New location of this blog is
https://techcoderadio.blogspot.com

Tachograph BT. Apps for those can be found e.g. from Google Play Store. In some systems the default key = (abbreviation of the device manufacturer name) + number string?!

BT device found near Gatsos.
Food for thought: https://www.pemicro.com/partners/index.cfm?manufacturer_id=12

DFU enabled devs there are many BT HW vendor update apps

By using DetectItEasy found commands

&D
&J
&C01
&E
&F
&C33
&C67
&H
&I
&G
&H0020
&B
&E000000
&A

Map;http://www.adteknik.com/map.htm?lat=%lat%&lng=%lon%&r=%radius%
7686    00136945    00537b45    Section(1)['.data']    09    A    MyMap.txt
7687    00136957    00537b57    Section(1)['.data']    08    A    placemap
7688    00136960    00537b60    Section(1)['.data']    07    A    loggmap
7689    00136968    00537b68    Section(1)['.data']    07    A    map.txt
7690    00136978    00537b78    Section(1)['.data']    08    A    placemap
7691    00136981    00537b81    Section(1)['.data']    07    A    loggmap
7692    00136989    00537b89    Section(1)['.data']    15    A    http://www.topgear.no
7693    0013699f    00537b9f    Section(1)['.data']    16    A    http://www.adteknik.se
7694    001369b6    00537bb6    Section(1)['.data']    08    A    Map2.txt
7695    001369bf    00537bbf    Section(1)['.data']    07    A    Map.txt
7696    001369c8    00537bc8    Section(1)['.data']    16    A    Temp00000000.ActiveGPS
7697    001369df    00537bdf    Section(1)['.data']    0b    A    26 44 0D 0A
7698    001369eb    00537beb    Section(1)['.data']    0d    A    ActiveGPS.OUT
7699    00136a06    00537c06    Section(1)['.data']    14    A    _ActiveGps.ActiveGPS
7700    00136a21    00537c21    Section(1)['.data']    0a    A    .ActiveGPS
....

Inspecting with Wireshark (tcp port 20 || tcp port 21)

Far from complete. By using USB to serial converter + USB serial null modem adapter it is possbile to mimick more or less serial controlled devices without SW virtual serial ports. Wireshark used for analyzing USB serial traffic with ActiveGPS Windows software and my (really old) ActiveGPS device.

import serial

A = b'00'
B = b'06036F72AD18F8BF4B07DA01120B3215AF00'
C = b'0000'
D = b'00'
E = b'00'
J = [
     b'18F8BF4B07DA01120B3215AFFFFFFFFF',
     b'409CA961000050124EF175426C73AE41',
     b'14060D0907DB5B58421D474A4A00FFFF',
     b'FFFFFFF133FB33FB33FA33FA33FA33FA',
     b'33FA33FA33FA33FA33FA33FA33FA33FA',
     b'33FA33FFFFFFFFFFFFFFFFFFFFFFFFFF',
     b'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
     b'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000',
    ]

ser = serial.Serial('COM19', 9600, timeout=None)
print("...")
while True:
    s = ser.readline()
    if s[0:1] == b'\xff':
        s = s[1:]
    print('\r\nReceived ' + str(s))
    if s == b'&A\r\n':
        print('\tSent ' + str(A))
        ser.write(A)
    elif s == b'&B\r\n':
        print('\tSent ' + str(B))
        ser.write(B)
    elif s == b'&C01\r\n':
        print('\tSent ' + str(C))
        ser.write(C)
    elif s == b'&J\r\n':
        for i in J:
            print('\tSent ' + str(i))
            ser.write(i)
    elif s == '&E000000\r\n':
        print('\tSent ' + str(E))
        ser.write(E)
    elif s == '&D\r\n':
        print('\tSent ' + str(D))
        ser.write(D)
        break
    else:
        break
    ser.flush()
ser.close()
print("Port closed")

ActiveGPS MCU is PIC18F2455

&A   start op
&B   device info
&J    read EEPROM content

Read FLASH content
&E000000
&F
...
&F

Update firmware
&H0108
&G001 ... &G00B

Wireshark, export pcapng as plain text with data bytes

Frame 2178: 27 bytes on wire (216 bits), 27 bytes captured (216 bits) on interface \\.\USBPcap5, id 0

0000  1b 00 60 15 59 06 05 d4 ff ff 00 00 00 00 09 00   ..`.Y...........
0010  00 05 00 01 00 83 03 00 00 00 00                  ...........

Frame 2179: 565 bytes on wire (4520 bits), 565 bytes captured (4520 bits) on interface \\.\USBPcap5, id 0

0000  1b 00 a0 58 bc 09 05 d4 ff ff 00 00 00 00 09 00   ...X............
0010  00 05 00 01 00 03 03 1a 02 00 00 26 47 30 30 30   ...........&G000
0020  30 30 30 30 30

Some Python code to extract &G blocks

i = 0
s = ""
f = open('agps-ptext2.txt', 'r')
fo = open("fwdata.hex", "w")
lines = f.readlines()
l = len(lines)
while True:
    s = str(lines[i]).strip()
    if s.find('565 bytes on wire') > -1:
        i = i + 3
        for p in range(35):
            s = str(lines[i]).strip()
            s = s.replace('.', '')
            s = s.replace('&G', '')
            fo.write(s[56:])
            i = i + 1
    else:
        i = i + 1
    if i >= l:
        break
fo.close()
f.close()
print("c")