https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/A community design challenge focused on smart security and surveillance projects, where members design, build, and document practical solutions to real-world monitoring and protection problems. Participants share their process, hardware choices, and resulen-USTelligent Community 12https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56886/ble-scanning-and-cc256x-firmware-uploading/235225Wed, 29 Apr 2026 17:05:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:84c2da58-805a-4eac-9736-fb928f3247beBigGIt's all rather weird logic. Thank goodness for AI! So, I've got it working. The key to actually seeing any output from the scan is to set up the "Event Mask". You do this before setting up scan. // Set event mask and LE event mask const uint8_t SET_EVENT_MASK[] = {0x 01 , 0x 01 , 0x 0C , 0x 08 , 0x FF , 0x FF , 0x FF , 0x FF , 0x FF , 0x FF , 0x FF , 0x FF }; const uint8_t SET_LE_EVENT_MASK[] = {0x 01 , 0x 01 , 0x 20 , 0x 08 , 0x FF , 0x FF , 0x FF , 0x FF , 0x FF , 0x FF , 0x FF , 0x FF }; <<< BLE Response (HEX): 04 01 0B 20 00 Enabling BLE Scan... Scanning for devices... (Watch for 04 3E events) <<< BLE Response (HEX): 04 01 0C 20 00 <<< BLE Response (HEX): 04 3E 2B 02 01 03 01 E1 CD 48 2E 2E 2F 1F 1E Size of buffer: 15 <<< BLE Response (HEX): 04 3E 2B 02 01 03 01 E1 CD 48 2E 2E 2F 1F 1E Size of buffer: 15 <<< BLE Response (HEX): 04 3E 28 02 01 02 01 96 23 5E B8 B8 78 1C 03 Size of buffer: 15 <<< BLE Response (HEX): 04 3E 28 02 01 02 01 48 1D 94 8E B3 73 1C 03 Size of buffer: 15 <<< BLE Response (HEX): 04 3E 28 02 01 02 01 96 23 5E B8 B8 78 1C 03 Size of buffer: 15 <<< BLE Response (HEX): 04 3E 2B 02 01 03 01 E1 CD 48 2E 2E 2F 1F 1Ehttps://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56886/ble-scanning-and-cc256x-firmware-uploading/235222Wed, 29 Apr 2026 15:56:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:3ab86ba0-01f5-4469-b933-b189d8bac2ecBigGI thought to give it a try. I now have the service pack loaded... will now see if I can scan for devices >>> Sending HCI_Reset Command... <<< BLE Response (HEX): 04 0E 04 01 03 0C 00 Size of buffer: 7 <<< BLE Response (HEX): 04 0E 0C 01 01 10 00 06 00 00 06 0D 00 90 1B Size of buffer: 15 Size of service pack: 9118 Bluetooth successfully patched! UPDATE. I had only patched with the base patch. Just discovered that you also have to patch with the LowEnergyPatch[] and set the #ifdef __SUPPORT_LOW_ENERGY__https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56886/ble-scanning-and-cc256x-firmware-uploading/235221Wed, 29 Apr 2026 13:41:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:6d990e8d-72cf-4ea5-ab59-adc5fc9882c5AlistairI quick update. After some very hackey code I have managed to get the patch from BTstack to load, and the mask and scan commands are accepted, but no results are returned. I also have the original TI mod loading, but that does not appear to change anything. I will take a break and come back to this another time with a fresh head.https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56883/identity-protocol---part-9---ble-gatt-challenge-response-with-btstack/235217Wed, 29 Apr 2026 10:57:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:0c9d3d53-bc59-4201-8178-6826e873d156arvindsaYou Are right, in the initial stages I was planning to use SPP but changed my plan to use BLE instead. Will update the previous posts shortly. Thank you for catching the discrepancy.https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56883/identity-protocol---part-9---ble-gatt-challenge-response-with-btstack/235216Wed, 29 Apr 2026 10:51:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:317cebc2-ce75-4789-b9eb-aaf4920fb565shabazHi, You mention SPP in the intro, but that's unrelated to BLE (by using BLE, you're not using SPP). I'm sure you're aware of that, and BLE is the better option anyway : ) but to readers it may be confusing that SPP was brought up. Also, it was mentioned in your Blog 1 that you'd be using SPP, which may need updating, since you're not using that.https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56850/accessing-the-pan1326b-bluetooth-module-with-the-arduino-ide-don-t-forget-to-set/235215Wed, 29 Apr 2026 09:23:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:5410825a-124c-4585-9111-4cd2f872363fAlistairA quick hack to work round the intermittent not initialising issue. In short I have tied a data pin that is normally floating to the reset pin, and if