前一段有个灵车pm2.5检测器，淘宝只要12块钱。搜了下大概是个放口袋里用蓝牙和手机连接，检测PM2.5浓度的。

搜到了前几年的新闻 -> 传送门

然而买回来才发现，安卓客户端下载链接打不开。估计是厂子跑路了，不然怎么卖这么便宜。于是想自己日了玩玩

0x0 拆了玩玩

里面很简单一个主板一个PM2.5检测元件一个电池

单片机是nRF51288，一个支持蓝牙的片子

照着数据手册量了一圈发现这里是SWD调试口

从左到右依次是SWCLK,SWIO,GND,?

于是，openocd启动！

然而事情并没有这么简单...

0x1 初次尝试

因为没有客户端，为了能正常用它的PM2.5功能，最简单的方法就是逆一下它的蓝牙通信协议，写个土制客户端。

swd排针是个1.54间距的。。。飞线到洞洞板再插到树莓派上。openocd可以用树莓派的gpio模拟swd或者jtag，不过坑不少。

焊的太丑就不给拍清楚了QAQ，盲猜第四个脚是vcc3.3，顺手接上

openocd的配置文件只有树莓派1和2的，用了cpu频率算一个swd时钟频率，我这个pi3要改一些地方，配置文件改了改如下

#
# Config for using Raspberry Pi's expansion header
#
# This is best used with a fast enough buffer but also
# is suitable for direct connection if the target voltage
# matches RPi's 3.3V and the cable is short enough.
#
# Do not forget the GND connection, pin 6 of the expansion header.
#

interface bcm2835gpio

bcm2835gpio_peripheral_base 0x3F000000

# Transition delay calculation: SPEED_COEFF/khz - SPEED_OFFSET
# These depend on system clock, calibrated for stock 700MHz
# bcm2835gpio_speed SPEED_COEFF SPEED_OFFSET
#bcm2835gpio_speed_coeffs 146203 36
bcm2835gpio_speed_coeffs 194938 48

# Each of the JTAG lines need a gpio number set: tck tms tdi tdo
# Header pin numbers: 23 22 19 21
# bcm2835gpio_jtag_nums 11 25 10 9

# or if you have both connected,
# reset_config trst_and_srst srst_push_pull
reset_config none separate
# Each of the SWD lines need a gpio number set: swclk swdio
# Header pin numbers: 22 18
bcm2835gpio_swd_nums 25 24

# If you define trst or srst, use appropriate reset_config
# Header pin numbers: TRST - 26, SRST - 18

# bcm2835gpio_trst_num 7
# reset_config trst_only

bcm2835gpio_srst_num 18
#reset_config srst_only srst_push_pull

# or if you have both connected,
# reset_config trst_and_srst srst_push_pull

#