Cannot get Wallbox-pwn to run

[GrantKeymer]

Hi @jagheterfredrik and @tronikos

I'm really impressed with the quality of your coding for the MQTT Bridge, so I thought I would take the first step and Root my Wallbox. After getting WSL to run again with an updated version of Ubuntu (v 22.04.3 LTS), I finally managed to get Python3 installed, Pip installed and then Bleak installed. This is what happened next...

grant@Grant-Tablet:/mnt/c/WINDOWS/system32$ python3 wallbox-pwn.py python3: can't open file '/mnt/c/WINDOWS/system32/wallbox-pwn.py': [Errno 2] No such file or directory

So I downloaded the file 'wallbox-pwn.py' and copied it into the directory above. Then tried again...

grant@Grant-Tablet:/mnt/c/WINDOWS/system32$ python3 wallbox-pwn.py Traceback (most recent call last): File "/mnt/c/WINDOWS/system32/wallbox-pwn.py", line 123, in asyncio.run(main()) File "/usr/lib/python3.10/asyncio/runners.py", line 44, in run return loop.run_until_complete(main) File "/usr/lib/python3.10/asyncio/base_events.py", line 649, in run_until_complete return future.result() File "/mnt/c/WINDOWS/system32/wallbox-pwn.py", line 63, in main devices = await BleakScanner.discover() File "/home/grant/.local/lib/python3.10/site-packages/bleak/init.py", line 317, in discover async with cls(**kwargs) as scanner: File "/home/grant/.local/lib/python3.10/site-packages/bleak/init.py", line 158, in aenter await self._backend.start() File "/home/grant/.local/lib/python3.10/site-packages/bleak/backends/bluezdbus/scanner.py", line 168, in start manager = await get_global_bluez_manager() File "/home/grant/.local/lib/python3.10/site-packages/bleak/backends/bluezdbus/manager.py", line 1046, in get_global_bluez_manager await instance.async_init() File "/home/grant/.local/lib/python3.10/site-packages/bleak/backends/bluezdbus/manager.py", line 278, in async_init assert_reply(reply) File "/home/grant/.local/lib/python3.10/site-packages/bleak/backends/bluezdbus/utils.py", line 22, in assert_reply raise BleakDBusError(reply.error_name, reply.body) bleak.exc.BleakDBusError: [org.freedesktop.DBus.Error.ServiceUnknown] The name org.bluez was not provided by any .service files grant@Grant-Tablet:/mnt/c/WINDOWS/system32$

The file 'wallbox-pwn.py' opens OK with Notepad, and there doesn't seem to be anything wrong with it.

That's about all the trouble-shooting I'm able to do, with my very limited knowledge. I hope you can tell me what to do next.

Thank you 🙂

[tronikos]

You don't need to run it under WSL.

1. Download wallbox-pwn.py and save it to a directory, e.g. c:\wallbox
2. Download the latest Python version for Windows
3. Install Python
4. Open Command Prompt (Click on start menu and type Command Prompt). Inside the command prompt run:

   pip install bleak
   python c:\wallbox\wallbox-pwn.py

[GrantKeymer]

Thanks very much for your quick reply @tronikos

Edit: For the benefit of others following this thread, it makes things much easier if you select the option which says "Add Python to path" and don't forget to ask for Pip to be installed as well.

[GrantKeymer]

I went close to my Wallbox Pulsar Plus, did a Bluetooth scan within Windows | Settings and there was my Wallbox.

Ran the Python script and this is what happened (serial number and MAC removed for security)...

C:\Users\grant\Downloads>py wallbox-pwn.py Please choose Wallbox: 0) WB0xxxxx (xx:xx:xx:xx:xx:xx)

0 Traceback (most recent call last): File "C:\Users\grant\Downloads\wallbox-pwn.py", line 123, in asyncio.run(main()) File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 194, in run return runner.run(main) ^^^^^^^^^^^^^^^^ File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 118, in run return self._loop.run_until_complete(task) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\base_events.py", line 684, in run_until_complete return future.result() ^^^^^^^^^^^^^^^ File "C:\Users\grant\Downloads\wallbox-pwn.py", line 76, in main await wb.connect(wallboxes[chosen_idx]) File "C:\Users\grant\Downloads\wallbox-pwn.py", line 26, in connect await self.client.pair() File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak__init__.py", line 629, in pair return await self._backend.pair(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\backends\winrt\client.py", line 616, in pair raise BleakError(f"Could not pair with device: {pairing_result.status}") bleak.exc.BleakError: Could not pair with device: 19

C:\Users\grant\Downloads>

I know it found my Wallbox because I recognised the serial number after 'WB0'.