I do not detect any data from the module within 4 seconds I enable the pin and pull it low. I chase P3_0 as this is not used by default. I have a global variable hadResponce... int hadResponce = false; I then set that in my test read code... while (BT_SERIAL.available()) { uint8_t data = BT_SERIAL.read(); Serial.println(data, HEX); hadResponce = true; } ...and finally in the main loop I check if it has not been set and if we have been running for 4 seconds. if (!hadResponce && (millis()>4000) ) { Serial.println("Stalled so rebooting..."); delay(200); pinMode(P3_0, OUTPUT); digitalWrite(P3_0, LOW); } It is a complete hack and needs tidying, but it is automating things while I am testing so well worth doing.https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56886/ble-scanning-and-cc256x-firmware-uploading/235214Wed, 29 Apr 2026 09:15:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:7d0c00f8-3043-4b01-a565-b3e088575d7dAlistairI did look at BTstack, but it is adding a lot of bloat and complexity that I do not need for this project. I now see that part of the bloat is the patch, but I will hope to be able to keep things simple. I have had a go at uploading the patch myself. To start I am using the commands already converted to an almost usable from from BTstack. I ma having mixed success. Most of it uploads fine, but one or two commands causes the module to hang. Commands that were not available before become available, but nothing is working just yet. In short I am making progress, but slow progress. I will report back if I have any success.https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56886/ble-scanning-and-cc256x-firmware-uploading/235213Wed, 29 Apr 2026 09:11:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:6c40faac-aaf3-4a3a-9ff0-2d7fda287f03AlistairHa, We have all been there. My super power is to loose something in front of me. :-)https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56883/identity-protocol---part-9---ble-gatt-challenge-response-with-btstack/235210Wed, 29 Apr 2026 03:04:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:a8845a32-3f6a-4e8e-8cd5-b35b32ad8af6arvindsaThank you so much. Here is the typo : https://github.com/bluekitchen/btstack/blob/5bc5cbdbeec33be1fdbd0d50e04c0f6deab99d2d/3rd-party/micro-ecc/uECC.c#L528 They used ENABLE_MICO_ECC_ECDSA instead of ENABLE_MICRO_ECC_ECDSA. I guess i found out only because i used a very niche combination of BtStack and micro-ecc explicitly, Their internal calls might have been handled automatically,https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56883/identity-protocol---part-9---ble-gatt-challenge-response-with-btstack/235209Wed, 29 Apr 2026 00:00:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:60a51a49-ec93-4cfe-b3c4-fdbbc4db0627kmikemooarvindsa Wow. Finding a typo in what should be proofed work... admirable - and VERY determined. Well done.https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56886/ble-scanning-and-cc256x-firmware-uploading/235208Tue, 28 Apr 2026 21:34:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:5cb95a9f-cd93-4565-b2bc-3b94799fc028BigGI downloaded the required zip file from ti.com. It looks like CC256XB.h is the file to use to get the service pack.https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56886/ble-scanning-and-cc256x-firmware-uploading/235207Tue, 28 Apr 2026 19:49:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:26398330-5c7e-4559-9212-12abc33b3e1aBigGLOL. I could've saved myself some time by actually looking what's under my dev board. Assumption shows it teeth, yet again... the XIP flash IC turns out to be optional.https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56886/ble-scanning-and-cc256x-firmware-uploading/235198Tue, 28 Apr 2026 13:41:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:56407d47-eefa-4a2c-a6ba-8d506a33901bBigGDid you try the BTstack library: https://bluekitchen-gmbh.com/btstack-arduino/tutorial/#btstack-library The reason the command did not work is that you have to first upload a "service pack" to the PAN1326 module so that it understands what you are asking. The DIY route requires this (think this is the correct one, if not search on TI: https://www.ti.com/tool/CC256XB-BT-SP ) PS. I was going to test to see whether you can upload this service pack onto the external flash on the MAX32630FTHR with an Arduino utility sketch. Then you wouldn't have to bundle it in with your