Find out BLE Key on iOS #198
Comments
|
Yes, I promised, but for now I have to postpone it - I have a very busy time now. I’m afraid I’ll only be able to walk the path of getting the key with you step by step next year, it seems ... I can only tell you briefly how I did it on iOS:
from base64 import b64decode, b64encode
import hashlib
def rc4mi(ddata, dkey):
s, j, out = list(range(256)), 0, []
for i in range(256):
j = (j + ord(dkey[i % len(dkey)]) + s[i]) % 256
s[i], s[j] = s[j], s[i]
# 1024 fake rounds
i = j = 0
for _ in range(1024):
i = (i + 1) % 256
j = (j + s[i]) % 256
s[i], s[j] = s[j], s[i]
for ch in ddata:
i = (i + 1) % 256
j = (j + s[i]) % 256
s[i], s[j] = s[j], s[i]
out.append(chr(ord(ch) ^ s[(s[i] + s[j]) % 256]))
return "".join(out)
if __name__ == "__main__":
#
# Fill SSEC, NONCE, DATA
#
SSEC = "KzfNrjkjsdgfjkCOiqpWw=="
NONCE = "UJDMREGHTRTEu"
DATA = "Gzc4ERTGRETGERTGRETGREGTerttgretgertgerGRTEGERTGERTGERTEGERTggerrtgertg+vJcKw=="
key = b64encode(hashlib.sha256(b64decode(SSEC) + b64decode(NONCE)).digest())
print("CLEARTEXT: {}".format(rc4mi(b64decode(DATA), b64decode(key))))As a result of executing this program, you will see the decrypted text containing the key
|
|
@Ernst79, Can I ask you to include a link to this to the FAQ for a while until we have better instructions? |
|
Yes, will do. |
|
Link is added to FAQ |
|
|
|
Hi @nenadmilano If you're still stuck, I was able to obtain the key on Chrome on my Mac by activating using the Telink Flasher: http://atc1441.github.io/TelinkFlasher.html |
|
I think that only works for LYWSD03MMC, not for CCGQ02HL. |
|
Whoops sorry about that - I misread! |
I had the same issue, and I noticed that the character "+" is written as %2B, and "=" as %3D. |
|
Just to add here as it might be useful for someone who finds this or for me later in life ;-) I used mitmproxy on a raspberry and an Android phone: For me then the rendering in the browser didn't allow the download & install of the cert; so this needed to be fixed as follows: The font will not work, but at least we can now install the cert. I have not used the original app, but the mod that creates the |
hello everyone, first of all, thanks for all the contribution done so far, i was able to move a little forward with CGDK2 sensor bind key obtaining. CLEARTEXT: ˑ▒ ▒Tު7u6▒/▒i▒▒{▒▒4▒▒▒ۆ |
|
CLEARTEXT: ˑ▒ ▒Tު7u6▒/▒i▒▒{▒▒4▒▒▒ۆ Was able to solve this, |
|
Hello everyone, first of all, thanks for all the amazing contributions done so far I created a small repl.it program that takes the It's based on @Magalex2x14's script (see #198 (comment)), updated to Python 3 and to handle decoding the %?? in the fields as well as spits out the I hope this helps PS: I used Stream app in iOS (the low quality of the Chinese alternative @Magalex2x14 mentioned) and it works amazingly well (you should just remember to disable the Stream certificate when done sniffing 😉) |
|
It now seems that method 2 in the faq is working on iOS. Note that the webBLE app is a paid app and I haven’t tried it myself. |
Unfortunately I got sent some CCGQ02HL (Xiaomi Mijia Window Door Sensor 2) instead of the Zigbee Version and now I am facing the issue to integrate them into Home Assistant. I found your repo and custom integration but i struggle to find out the BLE encryption key for the sensors. I don’t have an android phone at hand, just iOS devices. In the Readme you mention to open up an issue to figure out a new way to get the key so I would kindly ask for your support.
Thanks!
The text was updated successfully, but these errors were encountered: