1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
# BLE WB3S nebula galaxy projector
The goal of this project is to create a firmware and possibly an app to control a cheap "YESLUSY LED Star Light" over BLE. This device ships with the WB3S chip (BK7231T) and unfortunately the tuya firmware.
# Why?
Because we can ^^
I don't like the idea to connect to a cloud just to switch the lights of the galaxy. And I also don't like to use ESPHome or something similar for something which I want to control just locally.
# Alternative
There is a ESPHome version for these chips, if you want something which connects to your smart home this is a way better alternative.
# Project status
Currently, nothing to see :D
# Contributions
Are welcome, just create a PR :)
# How to build
Download and patch the beken SDK
```bash
make sdk_install
```
Build the BLE example:
```bash
make
```
# Dump complete flash and get config
```bash
pipx install "bk7231tools[cli]"
bk7231tools read_flash -d /dev/ttyUSB0 -s 0 -l 0x200000 dumpv2.bin
bktools dissect_dump -e -O dump_extract_dirv2 dumpv2.bin
```
interesting output is this config
```json
{
"Jsonver": "1.1.0",
"b_lv": 0,
"b_pin": 26,
"brightmax": 100,
"brightmin": 10,
"c_lv": 0,
"c_pin": 8,
"cmod": "rgbcw",
"colormax": 100,
"colormin": 10,
"ctrl_lv": 0,
"ctrl_pin": 7,
"cwmaxp": 100,
"cwtype": 0,
"defbright": 80,
"defcolor": "b",
"deftemp": 100,
"dmod": 0,
"g_lv": 0,
"g_pin": 24,
"module": "WB3S",
"onoffmode": 1,
"pmemory": 1,
"pwmhz": 1000,
"r_lv": 0,
"r_pin": 9,
"rstbr": 80,
"rstcor": "b",
"rstmode": 0,
"rstnum": 3,
"rsttemp": 100,
"title20": 0,
"w_lv": 1,
"w_pin": 6,
"wfcfg": "spcl"
}
```
# Flashing
I followed the original authors and used the outdated "hid_download_py".
The version I used is this one:
https://github.com/OpenBekenIOT/hid_download_py/tree/master
I sodered the TX and RX testpads and used the already evaluated GND and VCC (3,3) and connected it to a cheap TTL to USB adapter. You don't need to connect RST. It is possible to just disconnect VCC for a short period of time if the flashing tool waits for
```bash
Getting Bus...
```
First of all let's dump the current firmware
```bash
uartprogram -d /dev/ttyUSB0 -r ./dump-fw.bin
```
Afterwards we are able to flash our own firmware with
```bash
uartprogram -d /dev/ttyUSB0 -w ./build/images/ble_tst/0.0.2/ble_tst_UA_0.0.2.bin
```
## TODO:
Try to use ltchiptool.
# Acknowledging
The BLE reverse engineering and the initial stack are taken from this blog post.
https//www.elektroda.com/rtvforum/topic3989434.html\#20742145
The doc/notes.pdf is from the original authors with the following note:
```
Finally, while all the code by the author(s) is licensed under GPLv3, other code used in building the final project
may be licensed under different terms and it is the responsibility of the reader to ensure compliance with
the terms of each license before proceeding."
```
|
