Sunday, January 27, 2013

Fitbit Dongle Enumeration

I just checked in my notes on how the USB dongle responds to enumeration.  You can see them here:

https://github.com/hiptopjones/fitbit/blob/master/UsbDongle/usb_enumeration.txt

I learned a lot about the workings of USB devices, but can now see that it publishes two HID interfaces, each of which produces reports of a generic 32 bytes at a time.  While this is not a HID device in the traditional (mouse, keyboard, joystick) sense, and using a HID interface means quite low data rates, I expect this is done (at least partly) to avoid needing special drivers on most common operating systems.

I haven't yet figured out the format of these packets, but I can see normal sync data (matching the blocks in the sync log), as well as a number of strings like "StartDiscovery", etc.

I had been wondering if the strings represented some sort of command-based protocol with the dongle, instructing it to perform bluetooth operations, but I see that most of these strings are on IN endpoints, which means they're probably just there for logging, and not instructions.  This is supported by the fact that we see lines like this in the log:

    <Notice>: IN<CTRL> trace: StartDiscovery

I can't yet rule out that one of the HID interfaces could be being used for the transport layer of the Bluetooth stack, but I don't see bluetooth stack-like strings in the binaries on Mac or Windows.

Continuing to investigate.
Posted by at
Labels: , , ,

2 comments:

  1. AaronApril 10, 2013 at 7:01 PM

    Hi Pete,

    It looks like I am wanting to due the same thing you are of trying to reverse engineer the fitbit protocol. I want to see there be linux support for the fitbits.

    I'm just starting to look at it but I wanted to see if it would be helpful for you to have a capture of the usb commands. I have a usb beagle_usb480 analyzer and can do a capture of my device and send it to you if that would be helpful.

    Let me know if you would be interested it working together on this.

    ReplyDelete
  2. UnknownMay 31, 2013 at 3:59 AM

    Hello Pete,

    This is great, i am also doing a project similar to fitbit. Can you help me in this.

    I need to write a windows application in C# to receive data from Bluetooth low Power energy NRF 8001 which is streaming sensor's data. I am using BLED 112 Dongle (single mode BLE) in my laptop (win 7) to receive the data. Can you tell me how i can program this in C#? I am able to discover the NRF 8001 but not being able to connect to it.

    There is also a API for BLED 112 but i don't know how to use this. Can you please reply this if you have some idea.

    ReplyDelete

Subscribe to: Post Comments (Atom)