Fardriver BLE Communication

[not.py]

Welcome, I'm currently in the works of reversing Fardriver's BLE communication to make my own custom dashboard app.
Thought I should document it in case anyone in the future decides to try.

I'm a total newbie to all kinds of serial & bluetooth communication but I've been doing python for multiple years now.
Feel free to correct me on anything I say.

Also check out: Fardriver controller serial protocol reverse engineering if your interested in the serial communication.
Lots of helpful info in there regarding how data is sent as well.



Current findings:
Address 0xEE:
First nibble: Direction switch. 0 for forwards / 8 for reverse.
Second nibble: Mode switch. B for 1 / 3 for 2 / 7 for 3.
Fourth nibble: Breaking. F for break / D for normal.
Next 4 nibbles seem to count up as the wheel spins, maybe for the speedo?
Example: 09 1D 29 32 00 00 00 00 00 00 00 00


Address 0xE2:
Nibbles 12-15: RPM

These are all my findings from tonight, will be back with more soon.

 

[hetm4n]

GitHub - bobecek79/ESP32-Fardriver-BLE-Reader: It connects to the controller via BLE, receives and decodes data, and outputs the parsed data to the Serial Monitor for testing.

It connects to the controller via BLE, receives and decodes data, and outputs the parsed data to the Serial Monitor for testing. - bobecek79/ESP32-Fardriver-BLE-Reader

github.com

Someone managed to connect all the important parameters to the ESP. I checked it and it works However, there are often problems with connecting the controller to the ESP32. It doesn't connect immediately, only after a while.

 

[hetm4n]

 

[riorichman]

View attachment 376845

i try this, and my reading are all 0, the uuid are the same as in the github, using nrf connect. i'm sure its correct. i wonder whyy

 

[hetm4n]

i try this, and my reading are all 0, the uuid are the same as in the github, using nrf connect. i'm sure its correct. i wonder whyy

I will send you my code that works in serial monitor and on ILI9341 and ESP32 wroom.
I'm still making a new layout using squareline studio but I'm waiting for my esp32 S3 N16R8 to arrive to test it.

fardriver_Ili_v3_1_bot_czcionka3.ino

drive.google.com

 

[hetm4n]

 

[riorichman]

I will send you my code that works in serial monitor and on ILI9341 and ESP32 wroom.
I'm still making a new layout using squareline studio but I'm waiting for my esp32 S3 N16R8 to arrive to test it.

fardriver_Ili_v3_1_bot_czcionka3.ino

drive.google.com

oh wow thank you. i definitely will try thiss.
thank you. i'll get back to you ASAP. i'm still using small oled screen.. cheers..

 

[riorichman]

NEW UI

Heyy goood news.. it workss.. ahahahah oh my.. THANK YOU SO MUCH! woohooo.. time to upgrade to lvgl..

And i wonder if you can sniff the jikong bms too.. i tried and it works. But in other valur its in correct.. i attach some picture my attempt to connect to jk bms.

 

[riorichman]

NEW UI

hi, i'm having a hardtime to find brake low and brake high byte, can you show the address for that also? thank you

update : i got the brake byte.. wohoo

 

[hetm4n]

Are you referring to the handbrake signal? If so, could you share the code for this function? Thanks to gtp chat, I also decoded the reading for DNR gears:

In fardriver data :

int dnrMode = 0; // 0=Neutral, 1=Drive, 2=Reverse

In proces packet :

// ---- DNR detection ----
  uint8_t dnrByte = pData[0];
  uint8_t newDnr = dnrByte & 0x03;  // 0=N,1=D,2=R (bitowo z testów)
  static uint8_t lastDnr = 255;

  if (newDnr != lastDnr) {
    lastDnr = newDnr;
    controllerData.dnrMode = newDnr;

    Serial.print("🕹️ Tryb DNR zmieniony: ");
    switch (newDnr) {
      case 0:
        Serial.println("NEUTRAL");
        break;
      case 1:
        Serial.println("DRIVE");
        break;
      case 2:
        Serial.println("REVERSE");
        break;
      default:
        Serial.println("Nieznany");
        break;
    }
  }
  break;
}

 

[riorichman]

Are you referring to the handbrake signal? If so, could you share the code for this function? Thanks to gtp chat, I also decoded the reading for DNR gears:

In fardriver data :

int dnrMode = 0; // 0=Neutral, 1=Drive, 2=Reverse

In proces packet :

// ---- DNR detection ----
  uint8_t dnrByte = pData[0];
  uint8_t newDnr = dnrByte & 0x03;  // 0=N,1=D,2=R (bitowo z testów)
  static uint8_t lastDnr = 255;

  if (newDnr != lastDnr) {
    lastDnr = newDnr;
    controllerData.dnrMode = newDnr;

    Serial.print("🕹️ Tryb DNR zmieniony: ");
    switch (newDnr) {
      case 0:
        Serial.println("NEUTRAL");
        break;
      case 1:
        Serial.println("DRIVE");
        break;
      case 2:
        Serial.println("REVERSE");
        break;
      default:
        Serial.println("Nieznany");
        break;
    }
  }
  break;
}

Wow, thats a new found great. Let me try that. Oh thr motor temp is zero from your code, maybe a wrong byte.

What i mean by brake signal when you pressed the brake the motor wont run.

BRAKE SIGNAL:
Packet: 0xE2 (Address 0)
Byte: 3
Bit: 7

I found this byte for the brake.

Now, for the soc reading i think i beed to connect to bms and read it from there. Already done but some false reading, need to find the right byte.

 

[hetm4n]

Everything works fine for me I wonder if there are any other parameters that would be useful to decode, e.g. throttle voltage, phase current.

 

[riorichman]

Everything works fine for me I wonder if there are any other parameters that would be useful to decode, e.g. throttle voltage, phase current.

hi, so i create the android apps that read from fardriver based on your code

 

[hetm4n]

Cześć, więc tworzę aplikacje na Androida, które odczytują dane z Fardriver na podstawie Twojego kodu

View attachment 379907

Great job the belt still needs to work