another terminal:
Code:
sudo sh -c "echo "\r\n">/dev/ttyUSB0"
This produces "> ?" in the first terminal, in line with the expected prompt from the device. Good!
However, I can't get it to work on my Android device.
When plugged in, dmesg reports a Prolific USB-Serial device found and added to /dev/ttyUSB0.
"ls /dev/ttyUSB0" shows that it exists and is owned by "radio".
"stty -F /dev/ttyUSB0 speed" shows the speed is set to 9600 (this is also the default on Ubuntu desktop, and if not changed, the above test doesn't work).
However, I can't change the speed, and the test of sending a character to the decide doesn't work.
I've tried changing the permissions of the serial device (see this post) but it didn't help. I also tried changing to 'radio' with "su radio" but that also didn't work.
Whenever I try "stty -F /dev/ttyUSB0 speed 38400" I get either:
stty: /dev/ttyUSB0: cannot perform all requested operations
Or:
stty: /dev/ttyUSB0: cannot perform all requested operations: No such file or directory
I also tried with a couple of terminal programs including the "Serial Port API sample" app. The device never responds, and I think it is for the same reason (the baud rate isn't set to 38400). Note I can select the baud rate in these programs but I don't think it is actually set - stty still reports 9600.
I feel like I am very close to at least talking to the ELM327 but I am missing something. The Torque app claims to have found the OBD2 adaptor, but I can't actually connect it to a vehicle right now so I don't know if it actually works. In any case I need to access it from my own app.
Wondering if anyone knows the answer to this problem... I can write my own app to access /dev/ttyUSB0 (in theory...) but don't want to waste my time if it's hopeless!

Similar Problem
Hi There --- I'm interested in doing a similar thing to what you're doing...communicating with a usb serial device via the command line in android --- I'm wondering if there's any way to do that without rooting the phone. Like you, I can do it successfully on an ubuntu desktop. I'm specifically trying to do this, you can read about it below.
Thanks and Cheers!
Big Picture: I've attached an arduino uno to an android phone via the micro-usb connection on the phone. My goal is to SSH into the phone over its network or internet connection and then run commands from terminal such as this:
echo -n "h" > /dev/ttyACM0
where h is the character actually sent to the arduino and /dev/ttyACM0 is the hypothetical arduino device as it appears in the linux /dev folder.
Unfortunately i'm stuck and i'm wondering if it's because i need a rooted device in order for this to work.
What I've succeeded in doing so far:
-I successfully sent commands to the arduino uno as above (echo -n "h" > /dev/ttyACM0) using a desktop ubuntu 14.04 linux machine
-I can successfully SSH into the android phone via Putty on a windows computer, while also using the SSHDroid host app from google play on the phone itself. but I cannot access the /dev folder...well, I've looked around using an app that claimed it could show all root accessible files and folders (smart kit 360 on google play) and there were no tty items in the /dev folder. I got an app called "list usb devices" and it gave some other path for the device that was /sys ...but it said i didn't have permission to access that.
-I can successfully send individual character commands from the phone to the arduino uno using another google play app called "DroidTerm" ...similar to the old windows hyperterminal program.
So I've verified that all the individual pieces of this puzzle should work each in a particular context. However, when I try to SSH into the phone and then run the command "echo -n "h" > /dev/ttyACM0"
it throws an error regarding permissions, though I'm surprised it didn't throw an error regarding the existence of /dev/ttyACM0, given the missing tty files i mentioned earlier..I was hoping they were just hidden (if this is the device name "file" on one linux machine, will it be the same on a different linux machine (since android is technically linux?)? I was hoping it would be.
Ideas, known solutions, and alternatives are very welcome!
Alternatives I've tried instead of SSH:
remote control the android device with rc software and control the app droidterm.
I tried that, and it's quite expensive in terms of bandwidth (i don't need to send the whole screen constantly), doesn't allow multi-tasking applications on the phone which i need (yes, I know that android nougat supports multi-tasking but my phone is old and won't load it without serious intervention at the level of rooting that I'd rather not do), and has several other issues that will be problematic.