The Python code mentions that pairing is not possible on Mac, but AFAIK, it isn't on Windows either. If I try, Windows says it can't connect. What to do now?

[jagheterfredrik]

Try pairing through the Windows bluetooth settings first

[GrantKeymer]

This time I attempted to pair through Windows | Settings immediately before running the Python script. It still won't pair and Windows displays the message "Try connecting your device again".

Looks like I'm no further ahead. Windows has never been able to pair with my Wallbox, but some devices are like that, yet they still work. For example, the Bluetooth dongle used for OBDII in my Nissan Leaf. Hmmmm 😟

[jagheterfredrik]

Try commenting out the pairing

[GrantKeymer]

I commented out these 2 lines...

    # with contextlib.suppress(NotImplementedError):
    #    await self.client.pair()

The error message is a bit different now, but still no luck it seems...

C:\Users\grant\Downloads>py wallbox-pwn.py Please choose Wallbox: 0) WB0xxxxx (xx:xx:xx:xx:xx:xx)

0 Traceback (most recent call last): File "C:\Users\grant\Downloads\wallbox-pwn.py", line 123, in asyncio.run(main()) File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 194, in run return runner.run(main) ^^^^^^^^^^^^^^^^ File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 118, in run return self._loop.run_until_complete(task) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\base_events.py", line 684, in run_until_complete return future.result() ^^^^^^^^^^^^^^^ File "C:\Users\grant\Downloads\wallbox-pwn.py", line 76, in main await wb.connect(wallboxes[chosen_idx]) File "C:\Users\grant\Downloads\wallbox-pwn.py", line 28, in connect await self.client.start_notify(UART_TX_CHAR_UUID, self.handle_rx) File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak__init__.py", line 822, in start_notify raise BleakError(f"Characteristic {char_specifier} not found!") bleak.exc.BleakError: Characteristic a73e9a10-628f-4494-a099-12efaf72258f not found!

C:\Users\grant\Downloads>

[jagheterfredrik]

Can you “forget” the device in Windows? And then pair? Bluetooth is awesome 🫠

[GrantKeymer]

Thanks for your further suggestion @jagheterfredrik

I can't forget the device in Windows because it's never been paired. WiFi allows you to 'forget' devices, but not Bluetooth, unless it's been paired first.

Just to make sure my phone wasn't causing any conflict, I disabled Bluetooth and on my PC, enabled the Windows option that says "Allow Bluetooth devices to find this PC".

Then I tried again, with the Python pairing code left commented out and just to make sure, with the pairing code re-enabled again.

None of those things made any difference except when I re-enabled pairing, the error message changed back to what it was originally.

Yep, Bluetooth is really awesome 👅

[jagheterfredrik]

There is a “forget” but different implementations call it different things. It’s essentially a “delete the stored encryption key for this Bluetooth mac”. But as you say, you won’t have one unless you’ve already paired.

[GrantKeymer]

I had a look at the Github repo for Bleak. There are lots of reports concerning problems with pairing, but no solutions being offered. One comment says that pairing is "A work in progress".

It's a pity this script won't work without pairing. Then I might have a chance to get it running, but otherwise it seems like a lost cause for now 😞

[tronikos]

For me on Windows 10 the script worked without issues. Under "Bluetooth & other devices" make sure you don't have any devices starting with WB. If you do, select it and click on "Remove device".

[GrantKeymer]

@tronikos - I'm also running on Windows 10. My Wallbox is not shown under 'Bluetooth & other devices'. But if I click 'Add Bluetooth or other device' then 'Bluetooth', I see my Wallbox (WB0xxxxx) show up. It will not pair though, as I mentioned earlier.

Can you pair with your Wallbox using Windows 10?

[tronikos]

It's hard for me to try again. It has been several months since I got root access but if I remember right I was able to pair from Windows directly and then run the script. After my feedback, jagheterfredrik submitted https://github.com/jagheterfredrik/wallbox-pwn/commit/a8da660abbe36407c26e1cd6f2bfc2f2e7e66e84 and I think I tested it and I was able to make it work after removing the previously paired device.

Make sure you are next to the Wallbox. I remember I had issues if I wasn't very close to it.

If everything fails I guess you could try a live version of Linux and/or a different laptop or different Bluetooth dongle.

[GrantKeymer]

I'm running Windows 10 on a Microsoft Surface Pro, so I expect the Bluetooth hardware and software not to be the cause of my problems. I had a look through the registry (specifically at all the GATT keys) to find any trace of Wallbox or my WB0xxxxx serial number but there is nothing. So I don't believe it is a previously paired device causing problems. The Wallbox has never been able to pair with my Android phone either.

After reading the Github thread #1100 entitled 'Pairing Agent' it is clear that this is a complex area with behaviour very different from one device to another. I guess @jagheterfredrik was lucky that pairing worked on their Mac, but for anyone trying on Windows, it could be pretty hit-and-miss.

What are the chances that Wallbox will lockout Bluetooth access for the Wallbox-pwn script with a future version of firmware?

[jagheterfredrik]

I’ve tried windows as well. Worked fine. Don’t think luck was involved. I’ve paired using raspberry pi and rock5 as well.

Wallbox said they patch this in v6.

Do you mean the android phone can’t talk Bluetooth to it either? I.e. the app is wifi only?

See if the BGXCommander app can talk to it. It’s developed by the wallbox Bluetooth chip manufacturer

[GrantKeymer]

Yes, I noticed this in the Wallbox software release archive...

We have improved the offline software update process including more cybersecurity measures.
Latest Software Version

Pulsar Plus e
6.1.10

also applies to:

Latest Software Version

Pulsar Plus
6.1.10

I guess it was only a matter of time, but hopefully you will find a way around it, for owners of Pulsar Plus chargers with these new firmware versions.

Do you mean the android phone can’t talk Bluetooth to it either? I.e. the app is wifi only?

No, my Android phone can communicate with my Pulsar Plus using either Bluetooth or Wifi. It just can't pair.

Thanks for the suggestion about BGXCommander. I'll give that a try.

[GrantKeymer]

See if the BGXCommander app can talk to it. It’s developed by the wallbox Bluetooth chip manufacturer

Sadly, it won't install because my Android version is too new.

[jagheterfredrik]

If it can communicate it is paired.

[GrantKeymer]

I've now tried a completely different laptop (Lenovo) also running Windows 10, standing right in front of my Pulsar Plus. Sadly, the results are identical to what I got earlier.

My Wallbox appears in the selection list as option 0. After I enter 0, all the error messages follow, ending with: Could not pair with device: 19

Thanks for all your help guys, but it looks as though I can't go any further with this.

[jagheterfredrik]

Your error after removing the pairing is weird “bleak.exc.bleakerror:%20Characteristic%20a73e9a10-628f-4494-a099-12efaf72258f%20not%20found!”

I would try one of the ble explorer type apps to list the characteristics. E.g. https://apps.microsoft.com/detail/9N0ZTKF1QD98

[GrantKeymer]

OK, I have Bluetooth LE Explorer running, however, I cannot copy & paste the results, so I've attached some screenshots, minus my WB serial number and MAC address.

Let me know if there's anything else you need. It looks like a useful app. Thanks!

[jagheterfredrik]

Interesting! You have a different Bluetooth chip. I’ll have to investigate!

[jagheterfredrik]

Ok comment out pairing like before

change service uuid to 175f8f23-a570-49bd-9627-815a6a27de2a Tx uuid to cacc07ff-ffff-4c48-8fae-a9ef71b75e26 Rx uuid to 1cce1ea8-bd34-4813-a00a-c76e028fadcb

[jagheterfredrik]

Apparently that (older?) Zentri chip allows (and defaults to!) unauthenticated communication, unlike the BGX chip which cannot be used without it.

[GrantKeymer]

Now I'm getting further through your code, up to the point where setting AP is attempted...

C:\Users\grant\Downloads>py wallbox-pwn.py
Please choose Wallbox:
0) WB0xxxxx (xx:xx:xx:xx:xx:xx)
> 0
Setting Wallbox to AP mode
Traceback (most recent call last):
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 123, in <module>
    asyncio.run(main())
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 194, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\base_events.py", line 684, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 79, in main
    wifi_creds = await wb.execute("s_hup")
                 ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 54, in execute
    await self.client.write_gatt_char(self.rx_char, data, True)
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\__init__.py", line 776, in write_gatt_char
    await self._backend.write_gatt_char(characteristic, data, response)
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\backends\winrt\client.py", line 898, in write_gatt_char
    _ensure_success(
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\backends\winrt\client.py", line 155, in _ensure_success
    raise BleakError(
bleak.exc.BleakError: Could not write value b'EaE#{"met":"s_hup","par":null,"id":421}\xe3' to characteristic 0042: Protocol Error 0x03: Write Not Permitted

C:\Users\grant\Downloads>

Interesting to know there are such variations between versions of the Pulsar Plus, with different hardware. I expected they would all be the same until the Pulsar Max was released recently.

