Handle Value Notification (UART) decode logic not working

[letoth]

First of all fantastic job you made with miauth! it works with Xiaomi HOTO smart kitchen scale too :) However after successful state 5, the scale sends notifications which I am not able to decode anyhow..... tried your UART decode logic, but it does not work :(

Could you please have a quick look, and you might be able to guess how to decode the values ? see the attached log

hoto1.log

[dnandha]

@letoth That's awesome. Thanks for testing miauth with your device!

The UART log you got from the HOTO device looks quite rudimentary: First two bytes simply count up the packet number (iterator), the rest is the encoded message using the iterator as salt - maybe a checksum in the end.

Without having any knowledge about the device, my guess is that it could be possible to decrypt the traffic when you change the decrypt_uart function to something like this (removing header and shifting the arrays):

def decrypt_uart(key, iv, msg):
        it = msg[:3]
        ct = msg[3:-2]
        ...

If this doesn't work, further investigation would be required. Without the device that is not possible for me.

[arjan-kuiper]

@letoth were you able to decode the notification at this point?

[letoth]

@arjan-kuiper > no :( but if you could, I would appreciate some hint :)