Basically what happens is that a vector of cyphertext S is produced some whole number of 16 byte blocks (S1, S2…) at least as long as the message. The plaintext A that’s encrypted to do this has each block (A1, A2…) stuffed with a variety of things shown in the picture, one of which is i the counter of blocks, starting from 1 and incrementing in each following block.
The message is then XOR’d with the vector of cyphertext, trimmed before or after to the actual length of the message.
One of the things to note is that it’s always the AES encrypt operation, never decrypt, as this keeps the device firmware smaller.