So I installed the QRing app to see what else this is capable of. It does blood oxygen (SpO2) and "stress", which I want to get. It has a battery life indicator. It can also "take a photo" which must be some gesture -> key event thing. Going to dig into the battery life first. I didn't see any "CMD_BATTERY_LIFE" style things, so I tracked down the code that sends the bluetooth command off. I discovered `SimpleKeyReq(byte b)` which looks like it just sends off a packet with `b` set to whatever. In this case it looks like it's `3`. The byte returned should be the battery life. That didn't work I can see that SimpleKeyReq is used with - 3 - 13 - 72 - 16 - 8 After a bit more searching I still don't understand why sending `3` doesn't get a response back. Decided to start seeing if I can decompile the original firmware, so I launched Ghidra for the first time ever. I fed it one of the OTA update files (which in retrospect was kinda dumb...) but telling it to use ARM 6 LE made it do something vaguely interesting. I think it found the reset handlers and stuff, but no main. I did find the bytes for the UUID of the bluetooth thingy (GATT characteristic?) that I was expecting, and I think in theory I can find code that references that memory and go from there. But my brain is fried and I'm done for the evening