I take the time to refine mine to make a bit more sexy !
I show you the ugly part too : (I'm a little proud)
So !!!! are you ready ?
We have to test it a bit before trying to upload some cool stuff in it.
First you can play a little with the PSTool. But I prefer command line.
Saving your own firmware :
You can find in the Bluelab/Tools/bin directory, a tool to make a extraction of the firmware.
You can download your firmware with the following command :
BlueFlashCmd -DUMP my_saved_firmware
The BlueFlashCmd should create in your current directory, two files called my_saved_firmware.xdv and my_saved_firmware.xpv.
Take care of these files, they can be useful if you missed something in the next steps.
If you don't manage to extract these files, DO NOT PROCEED FURTHER. I have to make a little disclaimer, i will not be responsible if you broke your bluetooth module, please be careful, don't do thing you don't understand. Ask me before if you have any doubt.
Saving your personal bluetooth module parameters :
One another cool program is pscli.exe. CSR firmware contains some special parameters that can be dump, upload, modify by pscli.exe and PSTool.exe.
I will not describe each PSKEY as you can have useful information via PSTool.
pscli.exe can extract a set of PSKEY by passing PSKEY queries in a config file.
The goal is to save your bluetooth UUID and some crystal calibration data to restore them after the firmware download.
You have to know that downloading my firmware to your module will make a perfect copy of my module. So if you planned to make several HC05 modules you have to make them unique if you want to pair them together.
The PSKEY query file (data.psq) is made like this :
// PSKEY_BDADDR
?0001=
// PSKEY_ANA_FTRIM
?01f6=
// PSKEY_ANA_FREQ
?01fe=
Each line starting by a ? is a query to grab the corresponding PSKEY stored in your module.
You can invoke the following command to stored those PSKEY in your computer :
pscli query data.psr data.psq
Some explanations ? Be careful ! 3 parameters :
- 1st parameter : The command query
- 2nd parameter : The response file
- 3rd parameter : The query file
Do you see it ? you have to pass the the output file (data.psr) before the input file (data.psq). If you change this order, you will delete the psq file :-/
You can check the data.psr file to verify that you manage to get these PSKEY with your text editor.
Flashing another firmware :
Flashing the firmware, you can simply invoke that command :
BlueFlashCmd HC05
please notice that you should have the following HC05.xpv and HC05.xdv files in your current directory.
Be patient and take care that everything is working well.
Restoring your personal data :
At this point you have a perfect copy of my own module.
You had to restore your Bluetooth address and crystal factory setting to your module.
This can be done with this command :
pscli merge data.psr
The data.psr file is the one that you created before.
Et voilĂ !!!
Please don't hesitate to comment this post if you have any question. You would be gentle to share this information if it helps you.
And don't forget to donate if you want to thank me !
Google Drive
4shared
Did you make somekind of socket for the module?, could you post the picture of it, I'd like to create something similar. Nice job!
ReplyDeleteSince I ordered 20 modules for my job, I make this programmer to reflash them without having to solder them.
ReplyDeleteI'm making a post to answer to your request !
Hi Byron
ReplyDeleteI found the information in your Blog really helpful. Many thanks for the help and advice.
I had to use Google chrome to leave a comment, explorer would not let me.
Gordon Millar
Hi!
ReplyDeleteLPT ports are not very common these days. I have doubts that USB LPT will not work with these tools. I can't think of an easy way to make this without LPT port and I'm not good with OS drivers programming. Can you think of some virtual LPT driver that streams LPT through RS232 for example. I can put a FT232 and a MCU to output it to parallel port.
Also some timings would be great. What is the clock frequency of SPI when programming.
And thanks again for all the shared info!
I know. I wonder if a usb to lpt adapter will do the job with a bridge lpt driver but I not sure.
ReplyDeleteConcerning timings, I think that it isn't very quick since it's driven by LPT outputs... I will make some capture with my OLS sniffer.
The fact is that I want to make Firmware developpement with the CSR SDK, but i' m don't have a PC with LPT port at home... I can only make some quick experiment during my job time...
with deal extreme PL-2303 usb to serial converter there is a program "SetCOM.exe" which changes "name" of the com port, so it's accessible via "com1". I wander is there a program like this for LPT port. I'm not sure if it actually change the address of port or only name under windows and I don't know if CSR tools use windows name or low level access (port io)...
ReplyDeleteI was in the same boat as you guys with Lacking a LPT Port. I bought a USB2LPT (http://www-user.tu-chemnitz.de/~heha/bastelecke/Rund%20um%20den%20PC/USB2LPT/index.html.en) and only to find that the flashing software refuses to use it =[
ReplyDeleteI ended up setting up an old PC that had a parallel port and used remote desktop so I could flash the firmware on my bluetooth modules
First, a big thanks for gathering all this information about the CSR BC417, it's been frustrating without.
ReplyDeleteI bought a couple of BC417 from ebay, and got the HC06 firmware on it. I want to upgrade (downgrade?) to HC05, but got a bit sad when i only saw the LPT interface and you saying it's needed when using the CSR BlueSuite. But reading the 2.4 manual from CRS, it does say it supports an USB-SPI approach. Can you clear this up for me?
Thanks a million,
/Johan
I know that this device cost about 3000$...
ReplyDeleteI don't manage to find information of such device !