Hacking the Casio G-Shock GW-B5600 BLE

Hello all, this is my first post here!
In this article I will explain my method of hacking the Square G-Shocks that make use of a Bluetooth module (I have a GW-B5600, but it should theoretically work on the GMW-B5000 too) with the goal to create our own Android app that will allow to get info and set the watch via BLE (Bluetooth Low Energy) commands/requests.
The tools I am using are: (sorry no link I am too new)
nRF Connect for Android by Nordic Semiconductor from the Play Store
Wireshark desktop (Windows/Mac) from the official website
The official "G-Shock Connected" Android app from the Play Store
And adb that can be found in the Android platform tools (by default in "C:\Users\usrname\AppData\Local\Android\Sdk\platform-tools")
Your phone does not need to be rooted but needs the Developer options enabled.
1 Discover the services offered by the G-Shock
I am using nRF Connect installed from the Play Store to scan for BT devices.
Long-press the (C) (bottom left) button on the B5600 to enable BT on the watch.
Hit Scan in nRF and search for "CASIO GW-B5600" and tap it to show the following details:
Code:
Device BT Name: CASIO GW-B5600
Device BT Address: [B]EB:1C:FF:90:C2:34[/B]
Offered services: 0x1801 Generic Attribute
0x1800 Generic Access
0x2A00 (R) Device Name
0x2A01 (R) Appearance
0x1804 Tx Power
0x2A07 (R) Tx Power Level
0x26EB00 0D Unknown Service
(UUID 0x2902 for all)
[B]0x26EB002C (W*) Custom Service #2C[/B]
[B]0x26EB002D (NW) Custom Service #2D[/B]
0x26EB0023 (NW) Custom Service #23
0x26EB0024 (NW*)Custom Service #24
(R) is read only (W) write (W*) write no response (N) notify.
The important information has been set in bold: the BT address that we will use to analyze the packets, and the 2 services that I called #2C and #2D that are used by the official G-Shock app to get and set info from/to the watch.
2 Enable Bluetooth traces on the phone
After that, open the phone Developer options > Enable Bluetooth HCI snoop log.
Or use the USB debugging mode, plug the phone to the computer and type the following command in a prompt:
Code:
adb shell settings put secure bluetooth_hci_log 1
To know where the BT traces will be stored, type the following command:
Code:
adb shell cat /etc/bluetooth/bt_stack.conf
and look at the line starting with 'BtSnoopFileName=' to locate the BT log files.
3 Capture BT activity and save the logs on computer
Install and run the "G-Shock Connected" app on your phone from the Play Store.
Do manipulations between the watch and the app, take note of the time you make them.
Then plug the phone and type:
Code:
adb pull /data/log/bt/btsnoop_hci*.log
Note: the place and name of the logs are for my Huawei Mate 10. You will need to adapt the path with the one you got at step 2.
4 Analyze the BT traces in Wireshark
Open Wireshark and drag and drop one of the "btsnoop_hci*.log" files pulled to the computer onto the program.
Add a filter on the G-Shock BT address we got from nRF Connect at step 1:
Code:
bluetooth.addr==EB:1C:FF:90:C2:34
And hit enter to see the BLE activity on the watch.
Now the fun (or the boring part, it depends ) begins... Understanding the BT requests/answers (get info) and BT commands (set info)!

In Wireshark, the important information for each BT frame are contained in the fields
Bluetooth Attribute Protocol > Handle > UUID
and in Bluetooth Attribute Protocol > Value
The very first -easiest- command I was able to identify is the one to Get and Set the Home City and the 5 World Time (WT) Cities.
When you analyse the BT packets, you can see the name of the cities written in all letters in the Value field:
Code:
0000 1f 01 48 4f ..HO
0010 4e 47 20 4b 4f 4e 47 00 00 00 00 00 00 00 00 00 NG KONG.........
We can observe that to GET the Home City, we send a Write command with the value 1F00 to the service 0x26EB002C (aka Custom Service #2C). In return, we will receive a notification through the service 0x26EB002D (aka Custom Service #2D) containing an echo of the Command ID (1F00) followed by the name of the Home City in upper-case (e.g. "PARIS").
To SET the Home City is just as easy: we send a Write request to the service 0x26EB002D (Custom Service #2D) with the value 1F00 followed by the name of the new Home City on 18 Bytes (e.g. "PARIS"), tailed with 0x00.
GETting and SETting the 5 World Time Cities is very similar: you only need to use the Command IDs 1F01 to 1F05...

The next command I reverse engineered is the one to set the date and time.
I started to search for the hexadecimal value "07 E4" in the traces (2020 in decimal = the current year). The search returned zero result... If finding a WORD (value encoded on 2 bytes) in big endian* fails, you gotta try searching it in little endian* so I did another search for "E4 07" this time, and bingo! It appears in a SET command starting with the ID 0x09.
* search Wikipedia for "Endianness"
The full structure of the binary value is:
Code:
([B]09[/B]) YYYY MM DD HH mm ss ?? ?? 01 ?? ?? is the milliseconds in big endian(?)
[B]Mon.13-JAN (15:54:10) traces[/B]
([B]09[/B]) E4 07 01 0D 0F 36 0B 01 F2 01 --> 2020-01-13 15:54:11 (,498?)
[B]Wed.15-JAN (15:29:27) traces[/B]
([B]09[/B]) E4 07 01 0F 0F 1D 1E 03 44 01 --> 2020-01-15 15:29:30 (,836?)
You can notice there's a difference in the trace timestamp and the time sent, respectively 1 second and 3 seconds. That is quite normal: I disabled the time synchronization in the watch settings, so the watch time can deviate from the atomic time by a few seconds (the user guide states a tolerance of +/- 15s per month average).

