With an unbranded Bluetooth/ANT+ heart rate monitor, I can get the HRM data easily using gatttool:
<MAC address>> connect
Attempting to connect to <MAC address>
Connection successful
<MAC address>> primary
(...)
<MAC address>> char-desc 0x000c 0x0011
(...)
<MAC address>> char-write-req 0x000f 0100
Characteristic value was written successfully
Notification handle = 0x000e value: 16 34 e4 04
Notification handle = 0x000e value: 16 34 a5 04
Notification handle = 0x000e value: 16 33 ea 04
Notification handle = 0x000e value: 16 33 de 04
With this I am sending to handle 0x000f which is 00002902-0000-1000-8000-00805f9b34fb, which is where I need to send the request (doc for 0x2902), and I get responses from another handle (doc for 0x2a37).
I'm already a bit confused by the 0100 payload that we send. The spec for 0x2902 says that we should send 16 bits, and 0x0100 is 0b100000000. Does this result in 0b0000000100000000 or in 0b1000000000000000? Why are we sending 0x0100 and not 0x8000 (i.e. 1 with 15 0)?
Anyway, 01, 010, 0100, 01000 will work, but any more digits will fail. Shouldn't it fail with 5 digits already, since 4 hex chars is 16 bits? Anyway, 01 works (Notifications on, Indications off?), 02 will not result in updates (Notifications off, Indications on?), 03 works (Notifications on, Indications on?). Is my understanding sort of correct?
I now take my Garmin heart rate monitor (it's a Garmin HRM Dual). I can connect just fine via Bluetooth to it, I can find the correct handle for HRM interaction (the handle that corresponds to UUID 0x2902), but when I use gatttool to send a char-write-req to the handle just like previously, it says the value was written, but nothing ever happens. I've tried a number of values but nothing ever happens.
Am I missing something? Is there any extra step that needs to be taken before calling the HRM handle? Thank you.