Maybe we can explore the driver souce code to reverse engineering it... It could be a way to make a clone for our purpose !
I was hoping https://www.adafruit.com/products/46 would be the solution. And it's $22
ReplyDeleteOr have i misunderstood something here?
/johan
I'm sorry but if you don't have a device that work with CSR dlls, it have no chance to work for flashing or debugging your module
ReplyDeleteHello,
ReplyDeletecould you please inform us what OS did you use? I've just discovered your blog, because my second order from eBay included modules with older firmware and I need full AT command set.
I have a PC with parallel port, device manager sees it as LPT1, but software can't find any port :/
The cause could be Windows 7.. i tried with 64 bit, 32 bit, still nothing. Tomorrow i will try to find some PC with XP, hopefully it will work :/
mato
Hi,
ReplyDeletefirst thank you for this great blog.
After weeks not successful with windows 7 64bit I finally gave up. Went to chcek if this works on old computer- running windows XP(32bit). No problems, all worked like a charm. Thank you once again, you made my day!
Oh cool if you have success with that tutorial. I gave up Microsoft os after Windows xp... No Vista, no seven for me. I switch to ubuntu few years ago and when I have no way to do things on Linux, I try on xp...
ReplyDeleteThanks for all the work. Helped a great deal.
ReplyDeleteConcerning developing an alternative updater: I have a logic analyzer (Saleae Logic) and did some dumps of the protocol. Doesn't seem that complicated on the first look. If anyone wants to analyze it I could dump the whole update process and upload it somewhere.
I could think about some AVR assisted update procedure. Maybe this is a common update protocol? I would most certainly help developing such a tool at some point, just not now and not alone either. :)
It could be awesome.
ReplyDeleteMaybe we can grab some useful information in technical notes on CSR website.
Could you share your dump and data with us? I can probably convert this in sequences with some scripts.
Another missing is to understand the debugger protocol for developing custom firmware. I'm testing some development for further cool stuff and it will be awesome to manage to do this with open tools and USB interface since i don't have pc with LPT port at home
Gentlemen, one question:
ReplyDeleteDid any one of you managed to connect to BC4 module when in commands response mode? According do datasheet, with AC+INQ the module will search around and reply with addresses of available bluetooth appliances. But i never managed to see any. I can see the bluetooth module only when i am not in commands response mode.
Thank you
Oh, nevermind, silly me. If ound out, that putty works too, but not as good as it should.
ReplyDeleteTo all trying to communicate with those BT modules - it is ABSOLUTELY IMPORTANT to use good serial console on PC side, such as Arduino's Serial Monitor. As Byron said, modules need both CR and LF (also called NL-newline and CR-carriage return) to function properly.
If you use putty, it looks like that it sends both those endline characters, but in a different order. Therefore, BT module replies not with one OK, but with endless line of OKs, until you press Enter one more time.
It works for most commands, but when using inquiry command or init command, there could be a problem and you will never see devices around you.
So, for trying on Windows PC, Serial Monitor from Arduino is the best.
Good luck :)
Ok, I did some more dumps and zipped them up. Have fun! http://farthen.de/?p=131
ReplyDeleteOK !!!
ReplyDeleteI'm downloading your dump.
I will take a look and seek for information on CSR website !
I already looked on the CSR website if there is a protocol spec up. I didn't find any. But TBH replaying this protocol should do the trick for the most part. The beginning sequence is always the same for example. What I find a bit confusing is that the computer actually repeats each cmd multiple times. I'm wondering if this is required or just some stupid safety thing they've built in.
ReplyDeleteLove the work you have done here, I can't get the software to work on Windows 7 either!
ReplyDeleteHi, I'm trying to reproduce what you have done here but the BlueFlashCmd always says "Couldn't find LPT port" - I've tried this under Windows XP and Windows 7 (which I expect wont work!)
ReplyDeleteWhat version of the program are you using?
Thanks
BlueLab 4.1 !
ReplyDeleteMaybe you have to check some options in your Bios to enable EPP options
Is your module powered (3.3V) ?
ReplyDeleteThat was quick thanks!
ReplyDeleteI'm using 3.3v.
I don't have the BlueLab software, only the BlueSuite which you linked to in a previous post. The folder c:\Bluelab/Tools/bin does not exist on my machine, but the blueFlashCmd is version 2.4, found in "c:\program files\bluesuite 2.4\"
Strange, I just installed an older version of BlueSuite (v1.24) and now the BlueFlashCmd reports "Error detecting chip type" - at least thats some progress! Must be an issue with the programmer.
ReplyDeleteMy apologies... my brain has failed !!!
ReplyDeleteThe current version of the blueflashcmd.exe is V2.4. The one provides by the BlueSuite V2.4 SDK
i have no problems to program module with windows 7, another pc with windows xp doesnt work(pstool cant see LPT port). so i think its hardware thing, chipset driver or something like that if lpt port isnt detected.
ReplyDeletei must set ECP mode from bios to get it working.
^^ could you tell us your motherboard model?
ReplyDelete@farthen :
ReplyDeletei'm currently work on your dump ! could you please share the psi query/merge input and output files ?
maybe your firmware dump ...
Thanks for your instructions on this Byron, I've flashed my old HC04 chip into the firmware you provided no problems. I even just used a breadboard circuit to do this!
