reverse engineering: communication

update: here somebody successfully communicated with the device:

https://pushstack.wordpress.com/2018/01/25/voltcraft-sem-3600bt-who-needs-security/

das geraet benutzt die low-energy variante die bei BT 4.0 spezifiziert ist, und nicht zu aelteren bluetooth-interfaces kompatibel ist: http://en.wikipedia.org/wiki/Bluetooth_low_energy

(es erscheint etwas witzlos, bei einem geraet das per definition am aus dem stromnetz versorgt wird, das low-energy profile zu verwenden, das fuer batteriebetriebene geraete entwickelt wurde… die verlustleistung des netzteils ist damit sicher deutlich hoeher, als der verbrauch des geraetes…)

# hcitool lescan
LE Scan ...
D0:FF:50:7A:73:6C (unknown)
D0:FF:50:7A:73:6C WiT Power Meter
# gatttool -b D0:FF:50:7A:73:6C --primary
attr handle = 0x0001, end grp handle = 0x000b uuid: 00001800-0000-1000-8000-00805f9b34fb
attr handle = 0x000c, end grp handle = 0x000f uuid: 00001801-0000-1000-8000-00805f9b34fb
attr handle = 0x0010, end grp handle = 0x0019 uuid: 0000fee0-494c-4f47-4943-544543480000
attr handle = 0x001a, end grp handle = 0xffff uuid: 0000180a-0000-1000-8000-00805f9b34fb
# gatttool -b D0:FF:50:7A:73:6C --characteristics
handle = 0x0002, char properties = 0x02, char value handle = 0x0003, uuid = 00002a00-0000-1000-8000-00805f9b34fb
handle = 0x0004, char properties = 0x02, char value handle = 0x0005, uuid = 00002a01-0000-1000-8000-00805f9b34fb
handle = 0x0006, char properties = 0x0a, char value handle = 0x0007, uuid = 00002a02-0000-1000-8000-00805f9b34fb
handle = 0x0008, char properties = 0x08, char value handle = 0x0009, uuid = 00002a03-0000-1000-8000-00805f9b34fb
handle = 0x000a, char properties = 0x02, char value handle = 0x000b, uuid = 00002a04-0000-1000-8000-00805f9b34fb
handle = 0x000d, char properties = 0x20, char value handle = 0x000e, uuid = 00002a05-0000-1000-8000-00805f9b34fb
handle = 0x0011, char properties = 0x12, char value handle = 0x0012, uuid = 0000fee1-494c-4f47-4943-544543480000
handle = 0x0014, char properties = 0x1a, char value handle = 0x0015, uuid = 0000fee2-494c-4f47-4943-544543480000
handle = 0x0017, char properties = 0x1a, char value handle = 0x0018, uuid = 0000fee3-494c-4f47-4943-544543480000
handle = 0x001b, char properties = 0x02, char value handle = 0x001c, uuid = 00002a23-0000-1000-8000-00805f9b34fb
handle = 0x001d, char properties = 0x02, char value handle = 0x001e, uuid = 00002a24-0000-1000-8000-00805f9b34fb
handle = 0x001f, char properties = 0x02, char value handle = 0x0020, uuid = 00002a25-0000-1000-8000-00805f9b34fb
handle = 0x0021, char properties = 0x02, char value handle = 0x0022, uuid = 00002a26-0000-1000-8000-00805f9b34fb
handle = 0x0023, char properties = 0x02, char value handle = 0x0024, uuid = 00002a27-0000-1000-8000-00805f9b34fb
handle = 0x0025, char properties = 0x02, char value handle = 0x0026, uuid = 00002a28-0000-1000-8000-00805f9b34fb
handle = 0x0027, char properties = 0x02, char value handle = 0x0028, uuid = 00002a29-0000-1000-8000-00805f9b34fb
# gatttool -b D0:FF:50:7A:73:6C --char-desc
handle = 0x0001, uuid = 00002800-0000-1000-8000-00805f9b34fb
handle = 0x0002, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0003, uuid = 00002a00-0000-1000-8000-00805f9b34fb
handle = 0x0004, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0005, uuid = 00002a01-0000-1000-8000-00805f9b34fb
handle = 0x0006, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0007, uuid = 00002a02-0000-1000-8000-00805f9b34fb
