PineCone BL602 Setup, Flashing Firmware and WiFi Sniffing

2021-05-04

At Simple Hardware we manufacture the #IoT devices that have Sigfox UNB radio. Some of the devices are also equipped with WiFi module for Wi-Fi positioning system. We are now in a process of migrating the good old SimplePack 4.0, the SimpleMeter & SimpleIndustry platform from the STM S2-LP to the new STM32WB.

During the platform redesign we decided to upgrade from the old WMIOT602 Wi-Fi reference design module based on embedded Wi-Fi SoC chip (W600) to a new RISC-V core based BL602 Wi-Fi + BLE combo chipset for ultra-low-power applications. The benefits that are relevant especially for our needs, mostly Wi-Fi Sniffing, are as follows:

  1. dynamic MCU clock peaking at @192MHz (dynamic @1-192MHz),
  2. WPA3 support,
  3. Bluetooth LE 5.0 support,
  4. RTC,
  5. but the most importantly 39 mA power consumption in RX (passive mode).

For the lab tests and mostly because of the well organized documentation & USB-C presence we chose the PineCone BL602 EVB available on-line from pine64 shop. A step-by-step guide to make the EVB work follows. Huge credits goes to Lup Yuen Lee and the whole the pine64 Nutcracker community.

UPDATE The setup works perfect even for the www.doit.am BL602 module. The only change in the setup for the doit.am module is in the Firmware run section. Use the How to Download Firmware hint on the back of the device instructions, basically saying:

  1. Press and hold D8 button
  2. Press EN button (keeping the D8 button pressed)
  3. Release the two buttons
  4. The device enters the bootloader mode
  5. Upload the firmware binary
  6. Unplug and plug the power source (or do hard reset)

Documentation for blflash

Install & Setup

Login as root

  • as Rust is not intended to be used in sudo mode
sudo su

Install Rust

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
source ~/.profile
apt-get install build-essential -y
apt reinstall ca-certificates openssl

cd ~
mkdir bl602
cd ~/bl602
git clone --recursive https://github.com/spacemeowx2/blflash
cd ./blflash
rustup default nightly
cargo build

cd ~/bl602
mkdir bin
cd ./bin
curl -L https://github.com/lupyuen/bl_iot_sdk/releases/download/v1.0.0/customer_app.zip > ./customer_app.zip
unzip customer_app.zip
chown -R pi ~/bl602
  • To flash the firmware, we set BL602 to Flashing Mode and restart the board
    • Connect PineCone to the USB port
    • Set the PineCone Jumper (IO 8) to the H Position
    • Press the Reset Button
cd ~/bl602/blflash
ls -la /dev/ | grep USB
cargo run flash ../bin/bl602_demo_wifi/build_out/bl602_demo_wifi.bin --port /dev/ttyUSB0

Firmware run

  • To run the firmware, set BL602 to Normal Mode (Non-Flashing) and restart the board
    • Set the PineCone Jumper (IO 8) to the L Position (Like this)
    • Press the Reset Button

Communicate with Wi-Fi

ls -la /dev/ | grep USB
screen /dev/ttyUSB0 2000000

stack_wifi
wifi_scan

Wi-Fi Scan Output

Here is the result of the wifi_scan command. Note that the SSIDs and MAC addresses have been altered for security reasons.

# wifi_scan
------>>>>>> Scan CMD

# proc_hellow_entry: RISC-V rv32imafc
[WIFI] [IND] SCAN Done
wifi_mgmr_scan_complete_callback: scan complete
[APP] [EVT] SCAN Done 12048
cached scan list
****************************************************************************************************
index[00]: empty
index[01]: empty
index[02]: empty
index[03]: empty
index[04]: empty
index[05]: empty
index[06]: empty
index[07]: empty
index[08]: empty
index[09]: empty
index[10]: empty
index[11]: empty
index[12]: empty
index[13]: empty
index[14]: empty
index[15]: empty
index[16]: empty
index[17]: empty
index[18]: empty
index[19]: empty
index[20]: empty
index[21]: empty
index[22]: empty
index[23]: empty
index[24]: empty
index[25]: empty
index[26]: empty
index[27]: empty
index[28]: empty
index[29]: empty
index[30]: empty
index[31]: empty
index[32]: empty
index[33]: empty
index[34]: empty
index[35]: empty
index[36]: empty
index[37]: empty
index[38]: empty
index[39]: empty
index[40]: empty
index[41]: channel 11, bssid 00:41:00:00:4A:51, rssi -58, ppm abs:rel  -4 :  -4, auth             WPA2-PSK, cipher:         AES, SSID 414141
index[42]: channel 11, bssid 00:42:00:00:4A:50, rssi -58, ppm abs:rel  -4 :  -4, auth             WPA2-PSK, cipher:         AES, SSID 424242
index[43]: channel 08, bssid 00:43:00:00:95:0A, rssi -81, ppm abs:rel  -7 :  -7, auth     WPA2-PSK/WPA-PSK, cipher:    TKIP/AES, SSID 434343
index[44]: channel 04, bssid 00:44:00:00:EB:5A, rssi -85, ppm abs:rel   0 :   0, auth             WPA2-PSK, cipher:         AES, SSID 444444
index[45]: channel 06, bssid 00:45:00:00:5A:3D, rssi -84, ppm abs:rel   0 :   0, auth             WPA2-PSK, cipher:         AES, SSID 454545
index[46]: channel 06, bssid 00:46:00:00:EF:6D, rssi -55, ppm abs:rel  -9 :  -9, auth     WPA2-PSK/WPA-PSK, cipher:         AES, SSID 464646
index[47]: channel 06, bssid 00:47:00:00:EF:6D, rssi -57, ppm abs:rel  -9 :  -9, auth     WPA2-PSK/WPA-PSK, cipher:         AES, SSID 474747
index[48]: channel 02, bssid 00:48:00:00:66:EC, rssi -73, ppm abs:rel   0 :   0, auth             WPA2-PSK, cipher:         AES, SSID 484848
index[49]: channel 02, bssid 00:49:00:00:ED:21, rssi -68, ppm abs:rel   0 :   0, auth             WPA2-PSK, cipher:         AES, SSID 494949
----------------------------------------------------------------------------------------------------
proc_hellow_entry: RISC-V rv32imafc

PineCone BL602 EVB Wi-Fi sniffing measured on Otii PineCone BL602 EVB Wi-Fi sniffing measured on Otii PineCone BL602 EVB Wi-Fi sniffing measured on Otii

PineCone BL602 EVB PineCone BL602 EVB PineCone BL602 EVB

EnglishProfessionalPineConeWiFiElectronics

↩︎ Sublime Text 4 with packages, dependencies and license in Docker container with X11

↩︎ Jeho Svatost Dalajlama - Jak vidět sebe samé tak, jací doopravdy jsme; audiokniha, její poslouchání a co jsem si odnesl