ReplyDeleteDo you know any good instruction sites for using the HC05 in master mode? I can get it to switch and connect to another device as a master but it seems very unreliable.
@Byron: Sure, here they are: http://farthen.de/files/BT%20modules%20dump%20files.7z
ReplyDelete@ms: working one is compaq pc with FIC AM37 motherboard.
ReplyDeletebad one is Asus A7V8X-X motherboard
@Farthen; could you please redo the pscli query capture request with your sniffer and send me the csv !
ReplyDeleteI made a awk script to have the complete sequence of instructions but it seems that some of your capture have some missing edge on CLK ...
Some times the MISO pin is driven low without been preceded by a CLK low edge...
for your saleae client the right configuration of the SPI plugin is CPOL=1 and CPHA =1.
ReplyDelete@Farthen: what about sharing ours e-mail address ?
@Byron I already shared mine. Just look at README.txt in my first archive :)
ReplyDeleteUnfortunately i can't access the module this weekend. So I can't dump anything till Monday :/
Have my SPI settings been wrong? I thought i already set the the right way once, must have been reset at some point.
@Byron Great tutorial! I am so excited to make everything I see bluetooth enabled (http://youtu.be/61a0qHFcQE4), anyways, I am trying to upgrade my firmware. Is it possible to do this with BlueCore Device Firmware Upgrade Wizard? I have it connected via Uart on my pc. Otherwise I have an old laptop with a basic LPT and an old desktop with EPP enabled. Both machines are giving me .Net framework errors when I try to connect via SPI. One machine has XP-FLP edition and the other is a 200mb install of XP, this is probably why I am having problems. Is there anyway to convert the saved HC-05 firmware as a .DFU file so we can use the wizard and a Com port? Otherwise I have to find a machine here that is new enough for .NET framework + have an EPP Compatible LPT port.
ReplyDeleteAnways, keep up the good work, and hopefully we can colaborate on creating some of our own custom firmware. Get these modules connected to iDevices.
Thanks,
Jon
Unfortunately the first firmware flash process it's only possible by spi connection. you had to make it work by LPT port...
ReplyDeleteAgain, amazing work Byron, and quick response! I found a machine and am doing a clean install of XP right now. So wish me luck. I'll be sure to keep you informed of my progress with these modules and what we can do with them.
ReplyDeleteThanks,
Jon
Good day!
ReplyDeleteI'm interested in experimenting with NFC (Near Field Communication) capabilities, that is declared for Bluetooth 2.1. I think, some of you here may be interested too :)
And CRS states for Blucore4:
Bluetooth® v2.0+EDR specification compliant (v2.1 upgradeable)
I wish I know more about how it is upgradeable, and how to use NFC then. Does anybody have any information on it?
Hi Byron,
ReplyDeleteI really like the case of your programmer. Could you take a close-up photo of the slot where the module goes in?
Thanks!
For sure... I have to finish my next post soon... Sorry for the huge delay...
ReplyDeleteCould you also explain a bit more on how you made your programmer? :)
ReplyDeleteHave two Modules with HC05 Firmware.
ReplyDeleteThey seem to have the same Bluetooth address.
My Computer "see" only one modul if both are powered.
I tried to change it with PSTool then my modul is not working anymore. How can I change the Bluettoth address?
Hello
ReplyDeleteyou can edit your data.psr and redo this command :
pscli merge data.psr
What's this regulator board you're using?
ReplyDeleteI keep getting the error
ReplyDelete"Couldn't find LPT port
Failed"
no matter how I set the LPT port (ECP with DMA1/DMA3, EPP and even ECP+EPP). I'm executing "CSR\BlueSuite 2.4\BlueFlashCmd.exe" -DUMP saved. Am I missing a dll that would allow direct access to the LPT port?
I'm running XP and now I have it set to EPP (Printer Port(LPT1), "Use any interrupt assigned to the port" is set as well as "Enable legacy Plug and Play detection").
Any help, guys?
if you cant select lpt port in pstool, try to run instparspi.bat(just doubleclick it) in bluesuite/drivers/win32 folder, boot your pc and try pstool again
ReplyDeleteThanks!
ReplyDeleteWill try as soon as I get home.
pstool worked just fine and I managed to flash the device with Byron's firmware.
ReplyDeleteThanks Byron76, this is great!
ReplyDeleteI was able to update the firmware following your instructions. Two remarks for dummies like me:
1) As it was told before in the comments, I like to confirm that Pstool.exe and BlueFlashCmd.exe won't work with the USB2LPT adapter from here http://www-user.tu-chemnitz.de/~heha/bastelecke/Rund%20um%20den%20PC/USB2LPT (yes I made one). You'll need a "real" parallel port.
2) If you are installing BlueLab make sure to select the last check box about installing the SPI driver, otherwise it won't find the device either.
hmm weird, after I played around with it, I get Timed out mesages from BlueFlashCMD. Any ideas?
ReplyDeletethe module still works with serial, AT command still says OK, or connecting to it.
I also can read PSTool's informations.
Still @ Linvor 1.5 and I already dumped the firmware to my pc, but when I try it again, it it says timed out even when trying uploading a new firmware :/
F:\Program Files\CSR\BlueSuite 2.4>BlueFlashCmd.exe -dump dump
blueflashcmd, version 2.4
Copyright (C) 2002-2011, Cambridge Silicon Radio Ltd.
