Unknown binary protocol

John 6 years ago

Hi all
I have recently bought a chinese GPS watch which is not using watch protocol. 

2019-10-12 20:58:58  INFO: [77e40463] connected
2019-10-12 20:59:02  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c474
2019-10-12 21:00:01  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c575
2019-10-12 21:01:03  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c676
2019-10-12 21:02:03  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c777
2019-10-12 21:03:04  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c878
2019-10-12 21:04:05  INFO: [77e40463: 5093 < 172.30.1.1] HEX: ff41515348002b01000000049e4ac567301bfcc9bbfa84a41455b63f0d9af0f5a6890c429f90caa0e85b23016dc1c979
2019-10-12 21:04:05  INFO: [77e40463] disconnected

I have not figuerd out which protocol this is.
Any hints?

Anton Tananaev 6 years ago

You would need to get a protocol documentation.

John 6 years ago

Thanks for the quick response Anton!
I was afraid of that. This is going to be difficult as it is already hard to find out what model and manufacturer is behind it.
I'll try anyways.

ale 6 years ago

Looks like I have got the same back luck:

ff41515348002b01000000540750db3fcbb02efc854b43c90f389ee6ae2bd28ff29092b1291324bb1f2c19000000008d

at least 8 bytes the same... No luck with finding docs, I assume @John?

ale 6 years ago

dumped some more messages from the watch if anyone feels up to try to decode them.
https://pastebin.com/1aP3smLK
I presume some of the bigger ones are location/status updates

here's also a couple with some known data in them (chat msgs)
https://pastebin.com/LNdvsY1r

Anton Tananaev 6 years ago

As far as I know, it's encrypted protocol, so not possible to decode it without knowing protocol and the key.

ale 6 years ago

ok, thanks anyway :)

Niki77 5 years ago

Hi everyone,
I've a device communicating with a protocol like this.

HEX: ff41515348002b010000008dbe9322327d92921bdddf2a02a00de692e00b134b4ddf2560bbad785908468e5f884ccf3c

Is a unsupported protocol but i dont think is encrypted one.
Taking a look at lasts 5 bytes :
5f 88 4c cf 3c
i 've identified 4 bytes as unix epoch time bytes
5f 88 4c cf = 1.602.768.079 = GMT: Thursday 15 October 2020 13:21:19 (time when the packet was sent)
and last byte :
3c
is a single byte crc for the full packet (crc8 xor format)
I've check all the packets and it's relative ack and my theory match.

@Anton Tananaev in your experience have know a kind of protocol similar to that for take some information about ?

Anton Tananaev 5 years ago

We'll need protocol documentation.

Gpsguy 5 years ago

Any updates in this? My chinese watch is generating the same log beginning with FF415 in the log :( no protocol found

Anton Tananaev 5 years ago

@Gpsguy it's an encrypted protocol. You won't be able to find it anywhere.