search

bulldog5046 / ha_nespresso_integration

19 stars 4 forks source link

Packet capture of pairing process #6

Closed bulldog5046 closed 9 months ago

bulldog5046 commented 9 months ago

Development of this integration has stalled due to my machine no longer responding to bluetooth commands. I believe in my case this is due to a pairing/setup process I triggered while playing with the caps stock management and water hardness.

Requesting help from anyone that can share a full bluetooth packet capture of the pairing and setup process with the OEM Nespresso app.

tikismoke commented 9 months ago

Did the full reset or long power cut didn't restore it at all?

Pretty sure you already try this: https://www.brewcoffeehome.com/reset-nespresso-machine-to-factory-settings/

Crap it was so good going on 😱

bulldog5046 commented 9 months ago

Yes, sadly factory reset and leaving it off overnight didn't do anything.

I'm really confused if it's just a case that i've gotten unlucky or if there is some planned obsolescence builtin to the machine to kill it after so many pairing attempts.

I did some real deep digging of the decompiled source code and have more new features to bring forward but i don't want to do that until i can establish why my machine died and test further.

I remembered i do have an android device, a car diagnostic unit. So i installed the old 3.28.0 app version and hacked it to block the forced updates to see if it could recover the machine but sadly it tells me it can discover it but not connect to it.

Keeping an eye out for another cheap machine so i can continue...

bulldog5046 commented 9 months ago

I dumped the firmware from the STM8 and BL600 chips on the mainboard and I found 23 auth keys in the write once memory of the BL600. Interestingly, it's only the keys i've installed and not the one that was on the machine when i got it which reaffirms my suspicion that the pairing process is not being completed. I guess a factory reset would normally clear the key but not in the case that the setup is incomplete maybe?

It seems most likely that mine has stopped working as the memory is full. According to the datasheet this can only be cleared by erasing the flash which will remove the Nespresso application. I will probably try blanking the memory locations to see if it works but i'm not optimistic as there are likely memory pointers stored somewhere that i haven't been able to locate.

I really need a clean firmware dump from the BL600 if anyone has a JTAG and can get it for me? Still trying to track down a cheap enough machine or mainboard so i can continue working on this.