Resetting XAP
Dumping flash contents:
Device 0: Timed out waiting for response.
100%
Error Device 0: Timed out waiting for response.
Failed
Hey,
ReplyDeleteI'm working on a Arduino sketch and Windows hook combo to flash these devices without having to buy any extra hardware. I've got it actually able to retrieve the chip ID, and begin a dump. However, the dump takes a god-awful long time, and extrapolated from the percentage and the time taken, I believe it might take over 2 hours.
Could anyone inform me of how long it normally takes over the LPT-SPI thing, so I know how much more I should attempt to optimize it ?
Hi, I'm doing something similar, I'v got a dump of the 1Mbit memory, but when I dump it seveal times and compare, i always have around 4-8 Unmatching bytes, any ideas?
DeleteOK, Well since Frans has disappeard, so far; I'd share my knowladge with the world:
DeleteFirst, CSR BlueCore 4EXT DataSheet states that an SPI reset is performed when CS is down; Frans's code seem to do otherwise.
In order to get Frans code to work u'd have to use the older version of BlueFlashCmd; I have one from 2008 and 2010; the 2010 Didn't seem to work; the spiplt.arduino showed signs that it working but eventually did nothing and right now I'm dumping using arduino.bitbang and it's downloading.
Frans's code is avialable: https://github.com/Frans-Willem/CsrSpiDrivers
AND IN ORDER FOR BLUEFLASHCMD 2 work u'll have to specify:
BlueFlashCmd.exe -TRANS "SPITRANS=LPT" -port -DUMP mydump
Few weeks earlier, I'v tried to implement something like this using arduino's SPI library & CSR BC datasheet; it seem to work, but I was getting lot's of validation errors back from the device; and when it DID worked, and I dumped the whole 1Mbyte; sequential readings of the whole flash turned out different result so I couldn't relay on it :(
Let's hope I finally figured it out.
hi !
DeleteI appreciate that you go on the frans job.
I'm waiting for a arduino nano board. I will take a deep look at your work because i need to debug CSR firmware using USB connection.
So I probably have to try to hack the 2010 spi dll used by the CSR SDK.
Do you try so send your patch to frans's github ?
I Dind't fixed it, the bitbang code works as-is :)
DeleteGreat Job Byron. Was happy to see this after my visite at DX.
ReplyDeleteAlso your programmer is looking great.
One question.
What type of connector did you use to connect to your BT-board to program?
I did look for pictures at farnell and other places.
i'm using spring-loaded ('pogo') pins. so i have a good contact without having to solder anything during firmware dump or debugging
ReplyDeleteThanks for all your articles! But I'm sure many people would appreciate more detailed instruction on how to make a "socket" for a module.
DeleteThe main problem here is small and rarely used pitch. I tried to take pins from standard .1" header and arrange them with 1.5mm pitch, that works for two pins, but nope, not for 4+ pins ;-). Then I wanted to take ready-made mail connector with needed pitch, but you simply can't find in local stores, on ebay, or in well-known online shops.
Hint about pogo pins is helpful, but you don't mean usual needle or round end shaped pins, right? Browsing thru ebay, I found this, and figured it would work here, but there is head diameter is whole 1.5mm! I guess, pogo pins with "flat fork" head shape would work here, but do such exist? And still, how to arrange them from at least 2 side is not clear.
So, any details are appreciated. Maybe worth a whole new post ;-).
Weird, I believe I posted a reply here, but somehow it lost... Anyway, can you please elaborate what kind of pogo pins you used? Also, IMHO the biggest problem is small and non-standard pitch of module's pad - 1.5mm, how did you go about it? Thanks.
Delete@Frans-Willem: firmware dump/write through lpt-spi take about 1 minute or less.
ReplyDeleteThanks Byron, the upgrade process worked for me also. I'm using Win7 x64, so I had to install a VMWare Player and a WinXP to be able to use BlueSuite, but he programmer worked like a charm.
ReplyDeleteOne more question to be short: if you have more modules have you ever tried to configure MORE THAN ONE of them as master and connect with those masters to a single slave (which is a USB bluetooth dongle on the PC) at the same time?
OK, for the long explanation, here it is: :)
I'd like to build a small star topology network with one Class 1 dongle (boosted with external antenna) and five HC-05 firmware modules for having five distinct SPP connections.
The modules should connect to the dongle and should be hidden otherwise. Is this feasible?
According to my current knowledge the normal bluetooth star topology (piconet) contains ONE master and multiple slave devices. But if I configure the HC-05 modules as slaves then these can be seen by and even can be paired to (!) other bluetooth devices (like a phone).
As I understand one of the key benefits of being a master that I can configure the module to automatically connect to a given slave address on power up. In this case the master module also can not be seen by anyone who tries to search the nearby bluetooth devices, so it's secure.
On the PC side I'm using BlueSoleil 8 bluetooth stack which is really comprehensive, so i hope it would handle multiple masters.
Thanks for any ideas.
As I understand if your module is master you should develop a slave client connection on the PC side...
DeleteI didnt't try to use those modules in master mode, so I can't really help you... Perhaps someone in the audience has an idea ?
