Monday, April 2, 2012

OpenSource Sensor Node firmware for BlueCore-based Bluetooth Modules

BlueCore4-Ext is a popular Bluetooth chip used in many Bluetooth modules, some priced below $10. The idea is to create Wireless Sensor/Control Network using this modules, as Bluetooth is really ubiquitous technology nowadays, so any smartphone can be used to provide user UI/control for such network. This is especially facilitated by the fact that BlueCore4-Ext is a SoC (system-on-chip) integrating microcontroller and peripherals in one package (small too), allowing it to be programmed with a user firmware for autonomous functioning with minimum of additional components. It even has built-in temperature sensor, so just add a battery and you have ready-made wireless temperature sensor (not too precise, granted, but you can calibrate it yourself ;-) ).

(Image by robocraft.ru)


BluTuNode is a firmware for such a Bluetooth Wireless Node, which allows to control it from a host over the air.

Source code: http://github.com/pfalcon/blutunode

Features implemented:
  • Full control of GPIO: input/output, configuring direction, pullups/pulldowns, etc.
  • Reading sampled from build ADCs.
  • Reading of temperature sensor.
  • Querying other system parameters.
  • Querying Bluetooth parameters.
  • Poll mode, when module automatically reads some sensor at specified period and sends information to host.
Features planned/ideas:
  • UART control (note that this is generally not a priority, because UART is mostly used to connect to host/microcontroller, and this firmware is designed for autonomous modules).
  • SPI/I2C/1-wire support to connect external sensors.
  • More Bluetooth-level information and control.
  • OpenSource tools to program/manage BlueCore modules.
  • Flash access/writing, over-the-air firmware updates.

Appendix:

Some technical characteristics of BC4-based module:

SoC: BC417 (BC417143B full model ID)
CPU: XAP2+, 16-bit RISC (no special 8-bit data support), Harward architecture, 64Kword data space, 1Mword+ code space
Flash: 1Mbyte (512Kwords, 75% typically occupied by Bluetooth stack/OS)
RAM: 24Kword
Execution environment: Virtual machine, no native hardware access (later versions of firmware OS support "native" mode, heavily bounds-checked still).

28 comments:

Unknown said...

Hi,
I find your stuff very interesting,
What compiler are you using?, did you use the spi programming to flash the chip ?
And can you point me to some document that describes what/how much cpu/ram resources the units have for application part.

Cheers
Matias

lz3060 said...

That's great! Finally some real progress on utilizing these super cheap and very capable devices!

But ... no Makefile? What toolchain is needed to build the firmware? What programmer (hardware/software) can be used to flash it on the board?

I suspect the toolchain is proprietary and pretty expensive...

pfalcon said...

Matias: I've added some TTX. If you want more details, you can google for the chip datasheet.

Now regarding other concerns. Anything which is in the repository is written with my own hand from first byte to the last. Or, generated from what I've written with my own hand. So far, I haven't written the Makefile, hence it's not there. Makefile wouldn't help you unless you have whole toolchain, which, as you know, proprietary.

But guys, if you feel like you want an open-source compiler for this cute chip, if you want to turn it into an arduino, what can I say? If you looked how open implementations of original programmer appeared (google for it), how people work on a programmers devoid of stone-age hardware requirement, how open-source firmwares appear - and you got an idea to write an open-source compiler for it - who am I to stop you? ;-)

pfalcon said...

Ah, some insight regarding the proprietary toolchain: it is based on GCC, so I guess they just "forgot" to release it back to the open-source community.

Unknown said...

Seems that the gcc code is available by request, but not linker, guess that makes the code useless...
perhaps someone could create a bootloader, that allows loading for binaries that are compiled with the gcc part... using the code on the chip as a "library" that way avoiding usage of their linker?
anye ideas ?

pfalcon said...

Ok, if you look into that stuff, then you'll keep finding interesting things. For example, "object files" are nothing but a gzip'ped assembler source. "Linking" is nothing but uncompressing and concatenating. Open-source assembler for XAP was written by darkircop.org folks eons ago, when BlueCore was yet a novelty, and now revitalized by me: https://gitorious.org/xap-tools/xap-tools , etc., etc.

complexiity said...

Hello ,
i would like to apply this firmware to my HC05 module so that i may control the PIO,s remotely.
However i cant seem to interpret/install the data you have presented. I would really appreciate some help. Thanks PM/email/post

complexiity said...
This comment has been removed by the author.
JRMN said...

