Unknown binary protocol

John5 years ago

Hi all
I have recently bought a chinese GPS watch which is not using watch protocol. 

2019-10-12 20:58:58  INFO: [77e40463] connected
2019-10-12 20:59:02  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c474
2019-10-12 21:00:01  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c575
2019-10-12 21:01:03  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c676
2019-10-12 21:02:03  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c777
2019-10-12 21:03:04  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c878
2019-10-12 21:04:05  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c979
2019-10-12 21:04:05  INFO: [77e40463] disconnected

I have not figuerd out which protocol this is.
Any hints?

Anton Tananaev5 years ago

You would need to get a protocol documentation.

John5 years ago

Thanks for the quick response Anton!
I was afraid of that. This is going to be difficult as it is already hard to find out what model and manufacturer is behind it.
I'll try anyways.

ale5 years ago

Looks like I have got the same back luck:

ff41515348002b01000000540750db3fcbb02efc854b43c90f389ee6ae2bd28ff29092b1291324bb1f2c19000000008d

at least 8 bytes the same... No luck with finding docs, I assume @John?

ale5 years ago

dumped some more messages from the watch if anyone feels up to try to decode them.
https://pastebin.com/1aP3smLK
I presume some of the bigger ones are location/status updates

here's also a couple with some known data in them (chat msgs)
https://pastebin.com/LNdvsY1r

Anton Tananaev5 years ago

As far as I know, it's encrypted protocol, so not possible to decode it without knowing protocol and the key.

ale5 years ago

ok, thanks anyway :)

Niki774 years ago

Hi everyone,
I've a device communicating with a protocol like this.

HEX: ff41515348002b010000008dbe9322327d92921bdddf2a02a00de692e00b134b4ddf2560bbad785908468e5f884ccf3c

Is a unsupported protocol but i dont think is encrypted one.
Taking a look at lasts 5 bytes :
5f 88 4c cf 3c
i 've identified 4 bytes as unix epoch time bytes
5f 88 4c cf = 1.602.768.079 = GMT: Thursday 15 October 2020 13:21:19 (time when the packet was sent)
and last byte :
3c
is a single byte crc for the full packet (crc8 xor format)
I've check all the packets and it's relative ack and my theory match.

@Anton Tananaev in your experience have know a kind of protocol similar to that for take some information about ?

Anton Tananaev4 years ago

We'll need protocol documentation.

Gpsguy4 years ago

Any updates in this? My chinese watch is generating the same log beginning with FF415 in the log :( no protocol found

Anton Tananaev4 years ago

@Gpsguy it's an encrypted protocol. You won't be able to find it anywhere.