Right now I'm using BlueSoleil 8 on the PC with a cheap Class 1 bluetooth dongle. When I configure the HC-05 module to be a master and I set the correct binded address for the connection (AT+BIND and AT+CMODE commands), then after I switch on the power of the module it connects to the PC promptly. It's really beautiful.
DeleteBeside of this automatic connection the sweet part is that in master mode the module can not be seen by anybody who's trying to search for nearby bluetooth devices.
There's no special settings on the PC side to establish the connection, only at the first connection attempt the authentication (pairing) code is needed but after that nothing.
My only problem is that I have only one module so I can't try this configuration out with two modules as masters and one PC slave. I hope as long as I configure enough serial ports on the PC all the masters should connect to one of them automatically upon power up.
It would be nice if anybody who have more than one module could try this and give feedback.
2 Frans-Willem:
ReplyDelete> I'm working on a Arduino sketch and Windows hook combo to flash these devices without having to buy any extra hardware. I've got it actually able to retrieve the chip ID, and begin a dump.
That's great news! Would you share the code/instructions?
As for the speed, yes, it would be expectable that it might work much slower than CSR's tools at first, and may require reimplementation and optimization to achieve anything comparable. As was told, with BlueFlash & LPT, dump takes few mins.
Yes, would definitely be willing to share code/instructions, but it's nowhere near actually complete or really usable. A flash takes about 2 hours.
DeleteFeel free to contact me through e-mail: http://www.hidetext.net/hide/1MOHuWl0Nu.gif
@Frans-Willem: i have designed own arduino board With built in bluetooth module. it would be nice to test your sketch when you get to finish it.
ReplyDeleteAre you using USB only as a source?
ReplyDeleteDoes anyone have a HCI-Firmware for this BC417 based Bluetooth Boards? Maybe someone has for example a rayson or bluegiga modul with that firmware and can extract it.
ReplyDeleteI assume you could use official CSR unified firmware published on csrsupport.com and set it to HCI mode.
ReplyDeleteMaybe... What is the goal of the HCI mode?
ReplyDeleteI think this mean that you can use them as a full flavour bluetooth device with the help of the bluetooth stack.
ReplyDeleteFor sure this is the meaning of such chip. But I think you have to do some work to create your own firmware.
ReplyDeleteI think you misunderstood me. HCI firmware opens a lot of new possibilities. For example, you could make a toy which is remote controled by wiimote. All you have to do is to load HCI firmware on module, connect the module with the microcontroller over UART and use bluetooth stack such as BTstack on microcontroller to communicate with wiimote.
ReplyDeleteHCI doesn't open any new possibilities, because it's very, very old thing. And any BlueTooth module by definition supports HCI - it's part of BT standard (well, potentially, it would be possible to not expose HCI in some module, but who would bother to do that - how would they sell it then?)
DeleteUsing HC-04 in HCI mode seams like waste of effort/resources - just buy a $1 BT module, plug it into USB, and get your HCI. The whole point of HC-04 is that is programmable wireless-node-on-chip, not requiring any host to function.
Just to let others know, the only setting I couldn't use was ECP, if you use blueflashcmd.exe and get an error message about communicating with the chip, check your cabling, double check the pinout of your cable if you use an extension like I did, the pin numbering on the male plug connecting to the PC was different to the female end I was connecting the spi cables to.
ReplyDeleteResistor values don't appear to be super critical, I used 1.5k and 3k resistors, as long as you're around 3-3.5v from 5 on the voltage divider then it should be fine.
This was on XP 32bit, asus A8N-VM motherboard.
Interesting, someone else is interested in HCI firmware, too.
ReplyDeleteMy plans are using a modul with HCI firmware + BTstack to get more than one connection at a time with others (piconet).
At csrsupport.com i can't find any firmware to download, could someone show me where and/or publish it for example here?
Since the SDK is not free or open source, i don't want to publish stuff that is not mine...
DeleteSoon, I hope I will be abble to take some time to develop some custom firmwares and I will probably share some piece of code. Any help wanted !!
On csrsupport.com go to Home → PC Products → PCDevices → BC4-External → Firmware. But I'm not sure which version is the right one.
DeleteHowever, after reading some documents online, it seems that every firmware build by official SDK (including HC05) supports HCI mode. All you have to do is set PSKEY_ONCHIP_HCI_CLIENT to 0 or 1 (posts about that are contradictory, just set to opposite value). I will try that in the next days...
it seems this key is enable by default in the HC05.
Deletehttp://dl.free.fr/hNSAsQuyQ
Unfortunately, all my attempts to connect to the module in HCI mode under linux were unsuccessful.
DeleteI have the same problems which are described in http://thread.gmane.org/gmane.linux.bluez.user/8829 I suspect hardware problems, because I used USB to UART cable.
Somewhere in the future I will make the proper RS232 interface and connect it to real serial port.
> Soon, I hope I will be abble to take some time to develop some custom firmwares and I will probably share some piece of code. Any help wanted !!
DeletePooled time for the same for months, now finally started with it. Having a progress, some code will be soon on github.
Ok, here we go: https://github.com/pfalcon/btnode
DeleteKeep in mind it's WIP, but it already can do a lot of what I wanted from it.
Well, BtNode is too generic a name, I decided to rename it to something more spicy:
Deletehttp://github.com/pfalcon/blutunode
Version 0.7 is in the repo.
