Send 0x92, 0xAB, 0x54, 0xFA to authCharacteristic.

[drndos]

Hello, I tried to replicate your successful connection to kettle and I found an issue with step 5. in authentication. In my case the bytearray was different than yours. It seems that with different token it is different. After sniffing it from my android, I made successful connection to kettle <3. Maybe we are missing something here and there is a way we can compute the 5. step bytearray. I tried different connections with android and each pairing process generates different token and different payload for step 5. Thank you.

[aprosvetova]

I use random tokens and the same step 5 payload always. I didn't sniff it, it was taken from the mi home app.

[drndos]

Also in my case the status update has 12 bytes (00 ff 00 00 50 20 00 00 00 01 02 00). Maybe we have different versions ? I have: Manufacturer: Viomi Model number: yunmi.kettle.v2 Serial number: 1.3.3-LE Hardware revision: 0.1.8 Firmware revision: 7.5.10 Software revision: 6.2.1.7

[drndos]

I also have latest mihome app 5.4.54 EU server

[aprosvetova]

Ah I don't remember my model name... Can you check your kettle product ID? It's 131 for me.

[drndos]

I cannot find the product id as integer. Only the info I supplied in comment above and on the kettle itself I can find model number: YM-K1501 Production date: 2018.05 Where do I find it as Integer ?

[drndos]

I have decompiled and deobfuscated the code and found out what they call "step4" is your step 5 and they send this: BLECipher.encryptTwoArraysTogether(this.TOKEN, ByteUtils.decodeInteger4((int) v92AB54FA)) So this step depends on the token and based on the token the data payload is generated and authentication is finished :)

[drndos]

It is not working for me so far. I have concluded that either my productId is different than 131 (and I cannot find it anywhere) or something in cipher or mixA or mixB method is not correct (I reimplemented it from GO to python). I ran tests and your GO implementation and my python yield same results. I think the productID might be different.

[aprosvetova]

BLECipher.encryptTwoArraysTogether(this.TOKEN, ByteUtils.decodeInteger4((int) v92AB54FA))

LOL! I swear it was just constant and it works for me. Maybe they've updated the protocol but I don't think they could because it would break backwards compatibility.

[drndos]

I finally found my productId, I don't know how to obtain it properly yet but I did it by sniffing request and response of mi home and iterating from 1 to 10000 and checking if the cipher equation is equal. My product id is 275 and now everything works perfectly. Good job on properly implementing the mixA, mixB and cypher methods, they will prove to be useful in other applications aswell (miFlora,...).

[aprosvetova]

Hey that’s cool! I’m sorry I didn’t tell you how to obtain that ID. You can just pair your kettle to mihome and then sniff requests to their API, you’ll see it in your paired devices list. I was too lazy to answer and then just even forgot lol...

Btw, Mi Flora has no encryption and no pairing process. Same as Mi Scale. Come to your friends house and read their weight 😶

[drndos]

I found this issue where they struggle with it: https://github.com/sputnikdev/eclipse-smarthome-bluetooth-binding/issues/18

[aprosvetova]

Oh yeah. My code will help them. But Mi Flora particularly doesn’t need any auth.

[drndos]

I have implemented it in python to be more "home-assistant" friendly :) https://github.com/drndos/mi-kettle-poc I hope it is within the "do whatever fuck you want license" :D

[aprosvetova]

Yay, that’s great! I hope we’ll see the component anyday. I’m not good in Python and too lazy to write code that follows PEP and HA guidelines.

[aprosvetova]

Do you mean the license of my work? Yeah, everything is fine. You can take my code, say it’s yours and I’m a thief, whatever comes to your mind :D