Can TOKENS from Xiaomi-cloud-tokens-extractor be used?

[Utu8Gaiquu]

https://www.home-assistant.io/integrations/xiaomi_miio lists https://github.com/PiotrMachowski/Xiaomi-cloud-tokens-extractor as a possible way of retrieving tokens and it does output tokens for a LYWSD03MMC, but the ble_monitor components rejects it in this format as it is too short. Is there a way to convert this extracted token to one that's suitable for ble_monitor?

[Ernst79]

Interesting. Unfortunately, this is the TOKEN, not the encryption key. It also gives TOKENS for devices without encryption.

   ---------
   NAME:  Mi Temperature and Humidity Monitor
   ID:    blt.3.u3g008n44400
   IP:
   TOKEN: bceb6b6e6a14d7d1fa176f62
   ---------

As you can see on the Telink flasher website, there are two keys, TOKEN and BIND_KEY. In our case, we need the BIND_KEY. I'm afraid this isn't stored in the Mi Cloud. But perhaps we could ask in that repository.

[Magalex2x14]

Yes, I also noticed this component, and at first was full of optimism in this regard, but unfortunately, Ernst is right. As far as I know at the moment, the Xiaomi cloud api does not allow obtaining the encryption key of the bluetooth device. Perhaps it is a matter of time, and in the future such a possibility will become known. After all, Xiaomi gateways somehow receive this key. It is necessary for the owner of the gateway to intercept the gateway traffic and see in which request the gateway receives this key. Unfortunately, I don't have a gateway.

[Ernst79]

@Utu8Gaiquu or @Magalex2x14

I modified the python script by adding print(devices) on line 201 in the script and just run the script normally. Line 200-202 look like this after the modification.

            print(f"Devices found for country \"{current_country}\":")
            print(devices)
            for device in devices["result"]["list"]:

You will get a dictionary of all devices with all parameters that are available in the API. A lot more than the standard output of the normal script. This is for one BLE device, starting with did and ending with reset_flag.

{'did': 'blt.3.u3g008n44400', 'token': 'bceb6b6e6a14d7d1fa176f62', 'longitude': '0.00000000', 'latitude': '0.00000000', 
'name': 'Mi Temperature and Humidity Monitor', 'pid': '6', 'localip': '', 'mac': '4C:65:A8:DD:B8:9B', 'ssid': '', 'bssid': '', 
'parent_id': '', 'parent_model': '', 'show_mode': 1, 'model': 'cleargrass.sensor_ht.dk1', 'adminFlag': 1, 'shareFlag': 0, 
'permitLevel': 16, 'isOnline': False, 'desc': '', 'extra': {'isSetPincode': 0, 'fw_version': '1.0.1_0066', 'needVerifyCode': 0, 
'isPasswordEncrypt': 0}, 'prop': {'4109': 'e9007601'}, 'uid': 1733145427, 'pd_id': 426, 'password': '', 'p2p_id': '', 
'rssi': 0, 'family_id': 0, 'reset_flag': 0},

Unfortunately, I don't have a encrypted sensor, so I would like to ask one of you to do the same and search for your device in the output and copy it here. As you can see, it contains a parameter isPasswordEncrypt, so it would be interesting to see what is contains for an encrypted device. If we are lucky, it contains an encryption_key or something like that....??? Note that the token is not what we are looking for.

[Tester798]

Just checked with my LYWSD03MMC after adding it to the Mi Home app and unfortunately there is no encryption_key there for me too, only token has the most resemblance with the encryption_key we need.

[jeremysherriff]

Came here after having reorganised my Xiaomi devices between regions and consolidated server regions, meaning I needed to re-add my tokens. I can confirm that the LYWSD03MMC "token" is 24 chars, and is not what we need. None of the token extraction methods I've tried expose the 32 char token we actually need.

Unfortunately the correct extraction technique has the flow-on effect of resetting the token, rendering the device in the Mi Home app stale and causing the app to discover a "new" device all the time. I've not been able to find a way around that.

[jeremysherriff]

@Ernst79

Unfortunately, I don't have a encrypted sensor, so I would like to ask one of you to do the same and search for your device in the output and copy it here. As you can see, it contains a parameter isPasswordEncrypt, so it would be interesting to see what is contains for an encrypted device. If we are lucky, it contains an encryption_key or something like that....??? Note that the token is not what we are looking for.

Output for LYWSD03MMC encrypted temp/humidity sensor (with line breaks added for readability):

{"did":"blt.3.129vofHFbEATC","token":"e2e6a27c913358ab57b3db5b","longitude":"0.00000000","latitude":"0.00000000",
"name":"Temperature & humidity sensor","pid":"6","localip":"222.154.236.121","mac":"A4:C1:38:31:E7:C3","ssid":"",
"bssid":"","parent_id":"","parent_model":"","show_mode":1,"model":"miaomiaoce.sensor_ht.t2","adminFlag":1,
"shareFlag":0,"permitLevel":16,"isOnline":true,"desc":"Device online ",
"extra":{"isSetPincode":0,"fw_version":"1.0.0_0001","needVerifyCode":0,"isPasswordEncrypt":0},
"uid":115054603,"pd_id":1371,"password":"","p2p_id":"","rssi":0,"family_id":0,"reset_flag":0}

isPasswordEncrypt is still 0 here.

[Ernst79]

Thanks, I received the sensors yesterday, so will also have a look myself. The FAQ gives three methods to get the bind key, although the third option has become quite difficult, due to changes by Xiaomi, and needs to be updated. I successfully have used method 1 and 2.

[jeremysherriff]

Yes, I've just added a PR for updating the faq as the MiHome mod (method 2) latest version doesn't write pairings.txt - I needed to try several APKs until I found one that worked.

[Ernst79]

See my comment on the PR. It worked fine on my android phone with the latest version (6.0.214). Did you make the logs folder?

[Ernst79]

@jeremysherriff, @Utu8Gaiquu and others. I can confirm that the needVerifyCode is still 0.

{'did': 'blt.3.u3g008n44400', 'token': 'bceb6b6e6a14d7d1fa176f63', 'longitude': '0.00000000', 'latitude': '0.00000000', 'name': 'Mi 
Temperature and Humidity Monitor', pid': '6', 'localip': '', 'mac': '4C:65:A8:DD:B8:9B', 'ssid': '', 'bssid': '', parent_id': '', 
'parent_model': '', 'show_mode': 1, 'model': 'cleargrass.sensor_ht.dk1', 'adminFlag': 1, 'shareFlag': 0, 'permitLevel': 16, 'isOnline': 
False, 'desc': '', 'extra': {'isSetPincode': 0, 'fw_version': '1.0.1_0066', 'needVerifyCode': 0, 'isPasswordEncrypt': 0}, 'prop': {'4109': 
'e9007601'}, 'uid': 1733145427, 'pd_id': 426, 'password': '', 'p2p_id': '', 'rssi': 0, 'family_id': 0, 'reset_flag': 0}, 

No trace of an encryption key in the data unfortunately. Therefore, I will have to close this issue.

In case you need to get the encryption key, please use the instructions in the FAQ

[Ernst79]

I reopened this issue as it appears we can use xiaomi cloud token extractor. Thanks to the work of @rezmus, a PR is submitted, which displays the KEY of BLE devices. Till it gets merged, you can use the python script from my fork here.

~https://github.com/Ernst79/Xiaomi-cloud-tokens-extractor/tree/BLE_beacon_key~

[Ernst79]

Xiaomi cloud token extractor has been updated. It now supports showing BLE keys. Instructions in the FAQ have been updated.

https://github.com/PiotrMachowski/Xiaomi-cloud-tokens-extractor