Avatar of Francois Koutchouk
Francois KoutchoukFlag for United States of America asked on

How do I find data in the bluetooth output of a medical sensor?

How do I decipher the results of a pulse oximeter bluetooth (BLE) device?

For one model, I read
04:3e:2b:02:01:00:00:6d:2b:31:50:a0:00:1f:02:01:06:1b:09:42:65:72:72:79:4d:65:64:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:ce
for another, I read
04:3e:21:02:01:00:00:5f:62:98:38:c1:a4:15:02:01:06:11:06:6d:b8:e6:7e:a3:93:46:88:07:4c:35:52:80:cb:ea:cd:dc

Getting help these from those vendors is these days nearly impossible.
* BluetoothHardware

Avatar of undefined
Last Comment
Francois Koutchouk

8/22/2022 - Mon
d-glitch

It seems like you have access to several monitors and the output data streams.
Do you also have access to the BLE apps or display devices?

Decoding should be pretty easy unless they are trying to obfuscate the data for some reason.

Presumably you realize the data is in Hex format, two characters [0-f] make up each 8-bit byte.

The first string is 43 bytes with a lot of zeroes, the second is 33.

Note the similarities between the two strings:
04:3e: 2b: 02:01:00:00:   6d:2b:31:50:a0:00:1f:02:01:06:1b:09:42:65:72:72:79:4d:65:64:00:00: .......... 00:00:ce
04:3e: 21: 02:01:00:00:   5f:62:98:38:c1:a4:15:02:01:06:11:06:6d:b8:e6:7e:a3:93:46:88:07:4c:35:52:80:cb:ea:cd:dc

Open in new window


The first 7 bytes are probably some sort of header a header.  
The 2b in the first string converts to 43, the number of bytes in the string.  
Same for the 21 in the second string.

The last byte is probably a parity checksum.

I would try converting the rest of the message to ASCII.  That might work.
But if you can get several different messages, i.e. different known oxygen readings, that could work too.

The part of the string that doesn't change between messages could be a device id.  But if it doesn't change, it doesn't matter.
If you can correlate the part that does change with know displayed data, you are probably done.
ASKER
Francois Koutchouk

Hmm, we are getting somewhere, thank you.
Using the string:
04:3e:2b:02:01:00:00:6d:2b:31:50:a0:00:1f:02:01:06:1b:09:42:65:72:72:79:4d:65:64:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:c9
https://www.rapidtables.com/convert/number/hex-to-ascii.html
I see BerryMed -- that's definitely the name of the manufacturer.
I think the device transmits 2 (and maybe 3 values). SpO2 was 97 and Pulse 73 which in hex would 61 and 49

04:3e:2b:02:01:00:00:6d:2b:31:50:a0:00:1f:02:01:06:1b:09:42:65:72:72:79:4d:65:64:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:cd
was 97 and 82.  The only byte that changed is the last one though.

If that helps the range for SpO2 from the manufacturer is 70-99 and the pulse 30-250
If that helps the address of the oximeter is: 00:a0:50:31:2b:6d

I kinda of doubt they would be encrypting, there isn't anything confidential since there is no patient information.
I'm thinking the message may not contain the actual data.
I appreciate your thoughts.
d-glitch

I guess I wouldn't expect any encryption either.

The range info for the blood oxygen and pulse rate are very useful.

Each of the data values could be encoded as an 8-bit integer [0-255].
You might also want to check for five ASCII characters.

 How are you capturing these days streams?  How often are the repeated?
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
Francois Koutchouk

When turned on the oximeter transmits rapidly and continuously (once per second).
It takes a few seconds for the device to read the SpO2 and the Pulse.
Since those numbers change, I try to stay very calm until my SpO2 and Pulse remain the same for a few seconds.

I am using a Raspberry Pi running Debian with the bluez library, then establish a socket
(running Python):
[...]
sock.recv(1024)
print(':'.join("{0:02x}".format(x) for x in data))

I then break the loop and copy and paste the last few lines.

Again, thank you for your help!
Here's the background: we have a bunch of those devices we would like to send patients home with.   Them using a smartphone with BLE (if they have one) running a third party app is not an option for most.
ASKER
Francois Koutchouk

More information:  here is the reading from another oximeter:
04:3e:21:02:01:00:00:5f:62:98:38:c1:a4:15:02:01:06:11:06:6d:b8:e6:7e:a3:93:46:88:07:4c:35:52:80:cb:ea:cd:c3
the SpO2 was 99 and the pulse 73
The BLE address is: a4:c1:38:98:62:5f
Attached is the data specifications from the vendor.
Does that help to figure out where is the 99 and the 73 buried in that string?
Andesfit_SpO2.pdf
ASKER CERTIFIED SOLUTION
Francois Koutchouk

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question