search

Mic92 / hue-ble-ctl

Control your Phillips Hue light bulb over bluetooth
MIT License
39 stars 12 forks source link

Does it still work? #1

Closed mrquincle closed 4 years ago

mrquincle commented 4 years ago

The software running on the Philips Hue I have has version 1.65_9_hB3217DF4.

If I run something like gatttool -l low -t random -b f6:4a:25:26:22:91 --characteristics it looks that I've the same characteristics as you do.

handle = 0x0002, char properties = 0x20, char value handle = 0x0003, uuid = 00002a05-0000-1000-8000-00805f9b34fb
handle = 0x0005, char properties = 0x02, char value handle = 0x0006, uuid = 00002b2a-0000-1000-8000-00805f9b34fb
handle = 0x0007, char properties = 0x0a, char value handle = 0x0008, uuid = 00002b29-0000-1000-8000-00805f9b34fb
handle = 0x000a, char properties = 0x02, char value handle = 0x000b, uuid = 00002a00-0000-1000-8000-00805f9b34fb
handle = 0x000c, char properties = 0x02, char value handle = 0x000d, uuid = 00002a01-0000-1000-8000-00805f9b34fb
handle = 0x000f, char properties = 0x02, char value handle = 0x0010, uuid = 00002a29-0000-1000-8000-00805f9b34fb
handle = 0x0011, char properties = 0x02, char value handle = 0x0012, uuid = 00002a24-0000-1000-8000-00805f9b34fb
handle = 0x0013, char properties = 0x02, char value handle = 0x0014, uuid = 00002a28-0000-1000-8000-00805f9b34fb
handle = 0x0016, char properties = 0x02, char value handle = 0x0017, uuid = 97fe6561-0001-4f62-86e9-b71ee2da3d22
handle = 0x0018, char properties = 0x0e, char value handle = 0x0019, uuid = 97fe6561-0003-4f62-86e9-b71ee2da3d22
handle = 0x001a, char properties = 0x0c, char value handle = 0x001b, uuid = 97fe6561-0004-4f62-86e9-b71ee2da3d22
handle = 0x001c, char properties = 0x2c, char value handle = 0x001d, uuid = 97fe6561-0008-4f62-86e9-b71ee2da3d22
handle = 0x001f, char properties = 0x2e, char value handle = 0x0020, uuid = 97fe6561-1001-4f62-86e9-b71ee2da3d22
handle = 0x0022, char properties = 0x0e, char value handle = 0x0023, uuid = 97fe6561-2001-4f62-86e9-b71ee2da3d22
handle = 0x0024, char properties = 0x0c, char value handle = 0x0025, uuid = 97fe6561-2002-4f62-86e9-b71ee2da3d22
handle = 0x0026, char properties = 0x0c, char value handle = 0x0027, uuid = 97fe6561-2004-4f62-86e9-b71ee2da3d22
handle = 0x0028, char properties = 0x0c, char value handle = 0x0029, uuid = 97fe6561-a001-4f62-86e9-b71ee2da3d22
handle = 0x002b, char properties = 0x02, char value handle = 0x002c, uuid = 932c32bd-0001-47a2-835a-a8d455b859dd
handle = 0x002d, char properties = 0x1e, char value handle = 0x002e, uuid = 932c32bd-0002-47a2-835a-a8d455b859dd
handle = 0x0030, char properties = 0x1e, char value handle = 0x0031, uuid = 932c32bd-0003-47a2-835a-a8d455b859dd
handle = 0x0039, char properties = 0x0c, char value handle = 0x003a, uuid = 932c32bd-0006-47a2-835a-a8d455b859dd
handle = 0x003b, char properties = 0x1e, char value handle = 0x003c, uuid = 932c32bd-0007-47a2-835a-a8d455b859dd
handle = 0x003e, char properties = 0x0e, char value handle = 0x003f, uuid = 932c32bd-1005-47a2-835a-a8d455b859dd
handle = 0x0041, char properties = 0x02, char value handle = 0x0042, uuid = b8843add-0001-4aa1-8794-c3f462030bda
handle = 0x0043, char properties = 0x2c, char value handle = 0x0044, uuid = b8843add-0002-4aa1-8794-c3f462030bda
handle = 0x0046, char properties = 0x0c, char value handle = 0x0047, uuid = b8843add-0003-4aa1-8794-c3f462030bda
handle = 0x0048, char properties = 0x02, char value handle = 0x0049, uuid = b8843add-0004-4aa1-8794-c3f462030bda
handle = 0x004b, char properties = 0x1c, char value handle = 0x004c, uuid = 9da2ddf1-0001-44d0-909c-3f3d3cb34a7b

If I run your script in both situations I get only None on the introspection. It does connect, although that's also a bit flaky.

