Create our own tracker for $1! #74
Comments
That one looks awesome, $0.35 even quantity 1! Have you ever programmed one of those? |
|
Its flashable, but its has a very bad deep sleep :( So not good for a tracker |
|
aww that's a pity, I could not find that in the datasheet indeed |
|
Cheap keys on ST17H66B are fully mastered (https://pvvx.github.io/iSearching/) BLE OTA is supported in PHY62x2BTHome.html. Dependence of average consumption of a device of type "KEY2" on the BLE advertising interval:
"KEY2" Power: Using Deep-sleep is inconvenient - loading the code and initialization takes up to 100 ms with an average current of 7.15 mA. |
|
Also while 1,50$ and not 1$ this is quite unbeatable in a DIY solution, cheap plug of my FindMy Video :D |
|
The ST17H66B is what started this project a couple years ago indeed :) Do you know any online pcb factories that still have them @pvvx ? |
|
https://aliexpress.ru/item/1005004397030802.html And similar... Support for ST17H66B/PHY62xx operation in "LE Long Range" mode (this is BLE at a range of 500+ meters) has not yet been published in my SDK, but it has been implemented and tested for a long time. If I have time, I will publish such options as well. https://aliexpress.com/wholesale?SearchText=ST17H66 The cheapest chips that can be ordered in our country from official suppliers are chips from WCH. |
|
The cheapest CH582M. On TSLR825x with similar parameters (3 sec, 0 dB) the average current is less than 5 µA, sleep is less than 1.8 µA (32 KB RAM is constantly active), the maximum peak during transmission is about 7 mA. |
|
It is worth remembering that for beacons like iSearching and similar, the BLE advertising period should be 1 second. But there is not a single SoC that can last 1 year on CR2032 in this mode. CR2450 will work more than 2 years, only due to lower internal resistance (lower voltage drop under 8 mA load). As a result, the price of the chip is completely unimportant if CRxxxx batteries are used. It will cost less than the price of the battery. Another solution is to install a large capacitor in the power supply chain (more than 100 uf). But for a capacitor with a large capacity and low leakage, the price is already equal to or higher than the SoC price :)
When shipped with battery and 1 year of operating time = Impossible goal at the current technological stage of manufacturing cheap SoCs (if you are not in China) :) |
|
https://www.lcsc.com/product-detail/RF-Transceiver-ICs_PHYPLUS-PHY6222AAQC_C2836482.html
:) :) :) THB2, BTH01 - They can be less than $1.5 each on Aliexpress. In WCH SDK, working with "LE Long Range", "PAwR" (new Bluetooth standards v5.4) is only available for CH32V208. Previously, several WCH LinkW (CH32V208) were purchased on AliExpress for $1.5, including shipping. |
|
That looks awesome @pvvx ! Very interested in the st17h66 BLE Long Range mode. |
|
In the "Coded PHY" mode, the PHY chips have problems - the RF part slows down. The delays do not fit the specification. This affects the switching speed of the RF part TX-RX... But FindMy does not use reception. (In the chip, the IRQ from the radio frequency part (mode PHY Coded) arrives with a delay - another error in the PHY62x2/ST17H66 chips. This affects the processing of the BLE connection request. The CPU does not have time to process the request in time, since the IRQ arrives with a delay. But this seems to have been cured...) And where can I find a full description of the format of the data transferred for FindMy? |
|
Do iDevices still register those broadcasts? I remember reading somewhere that even if an iPhone/iMac is able to do coded phy, it will not report findmy broadcasts sent in this mode. |
I actually do not know of any official documentation of this, although oems can get "Works with Apple FindMy" for their tags so it must be somewhere? |
|
I don't use Apple devices. None of them suit me in terms of functionality. |
Same :D The FindMy is only reverse engineered as there is no official doku available |
|
yup same here too :) although I did buy a mini for testing, which turned out to be useless |
|
nRFConnect: Device data used: The Key used is simply a random sequence of numbers. |
|
A MAC address with 0xC0 (bits 7 and 6 in "1") in the first byte is a random MAC address. And it should be marked as Random in the BLE advertising data. But there is no mark in the BLE packet flags, if you look at the FindMy "childish writing". |
|
yeah they are really abusing the mac address to get some extra bytes there |
|
But they don't put a mark in the flags that it's "Random MAC"? Why then isn't "Extended Advertising" used - the length of the message is in kilobytes...
