andrew@alelec.net
At work we needed to certify a BLE device recently. We had the legacy PTS dongle provided by Bluetooth SIG, however I found it only supports testing devices up the BLE 4.2
So we need a new BLE Dongle - they now only support the Laird Connectivity | 451-00004
This is normally stocked by all the online electronics distributers; element14, digikey, mouser, arrow etc. Unfortunately it was out of stock on all of them, for about 4 months.
Normally you need to buy this dongle then flash the PTS firmware onto it: https://support.bluetooth.com/hc/en-us/articles/360049019732-How-to-upgrade-the-firmware-of-your-PTS-Dongle-
It turns out this is basically just a normal nrf52840 dongle in a plastic case with a copy of the nordic bootloader with their own private key in it.
This private key change blocks the DFU from allowing the standard PTS firmware upgrade tool from just being able to flash straight onto it.
The firmware update tool has a folder in it with a DFU file in it, which you would normally flash by pressing the side-button on the dongle to put it into update mode - it then has it's led pulse red and it comes up as a COM port, you then run:
C:\Program Files (x86)\Bluetooth SIG\PTS Firmware Upgrade Software\tools>nrfutil.exe dfu serial -p COM6 --pkg nrf52840_xxaa_default_v5.zip
This fails with the helpful message:
Traceback (most recent call last): File "nordicsemi\__main__.py", line 1537, in <module> File "site-packages\click\core.py", line 764, in __call__ File "site-packages\click\core.py", line 717, in main File "site-packages\click\core.py", line 1137, in invoke File "site-packages\click\core.py", line 1137, in invoke File "site-packages\click\core.py", line 956, in invoke File "site-packages\click\core.py", line 555, in invoke File "nordicsemi\__main__.py", line 1056, in serial File "nordicsemi\__main__.py", line 970, in do_serial File "nordicsemi\dfu\dfu.py", line 123, in dfu_send_images File "nordicsemi\dfu\dfu.py", line 95, in _dfu_send_image File "nordicsemi\dfu\dfu_transport_serial.py", line 250, in send_init_packet File "nordicsemi\dfu\dfu_transport_serial.py", line 244, in try_to_recover File "nordicsemi\dfu\dfu_transport_serial.py", line 421, in __execute File "nordicsemi\dfu\dfu_transport_serial.py", line 505, in __get_response pc_ble_driver_py.exceptions.NordicSemiException: Response Code InvalidObject [4064] Failed to execute script __main__This fails with the helpful message:
Apparently this InvalidObject typically means signature mismatch? EIther way, it continued to fail. If you unpack the zip it's got a manifest file that shows this is just a bootloader anyway, not the actual PTS code.
If I put the dongle into this same update mode and tried their gui tool, it actually failed at the same place, same message.
I originally had the standard firmware on the nrf52840 dongle that runs with nrf connect app. I also tried with connectivity_4.1.4_usb_with_s132_5.1.0.hex from: https://github.com/NordicSemiconductor/pc-ble-driver/tree/v4.1.1/hex/sd_api_v5
In the upgrade folder (C:\Program Files (x86)\Bluetooth SIG\PTS Firmware Upgrade Software) I went searching for the real firmware, not just the bootloader.
Looking at PTSFirmwareUpgradeSoftware.exe.config file, I see mention of a log file: <file type="log4net.Util.PatternString" value="%env{LOCALAPPDATA}\ptsfirmwareupdate_log.txt" />So, open up the log file and see:
2021-05-11 09:25:58,594 ERROR Failed to RESET a dongle 2021-05-11 09:26:01,613 ERROR Failed to RESET a dongle 2021-05-11 09:26:01,616 DEBUG Found Dongle: Name:COM6, Installed Firmware:0.0.0.0, New Firmware:11.2117.0.0 2021-05-11 09:26:11,188 INFO Start to download firmware from web server 2021-05-11 09:26:44,435 DEBUG Path doesn't exist. Create a new path C:\Users\anl\AppData\Local\PTSFirmwareUpgradeSoftware 2021-05-11 09:26:46,113 INFO Start a thread to programCOM6 2021-05-11 09:26:46,115 DEBUG Requested Laird dongle programming. 2021-05-11 09:27:00,166 DEBUG This is a new dongle. Use PTS default bootloader - nrf52840_xxaa_default_v5.zip 2021-05-11 09:27:00,167 DEBUG Started updating bootloader. 2021-05-11 09:27:34,087 ERROR Failed to upload bootloader application. 2021-05-11 09:27:51,990 ERROR Failed to RESET a dongle 2021-05-11 09:27:55,022 ERROR Failed to RESET a dongle
Ah, there's another interesting folder to look in: C:\Users\anl\AppData\Local\PTSFirmwareUpgradeSoftware
C:\Program Files (x86)\Bluetooth SIG\PTS Firmware Upgrade Software\tools>dir C:\Users\anl\AppData\Local\PTSFirmwareUpgradeSoftware Directory of C:\Users\anl\AppData\Local\PTSFirmwareUpgradeSoftware 11/05/2021 02:55 PM 206,306 defa71ef-2902-4a41-a49d-5a90ee2c4ac5.bin 11/05/2021 02:55 PM 39,401 nrf52840_xxaa_pts_v5.zip
Hmm, that zip looks better. Extract it, yep similar dfu pkg to the previous bootloader one, complete with manifest json - darn it's just the bootloader again.