The on/off characteristic seems indeed similar.

handle = 0x002d, char properties = 0x1e, char value handle = 0x002e, uuid = 932c32bd-0002-47a2-835a-a8d455b859dd

Writing to the char value handle 0x002e 

gatttool -l low -t random -b f6:4a:25:26:22:91 -I
[f6:4a:25:26:22:91][LE]> connect
Attempting to connect to f6:4a:25:26:22:91
Connection successful
[f6:4a:25:26:22:91][LE]> char-write-cmd 0x002e 01

No result... Neither with char-write-req.

Ah, the result of your script. It didn't matter for me if it is the above MAC address or the address after clicking Reset in the Philips Hue app (see below):

./hue-ble-ctl.py introspect 'E3:14:BB:58:AC:E7' 

connect to E3:14:BB:58:AC:E7...
found brightness characteristics
found light characteristics
service: 9da2ddf1-0000-44d0-909c-3f3d3cb34a7b
  characteristic: 9da2ddf1-0001-44d0-909c-3f3d3cb34a7b: None
service: b8843add-0000-4aa1-8794-c3f462030bda
  characteristic: b8843add-0004-4aa1-8794-c3f462030bda: 
  characteristic: b8843add-0003-4aa1-8794-c3f462030bda: None
  characteristic: b8843add-0002-4aa1-8794-c3f462030bda: None
  characteristic: b8843add-0001-4aa1-8794-c3f462030bda: None
service: 932c32bd-0000-47a2-835a-a8d455b859dd
  characteristic: 932c32bd-1005-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0007-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0006-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0003-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0002-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0001-47a2-835a-a8d455b859dd: None
service: 0000fe0f-0000-1000-8000-00805f9b34fb
  characteristic: 97fe6561-a001-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-2004-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-2002-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-2001-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-1001-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-0008-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-0004-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-0003-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-0001-4f62-86e9-b71ee2da3d22: None
service: 0000180a-0000-1000-8000-00805f9b34fb
  characteristic: 00002a28-0000-1000-8000-00805f9b34fb: None
  characteristic: 00002a24-0000-1000-8000-00805f9b34fb: None
  characteristic: 00002a29-0000-1000-8000-00805f9b34fb: None
service: 00001801-0000-1000-8000-00805f9b34fb
  characteristic: 00002b29-0000-1000-8000-00805f9b34fb: None
  characteristic: 00002b2a-0000-1000-8000-00805f9b34fb: None
  characteristic: 00002a05-0000-1000-8000-00805f9b34fb: None
ERROR:dbus.connection:Exception in handler for D-Bus signal:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/dbus/connection.py", line 230, in maybe_handle_message
    self._handler(*args, **kwargs)
  File "/home/anne/.local/lib/python3.6/site-packages/gatt/gatt_linux.py", line 398, in properties_changed
    self.services_resolved()
  File "./hue-ble-ctl.py", line 73, in services_resolved
    sys.exit(0)
SystemExit: 0
^CTraceback (most recent call last):
  File "./hue-ble-ctl.py", line 95, in <module>
    main()
  File "./hue-ble-ctl.py", line 91, in main
    manager.run()
  File "/home/anne/.local/lib/python3.6/site-packages/gatt/gatt_linux.py", line 91, in run
    self._main_loop.run()
  File "/usr/lib/python3/dist-packages/gi/overrides/GLib.py", line 588, in run
    raise KeyboardInterrupt
KeyboardInterrupt

Or is there a more thorough factory reset possible?

mrquincle commented 4 years ago

Mmm, let me think about more debug info. I've set my device to use auth and encrypt.

sudo hciconfig -a                        
hci0:   Type: Primary  Bus: USB
    BD Address: A4:34:D9:86:C2:79  ACL MTU: 1021:4  SCO MTU: 96:6
    UP RUNNING PSCAN AUTH ENCRYPT 
    RX bytes:103341 acl:627 sco:0 events:11456 errors:0
    TX bytes:9157201 acl:10928 sco:0 commands:70 errors:0
    Features: 0xbf 0xfe 0x0f 0xfe 0xdb 0xff 0x7b 0x87
    Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3 
    Link policy: RSWITCH SNIFF 
    Link mode: SLAVE ACCEPT 
    Name: 'ChromeLinux_6F32'
    Class: 0x0c010c
    Service Classes: Rendering, Capturing
    Device Class: Computer, Laptop
    HCI Version: 4.2 (0x8)  Revision: 0x100
    LMP Version: 4.2 (0x8)  Subversion: 0x100
    Manufacturer: Intel Corp. (2)

If I run wireshark I see:

7702    remote ()   86.032089   localhost ()    ATT 14  Rcvd Error Response - Insufficient Encryption, Handle: 0x002e (Unknown)
7703    localhost ()    86.032563   remote ()   ATT 12  Sent Read Request, Handle: 0x002e (Unknown)

Not sure where it fails. From here I read it might not be using the long-term key from bluetoothctl.

