Today I managed to write an app for mac OSX that's able to upload a custom firmware using firmware update feature of the watch. It doesn't require to enter an OTA mode so there's a catch:
You can upload a custom firmware to any watch that's in the bluetooth range and is not connected to any phone! No physical access needed!
Because of that issue I decided not to publish source code. But it doesn't stop you from uploading your custom firmware in OTA mode. To enter OTA mode just connect a charging cable, press all 3 buttons on the right side of the watch and release top and bottom keeping middle button pressed few seconds more. How to upload a new firmware in that mode? Just use a nRF Master Control Panel on an android phone. No need to calculate and provide firmware checksum (.dat file), watch bootloader is old and doesn't require to do that.
Firmware upgrade constrains
There are two ways to modify the watch:
- Update just the firmware
- Update firmware, soft device and the bootloader
The first option is quite easy. There's no way you can break anything (unless you play with internal flash from the code ;) ) because there's always a possibility to switch watch to an OTA mode and override existing/broken firmware. But it has also the biggest limitations:
- we have to use existing softdevice which is a S110 6.0.0. This is very old and obsolete softdevice and it's not possible to write code in mbed (unless you use an old/buggy version)
- we're limited to being a peripheral device so no way to connect to an external sensor without a phone
To write a firmware that way you need to:
- Set firmware base address to 0x14000 (that's the address of the first instruction in the firmware)
- Your firmware cannot be bigger than 147456 bytes (0x24000 bytes) because than you will override a bootloader (it starts at 0x38000)
- Use old NRF SDK 5.2.0 with S110 6.0.0 soft device
The second option is to override not only firmware but also the bootloader and the softdevice. That way we can use other softdevices like S120 (for central device) or S130 (both central and peripheral) and write anything we want!
I will try to upload S130 softdevice and a sample app in the following days. Stay tuned!