ahpohl
commented
3 years ago Hi @jaggli,
you landed in an old github repository which really marks the beginning when I started working on the decryption of lywsd03mmc devices. The code hosted here is not very useful anymore.
The reverse engineering work has been done by @Magalex2x14 and is documented here and the final C++ code in ESPHome xiaomi_ble.
To answer your question: (6) iv (nonce) consists of the device MAC + device type + frame count (packet id) + ext cnt (paylod counter) (7) the 4 byte long MAC tag is at the end of the payload and used as is
jaggil
Hi @ahpohl, first of all I want to thank you for your enormous effort to decode xiaomi_lywsd03mmc and be able to read it with an ESP32.
Although I am not a good C ++ programmer, I wish to integrate multiple lywsd03mmc devices into my Blynk system using ESP32 microcontrollers.
To do this, I think I should start by understanding how to get the basic data to perform a test with your Test_MbedTLS.ino program.
At this moment I already know how to obtain the following data: (1) name -> Free reference text string (I guess) (2) key -> I am using the website https://pvvx.github.io/ATC_MiThermometer/TelinkMiFlasher.html (3) plaintext -> In my case it is what I want to obtain after decryption (4) ciphertext -> They are the 5 encrypted bytes of the advertisement reading from positions 19 to 23(right?). (5) authdata -> Value set to 0x11
My question is how the following two parameters are obtained (6) iv -> ???? (7) tag -> ???? For example, I have the following advertisement for my device: Advertised Payload_Length: 30 02 01 06 1a 16 95 fe 58 58 5b 05 01 23 4c c8 38 c1 a4 c2 1d ed 9c 13 00 00 00 c8 60 bc ad and in TelinkMiFlasher.html I have obtained Token = 47f0a056176745d3b8368b19 and Bind Key = 0bf74b6fa1378282dd4af2fa885167ea
How can I get the missing values?
Thanks in advance