You may have to switch some pskeys to enable bridge between Bluetooth stack and uart connector
ReplyDeleteMaybe, I already tried to change some of them with no success.
ReplyDeleteHi!
ReplyDeleteIt seams http://dl.free.fr/hNSAsQuyQ doesn't work anymore. Can you upload the HC05 firmware somewhere else, please?
sorry - free.fr still works. I had proxy rules disabling free.fr.
DeleteHi Byron,
ReplyDeleteI just found your blog after some research regarding the bluetooth modules I own. The ability to flash the firmware seems pretty interesting to me, nice work discovering this!
I've an HC05 based module (at least the AT commands are the same as with the HC05 firmware) and another module, which is known as Rayson BTM 222. It seems, that this Rayson module is just another BC4-ext based module.
Now I found a major drawback with the HC05 (compared to the BTM 222): Using the CTS line is not possible. The BTM modules firmware has an AT command, which causes it to watch the CTS line. As long as CTS line is set it buffers the received bluetooth data.
As the manual of our HC05 based modules states, there is an CTS line (pin 3), too, but there seems to be no firmware support for this behaviour.
Now (as I need this buffering) I wonder if it would be possible to extract the firmware from an BTM222 module and flash it to the HC05. Do you think it's possible?
As the BTM222 firmware has such interesting features and proved really stable to me, wouldn't that be even more appealing than the HC05 firmware?
Best regards
Brief update:
DeleteI couldn't resist soldering the SPI interface (don't had my usual soldering equipment with me, soldering the pins of the module with an 40W soldering iron was kind of thrilling) and connecting the BTM222 module with my PC.
After messing around with parallel port settings, I finally found a working configuration: EPP had to be activated in BIOS, neither SPP nor ECP worked (the software didn't find the port then). OS is Windows 7 x32.
So I managed to get a dump of my Rayson BTM222s firmware.
Now the important question is: Is this firmware compatible with our HC05 based modules or will it brick them?
If so, we get a nice set of features, e.g. flow control, local echo, result codes. Who's intersted in this firmware may take a look at: http://plischka.at/Files/btm222_datasheet.pdf
I just uploaded my BTM222s firmware dump, so you can take a look at it: http://wh12.tu-dresden.de/~schseb/BTM222/
Greetings,
Sebastian
It looks like the same chip. It would be a problem if pins are changed by BTM222 firmware. SPI should be hardware and fixed pins so you can flash back the backed up image.
DeleteHi Nikolay,
Deletethanks for your answer.
I just tried flashing the BTM222 firmware to the HC05 - without success. Connection LED was turned on permanently and no connection could be established, AT mode not working. So it seems as if the BTM222 has a different hardware layout.
I flashed back the old firmware and the module did work properly.
Nevertheless, I could modify the HC05 module for my needs:
As stated before I need the CTS flow control / buffering. So I compared output of the PStool both of my HC05 as well as my BTM222. There were several differences and my attention game to PSKEY_UART_CONFIG_USR...
This key was set to 0x0880 on the HC05 and to 0x08a8 on BTM222. I looked it up in the description and found, that I can enable Hardware Flow Control within this bitmask.
So everything is fine and I don't have to buy another BTM222. :)
Hello Byron, and thanks for sharing you hard earned knowledge with us!
ReplyDeleteIs it accurate to say that "pscli merge" flashes the data area of the Bluetooth module while "BlueFlashCmd" flashes the code area of the Bluetooth module? While "pscli query" just manipulates data files on the host (Windows) computer.
pscli merge : overwrite data on your device
Deletepscli query : grab data from your device to your host
BlueFlashCmd : get or dump whole firmware from/to your device
Hi all,
ReplyDeleteI flash HC05 firmware to Rayson module BTM112, it work correctly, BT module get faster response to AT commands, but in inquire, discovery... mode BT module not return names other BT devices, only MAC adress. Exist in HC05 firmware option for returning full BT name and MAC in inquire, discovery mode from finded BT devices? It is important for me.
Original firmware in BTM112 working very slowly , slow response to AT commands, sometimes module can't find other BT devices, solution is reboot it, but it is not reliable.
You want these informations via AT command or during the pairing with bluetooth device ?
DeleteThx for your interest
DeleteVia AT commands for search other BT modules, without pairing
example from original btm112 firmware:
ATF?\r\n ( same as AT+INQ in HC5)
1. NAME, MAC adress\r\n
2. My phone, MAC adress\r\n
3. SE-Xperia, MAC adress\r\n
4. Samsung Phone, MAC adress\r\n
5...
I need similar response after AT command for search other BT devices, MAC adress with NAME. When it is not supported in HC5 or HC4 I will must go back to original "stupid" BTM112, or find other BT module, firmware.
I don't see this kind of AT services on HC05 firmware...
DeleteI have a HC05 and HC06 module and would like to use one of them to program an arduino board over BT. I noticed that the pin 4 is marked RTS and was wondering how can I control it. I usually use the parallax terminal that has the option "set RTS", but if I measure the voltage at pin 4 is still low. Any ideas?
ReplyDeleteThanks
I posted in nested messages above info on open-source firmware for HC-04/5/6/any other BlueCore4-Ext based module I develop. It still lacks docs, but I blogged about it to describe basic idea, functionality, and future plans: http://pfalcon-oe.blogspot.com/2012/04/opensource-sensor-node-firmware-for.html
ReplyDeleteHope this will be useful to byron76 and other readers of this blog.
