bogdan / USB-Meter
USB-Meter / Documentation / Research Resources / Specifications / PW0316 BLE Module Working Summary.md
bogdan Import PW0316 module manual for TC66C
dad48d5 2 weeks ago History
1 contributor
167 lines | 5.274kb

PW0316 BLE Module Working Summary

This note summarizes the imported module manual PW0316_User_Manual_V2.9.pdf and records why it matters for TC66C.

Source Snapshot

  • imported file: Documentation/Research Resources/Manuals/PW0316_User_Manual_V2.9.pdf
  • source path before import: /Users/bogdan/Documents/Documentatie/TC66/Other/PW0316_User_Manual_V2.9.pdf
  • pages: 28
  • version label in manual: V2.9
  • part number: PW0316
  • SHA-1: e325f7708f18400fd774f60219e76395797c51cc

Why This Matters

The current app already mapped TC66C to radio type PW0316, but until now that was only a code-level assumption.

This manual strongly supports that mapping and validates the BLE side of the current TC66C transport model.

Confirmed Module Role

The manual describes PW0316 as a BLE 4.0 transparent serial bridge:

  • user MCU talks to the module over UART
  • mobile app talks to the module over BLE
  • the module forwards data between UART and BLE
  • upper-layer meaning is defined by the host MCU and mobile app

This is a strong fit for the existing TC66C implementation:

  • the app sends ASCII commands
  • the module bridges them to the device MCU
  • the device MCU returns data that the module fragments into BLE notifications

Confirmed GATT Layout

The manual explicitly documents the following BLE services and characteristics.

Serial data channel

  • service 0xFFE0
  • characteristic 0xFFE4
  • operation: Notification
  • payload size: 20 bytes
  • meaning: UART RX input is forwarded to BLE notifications

Bluetooth data channel

  • service 0xFFE5
  • characteristic 0xFFE9
  • operation: Write
  • payload size: 20 bytes
  • meaning: BLE writes are forwarded to UART TX

Anti-hijacking channel

  • service 0xFFC0
  • characteristic 0xFFC1
    • operation: Write
    • size: 12 ASCII bytes
    • meaning: current password + new password
  • characteristic 0xFFC2
    • operation: Notify
    • size: 1 byte
    • meaning: password operation result

Password event values documented by the module vendor:

  • 0 = password accepted
  • 1 = password incorrect
  • 2 = password updated
  • 3 = password cancelled

Broadcast and Identity Hints

Default BLE advertise data includes partial 16-bit UUIDs for:

  • FFC0
  • FFE0
  • FFE5

Default scan-response data includes:

  • manufacturer-specific data with default text payload RW-BLE
  • local name PW0316

This directly explains why the current app can recognize a peripheral named PW0316 as TC66C.

UART and Flow-Control Behavior

The module manual documents a hardware flow-control model around:

  • BRTS
  • BCTS

Relevant points:

  • default UART is 9600, 8N1
  • transparent serial payloads can be any size up to 200 bytes
  • BLE wireless payloads are 20 bytes each
  • the module automatically splits large UART payloads into BLE packets
  • the host MCU must manage BRTS
  • the module uses BCTS to tell the MCU when module-to-host data is pending

Throughput and Timing

The manual states:

  • default BLE connection interval: 20 ms
  • highest theoretical transparent throughput is achieved with 115200 UART and 20 ms BLE interval
  • reliable Bluetooth data transmission is limited to about 10 KByte/s

This is consistent with the current app's expectation that a TC66C response arrives as multiple 20-byte BLE fragments.

AT Command Surface

The module supports UART-side TTM: AT commands for module management, including:

  • test
  • MAC read/write
  • baud rate
  • rename
  • manufacturer data
  • advertise / scan response
  • TX power
  • reset
  • factory reset
  • version
  • product identification code
  • advertise interval
  • connection interval
  • broadcast on/off
  • serial send setup delay
  • anti-hijack password

Important implication:

  • these are module-management commands, not necessarily TC66C application commands
  • they should not be confused with the ASCII commands already seen in the app for meter data requests

What This Validates For TC66C

High-confidence validations:

  • TC66C does not use the same BLE channel shape as the UM family
  • the current app's FFE0 / FFE4 and FFE5 / FFE9 mapping is correct for PW0316
  • BLE traffic is expected in 20-byte chunks
  • a separate security channel FFC0 exists and may matter if the module password is enabled
  • the peripheral name PW0316 is a credible alias for the hardware module used inside TC66C

What This Does Not Validate

The module manual does not describe:

  • the TC66C meter's application-level ASCII commands such as bgetva
  • the 192-byte encrypted snapshot format used by the current app
  • the AES key or packet layout of pac1 / pac2 / pac3
  • the meaning of measurement fields returned by the meter MCU

So this manual validates the transport shell, not the meter payload itself.

Practical Implications For The Codebase

  • keep TC66C on the PW0316 transport path
  • keep TC66C separate from the UM25C / UM34C HM-10 style path
  • consider adding FFC0 / FFC1 / FFC2 support only if we discover password-protected modules in the field
  • when debugging fragmentation, assume the BLE layer naturally emits 20-byte chunks and that larger frames are reconstructed above that layer
Gitprep Version v2.6.2 build on Mojolicious
DBViewer