search

buttplugio / docs.buttplug.io

11 stars 7 forks source link

Document LiBo/Sistalk Protocol #19

Open denialtek opened 9 months ago

denialtek commented 9 months ago

Continuing from https://github.com/buttplugio/stpihkal/issues/48

Auth protocol for MonsterPub Gen 2 devices

Read from 0x8001 and you will get back a message like: 01 31 96 8f c3 00 00 00 00 00 00 00 00 00 00 00

Take the first byte and use it to select which key to use: 00 = 32 49 50 4f 01 = 4c 53 42 42 02 = 53 49 53 36 03 = 54 41 4c 4b

Generate a 15 byte response where: Bytes 1-4 are an XOR of the key and bytes 2-5 of the message. Bytes 5-15 are the bytes of the key repeating.

Send the response to 0x8001.

ex. Message: 01 31 96 8f c3 00 00 00 00 00 00 00 00 00 00 00 First byte is 0x01 so the key is 0x4c534242.

0x31968fc3 ^ 0x4c534242 = 0x7dc5cd81

Response: 7d c5 cd 81 4c 53 42 42 4c 53 42 42 4c 53 42

blackspherefollower commented 9 months ago
Name 6013 6014 6015 6016 6017 6001 6002 6003 6004 6005 6006 6031
MonsterPub 1S Health Doctor Whale                      
MonsterPub 1S Health Master Godzilla                      
MonsterPub 1S Health Mister Devil 2.2.5 MP_JKS_N_P2 MP_JKS 13 33 WriteWithoutResponse/Read Read/Write N/A Read/Write     Subscribe for pressure LE bytes
MonsterPub 1S Youth Doctor Whale 1.0 MP_S_T_P0 MP_YD 14 0 WriteWithoutResponse Write        
MonsterPub 1S Youth Master Godzilla                      
MonsterPub 1S Youth Mister Devil                      
MonsterPub 1X Doctor Whale 1.0.4 MP1SP_QC_TL_P2 MP1SP_QC_JY 10 5 WriteWithoutResponse/Read Read/Write   Read/Write    
MonsterPub 1X Master Godzilla                      
MonsterPub 1X Mister Devil                      
MonsterPub 2 Doctor Whale 1.2.6 MP2_JK_N_P1 MP2_JK_N6T_JY 16 2 WriteWithoutResponse Write WriteWithoutResponse Read/Write     Subscribe for pressure LE bytes
MonsterPub 2 Master Godzilla                      
MonsterPub 2 Mister Devil  5.1  MP2_QC_TL_P1  MP2_QC_N6_EM  40 WriteWithoutResponse/Read  Read/Write    WriteWithoutResponse/Read  Read/Write   WriteWithoutResponse/Read/Write Read/Write
MonsterPub Baby Youth Doctor Whale                      
MonsterPub Baby Youth Health Master Godzilla 1.5.2 MP_BABY_QC_N_P4 MP_BABY_GSL 35 32 WriteWithoutResponse Write WriteWithoutResponse Read/Write    
MonsterPub Baby Youth Mister Devil 1.5.2 MP_BABY_QC_N_P4 MP_BABY_EM 39 32 WriteWithoutResponse Write WriteWithoutResponse Read/Write    
MonsterPub BeatHeart 2.7 MP1N_QC_TL_P2 MP1N_QC_YL 10 5 WriteWithoutResponse/Read Read/Write N/A Read/Write    
MonsterPub Magic Kiss 1.2.2 MP_MW_TL_P2 MP_MW_GSL 6 4 WriteWithoutResponse/Read Read/Write WriteWithoutResponse/Read Read/Write WriteWithoutResponse/Read/Write Read/Write
KiniCat 4.5.0 MP_MXY_N_P1 MP_MXY 36 33 WriteWithoutResponse Write        
anon1im commented 1 month ago
6016 seems to be a power cycle counter, it increments every time the device is turned on Name 6013 6014 6015 6016 6017 6001 6002 6003 6004 6005 6006 6031
MonsterPub 2 Doctor Whale 1.0.2 MP2_JK_N0_P1 MP2_JK_N6T_JY 111 65 WriteWithoutResponse Write WriteWithoutResponse Read/Write N/A N/A Subscribe for pressure LE bytes
MonsterPub 2 Master Godzilla 1.2.5 MP2_QC_N_P1 MP2_QC_N6_GSL 136 92 WriteWithoutResponse Write WriteWithoutResponse Read/Write N/A N/A N/A

Also my devices are from 2022 and seem like an older generation (newer ones have a different charge port)