Thank you for sharing your work with us !
DeleteI will certainly look at it in few days (or weeks)
For now i'm trying to adapt SCR toolchain to my buspirate ...
For your firmware, some guys wants a way to control serovs... Do you plan to add PWM outputs to your firmware ?
Well, I have following in the code:
Delete// TODO
//{ AT + GPIOPULSE = %s:pulses \r}
i.e., I thought about it ;-). It's unclear how exactly to implement it and what are usecases. My idea was to allow something like AT+GPIOPULES=10,10,20,20 to just flash a LED 2 times (or repeatedly), and to be implemented using VM's timed messages.
But precision of those would pretty likely be too poor for servos. And I'm not aware of hardware PWM support in BC417, nor even we have direct access to timers/interrupts. So, driving servos directly by BlueCore may prove to be a challenge.
gracias por la info!!
ReplyDeleteI got another(alps) bt module with same csr chipset and pc cant find it, so can it be that pc cant see it if module is configured as master mode?
ReplyDeleteDid you guys know if master/slave role can be changed by pskey with pstool? looked all pskeys in pstool but didnt see anything like master enable/disble or something like that.
i propably try flash it with linvor firmware but before that i'd like to sort out why pc cant see it.
Here is some images in my blog http://uk350.blogspot.com/p/alps-bluetooth-module.html
I managed to use the arduino to flash a BT module (using Frans Willem's work) Thanks!
ReplyDeleteWhile it worked on one module, it seems to be stuck. Whenever I run blueflash, it says unable to find spi device. Interesting.
@uk350
If you have both devices with HC05, then use the AT+ROLE to set one as master and one as slave. The name on the slave is set, and you can use the commands on the master to connect to the slave, as per the "datasheet" (if one could call it that).
well, that module have alps firmware and it have also own at commands so at+role doesnt help.
Deletei also connect ttl port to pc (pins 1 and 2 as hc04 or hc05 modules) but it send dummy data all time and not respond at commands.
Tryed flash it with linvor firmware but no luck(flash ok but cant get in with pstool)
so dont buy it !!! these alps modules found from ebay
i also got few modules now with bolutek firmware, it looks just like hc04/05 modules but it have master/slave firmware and it doesnt need to put any pin to high level when going at mode.
Can you elaborate on using Arduino to progra, the module? I didn't hear from Frans for a while, and last time I did, he had just some proof-of-concept code which didn't interface with Arduino yet.
DeleteHi Byron,
ReplyDeleteThanks for the grate work, I was able to successfully flash my HC04.
It work lovely. However...
Is it possible to remotely(by bluetooth connection while its connected) control the device(ie host command mode/ota).
No, that's why I started to write my own (well, open-source) firmware to allow that, see comments above.
DeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeletepfalcon>>
ReplyDeleteFollowed your link to ...https://github.com/pfalcon/blutunode
love the VM, Trying to implement UART control/Flash access OTA because i am unable to change some critical PsKey data...
PersIstenT only changes some data and crashes on others..
Anyways Good work>>>>it does its job for now:-)
Hi
ReplyDeleteMy module from LedSee.com seems to run HC05 +VERSION:2.0-20100601
Does anyone knows if this is recent or old ?
I have some difficulties to use it.
Merci.
By the way, source code for BlueSuite v2?4 seems to be available here https://www.csrsupport.com/document.php?did=31601
ReplyDeleteIt might be possible to reverse engineering the code to use another SPI interface such as an Arduino (like the ArduinoISP is capable of using Arduino's SPI to flash another Arduino).
Unfortunately, the source code provided on the web page is only partial and flashing routines are provided only in binary form. However, I came close to figure out the entire protocol (I can help you with it if you wish), but I think there is easier way.
DeleteOn the offical site, there is firmware update for offical USB programmer. After a little digging, I found out that it is entire firmware, which could be flashed on bluecore3-multimedia module. The only question remains, where to buy such module (aside from alibaba)?
I re-upload my files to google drive and 4 shared for your convenience ! please accept my apologies
ReplyDeleteThe above commands worked and its easy to implement. I will try to make it smaller and would design it on PCB.
ReplyDeleteDoes anybode have problem with sector erasing, when flashing Linvor module to HC-05 firmware?
ReplyDeleteIn my case downloading firmware ends with an error message "Failed to erase sector 4 after 4 attempts".
First three sectors erased and flashed successfully.
Dumping whole memory works fine.
PSTools succesfully reads/writes config data.
Full erase of flash memory ends with timeout message. But most sectors are erased. But not sector 4.
Tried on 2 modules with same result.
Tried with resistor-divider programmer and level-shift (74lvc32) programmer.
Tried in LPT set to normal/bi-dir/EPP/ECP modes under WinXP Pro 32 bit.
Not tried on another PC. Have only one with LPT.
Update:
Delete- Tried on another PC with same (negative) result;
- Tried with another (third one) module with same (negative) result;
+ Tried with another (fourth) module and voila! Success!!!
All modules from Dealextreme, bought at one time. Looks identically.