Denotes that the link is not encrypted but a suitable LTK is available

Using something like:

bluetoothctl
scan on
connect f3:3c:2f:92:78:8d
scan off
pair
menu gatt
select-attribute 932c32bd-0002-47a2-835a-a8d455b859dd
read
Mic92 commented 4 years ago

Yes. It still works, just tested. I remember I had to do a reset on the phone at some point the same way you described. I don't have gattool or hciconfig, which means that my bluez is slightly newer (5.54).

Mic92 commented 4 years ago

I tried to pair with iOS/watchOS and this also did not work out using my own self-written apps. I also got an error like Insufficient Encryption. However wireshark is a good call, I will see if I can get this to work/debug it with it.

Mic92 commented 4 years ago

This is my output of bluetoothctl:

[bluetooth]# info D4:BB:D8:6C:07:86
Device D4:BB:D8:6C:07:86 (random)
        Name: Hue Lamp
        Alias: Hue Lamp
        Paired: yes
        Trusted: no
        Blocked: no
        Connected: no
        LegacyPairing: no
        UUID: Generic Access Profile    (00001800-0000-1000-8000-00805f9b34fb)
        UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
        UUID: Device Information        (0000180a-0000-1000-8000-00805f9b34fb)
        UUID: Unknown                   (0000fe0f-0000-1000-8000-00805f9b34fb)
        UUID: Vendor specific           (932c32bd-0000-47a2-835a-a8d455b859dd)
        UUID: Vendor specific           (9da2ddf1-0000-44d0-909c-3f3d3cb34a7b)
        UUID: Vendor specific           (b8843add-0000-4aa1-8794-c3f462030bda)
Mic92 commented 4 years ago

I also have 1.65.9_hB3217DF4

mrquincle commented 4 years ago

Interesting... I'll try to cycle a few more times through the factory reset to see if that helps. What's your hci device like?

mrquincle commented 4 years ago

Regarding bluez version, good one. bluetoothd --version gives 5.48. I'll update my OS. :-)

Mic92 commented 4 years ago 
[   21.240424] Bluetooth: Core ver 2.22
[   21.240436] Bluetooth: HCI device and connection manager initialized
[   21.240440] Bluetooth: HCI socket layer initialized
[   21.240442] Bluetooth: L2CAP socket layer initialized
[   21.240444] Bluetooth: SCO socket layer initialized
[   21.352149] Bluetooth: hci0: using rampatch file: qca/rampatch_usb_00000302.bin
[   21.352151] Bluetooth: hci0: QCA: patch rome 0x302 build 0x3e8, firmware rome 0x302 build 0x111
[   21.406703] Bluetooth: hci0: using NVM file: qca/nvm_usb_00000302.bin
[   22.198051] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[   22.198055] Bluetooth: BNEP socket layer initialized
[   30.041185] Bluetooth: RFCOMM TTY layer initialized
[   30.041191] Bluetooth: RFCOMM socket layer initialized
[   30.041197] Bluetooth: RFCOMM ver 1.11
[29195.779801] Bluetooth: hci0: using rampatch file: qca/rampatch_usb_00000302.bin
[29195.779803] Bluetooth: hci0: QCA: patch rome 0x302 build 0x3e8, firmware rome 0x302 build 0x111
[29195.845170] Bluetooth: hci0: using NVM file: qca/nvm_usb_00000302.bin
mrquincle commented 4 years ago

Update my OS. I'm now at 5.53. Still not much luck though.