There are still a lot of questions. |
|
I was thinking to have something like this built: https://oshwlab.com/biemster/ch592tag |
|
The ceramic antenna actually is much more expensive than I thought (0.4), exchanging that for a PCB one will result in 30 assembled modules for EUR 40 (which is 1.33 per tag, not bad!) |
|
There is no button - without it, it is difficult to work with such a sensor. You can't update it, you can't change the key... |
|
I knew I forgot something! |
|
Not 1$ (More like 10$) but also interesting in general. Firmware dump:
|
|
By the way here is a leak of the FindMy SDK https://github.com/goodix-ble/BLE.REF.PEPS/tree/master/device/projects/references/eBike/ble_app_multi_slave/Src/fmnadk Not sure how the certification on Apples side works but this could enable the creation of a real compatible FindMy device if not every Serial number is registered pre sell at Apple |
Thats a great find! |
|
The APPLE_SERVER_ENCRYPTION_KEY is found in this repo too: https://github.com/LiePingWei/find-my-ncs |
|
HS09 is also suitable for FindMy. |
aliexpress links? |
|
I bought these sensors here https://aliexpress.ru/item/1005007714955215.html And there really is an iron ring there, which is rare for such trinkets... :)
Very rarely reports temperature and humidity (~10 minutes), transmits a button press event. But the sensor is bad - CHT8305 minimum power supply 2.5V. |
great find, that module is exactly what I'm trying to build! I'll try my luck on Alibaba to see if i can track down the manufacturer of that one |
|
TLSR with the "Z2" Markings are always Tuya |
Looks very promising. Is it possible to alternate broadcasting location with thermometer values to the Apple's Find My network? |
No data can be broadcasted (except a 2 bit status byte), the location of the receiver is what's in the reports on the network. You could however broadcast a different key for a different temperature range, and from that determine the current or past temperatures. This would however require you to write firmware that does that. |
|
It is possible to work immediately in BLE and Zigbee, and the transfer of Findmy beacons. At Zigbee, the transmission interval can reach hours. For Ble, a typical maximum transmission interval for the possibility of connecting is 10 seconds. But if there is a button, then it is possible to turn on the mode of waiting for the connection. The rest of the time, BLE advertising can be transmitted much less often. BTHome format provides such options. This particular Zigbee device transmits temperature and humidity at the following interval:
This creates an average battery consumption of 2 µA. (Temperature measured nearby:)
|
That probably means we can't find them wholesale? So far I haven't been able to find a source for bare tuya modules 😢 |
|
This one actually looks very similar: https://www.lcsc.com/product-detail/ZigBee-Modules_TUYA-ZSC_C41364946.html |
That one is not TLSR it is Silabs |
|
OTP
They go in the trash, except for the battery. :) |
|
I'll just drop in my usecase in case it overlaps with someone else: I ship expensive goods to customers. I would love a 0.50-1USD option that would let me create a sort of "disposable"* tracker. Battery life (to me) doesn't matter beyond a month or two. I would create a program that has 30 or so apple IDs and fills each to the maximum id limit and has a database of which account is associated with which tracker. Customer could put in tracking number and their package would have the find me overlayed with DHL / USPS / etc information. If it's not delivered on time or at all we could identify where the tracker is. If anyone is going down this direction, my background is in Chinese sourcing so I would be happy to facilitate a group buy and do the sourcing and everything for free and would get in on the buy. * I would try to set up a "no postage required" return envelope for environmental reasons to encourage people to send them back. |
The problem with batteries is that the minimum required pulse current for operation is given only by CR2032 and larger batteries. And since CR2032 is the minimum, its operating time with the correct transmission intervals is up to half a year.
And such a task fits into 0.5 dollars for a batch of a thousand pieces... But not for 30 pieces. |
(for @teamcoltra a cheap CR2032 seems fine considering their use case) @pvvx Is the size constraint mostly determined by the thickness? Would a CR1632 suffice? |
And this is the benefit of doing a group buy. I could pick up 500 or so but I don't need 2000 which I think would be a minimum order for something like this. |
I'd take 500 if they are $0.5 as well, maybe even more. |
|
Order a chip version with an OTP of several thousand. The Chinese will probably make it. :)
CR1632 will not provide the required current. |
|
It's been over a month since FindMy was flashed. We can estimate the consumption from CR2032 a little.
Two are just lying around, the one with the new battery is used every day by the kids - they turn on the floodlight outside... |
|
All of them with the FindMy advertisement every 5 seconds, right? |
The transmission step is 5 seconds. But it is switched to a more consuming option with the ability to connect and in the BTHome format with periodic transmission of additional information in the form of a package with dozens of transmissions with a step of 70 ms. With FindMy, the consumption will be slightly less. I don't need FindMy. No one in the forest will find it. :) “FindMy” cannot work in BLE ”LE Long Range” (Coded PHY). And this significantly narrows the reception distance (about 4 times). |
While it's fun to search the online mall for cheap bluetooth trackers, wait for a month for them to arrive and hope that they contain a flashable chip, let's instead make our own!
The target is very tight: $1 in quantity 100+
I've found a couple candidates already, but definitely would love to see some more suggestions in the comments.
Ideas so far:
https://inplay-tech.com/in100
https://www.akm.com/us/en/products/bluetooth-low-energy-beacon/
by far the cheapest (~$0.2) if we can figure out how to omit the support mcu
also might be difficult to source
https://www.holtek.com/page/vg/BC7161
These are very cost effective (~0.5) and already have a findmy firmware here
https://oshwlab.com/biemster/ch592tag
Have very good support by @atc1441 and @pvvx for example
but seem difficult to source
Another broadcast only chip + mcu, readily available on LCSC
In conclusion I think the CH592 is the prime candidate due to it's availability at jlcpcb for example, and low price and passives count. However I would really like to experiment with the TX only AK1595 and BC7161 for example, since they would do only the bare minimum.
Any ideas or suggestions are definitely very welcome, as are suggestions for a good fab house since this will be my first such project!
The text was updated successfully, but these errors were encountered: