egaebel
commented
1 year ago Hiya, I didn't really look at whether all communications are encrypted with the device key or not TBH. I do not think they would be though, because I don't really see how that can work out since the Android application would have to encrypt those communications with some key and I did not find any asymmetric keys in the Android source code. So at most it would be using a symmetric key that you can find (likely hardcoded) in the Android app source.
To find the answer to this you can run a bluetooth capture on an Android phone and dump that data into Wireshark to see if you can tease out discernible patterns in the data being transmitted (as opposed to just noise).
This guide will get you started with running the bluetooth capture and retrieving the file that results: https://support.honeywellaidc.com/s/article/How-to-capture-Bluetooth-traffic-from-and-to-an-Android-Device
If you haven't used Wireshark before I would definitely invest some time in learning how to. It's pretty much the de-facto network analysis tool and can support many sorts of network captures.
noelialc
Guleri24
Hi, im a college student who is trying to do something similar. The xm5 has a big problem that doesn't let you adjust how much noise cancelling you want(like the slider that the xm4 have) im trying to hack the app and put the slider back again. I have a few questions that you seem have the answers to. The first one is if all the communications are encrypted with the device key or only the updates/lagunage package ones?