C:\Program Files (x86)\Bluetooth SIG\PTS Firmware Upgrade Software\tools>nrfutil.exe pkg display C:\Users\anl\AppData\Local\PTSFirmwareUpgradeSoftware\nrf52840_xxaa_pts_v5.zip DFU Package: <C:\Users\anl\AppData\Local\PTSFirmwareUpgradeSoftware\nrf52840_xxaa_pts_v5.zip>: | |- Image count: 1 | |- Image #0: |- Type: bootloader |- Image file: nrf52840_xxaa.bin |- Init packet file: nrf52840_xxaa.dat | |- op_code: INIT |- signature_type: ECDSA_P256_SHA256 |- signature (little-endian): b'c6889bb01b1c189dbe60222d04eb1d0d6471a2c12da724662ee7a94441f8d1267d6d780f202f52ec9132556133a2dd6246be3bb5efa009ba625bcb986f9b0e1b' | |- fw_version: 0x00000005 (5) |- hw_version 0x00000034 (52) |- sd_req: 0x00 |- type: BOOTLOADER |- sd_size: 0 |- bl_size: 38760 |- app_size: 0 | |- hash_type: SHA256 |- hash (little-endian): b'458566a2ba3443a5acc572f61e9ba269fa5e80c11844253cd77a3742084db9e3' | |- boot_validation_type: ['VALIDATE_GENERATED_CRC'] |- boot_validation_signature (little-endian): [b''] | |- is_debug: False
Tried flashing it anyway, nope same InvalidObject error.
So take a look at the bin in a hex editor, oh, the first two bytes are PK that's just a normal zip! Unzip it and yeah, it's another dfu file actually however with a much larger bin.
C:\Program Files (x86)\Bluetooth SIG\PTS Firmware Upgrade Software\tools>nrfutil.exe pkg display C:\Users\anl\AppData\Local\PTSFirmwareUpgradeSoftware\defa71ef-2902-4a41-a49d-5a90ee2c4ac5.bin DFU Package: <C:\Users\anl\AppData\Local\PTSFirmwareUpgradeSoftware\defa71ef-2902-4a41-a49d-5a90ee2c4ac5.bin>: | |- Image count: 1 | |- Image #0: |- Type: application |- Image file: pts-ctr.bin |- Init packet file: pts-ctr.dat | |- op_code: INIT |- signature_type: ECDSA_P256_SHA256 |- signature (little-endian): b'b5a3496dd95fc71c265e71956bb0bebd7c9a39092dbf1cb5b4d8385b00e09d36fbb03c23b33f33509dc6ec45688b1f96345424d165f5c725edced3ad3ec6e11a' | |- fw_version: 0x00000001 (1) |- hw_version 0x00000034 (52) |- sd_req: 0x00 |- type: APPLICATION |- sd_size: 0 |- bl_size: 0 |- app_size: 205700 | |- hash_type: SHA256 |- hash (little-endian): b'807c356f0da49ab0f68b404e73565ab0a87babbb1cb5b61f80048ab4b94442d9' | |- boot_validation_type: ['VALIDATE_GENERATED_CRC'] |- boot_validation_signature (little-endian): [b''] | |- is_debug: False
Brilliant, that's the application!
Strangely, this one just flashed fine for me, finally :-)
C:\Program Files (x86)\Bluetooth SIG\PTS Firmware Upgrade Software\tools>nrfutil.exe dfu serial -p COM6 -pkg C:\Users\anl\AppData\Local\PTSFirmwareUpgradeSoftware\defa71ef-2902-4a41-a49d-5a90ee2c4ac5.bin [#######-----------------------------] 19% 00:01:28
For reference I started with connectivity_4.1.4_usb_with_s132_5.1.0.hex flashed on my dongle.
After it's finished, check device manager. Hmm... it's coming up as a COM port but it still looks like DFU update mode:
The red light isn't pulsing though.
Start up Bluetooth PTS app and rejoice, the dongle is recognised!
Connect to the dongle, start the new workspace wizard and yes, scanning for devices works - looks like we're away and running
Now, the fun of actually doing testing begins...