code.https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56886/ble-scanning-and-cc256x-firmware-uploadingTue, 28 Apr 2026 12:02:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:db78488d-c1dd-4e01-a2fd-45db04a8ba9eAlistairAfter thinking I had everything in place I have just got wound to the BLE scanning, and it turns out that it it not working. Basic Bluetooth functionality appraiser fine, but the BLE functionality is not there. Doh! Following a hint from online I trued the command 01 01 FE 01 00 (HCI_VS_Write_BD_Addr) and that returned 0x01 (Unknown HCI Command), and that shown new firmware needs uploading. Has anyone done this?Any other suggestions for that matter?https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56874/identity-protocol---part-7---colouring-on-the-icled-featherwing/235193Tue, 28 Apr 2026 06:52:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:1e798e00-5ccf-4d4c-a849-069fea1050c0arvindsaaha, any chance i can see a photo of it?https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/m/managed-videos/151243Tue, 28 Apr 2026 06:09:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:3759bcb3-5c3b-442f-88ea-df3f0d08acd8arvindsaLearn how GATT defines the way that Bluetooth Low Energy devices transfer data back and forth. In this video, topics covered include: - Attribute protocol (ATT) - Generic attribute profile (GATT) - Services and characteristics - Profiles - Data op...bluetoothblepower deliverytesterGATTdisplayportUSB-IFusb type-csnifferBluetooth AnalyzerBluetooth SIGattusbprotocol analyzerthunderboltbluetooth low energyUSB AnalyzerEllisyssuperspeed usbvesahttps://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/m/managed-videos/151242Tue, 28 Apr 2026 06:03:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:49da3062-1364-4724-bb08-95bc66ffcb71arvindsahttps://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56883/identity-protocol---part-9---ble-gatt-challenge-response-with-btstackTue, 28 Apr 2026 06:01:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:e95ef095-977a-4aae-ac9e-780d887835bearvindsaIt has been long time since i used Bluetooth SPP. Infact I do not think I ever used Bluetooth SPP via firmware. I think i used an RN42 module to get UART converted to Bluetooth SPP. But I have used BLE GATT so, I will be using that to exchange data between the Door and ID device. Recap: The idea is simple enough: stop making people swipe a card and type a PIN at every single door. Instead, the ID card (a MAX32630FTHR + ATECC508A in your pocket) unlocks once via PIN, then silently does challenge-response crypto over Bluetooth every time you walk up to a door. If the card gets yanked off you, the IMU detects the tug and it locks itself. No PIN, no entry. For more details check the Part 1 of the series Identity Protocol Part 1 - Plan Identity Protocol - Part 2 - Django Server Identity Protocol - Part 3 - Unboxing and Blinking with Maxim LPSDK Identity Protocol - Part 4 - BLE using PAN1326B and BTstack Identity Protocol - Part 5 - Interfacing a Keypad Identity Protocol - Part 6 - Snatch Detection with the BMI160 IMU Identity Protocol - Part 7 - Colouring on the ICLED FeatherWing Identity Protocol - Part 8 - Cryptographically Sign with ATECC508 and Verify with Micro-ECC GATT Service Definition BTstack generates an ATT database at plaintext .gatt file. Refer: https://github.com/bluekitchen/btstack/blob/master/tool/compile_gatt.py For our purpose, I need to detect the door and ID card to be nearby, one service to write the nonce and another for the response. I did take help of ChatGPT to generate the file. If you are new to GATT - I recommend to watch this video - www.youtube.com/watch PRIMARY_SERVICE, GAP_SERVICE CHARACTERISTIC, GAP_DEVICE_NAME, READ, "Auth-Door" PRIMARY_SERVICE, GATT_SERVICE CHARACTERISTIC, GATT_DATABASE_HASH, READ, // Identity Protocol Auth Service PRIMARY_SERVICE, AAAAAAAA-0000-0000-0000-000000000001 // CHALLENGE: 32-byte nonce sent by the door, read by the card CHARACTERISTIC, AAAAAAAA-0000-0000-0000-000000000002, READ | DYNAMIC, // RESPONSE: 4-byte device_id followed by 64-byte signature written by the card CHARACTERISTIC, AAAAAAAA-0000-0000-0000-000000000003, WRITE | DYNAMIC, For Testing two Roles, One Source File Both the door and the card run on identical hardware (MAX32630FTHR + PAN1326B), so the test is a single C file compiled twice. A ROLE make variable drives the split: make ROLE=server # door firmware make ROLE=client # card firmware -DROLE_SERVER / -DROLE_CLIENT select which half of gatt_auth.c