[jagheterfredrik]

🤔 try swapping rx and tx

Edit: nevermind, they should be correct.

try changing True to False here: https://github.com/jagheterfredrik/wallbox-pwn/blob/1ec25281b6b70f3546cb8fa2f4276508e39d8213/wallbox-pwn.py#L54

[GrantKeymer]

I did try swapping Tx and Rx as you suggested, but it seemed to be a backward step because I never got as far as attempting to set AP mode. After restoring Tx and Rx to what they were and changing True to False, I now have...

C:\Users\grant\Downloads>py wallbox-pwn.py
Please choose Wallbox:
0) WB0xxxxx (xx:xx:xx:xx:xx:xx)
> 0
Setting Wallbox to AP mode
Traceback (most recent call last):
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 123, in <module>
    asyncio.run(main())
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 194, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\base_events.py", line 684, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 79, in main
    wifi_creds = await wb.execute("s_hup")
                 ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 54, in execute
    await self.client.write_gatt_char(self.rx_char, data, False)
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\__init__.py", line 776, in write_gatt_char
    await self._backend.write_gatt_char(characteristic, data, response)
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\backends\winrt\client.py", line 899, in write_gatt_char
    await characteristic.obj.write_value_with_result_async(buf, response),
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OSError: [WinError -2147024809] The parameter is incorrect

C:\Users\grant\Downloads>

It makes a change to have a Windows error instead of a Bleak error, so I guess we are making progress.

[jagheterfredrik]

What. Can you try removing it completely?

await self.client.write_gatt_char(self.rx_char, data)

or changing the line to

await self.client. write_gatt_descriptor(66, data)

[GrantKeymer]

Trying the first suggestion I have...

C:\Users\grant\Downloads>py wallbox-pwn.py
Please choose Wallbox:
0) WB0xxxxx (xx:xx:xx:xx:xx:xx)
> 0
Setting Wallbox to AP mode
Traceback (most recent call last):
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 123, in <module>
    asyncio.run(main())
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 194, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\base_events.py", line 684, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 79, in main
    wifi_creds = await wb.execute("s_hup")
                 ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 54, in execute
    await self.client.write_gatt_char(self.rx_char, data)
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\__init__.py", line 776, in write_gatt_char
    await self._backend.write_gatt_char(characteristic, data, response)
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\backends\winrt\client.py", line 898, in write_gatt_char
    _ensure_success(
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\backends\winrt\client.py", line 155, in _ensure_success
    raise BleakError(
bleak.exc.BleakError: Could not write value b'EaE#{"met":"s_hup","par":null,"id":981}\xee' to characteristic 0042: Protocol Error 0x03: Write Not Permitted

C:\Users\grant\Downloads>

Now I'll try the second.

[GrantKeymer]

Something different happened this time. After running the script the first time, I got the error message below, but running it a second time, no Wallboxes were found within Bluetooth range. Running the script a 3rd time, it found my Wallbox again, then on the 4th time, it didn't, etc, etc. So it seems as though the Bluetooth stack is now left in a bad condition after running this script.

Error message now is...

Setting Wallbox to AP mode
Traceback (most recent call last):
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 123, in <module>
    asyncio.run(main())
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 194, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\base_events.py", line 684, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 79, in main
    wifi_creds = await wb.execute("s_hup")
                 ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\grant\Downloads\wallbox-pwn.py", line 54, in execute
    await self.client. write_gatt_descriptor(66, data)
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\__init__.py", line 878, in write_gatt_descriptor
    await self._backend.write_gatt_descriptor(handle, data)
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\backends\winrt\client.py", line 917, in write_gatt_descriptor
    raise BleakError(f"Descriptor with handle {handle} was not found!")
bleak.exc.BleakError: Descriptor with handle 66 was not found!

C:\Users\grant\Downloads>

[jagheterfredrik]

It seems to me like the original with the new service,rx,tx should work would you mind testing on your other pc as well?

otherwise I’ll have to go back to the drawing board

[GrantKeymer]

Returning to the original .py file, but with Service, Rx, Tx UUIDs replaced, Pairing commented out, when running on my wife's Lenovo laptop, this is what happens...