Hey, did you ever manage to get any further with this @mougino ? I've also got one of these watches, and have been playing around with the BLE connection to it. I've managed to successfully set the alarm times and on/off state – but so far haven't had any luck with setting the actual time. I tried writing with the op-code you suggested of 0x09, but it doesn't seem to actually do anything for me.

Up its interesting.

Hope somebody can help me. I'm having trouble getting/setting time on my Casio GW-B5600BC-2BJF. I can get and Set most other things like alarms, home city, etc using the #2D command (Characteristic: 26eb002d-b012-49a8-b1f8-394fb2032b0f), but when I try to set the time, it has no effect. The command does not complain, but does not change the time. Should I be using a different characteristic? Here are supported BLE services on my watch:
[CD:85:24:01:62:17][LE]> connect
Attempting to connect to CD:85:24:01:62:17
Connection successful
[CD:85:24:01:62:17][LE]> characteristics
handle: 0x0003, char properties: 0x02, char value handle: 0x0004, uuid: 00002a00-0000-1000-8000-00805f9b34fb
handle: 0x0005, char properties: 0x02, char value handle: 0x0006, uuid: 00002a01-0000-1000-8000-00805f9b34fb
handle: 0x0008, char properties: 0x02, char value handle: 0x0009, uuid: 00002a07-0000-1000-8000-00805f9b34fb
handle: 0x000b, char properties: 0x04, char value handle: 0x000c, uuid: 26eb002c-b012-49a8-b1f8-394fb2032b0f
handle: 0x000d, char properties: 0x18, char value handle: 0x000e, uuid: 26eb002d-b012-49a8-b1f8-394fb2032b0f
handle: 0x0010, char properties: 0x18, char value handle: 0x0011, uuid: 26eb0023-b012-49a8-b1f8-394fb2032b0f
handle: 0x0013, char properties: 0x14, char value handle: 0x0014, uuid: 26eb0024-b012-49a8-b1f8-394fb2032b0f
[CD:85:24:01:62:17][LE]>
Here is the command I'm sending:
Wrote to characteristic 26eb002d-b012-49a8-b1f8-394fb2032b0f | value: 0x09 E6 07 03 19 0B 29 07 05 4F 01
Thanks in advance.

seanlano said:
Hey, did you ever manage to get any further with this @mougino ? I've also got one of these watches, and have been playing around with the BLE connection to it. I've managed to successfully set the alarm times and on/off state – but so far haven't had any luck with setting the actual time. I tried writing with the op-code you suggested of 0x09, but it doesn't seem to actually do anything for me.
Click to expand...
Click to collapse
Same here. Did you resolve this? See my message above. Thanks.

izivkov said:
Same here. Did you resolve this? See my message above. Thanks.
Click to expand...
Click to collapse
Nah I kind of dropped it, and haven't picked it up again for quite a while. I'd love to get it working though!

seanlano said:
Nah I kind of dropped it, and haven't picked it up again for quite a while. I'd love to get it working though!
Click to expand...
Click to collapse
OK, I will let you know if I figure it out.
Just curious, are you wring an Android app for the watch?

izivkov said:
OK, I will let you know if I figure it out.
Just curious, are you wring an Android app for the watch?
Click to expand...
Click to collapse
I was planning on having something running on a Raspberry Pi Zero W – I can program, but I've never made an Android app. My plan was to do something in Python, ideally having the Pi Zero running somewhere in my bedroom so that the Casio watch can do the time synchronisation at night. If I can get that working I'd also thought about setting some alarms and reminders for the day ahead, like maybe connect it to a calendar and put any important events into the reminders function of the watch, things that the existing Casio app can't do. An Android app would be a better way of doing this, but I figured I'd get it working in Python first since it's faster for me.

Ok, thanks for the info.
I more or less figured out how to set the time. It involves setting the DST for all world locations first. I guess makes sense, since the casio will update the time for all locations. I still don't understand some things so I will need to figure it out first, and I can share if you are interested.
I am working on an open source Android app to integrate the Casio watch with Google services on android, such as calendar and Alarm ckock. It will not replace the official app. I have been working on this app for about a month now, and got the alarms and now the time setting working. I think the callender integration will be the most challenging, since I don't know what the data means to Casio.
Currently the github is private, because it is WIP, but I will make it public when it is ready.

That would be very cool! I'll be happy to do some beta testing if you end up getting to that stage. Good luck!

