Sunday 1 May 2016

Unbricking the HM-10 BLE module on the OpenPi

I've been doing some home automation testing using the OpenPi because of it's small footprint, internal RTC and the cute case that was created for it. As a cherry on top, they also included an SRF/XRF module and a Bluetooth LE (HM-10) module so you can remotely open a shell using a Bluetooth-enabled device and an app.

My goal was to scan for devices in the neighborhood and determine whether me or my girlfriend is home so we can turn down the central heating. Using the information found in a document explaining the available AT commands I got no response to the scanning command. I decided to update the firmware of the HC-10. I can now safely say that I have confirmed the module in the OpenPI to be the TI CC2541. In the flashing manual the following message can be found:

Note: this operation is not reversible, please be sure to note, after the operation is completed, if you don't want to upgrade, the module will not return not normal working mode.

I assumed that no firmware manufacturer could ever actually write firmware that could leave the device in a bricked state unless you provide firmware. What if the device isn't actually connected to a windows pc? Well, after issuing the software upgrade command that was exactly the situation I was in.

To save you the trouble, the tool that Huamao Technology provides does not work correctly using the workaround I did to flash the HM-10 on my OpenPi. Luckily the tool provided by the manufacturer of the bluetooth chip DOES work! So download the firmware from Huamao's site (HM-10, CC2541) and follow the next few steps to bring your HM-10 back from the dead.


  • A Windows (virtual) machine to run the update tool on
  • Raspbian or similar image on your OpenPi, SSH enabled
  • A network connection between your Windows PC and OpenPi
  • socat and minicom installed on your OpenPi (sudo apt-get install socat minicom -y)

Step 0: (if you did not brick the HM-10 yet but are feeling adventurous) set the HM-10 module to Software Upgrade mode:

ssh into your raspberry pi.

Run: minicom -s

A menu opens. You want to select "Serial Port Setup", Press 'A', replace ttyUSB0 with ttyS0 (assuming this is the device that your HM-10 is connected to), press Enter.

Setting E should be set to 9600 8N1. If this is not the case, press E, then C, then Enter.
If your screen looks somewhat like the screenshot above, press Enter. You should now see the minicom menu. Select Exit to open the session. You will not see what you're typing. If you prefer seeing what you type, press Ctrl + A, then Z, then E. This turns on the "Echo".

Then paste the following command to place the module into Software Upgrade mode:


After this your device will be in Upgrade mode. You can exit minicom by pressing Ctrl + A, Q and answering 'Yes'.

From this point on, the HC-10 module switches to 115200 baud for the software upgrade.

Step 1: Start Socat on the Raspberry Pi

To provide raw TCP access to the bluetooth modules serial interface, run the following command:

while true; do
  socat tcp-listen:54321,reuseaddr /dev/ttyS0,b115200,raw,echo=0

This command makes socat listen on port 54321, and if the server is stopped by a reset command, a new server is started.

Step 2: Install Eltima Serial to Ethernet connector (trial) on your Windows machine

Download the trial, install it and open the program that is installed on your machine.

Step 3: Create a connection to your socat instance on the pi:

This is what the setting should look like.
Replace the hostname with the IP of
your OpenPI.
- Choose 'create a client connection'
- Select an unused COM-port number (I chose COM3)
- Fill in the remote hostname (IP address of your OpenPI)
- Fill in the port number (54321, the socat listening port)
- Open 'Advanced Settings'
- Disable 'Connect to Remote end only when local virtual port is open' checkbox
- Enable 'On error retry to establish connection every' checkbox, and set its value to 100ms.
- Press 'Apply Changes'

Step 4: Install and open the TI SerialBootTool.

Step 5: Select the firmware file and serial port. 

After selecting the serial port, press the 'Open' button.

Step 6: Flash away! 

After flashing and verification (which may take a while, approx. 5 minutes?) you should be good to go!

This should be the result of your hard work!
Of course, because of the while loop, we started on the Pi it is probably best to close the session where the loop is run. This will also kill the loop. Otherwise, just restart the pi by unplugging the MicroUSB plug providing power to the device.

Other helpful and somewhat related HM-10 resources:

No comments:

Post a Comment