Open khoazany opened 7 years ago
adriancretu
commented
7 years ago The resolver doesn't decrypt anything, it can't. I can bet that it just stores ahead of time the future EIDs for each beacon, i see no other way around it at massive scale. I still think that one day a collision will happen with only a 64-bit key,, but that's just me :) Isn't ETLM just AES ciphertext to decrypt once you solved the EID? Or what are you trying to test against?
khoazany
commented
7 years ago But you (the resolver) can't predict the specific time the Eddystone will generate a new EID, unless I misunderstood something? We have the rotational period exponent but it only indicates the "average" time span that a new EID will be generated, and they even recommend that "the precise point at which the beacon starts advertising the new identifier is randomized within the window".
For the ETLM, yes, it just AES ciphertext to decrypt but since my implementation involved some casting and parsing I just need some example data to feed it to see whether it works correctly. Personally it's my first time playing with AES/EAX so may be I'm just a bit uncertain about things. For EID I can use the eidtools.py file to validate my cryptography method so not an issue.
Thanks for the reply anyway :)
mashbridge
commented
7 years ago You can decrypt the ETLM data if you know the identity key and have the beacon's clock value. The resolver knows the IK and what the clock should be from the registration entry. You can also read the IK and clock value from the beacon's GATT service if you're the owner and have the unlock code.
adriancretu
commented
7 years ago I don't think it matters when the new EID is generated at a random time somewhere inside a valid time window, since it will be based on a "zero-ed" time offset (so it's the same EID no matter what exact time you generate it inside the time window allowed by the rotation exponent). The solver is probably allowing for some small deviation for the case where the previously expired EID was not yet updated by a beacon, or the new one just started (since the clocks are not atomically synchronized).
I think ETLM makes sense to be decrypted only server-side. To test your ETLM encryption maybe you can just register an EID beacon to the Proximity API and then call beaconinfo.getforobserved
khoazany
commented
7 years ago I did not aware that the truncated time counter won't change the value within the window. Now I realized that everything makes sense. Really appreciated your help :)
kaYcee
commented
7 years ago Hi there, will there be a way to retrieve the decrypted telemetry contents via Google API in the near future or at least get clock value and IK settings that were submitted during EID registration? When we use a fleet of EID/eTLM beacons from different manufacturers we have currently no means of decoding the encrypted telemetry data on the fly, neither through Google API nor via manual decryption as the beacons were registered by different third-party APIs of which some do not share the handshake parameters or GATT service credentials. Thanks
timomeara
commented
3 years ago Hi guys,
I'm writing a method to decrypt ETLM back to the telemetry data. The steps needed are clear from the documentation. However I can't possibly do any unit testing on this decryption method since I don't have any ETLM example. Unless I write a method to encrypt plain TLM data then use its output as the input for decryption method, which would be quite an overkill since I don't use that encryption method for anything else.
Just wondering if it's a good idea to have some examples provided on the ETLM documentation (same with EID I guess, I don't get how after the Eddystone advertises an new EID value the resolver can decrypt it back to identity key since the resolver doesn't know the time counter offset at the point when the Eddystone generates that new value).
On another side question, is the result of the decryption the full (plain) TLM frame as described in the TLM page or it doesn't include frame type and version, only VBATT, TEMP, ADV_CNT and SEC_CNT?
hey Pham- i know it's been a long time but i'm working on an eddystone project and trying to decrypt eLMT data and having a hard time with it. how did you do the decryption? thanks for any help you can offfer
Hi guys,
I'm writing a method to decrypt ETLM back to the telemetry data. The steps needed are clear from the documentation. However I can't possibly do any unit testing on this decryption method since I don't have any ETLM example. Unless I write a method to encrypt plain TLM data then use its output as the input for decryption method, which would be quite an overkill since I don't use that encryption method for anything else.
Just wondering if it's a good idea to have some examples provided on the ETLM documentation (same with EID I guess, I don't get how after the Eddystone advertises an new EID value the resolver can decrypt it back to identity key since the resolver doesn't know the time counter offset at the point when the Eddystone generates that new value).
On another side question, is the result of the decryption the full (plain) TLM frame as described in the TLM page or it doesn't include frame type and version, only VBATT, TEMP, ADV_CNT and SEC_CNT?