handle = 0x0008, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0009, uuid = 00002a03-0000-1000-8000-00805f9b34fb
handle = 0x000a, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x000b, uuid = 00002a04-0000-1000-8000-00805f9b34fb
handle = 0x000c, uuid = 00002800-0000-1000-8000-00805f9b34fb
handle = 0x000d, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x000e, uuid = 00002a05-0000-1000-8000-00805f9b34fb
handle = 0x000f, uuid = 00002902-0000-1000-8000-00805f9b34fb
handle = 0x0010, uuid = 00002800-0000-1000-8000-00805f9b34fb
handle = 0x0011, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0012, uuid = 0000fee1-494c-4f47-4943-544543480000
handle = 0x0013, uuid = 00002902-0000-1000-8000-00805f9b34fb
handle = 0x0014, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0015, uuid = 0000fee2-494c-4f47-4943-544543480000
handle = 0x0016, uuid = 00002902-0000-1000-8000-00805f9b34fb
handle = 0x0017, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0018, uuid = 0000fee3-494c-4f47-4943-544543480000
handle = 0x0019, uuid = 00002902-0000-1000-8000-00805f9b34fb
handle = 0x001a, uuid = 00002800-0000-1000-8000-00805f9b34fb
handle = 0x001b, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x001c, uuid = 00002a23-0000-1000-8000-00805f9b34fb
handle = 0x001d, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x001e, uuid = 00002a24-0000-1000-8000-00805f9b34fb
handle = 0x001f, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0020, uuid = 00002a25-0000-1000-8000-00805f9b34fb
handle = 0x0021, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0022, uuid = 00002a26-0000-1000-8000-00805f9b34fb
handle = 0x0023, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0024, uuid = 00002a27-0000-1000-8000-00805f9b34fb
handle = 0x0025, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0026, uuid = 00002a28-0000-1000-8000-00805f9b34fb
handle = 0x0027, uuid = 00002803-0000-1000-8000-00805f9b34fb
handle = 0x0028, uuid = 00002a29-0000-1000-8000-00805f9b34fb
# for x in $(seq 1 40) ;do gatttool -b D0:FF:50:7A:73:6C --char-read -a $x | sed s,.*:,$x:\ ,;sleep .05 ; done
01:  00 18
02:  02 03 00 00 2a
03:  57 69 54 20 50 6f 77 65 72 20 4d 65 74 65 72 "WiT Power Meter"
04:  02 05 00 01 2a
05:  00 00
06:  0a 07 00 02 2a
07:  00
08:  08 09 00 03 2a
09: Characteristic value/descriptor read failed: Attribute can't be read
0A:  02 0b 00 04 2a
0B:  50 00 a0 00 00 00 e8 03
0C:  01 18
0D:  20 0e 00 05 2a
0E: Characteristic value/descriptor read failed: Attribute can't be read
0F:  00 00
10:  00 00 48 43 45 54 43 49 47 4f 4c 49 e0 fe 00 00
11:  12 12 00 00 00 48 43 45 54 43 49 47 4f 4c 49 e1 fe 00 00
12:  00
13:  00 00
14:  1a 15 00 00 00 48 43 45 54 43 49 47 4f 4c 49 e2 fe 00 00
15:  23 03 42 00 00 00 00 00 00 10 00 00 05 00 87 00 00 00 00
16:  00 00
17:  1a 18 00 00 00 48 43 45 54 43 49 47 4f 4c 49 e3 fe 00 00
18:  00
19:  00 00
1A:  0a 18
1B:  02 1c 00 23 2a
1C:  6c 73 7a 00 00 50 ff d0
1D:  02 1e 00 24 2a
1E:  57 49 54 20 45 31 30 30 00
1F:  02 20 00 25 2a
20: 53 4e 3a 20 30 30 30 30 30 30 00 "SN: 000000"
21:  02 22 00 26 2a
22: 46 2f 57 3a 20 56 30 31 2e 33 32 00 "F/W: V01.32"
23:  02 24 00 27 2a
24: 48 2f 57 3a 20 56 30 30 2e 30 30 00 "H/W: V00.00"
25:  02 26 00 28 2a
26: 53 2f 57 3a 20 56 30 30 2e 31 31 00 "S/W: V00.11"
27:  02 28 00 29 2a
28: 57 69 74 74 65 63 68 20 43 6f 6d 70 61 6e 79 20 4c 74 64 2e 00 "Wittech Company "
48 43 45 54 43 49 47 4f 4c 49 "HCETCIGOLI"