Sniffing Sugar

Sniffing sugar - well decoding Bluetooth data off an Aidex glucose sensor anyway....
Some background on getting the data off an Aidex glucose sensor for my telemetry tracker.

The sensor appears to use Bluetooth LE broadcast packets to output its status and data for alerts, which is rather convenient.

Realised I hadn't added details of the tools/software used here! The AdaFruit BLE Friend is used to capture the data, this can be viewed in WireShark 

Interestingly since the Aidex system uses a more advanced (so I assume more expensive) chip compared to the Libre the sensor design is split into two, the sensor contains the battery and the sensor wire which clips into the unpowered transmitter unit. It's a shame to see that the lifespan issue (which I had wondered about) has been solved by including a small disposable lithium battery inside each sensor patch, there must be a better, more environmentally friendly way to build these things.
(My first sensor expired so I took the opportunity to disassemble one)

Patch innards
Transmitter and sensor patch

Listening to the data stream there are a couple of modes it cycles through.

Firstly in response to a bluetooth scan request it returns advertising data:

Scan Response Data: 0BFF5900240A00080706285706094169444558
    Advertising Data
        Manufacturer Specific
            Length: 11
            Type: Manufacturer Specific (0xFF)
            Company ID: Nordic Semiconductor ASA (0x0059)
            Data: 240A000807062857
        Device Name: AiDEX
            Length: 6
            Type: Device Name (0x09)
            Device Name: AiDEX

Type 0xFF (serial) - 24 0A 00 08 07 06 2857 

The serial number is encoded with A-Z into hex 0x0A-0x24 and digits to their hex as values.
i.e. Serial#   ZA0876 => 240A00080706

This can be used to identify which device to listen to the broadcasts from and just parse the "manufacturer data" in the BLE broadcast packets.



First there's a "new sensor mode" in this state the sensor (understandably) appears to have no knowledge of time and just returns whatever's in its memory.

00 00 00000000 0000 00 00 0000 FFFFFFFFFFFF0021
e7 01 7c010000 0700 01 04 FE00 FFFFFFFFFFFF002a
e7 01 86010000 0800 01 04 FF00 FFFFFFFFFFFF0090

The app then initiates a "warmup" sequence by sending time/date information to the sensor, the sensor then runs through a countdown phase for an hour. (0x3b -> 0x00) i.e. 59->00

e5 14 28bfa329 b101 02 04 FF00 FFFFFFFFFFFF02ed
e5 01 1032ad29 b101 02 04 FF00 FFFFFFFFFFFF02d3
d8 01 24589b29 0400 02 04 3B00 FFFFFFFFFFFF0216
e5 01 2432ad29 0400 02 04 3900 FFFFFFFFFFFF0200
e4 0b 2432ad29 0400 02 04 3700 FFFFFFFFFFFF0288

Once the countdown hits zero the sensor age (see below) starts to increase and readings start. (along with some other fields I haven't figured out)

cc 01 f8659b29 1200 02 04 0073 FFFFFFFFFFFF02e8 < started
d9 01 02669b29 1300 02 0c 340a FFFFFFFFFFFF02fb < stabilizing 
d9 01 34669b29 1400 02 07 3472 FFFFFFFFFFFF02ea 

The fields appear to decode as:

1   2     3     4    5  6  7  8 
C3 08 D09FB129 8604 06 88 40 5F FFFFFFFFFFFF029b 

  1. C3 - unknown?
  2. 08 - sample age/10 (=80 secs)
  3. D09FB129 - time (epoch 1/1/2000 - 8hr China time!)
    699506640 + 946684800 - 28800 =     1/3/2022 19:24
  4. 8604 - sensor age (in 5 min units) = 300*0x486/(24*60*60) = 4 days
  5. 06 - sensor number
  6. 88 - flags? unknown? 0x4=starting? 0xC=stabilizing?
  7. 40 - glucose (mmol / 10) - 64/10= 6.4mmol
  8. 5F - unknown?                                         

But that's enough info to be able to get started and listen to live data, it's possible to extract decode and display with the minimal processing.

e.g. live data to a Bangle.JS with a few lines of javascript (code link):


and the feed to my current tracker:


Popular posts from this blog

seven month update

Image
so how's it going? Seven months on. I've been trying to work out how to communicate this all week (and a bit), mulling over different ideas. going for a run, thinking it over, but never actually getting around to writing it down. Similarly, I'm supposed to be writing a short bio for an upcoming race, but I have absolutely no idea what to say about me. "Started late in life, runs a bit, doesn't take it too seriously"? Reckon I'm going to have to find someone else's to copy. 😀 After finally summoning up the courage to finish reading Anne's ' one year update ' - that spurred me on, I think it's good for me to get this down on paper and out of my head, hopefully someone will find it useful or helpful and I think it will be good to be able to look back on my thoughts in the future. I try to keep getting back to a normal (for me) routine, so it can be deceptive looking at what I've been up to and thinking everything's ...
Read more

Tracking running Part #2

Image
Part deux tracker blog posting...  If you're just interested in running and not technology, this is probably not that interesting for you so head over to the run post instead... ( link ) If you are just interested in technology, this is the post for you! If you're interested in both, probably wander off and read that one first, then come back here. 😁 After several improvements and reworks from the first build of the tracking website ( described over here ) I was happy with my tracking website now, and it had worked well on the race day... The site can follow several trackers, supports several different types (mine, tk102, tk104, lk109, orux map), can show the track taken for each, overlay a "course" show the elevation profile with aid stations along the way, highlight the viewers location... (ok it is possible I may have over-engineered it since it's just a personal site) S o decided it was time to stop adding bells and whistles and should return to the idea of b...
Read more

back from the brink

Image
Another weekend, another 100 miler in the calendar after the disappointment of the failed GUCR attempt two weeks ago. My cough is still lingering but feels like it's finally shifting and the forecast is for a hot dry day, so I’m feeling confident. Well after all, I *know* I can run 100 miles.  Getting to the start was slightly more stressful that usual: I probably ought to either take Friday afternoons off for races, or be a lot more organised in the week beforehand - rather than trying to find, pack and arrange everything into drop bags, run bag and finish bag in under 45 minutes. Check online and trains showing as on time.... so I grab a coffee passing through Croydon, grab a sausage roll in Clapham... then hear the announcement over the tannoy that there are severe delays of up to 45 minutes expected. Uh oh, I'm not going to make evening registration, not a huge issue since I can just sign on in the morning, but I'd wanted to be ready to go from waking up. T...
Read more