manualshive.com logo in svg

Sunricher SR-SBP2801-BLE-E, Instructions Manual

The Sunricher SR-SBP2801-BLE-E user manual is available for free download from manualshive.com. This manual provides detailed instructions on how to use and set up the product, ensuring a seamless experience for all users. Get your manual today and unlock the full potential of your Sunricher device.

Share
Download
background image

10.3.1 IC (Industry Canada) Regulatory Statement

This device complies with Industry Canada licence-exempt RSS standard(s). Operation is subject to the 
following two conditions:

(1) this device may not cause interference, and

(2) this device must accept any interference, including interference that may cause unde- sired operation of the 
device.

Le présent appareil est conforme aux CNR d'Industrie Canada applicables aux appareils radio exempts de 
licence.
L'exploitation est autorisée aux deux conditions suivantes :

(1) l'appareil ne doit pas produire de brouillage, et

(2) l'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, même si le brouillage est 
susceptible d'en compromettre le fonctionnement.”

A. Parsing SR-SBP2801-BLE-E radio telegrams

This appendix is intended as an example of how start to parse received SR-SBP2801-BLE-E radio telegrams. 
Please refer to chapter 4 first for a description of the BLE frame structure

A.1 Data telegram example

We consider the following raw data telegram data captured from an Sunricher SR-SBP2801-BLE-E device:

D6 BE 89 8E 42 13 9F 1B 00 00 15 E2 0C FF DA 03 69 01 00 00 10 8A D6 C1 7E 16 EE 23

A.1.1 BLE frame structure

The message shown above can be parsed into the following components (keep in mind the little endian byte 
order):

BLE Access Address (4 byte): 0x8E89BED6

BLE Frame Control (2 byte): 0x1342
                                                 Size of source a payload: 0x13 (19 byte) 
                                                 Telegram type: Non-connectable Advertising

BLE Source Address (6 byte): 0xE21500001B9F

Length of payload (1 byte): 0x0C (12 byte)

Type of payload (1 byte): 0xFF (manufacturer-specific data)

Manufacturer ID (2 byte): 0x0A78 (Sunricher) Sunricher Payload (9 byte): 69 01 00 00 10 8A D6 C1 7E CRC (3 
byte): 16 EE 23

A.1.2 Sunricher data telegram payload structure

The Sunricher data telegram payload can now be parsed as follows: Sequence Counter (4 byte): 0x00000169
Switch Status: 10 (Release of button B1)

Telegram Signature: C7 24 EA F0
 

A.2 Commissioning telegram example

We consider the following raw commissioning telegram data captured from an Sunricher
SR-SBP2801-BLE-E device:

D6 BE 89 8E 42 24 9F 1B 00 00 15 E2 1E FF DA 03 71 01 00 00 AB 4B 9A 91 85 2B 70 B8 A6 52 A0 5E 92 BB 12 
A0 9F 1B 00 00 15 E2 9E 6D 7C

A.2.1 BLE frame structure

The message shown above can be parsed into the following components (keep in mind the little endian byte 
order):

BLE Access Address (4 byte): 0x8E89BED6

BLE Frame Control (2 byte): 0x2442
Size of source a payload: 0x24 (36 byte)
Telegram type: Non-connectable Advertising

BLE Source Address (6 byte): 0xE21500001B9F

Length of payload (1 byte): 0x1E (30 byte)
Note that this field should correctly be set to 0x1D
This issue has been corrected in product version DC-06

Type of payload (1 byte): 0xFF (manufacturer-specific data)

Manufacturer ID (2 byte): 0x0A78 (Sunricher)

Sunricher Payload (27 byte): 71 01 00 00 AB 4B 9A 91 85 2B 70 B8 A6 52 A0 5E 92 BB 12 A0 9F 1B 00 00 15 E2

CRC (3 byte): 0x7C6D9E

A.2.2 Sunricher commissioning telegram payload structure

The Sunricher commissioning telegram payload can now be parsed as follows: 
Sequence Counter (4 byte): 0x00000171

Security Key: AB 4B 9A 91 85 2B 70 B8 A6 52 A0 5E 92 BB 12 A0

Static Source Address: 0xE21500001B9F

B. Address resolution for resolvable private addresses (RPA)

SR-SBP2801-BLE-E provides the option to obfuscate its identity by means of using resolvable private 
addresses (RPA) as described in chapter 4.4.2. The following chapters describe how to re- solve such 
addresses.