Same problem here. Tried with 2 modules bought from dealextreme 1 month ago. Results:
DeleteC:\Program Files\Bluetooth_BlueSuite 2.4>blueflashcmd Byron_HC05
blueflashcmd, version 2.4
Copyright (C) 2002-2011, Cambridge Silicon Radio Ltd.
Resetting XAP
Burning Image:
Device 0: Failed to erase sector 4.
Device 0: Failed to erase sector 4.
Device 0: Failed to erase sector 4.
Device 0: Failed to erase sector 4.
Device 0: Failed to erase sector 4 after 4 attempts. Abandoned
100%
Result: Calculating CRC's on relevant sectors
Success
In any case, thanks Byron for your helpfull page!
Well the problem seems to be from the flash of the device, it has locked blocks of memory.
DeleteThere is a method to temporarily disable the write/erase lock and is described in the datasheet of flash but I can't see how this can be achieved without desoldering the chip.
Would you show me the datasheet with that information ? I had searched it thru many ones, but can`t find it =(
DeleteAmazing!
ReplyDeleteHmm LPT was not found by the software (mainboard asusM4 with lpt). Will try it somewere else
Offtopic:
Does anybody know how to detect a iphone with the HC-05 AT commands?
- I dont have to pair it..
- I can only detect it when i go in the bt menu iphone (discovering)
- I dont detect it when bluetooth on iphone
- other phones are detected
Hello Byron
ReplyDeleteReally Nice Work, You are the MAN
I am the owner of V1BlueShark product, i used to work with seeedstudio (GREEN) BT module which works perfectly with my Android v2.2 cell phone.
Seeedstudio lately produce (BLUE) BT module which works only with my PC.
After alot of searching in internet and many experiments i found your great blog, I build the flasher and success in read Green BT, Blue BT and dealextreame BT and swap the software between them.
THE Results :-
1) Green and Blue BT has the same software and i guess the problem is from hardware.
2) Dealextreame BT success to work with seeedstudio Green BT with my Android v2.2 cell phone (with one red led, emit ONLY when connection is establish ).
BY the way i use to build the flasher pins the "GROVE" of seeedstudio after small bending of its pins.
Hello!
ReplyDeleteAt first thanks for all the information! It is really important to me!
Well, I made the ltp-spi adapter and I can use the pscli to read the identifier, but I cannot dump or write the firmware.
Always time-out.
I'm using an Athlon XP with Abit Nvidia Board (it was the only computer with a real ltp that I can get) and Windows XP 32Bits Pro. LPT settings EPP-ECP-Normal already tried.
Does anybody go thru this?
I read above that was a user with the same problem.
Thanks very much.
Regards.
Hello again!
ReplyDeleteAfter some other tests, I manage to upgrade the firmware.
In LTP properties I needed to select to use an interrupt. Without this the BlueFlashCMD cannot work.
I hope this help.
Thanks again.
Regards.
Hi,
ReplyDeleteI tried to upgrade my bluetooth module with this programmer, but there are two things :
-The LPT port isn't recognize by the PStool.
- The bluetooth module heat a little...
I use windows XP.
How should I do to make the LPT appear?
Thanks for your help.
link is dead 4share can somebody reflesh that
ReplyDeleteHello Byron! First of all, thank you for the effort that you have done in making this blog. It seems like a one stop site for the HC05 Bluetooth module. :)
ReplyDeleteMoving on, I would like to ask if there is a firmware for HC05 that supports HID profile? I badly need it for my BT module, and I can't find any website for this kind of information. Thank you again in advance and more power!
I'v successfully wired up arduino SPI pins to the HC module pins and replaced the firmare using Frans-Willem arduino sketch and alternative dll replacment for BlueFlash (spilpt.dll).
DeleteThe firmware i'v flashed is the CSR HID Mouse application example that resides in the CSR IDE (BlueLab 4.1.1 / 4.1.2).
Hello all,
ReplyDeleteHas anyone been able to establish a communication between a BC4 and an Android phone under version 4.1.1 ??
I have a firmware that is perfectly working to create an SSP serial link with older version of Android, but since the upgrade it is completely broken...
Pierre
Hi, dear all!
ReplyDeleteAny ideas on how to enable RTS pin (HC-05)? I need it SO much.
Serge
Hi
ReplyDeleteI bought a module (AUBTM22) and i hadn't problem with it until i change it's UART baud rate to 1382400,after that when i send it any AT Command it sends me error and i don't know how i should restore it's baud rate to 9600.
Now it's my questions:
1-If i read firmware from another same module and write that firmware on it ,it will work or not?
2-Who wrote the firmware 'module maker company' or 'CSR company' and what is difference between 'xdv 'file and 'dfu(Device Firmware Upgrade)' file ?
3-Can i fix it with read it's 'psr' or 'xdv' or 'xpv' file and change it's content and write it again to the IC?
Thanks in advance
Hi,
ReplyDeleteIs the CSR suite available anymore, registration complaints about webmail usage, and as an home user I'm not a corporate customer.
Is there a opensource flasher to put hc5 in these modules?
Just hit register again and it will work.
DeleteByron,
ReplyDeleteIf I understand you correctly, I have to modify the firmware in order to get hardware flow control to work on the HC-05. Is that your understanding?
thanks,
Hello,
ReplyDeleteis someone working with ADK2.5 with CSR8670 ? if yes, send me email please.
Is about config the sink demo
Thanks,
nissim@vitelix.com