@seanlano I have the basic app running, except for the reminders. If you like to try it, here is the github:
GitHub - izivkov/CasioGShockSmartSync
Contribute to izivkov/CasioGShockSmartSync development by creating an account on GitHub.
github.com
It is private, so not sure if you can access it, so let me know.
If you don't want to bother building the APK, I have put it on on my Google drive:
Google Drive: Sign-in
Access Google Drive with a Google account (for personal use) or Google Workspace account (for business use).
drive.google.com
I'm curious to see if for you the local time works properly, and the battery level is correct. Where are you located?
Of course, use at your own risk. It might screw up some settings on your watch. In that case, you may have to reset it like this:
Google Drive: Sign-in
Access Google Drive with a Google account (for personal use) or Google Workspace account (for business use).
drive.google.com
Ivo

izivkov said:
I'm curious to see if for you the local time works properly, and the battery level is correct. Where are you located?
Click to expand...
Click to collapse
Hey @izivkov, I tried it out and it seems to mostly work!
The time setting worked correctly (I made sure by manually setting the time to be very wrong, and your app brought it back to the correct time). The home time zone (Sydney) was correct too.
However, the battery level didn't work – the Casio app shows my watch at 100% but your app shows only maybe 20%.
The alarms worked well too, although I found that any time I set the alarms it turns off the hourly signal, and the app doesn't have a way to turn it back on (this isn't a big deal though, since it's only a couple of buttons to press on the watch).
Keep up the good work!

seanlano said:
Hey @izivkov, I tried it out and it seems to mostly work!
The time setting worked correctly (I made sure by manually setting the time to be very wrong, and your app brought it back to the correct time). The home time zone (Sydney) was correct too.
However, the battery level didn't work – the Casio app shows my watch at 100% but your app shows only maybe 20%.
The alarms worked well too, although I found that any time I set the alarms it turns off the hourly signal, and the app doesn't have a way to turn it back on (this isn't a big deal though, since it's only a couple of buttons to press on the watch).
Keep up the good work!
Click to expand...
Click to collapse
Hey, thanks for the feedback.
- I did not notice the hourly signal setting and will fix it. Possibly add a setting to the app to turn it on/off.
- For the battery level, I was not sure I was getting the right value, but for me seemed to be about right. Obviously, should look at other ways to set it.
- I'm working on Calendar events integration with Watch's reminders, and when I finish this and fix these issues you mentioned I will have another version and will let you know.
Cheers

izivkov said:
Hey, thanks for the feedback.
- I did not notice the hourly signal setting and will fix it. Possibly add a setting to the app to turn it on/off.
- For the battery level, I was not sure I was getting the right value, but for me seemed to be about right. Obviously, should look at other ways to set it.
- I'm working on Calendar events integration with Watch's reminders, and when I finish this and fix these issues you mentioned I will have another version and will let you know.
Cheers
Click to expand...
Click to collapse
Hay, thanks for starring my github. I moved the code to another repository: https://github.com/izivkov/CasioGShockPhoneSync, which is now public. Feel free to star the new one. ;-)
Basically, I added Google calendar event support, and fixed the issue with hourly chime getting reset. Still cannot figure out how the battery level is read. I get a value using command 0x28, but the value does not make sense. I get back something like 0x28 0x0f 0x17 0x00 for about 25% charged battery, and 0x28 0x13 0x19 0x00 for almost fully charged one. I think I will disable the battery icon until I can figure what is going on.
Anyway, adding some documentation now. Hope other people can contribute to this project and possibly support more watch models.

I'm a bit stuck. I'm trying to detect the difference between GW-B5600 long-press lower left button and short-press lower-right button as far at connection to the Android device is concerned. The app on the phone should be able to tell the difference, becase the official app acts differntly when the right button is pressed, i.e. sets the current location. This does not happen for left-button connection. But the data sent to the phone from the watch is identical. If somebody has figured this out, please let me know.

For those who are interested in how to communicate with the Casio G-Shock 5600 BT watches, here is the latest github I created:
GitHub - izivkov/CasioGShockSmartSync
Contribute to izivkov/CasioGShockSmartSync development by creating an account on GitHub.
github.com
And you can get the android app on PlayStore:
Casio G-Shock Smart Sync - Apps on Google Play
Add Smart functions to your Casio G-Shock Bluetooth (B5600, B5000, B2100) watch.
play.google.com
Enjoy

I've been working on a very similar app but for a slightly different Casio model. I'm not very familiar with the BLE and getting to a point where I'd happily pay someone for investigating the communication.
Would anyone be willing to figure it out?

drunkenHiker said:
I've been working on a very similar app but for a slightly different Casio model. I'm not very familiar with the BLE and getting to a point where I'd happily pay someone for investigating the communication.
Would anyone be willing to figure it out?
Click to expand...
Click to collapse
Sure, I can take a look. You can contact me by email directly at [email protected], or better still you can post to the github repository:
izivkov/CasioGShockSmartSync · Discussions
Explore the GitHub Discussions forum for izivkov CasioGShockSmartSync. Discuss code, ask questions & collaborate with the developer community.
github.com