Any chance you going to to a video or photo tutorial.

joradom said...

Hello, I'm really interested in testing your firmware, but flashing myself the module is out of my scope ...

how much would you charge to send me a module flashed with blutunode?

thx

pfalcon said...

2 joradom: Thanks for the interest. I'm away from my HC-04 hacking setup at least until the end of summer. And I'm not sure what you'd expect from the firmware, but it's not yet user-ready. I considered calling for donations/setting up pledge on kickstarter.com or similar site, but well... I have a day job, and taking extra responsibilities may kill all fun in this hobby ;-).

So well, as I mentioned above, what this project needs is more hackers so far. If you'd like to help, please spread the word - maybe someone will pick it up, or I get motivation to continue on it if more people will pass by ;-).

Nicked said...

Have you ever attempted to use the USB interface

Darío Clavijo said...

Hi, very interesting post.

Will this firmware work as a SDR?

Sérgio Silva said...

Can it work with sensortag from TI?

Nicked said...

I think you will find that sensortag does not use a CSR core, which is priority to CSR. PFalcon is designed specifically for CSR chips.

folco ferlinghetti said...

Hi, i think your project is amazing!
I now wonder if I would be able to direct send and receive baseband packet to a remote bt device.
Is that possible with your GPIO interface implementation?

Andy Hull said...

Hi

First let me say, I'm loving your work :¬)

May I suggest that we set up a forum and wiki, along the lines of say the CHDK forum, in order to share ideas. Blogs can get a bit cluttered very quickly.

If anybody wants to assist with hosting this or has any other helpful suggestions, post them here.

I was toying with the idea of using one of these modules as a bluetooth console for Canon cameras, and am in the process of hacking up a simple programmer adapter (and I do mean simple) details to be released as soon as I find time to complete it.

pfalcon said...

> send and receive baseband packet

If you're hinting towards SDR-like usage, then no. The whole idea of Bluetooth is that it's robust, realworld-useful protocol. Letting user send baseband packets on its whim can havoc Bluetooth network.
Bluetooth SIG does all due diligence to avoid that, so no product which lets user send baseband packets would get certification (and thus wouldn't be called "Bluetooth" at all).

That said, you can hack particular implementation to allow that. In case of CSR Bluecore, you would "only" need to reverse-engineer 6MB firmware for that.

Sergey Filippov said...

Hi, dear all! I'm looking for step-by-step instruction to enable RTS pin on my HC-05! I need it so much!
If anyone can hear me please help



Hillel Himovich said...

XAP2 Open source Assembler / Deassembler

https://gitorious.org/xap-tools/xap-tools

Did anyone tried that?
Does it work?
Is the only thing missing is a C to XAP-ASM translation?

Hillel Himovich said...
This comment has been removed by the author.
Hillel Himovich said...

Ho, and everyone, U can hook (CSR's) BlueFlashCmd to backup and flash the fevice in A hackish way using an arduino+dll replacment for the lpt-spi interface, both found here:
https://github.com/Frans-Willem/CsrSpiDrivers

Works for me.

pfalcon said...

https://gitorious.org/xap-tools/xap-tools

is a git repo I set up to capture previous work on XAP asm/disasm and my hacks on it and related tools. So, yeah, "it works", depending on what you mean by "work" ;-).

Hillel Himovich said...

I Mean what is left in order to produce an open source toolchain;
Frans-William already figured out most of the stuff about how to read/write via SPI...

Nexus said...

The BlueCore4-Ext is cheap that why very popular Bluetooth chip used in many Bluetooth module

Anatoly Kravchenko said...

Hi! I liked your article about bluetooch. I want to get your advice. Please tell me the mail. Привет ! Мне понравились твои статьи про bluetooch. Я хочу получить твою консультацию. Пожалуйста ответь мне на почту.
kabcpc(a)gmail(.)com

Raúl de Pablos Martín said...

Hi pfalcon!

I'm looking inside your code because I want to develope a new firmware for Bluecore4 as you did, but focused on improve HC-04/05... modules.
I succedded compiling your code but I'm not able to get it running on the core. Could you give me any guideline? Thanks!!!
(raulmerlin at gmail)

Carlos Poon said...

You mentioned future features:
I2C/1-wire support to connect external sensors.

I was wondering if this had been updated by you or anyone else? Adding support for external sensors would be amazing. If you are too busy, I would appreciate it if you let me know.
Best Regards
Carlos