B.1.1 RPA resolution flow

The execution flow for resolving private addresses (RPA) is shown in Figure 43 below.

Figure 43 – Execution flow for resolving private addresses (RPA resolution)

Input to the RPA resolution flow is the prand part of the resolvable private address field of the received 
telegram together with one (or several) locally stored IRK.

The receiver will then try for each locally stored IRK if the hash generated using the execution flow above 
matches the hash part of the resolvable private address field of the received telegram. If it does, then the IRK 
identifies the device from which this telegram originated.
 

B.1.2 Address resolution example

We consider a SR-SBP2801-BLE-E device with the following IRK (options for determining the IRK / security 
key of a SR-SBP2801-BLE-E are described in chapter C.1.3.):

BE759A027A4870FD242794F4C45220FB

We further consider a telegram having the following resolvable private address:

493970E51944
We will now test if this resolvable private address was generated using the IRK above. Referring to the 
resolvable private address structure shown in Figure 12, we split the re-solvable private address into prand 
and hash as follows:

prand = (RPA && 0xFFFFFF000000) >> 24 prand = 0x493970

Summary of Contents for SR-SBP2801-BLE-E

Page 1: ...Wall Switches and US style rocker pads 1 2 Technical data Dimensions Weight Security Power Supply Button Inputs Communication Range guidance only Max transmit power measured Antenna Communication Sta...

Page 2: ...o channels Channel A and Channel B each containing two button contacts State O and State I The state of all four button contacts pressed or not pressed is transmitted together with a unique device ide...

Page 3: ...he two channel radio transmission sequence removes transmission on the third radio channel selected by TX_CHANNEL3 and instead repeats the transmission once more four times in total The SR SBP2801 BLE...

Page 4: ...key as identity resolution key This key can be modified if needed via the NFC configuration interface as described in chapter 6 7 5 For each data telegram transmitted by SR SBP2801 BLE E i e for every...

Page 5: ...lease Action then this is indicated by the according status bit set to 1 Note that all contacts that were pressed during Press Action will be released during Release Action The case of continuing to h...

Page 6: ...key as part of the NFC based commissioning process To do so follow the procedure outlined in chapter 6 7 5 For additional security NFC read out of the new security key can be disabled by setting the P...

Page 7: ...ssioning mode Button_X is pressed or released again 5 3 3 Exit from commissioning mode Pressing any key except the button used for entry into commissioning mode Button_X will cause SR SBP2801 BLE E to...

Page 8: ...e Any other data received by the NFC tag while in IDLE state is discarded and the NFC tag will remain in IDLE state 6 2 3 READY 1 state READY 1 is the first UID resolving state where the NFC tag resol...

Page 9: ...ID of such tag This should always be used as first operation ahead of any read write authenticate actions Example SearchTag 32 2 NTAG_PwdAuth 32 bit password as hex bytes 16 bit password_ack as hex b...

Page 10: ...FC Data SR SBP2801 BLE E reserves 64 byte for customer specific NFC data see chapter 6 7 11 specific security measures are used to restrict read access to this data The following items are located in...

Page 11: ...and release the button of SR SBP2801 BLE E SR SBP2801 BLE E will determine that it should modify the security key based on the setting of the Update Security Key flag and copy the value of the Securit...

Page 12: ...ngs 6 7 9 2 Interval selection Starting with version DC 06 it is possible to reduce the transmission interval from the default setting of 20 ms to 10 ms by setting bit 3 of the Variant register Settin...

Page 13: ...product label encodes key product parameter according to the ANSI MH10 8 2 2013 industry standard The QR code shown in Figure 32 above encodes the following string 30SE280101500100 Z0123456789ABCDEF0...

Page 14: ...estricting transmission range include Switch mounting on metal surfaces up to 30 loss of transmission range Hollow lightweight walls filled with insulating wool on metal foil False ceilings with panel...

Page 15: ...advertising intervals then the scan interval has to be less than the time between the end of the first advertising event and the begin of the third advertising event 2 10 ms 20 ms minus 0 5 ms telegra...

Page 16: ...ules Operation is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause...

Page 17: ...essage shown above can be parsed into the following components keep in mind the little endian byte order BLE Access Address 4 byte 0x8E89BED6 BLE Frame Control 2 byte 0x2442 Size of source address pay...

Page 18: ...rameter Comment Description Example Length Field Size Size in bytes of the field used to encode the input length 2 always minimum permissible size Desired size in byte of the signa ture generated by t...

Page 19: ...for a description of the commission telegram structure The location of the security key is for reference highlighted above This means that the security key of this red device is 3DDA31AD44767AE3CE56D...

Page 20: ...table XOR calculator could be found here http xor pw The execution sequence would then be as follows X_1 AES128 B0 Key X_1 AES128 49B819000015E25D0400000000000000 3DDA31AD44767AE3CE56DCE2B3CE2ABB X_1...

Page 21: ...15E2630400000000000000 3DDA31AD44767AE3CE56DCE2B3CE2ABB X_1 ab5ec24beabc9ddeeb73751c7734cc64 X_1A XOR X_1 B_1 X_1A XOR ab5ec24beabc9ddeeb73751c7734cc64 000B0EFFDA0363040000111234000000 X_1A ab55ccb430...

Reviews:

No comments

Related manuals for SR-SBP2801-BLE-E

ZOLL 330 Operator'S Manual preview
330
Brand: ZOLL Pages: 84
Kaivac 2100 Series Operator'S & Parts Manual preview
2100 Series
Brand: Kaivac Pages: 29
MacDon 1000 Operator'S & Parts Manual preview
1000
Brand: MacDon Pages: 65
ICS Schneider Messtechnik HT10 User Manual preview
HT10
Brand: ICS Schneider Messtechnik Pages: 124
iGuzzini B183 Instruction Sheet preview
B183
Brand: iGuzzini Pages: 20
DAKO 1100 Use And Maintenance preview
1100
Brand: DAKO Pages: 25
3M ESPE RotoMix Manual preview
RotoMix
Brand: 3M ESPE Pages: 50
VACGEN WS Series Operating And Maintenance Handbook preview
WS Series
Brand: VACGEN Pages: 13
Bante Instruments ORPscan10 User Manual preview
ORPscan10
Brand: Bante Instruments Pages: 6
Barco Coronis 5MP Mammo Brochure & Specs preview
Coronis 5MP Mammo
Brand: Barco Pages: 4
Barco CORONIS 1MP Installation & User Manual preview
CORONIS 1MP
Brand: Barco Pages: 167
Barco Color Coronis 2MP System Manual preview
Color Coronis 2MP
Brand: Barco Pages: 156
Barco Color Coronis 2MP Brochure & Specs preview
Color Coronis 2MP
Brand: Barco Pages: 12
Barco AMM240ED Operation Manual preview
AMM240ED
Brand: Barco Pages: 39
Barco SP4K-B Installation Manual preview
SP4K-B
Brand: Barco Pages: 158
Garmin GPSMAP 188 Sounder Owner'S Manual And Reference Manual preview
GPSMAP 188 Sounder
Brand: Garmin Pages: 134
Nectar Pacer Using Manual preview
Pacer
Brand: Nectar Pages: 46
Neauvia PLASMA IQ Training Manual preview
PLASMA IQ
Brand: Neauvia Pages: 17

Brands by name

Popular brands

Load more brands