is compiled. The server advertises, serves CHALLENGE when ID card nearby, and verifies writes to RESPONSE. The client scans, connects, reads CHALLENGE, signs, and writes RESPONSE. The Server Side (Door) The server's packet handler wakes up three places: stack ready, client connected, and every ATT write. When client connected, we serve the once, when ATT writes to the signature service, we verify it. Even though i have only one feather to function as a ID device, i made the firmware such that it can store multiple ID Cards device name and their public key to be synced from the Django server. if (att_handle != RESPONSE_VALUE_HANDLE) return 0; if (buffer_size != 68) { printf("VERIFY FAIL, expected 68 bytes, got %u\n", buffer_size); return 0; } uint32_t device_id = (buffer[0] > 24) & 0xFF; response_buf[1] = (CLIENT_DEVICE_ID >> 16) & 0xFF; response_buf[2] = (CLIENT_DEVICE_ID >> 8) & 0xFF; response_buf[3] = CLIENT_DEVICE_ID & 0xFF; atcab_sign(0, digest, response_buf + 4); gatt_client_write_value_of_characteristic( handler, conn_handle, response_handle, 68, response_buf); The device_id is the lower four bytes of the ATECC508A serial number which we saved during provisioning and locking of the chip along with it's public key. This is the same four bytes the server will look up in its static keystore to find the public key. The ID Card's LED lights up green when connecting to the door device and the door device's LED turns green when the signing of nonce by ATEC508A is successfully verified by micro-ecc Result With both bugs sorted, the UART log across two boards looks like this on a clean run. community.element14.com/.../blegatt.mp4 Again, i am using a PCB which i designed for a client to work like an breakout board for the ATTEC508A. Hence the blur. After a successful verification, the door devices starts readvertising and i do have to reset the ID card to re-auth again. Final Notes Again, thanks to BTStacks awesome documentation, this was an easy three hour work after setting up ATECC508A. There was some hold up due to typo in the micro-ecc bundled by BTStack, which i thought was my problem but later I realized it was a bug. I did write the public key manually in the lookup table for this unit test, in the final unit test, I will interface W5500 to sync the public keys to the feather board.blesecurity-challengeGATTdesign-challengeMAX32630FTHR#https://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56881/identity-protocol---part-8---cryptographically-sign-with-atecc508-and-verify-with-micro-ecc/235192Tue, 28 Apr 2026 04:27:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:c4d337c9-713d-4336-a4eb-b5bf5deb2eb5arvindsaDS28E22 also have documents under NDA. Take a look at the bottom part of their web pagehttps://community.element14.com/challenges-projects/design-challenges/smart-security-and-surveillance/f/forum/56881/identity-protocol---part-8---cryptographically-sign-with-atecc508-and-verify-with-micro-ecc/235191Tue, 28 Apr 2026 04:19:00 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:86b6cd12-ba8b-47e1-b962-b7a0ca6c4b92arvindsaDS28EL22 on the feather board is a awesome catch. It is not mentioned anywhere in the Feather datasheet, it is only seen in the BOM and the Schematics and it runs on One Wire protocol. Unfortunately, it does not have a TRNG either and it runs on SHA256 Symmetric key, so it would be a 1:1 pairing rather than Many to one as is the advantage of asymmetric encryption. With regards to question as to if datasheets are abridged for secure ICs, my answer is - I do not know, I've always worked with the Microchips ATEC family 508A and 608. The full datasheet of 608 is definitely under NDA but i believe 508A is now public. I guess, it could be so that if there is any security weakness, it will give the developers to find it when used by companies under NDA and then once fixed it can be released to public. seed = 0 is not a potential weakness, but a way for me to easily identify that the loop failed to regenerate a number. regarding your concern about nonce being identical and predictable - Theoretically it can be made identical and predictable. I am using only ADC as a source of random noise. One can Provide ultra stable voltage source to the ADC pins, reduce and stabilize the temperature of the MCU to reduce thermal noise and you will get the exact same value of nonce. But practically, it is going to be hard. if you need any help with the crypto chips. you can reach out, i am on discord as well