connect to F3:3C:2F:92:78:8D...
found brightness characteristics
found light characteristics
service: 9da2ddf1-0000-44d0-909c-3f3d3cb34a7b
  characteristic: 9da2ddf1-0001-44d0-909c-3f3d3cb34a7b: None
service: b8843add-0000-4aa1-8794-c3f462030bda
  characteristic: b8843add-0004-4aa1-8794-c3f462030bda: None
  characteristic: b8843add-0003-4aa1-8794-c3f462030bda: None
  characteristic: b8843add-0002-4aa1-8794-c3f462030bda: None
  characteristic: b8843add-0001-4aa1-8794-c3f462030bda: None
service: 932c32bd-0000-47a2-835a-a8d455b859dd
  characteristic: 932c32bd-1005-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0007-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0006-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0003-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0002-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0001-47a2-835a-a8d455b859dd: None
service: 0000fe0f-0000-1000-8000-00805f9b34fb
  characteristic: 97fe6561-a001-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-2004-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-2002-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-2001-4f62-86e9-b71ee2da3d22: 
  characteristic: 97fe6561-1001-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-0008-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-0004-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-0003-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-0001-4f62-86e9-b71ee2da3d22: bytearray(b'\xf4\x84\xd3\x06\x01\x88\x17\x00')
service: 0000180a-0000-1000-8000-00805f9b34fb
  characteristic: 00002a28-0000-1000-8000-00805f9b34fb: 1.65.9_hB3217DF4
  characteristic: 00002a24-0000-1000-8000-00805f9b34fb: LWA001
  characteristic: 00002a29-0000-1000-8000-00805f9b34fb: Philips
service: 00001801-0000-1000-8000-00805f9b34fb
  characteristic: 00002b29-0000-1000-8000-00805f9b34fb: 
  characteristic: 00002b2a-0000-1000-8000-00805f9b34fb: bytearray(b'a\x10;o5\xdc\xcd\xb0{$\xa1\xc6\xd8\x04\xb3\xb1')
  characteristic: 00002a05-0000-1000-8000-00805f9b34fb: None
mrquincle commented 4 years ago

It works! I think I've done it now for the 10th time (the factory reset), but now it worked! :-)

mrquincle commented 4 years ago

Proof: 

./hue-ble-ctl.py introspect 'F6:9B:C8:D5:EF:C3'
connect to F6:9B:C8:D5:EF:C3...
found brightness characteristics
found light characteristics
service: 9da2ddf1-0000-44d0-909c-3f3d3cb34a7b
  characteristic: 9da2ddf1-0001-44d0-909c-3f3d3cb34a7b: None
service: b8843add-0000-4aa1-8794-c3f462030bda
  characteristic: b8843add-0004-4aa1-8794-c3f462030bda: 
  characteristic: b8843add-0003-4aa1-8794-c3f462030bda: None
  characteristic: b8843add-0002-4aa1-8794-c3f462030bda: None
  characteristic: b8843add-0001-4aa1-8794-c3f462030bda: bytearray(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00')
service: 932c32bd-0000-47a2-835a-a8d455b859dd
  characteristic: 932c32bd-1005-47a2-835a-a8d455b859dd: bytearray(b'\x01\x01\x01\x02\x01\xfe')
  characteristic: 932c32bd-0007-47a2-835a-a8d455b859dd: bytearray(b'\x01\x01\x00\x02\x01\xfe')
  characteristic: 932c32bd-0006-47a2-835a-a8d455b859dd: None
  characteristic: 932c32bd-0003-47a2-835a-a8d455b859dd: bytearray(b'\xfe')
  characteristic: 932c32bd-0002-47a2-835a-a8d455b859dd: 
  characteristic: 932c32bd-0001-47a2-835a-a8d455b859dd: 
service: 0000fe0f-0000-1000-8000-00805f9b34fb
  characteristic: 97fe6561-a001-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-2004-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-2002-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-2001-4f62-86e9-b71ee2da3d22: 
  characteristic: 97fe6561-1001-4f62-86e9-b71ee2da3d22: 
  characteristic: 97fe6561-0008-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-0004-4f62-86e9-b71ee2da3d22: None
  characteristic: 97fe6561-0003-4f62-86e9-b71ee2da3d22: Hue bulb
  characteristic: 97fe6561-0001-4f62-86e9-b71ee2da3d22: bytearray(b'\xf4\x84\xd3\x06\x01\x88\x17\x00')
service: 0000180a-0000-1000-8000-00805f9b34fb
  characteristic: 00002a28-0000-1000-8000-00805f9b34fb: 1.65.9_hB3217DF4
  characteristic: 00002a24-0000-1000-8000-00805f9b34fb: LWA001
  characteristic: 00002a29-0000-1000-8000-00805f9b34fb: Philips
service: 00001801-0000-1000-8000-00805f9b34fb
  characteristic: 00002b29-0000-1000-8000-00805f9b34fb: 
  characteristic: 00002b2a-0000-1000-8000-00805f9b34fb: bytearray(b'a\x10;o5\xdc\xcd\xb0{$\xa1\xc6\xd8\x04\xb3\xb1')
  characteristic: 00002a05-0000-1000-8000-00805f9b34fb: None

I'm a happy camper!

smoyte commented 3 years ago

I am having the same problem and have tried resetting multiple times. It also takes like 5-10 seconds to attempt to fetch each of the characteristics before it writes 'None'.

I am on bluez 5.50, trying to connect from a Raspberry Pi Zero W.