Bluetooth APP for Daly BMS

dakoal

100 µW
Joined
Nov 4, 2016
Messages
8
Hi.

In the past I built some software to communicate with chinese and european BMS with their Bluetooth Interface.

For example:
- energusps.com - Modbus over Bluetooth with raspberry.
- xiaoxiang - BLE (first with Raspberry, then with ESP32).
- ANT-BMS - Bluetooth socket (rfcomm like) with ESP32.

I always used the vendor's tools and reverse engineered some things, or use hints from elswhere.

With these data it was easy to capture data from the batteries for long term analysis (aging and defect cell finding).
Influx, Grafana ......

But now I am a little bit frustrated. I got a BMS from daly (the red ones) with a UART-Bluetooth dongle.
It works a bit like ANT BMS with BLE and traditional Bluetooth (sends two MAC's).

But daly is not able to send a APK/tool/software, because the customer needs WeChat (Chinese WhatsApp I think).
And as "not chinese citizen" it's nearly impossible to activate it.
So with no software, I cannot sniffer what commands are needed to read some values out of the daly BMS.

Is here someone having the software for this BMS, or has someone already found out some commands:
https://www.aliexpress.com/item/4000830353310.html

Greetz from Austria
 
Got it.

If someone want's to communicate with DALY BMS from esp32/raspberry/... , here you are:

single cell voltages:
start gatttool in interactive mode.
then write to characteristic handle 0x0010

Code:
gatttool -b BT:MAC:OF:DALY:BMS -I
[BT:MAC:OF:DALY:BMS][LE]> connect
Attempting to connect to BT:MAC:OF:DALY:BMS
Connection successful
[BT:MAC:OF:DALY:BMS][LE]> char-write-cmd 0x0010 a58095080000000000000000c2
Notification handle = 0x0010 value: a5 01 95 08 01 0d 08 0d 10 0d 0b f4 82
Notification handle = 0x0010 value: a5 01 95 08 02 0d 0b 0d 0a 0d 0e f4 83
Notification handle = 0x0010 value: a5 01 95 08 03 0d 10 0d 0c 0d 0a f4 87
Notification handle = 0x0010 value: a5 01 95 08 04 0d 0b 0d 0a 0d 10 f4 87
Notification handle = 0x0010 value: a5 01 95 08 05 0d 0b 0d 0a 0d 11 f4 89
Notification handle = 0x0010 value: a5 01 95 08 06 0d 09 00 00 00 00 f4 53
Notification handle = 0x0010 value: a5 01 95 08 07 00 00 00 00 00 00 f4 3e
Notification handle = 0x0010 value: a5 01 95 08 08 00 00 00 00 00 00 f4 3f
Notification handle = 0x0010 value: a5 01 95 08 09 00 00 00 00 00 00 f4 40
Notification handle = 0x0010 value: a5 01 95 08 0a 00 00 00 00 00 00 f4 41
Notification handle = 0x0010 value: a5 01 95 08 0b 00 00 00 00 00 00 f4 42
Notification handle = 0x0010 value: a5 01 95 08 0c 00 00 00 00 00 00 f4 43
Notification handle = 0x0010 value: a5 01 95 08 0d 00 00 00 00 00 00 f4 44
Notification handle = 0x0010 value: a5 01 95 08 0e 00 00 00 00 00 00 f4 45
Notification handle = 0x0010 value: a5 01 95 08 0f 00 00 00 00 00 00 f4 46
Notification handle = 0x0010 value: a5 01 95 08 10 00 00 00 00 00 00 f4 47

This example shows single cell voltages.
Other commands are (all sent to characteristic handle 0x0010)

command: a58098080000000000000000c5
response: a5019808 00 00 00 00 00 00 00 00 46

a58097080000000000000000c4
a5019708 00 00 00 00 00 00 00 00 45

a58096080000000000000000c3
a5019608 01 40 00 00 00 00 00 00 85 a5 01 96 08 02 00 00

a58094080000000000000000c1
a5019408 10 01 00 00 00 00 00 00 53

a58093080000000000000000c0
a5019308 00 01 01 f1 00 00 61 a8 3d

a58092080000000000000000bf
a5019208 40 01 40 01 00 00 00 00 c2

a58091080000000000000000be
a5019108 0d 11 0f 0d 08 01 00 00 82

a58090080000000000000000bd
a5019008 02 16 00 00 75 30 01 f4 f0
 
Thank you. I just subscribed :)
Planning to use android as a dashboard –-maybe need to develop an app or use RealDash App.
Will be watching this thread with anticipation.
 
For some reasons I decided to go with ANT BMS, and remember that you mentioned about deciphering its communication protocol. I have the need to read selected information from BMS to an Arduino/Raspi ––mostly to replace the over-informative LCD that comes with ANT BMS.

Can you share me how the protocol goes?
Or maybe some clue on where to find such information.

I don't think I have enough knowledge to sniff and decipher the protocol my self and I can't find any information about it online.

Thank you in advanced.
 
Careful with this!

I just tried this and it wiped out all settings in my BMS, even the password to do a factory reset. It has everything set to maximum, 5v tolerance and a setup for 32 cells. Mine was set up as a 4S of 3.2v cells for 12 volt supply. A uart and balance loom reconnect only made things worse and the bluetooth device doesn't even show up now. I am hoping that it will recover through a full power disconnect.

What it should look like:

photo_2021-05-06_00-41-54.jpgphoto_2021-05-06_00-41-52.jpg

What it looks like after running these commands:

photo_2021-05-06_00-41-55.jpgphoto_2021-05-06_00-41-56.jpg

dakoal said:
Got it.

If someone want's to communicate with DALY BMS from esp32/raspberry/... , here you are:

single cell voltages:
start gatttool in interactive mode.
then write to characteristic handle 0x0010

Code:
gatttool -b BT:MAC:OF:DALY:BMS -I
[BT:MAC:OF:DALY:BMS][LE]> connect
Attempting to connect to BT:MAC:OF:DALY:BMS
Connection successful
[BT:MAC:OF:DALY:BMS][LE]> char-write-cmd 0x0010 a58095080000000000000000c2
[/quote]
 
Hi barrymac,

Did the DALY BMS come right?

I'm about to do some reverse engineering, and I would rather not loose everything. :eek:
 
Back
Top