E:\>python wallbox-pwn.py
Please choose Wallbox:
0) WB0xxxxx (xx:xx:xx:xx:xx:xx)
> 0
Setting Wallbox to AP mode
Traceback (most recent call last):
  File "E:\wallbox-pwn.py", line 123, in <module>
    asyncio.run(main())
  File "C:\Users\inger\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 194, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "C:\Users\inger\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\inger\AppData\Local\Programs\Python\Python312\Lib\asyncio\base_events.py", line 684, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "E:\wallbox-pwn.py", line 79, in main
    wifi_creds = await wb.execute("s_hup")
                 ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "E:\wallbox-pwn.py", line 54, in execute
    await self.client.write_gatt_char(self.rx_char, data, True)
  File "C:\Users\inger\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\__init__.py", line 776, in write_gatt_char
    await self._backend.write_gatt_char(characteristic, data, response)
  File "C:\Users\inger\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\backends\winrt\client.py", line 898, in write_gatt_char
    _ensure_success(
  File "C:\Users\inger\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\backends\winrt\client.py", line 155, in _ensure_success
    raise BleakError(
bleak.exc.BleakError: Could not write value b'EaE#{"met":"s_hup","par":null,"id":163}\xe6' to characteristic 0042: Protocol Error 0x03: Write Not Permitted

E:\>

I hope it helps 😟

[jagheterfredrik]

Try this branch https://github.com/jagheterfredrik/wallbox-pwn/tree/zentri

[GrantKeymer]

Here's what happened this time...

C:\Users\grant\Downloads>py wallbox-pwn-zentri.py
Please choose Wallbox:
0) WB0xxxxx (xx:xx:xx:xx:xx:xx)
> 0
Traceback (most recent call last):
  File "C:\Users\grant\Downloads\wallbox-pwn-zentri.py", line 128, in <module>
    asyncio.run(main())
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 194, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\asyncio\base_events.py", line 684, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "C:\Users\grant\Downloads\wallbox-pwn-zentri.py", line 81, in main
    await wb.connect(wallboxes[chosen_idx])
  File "C:\Users\grant\Downloads\wallbox-pwn-zentri.py", line 28, in connect
    await self.client.pair()
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\__init__.py", line 629, in pair
    return await self._backend.pair(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\grant\AppData\Local\Programs\Python\Python312\Lib\site-packages\bleak\backends\winrt\client.py", line 616, in pair
    raise BleakError(f"Could not pair with device: {pairing_result.status}")
bleak.exc.BleakError: Could not pair with device: 19

C:\Users\grant\Downloads>

We are back to not pairing, with no attempt to set AP mode.

I tried it a second time and the script hung, with Ctrl-C needed to break.

[jagheterfredrik]

Damn forgot to remove pairing. Can you comment it out again but in that branch?

[GrantKeymer]

Wow!!! This time I got much further, almost to the end 😁

C:\Users\grant\Downloads>py wallbox-pwn-zentri.py
Please choose Wallbox:
0) WB0xxxxx (xx:xx:xx:xx:xx:xx)
> 0
Setting Wallbox to AP mode
Wallbox AP is ready, connect to WB0xxxxx-Hotspot using password N24z-Ji#4t, then press return
>

I found the hotspot, then tried to connect to it using the password shown, but the password wasn't accepted. Tried a couple of times, but same result both times. Is the password correct in my case?

[jagheterfredrik]

Great. Bluetooth is working 💪 wait a couple of minutes and try again. If it doesn’t work try reboot wallbox

[GrantKeymer]

After power cycling my Wallbox, the script ran to completion for the first time!!!

Sending pwnware
Pwnware was received by Wallbox
Wallbox is processing pwnware...
Wallbox was pwnd successfully!

C:\Users\grant\Downloads>

After finding the IP address of my Wallbox in the DHCP Server Leases table of my router, I was able to login with SSH 😁

Thanks so much @jagheterfredrik for continuing to support me, even though it's Christmas and all 👍

[jagheterfredrik]

It’s a Christmas miracle 🎄 Happy that it works!

[jagheterfredrik]

@GrantKeymer I’ve pushed a fix to the main branch. Would you mind running it again and see that it works? You only need to run until it asks you to connect to wifi, after that simply abort. The only side effect is it disconnects from wifi for a minute after which it reconnects.

[GrantKeymer]

Yes, I noticed you'd put in some extra code to identify which type of Bluetooth chip is fitted, and it works fine for me...

C:\Users\grant\Downloads>py wallbox-pwn.py
Please choose Wallbox:
0) WB0xxxxx (xx:xx:xx:xx:xx:xx)
> 0
Identified Bluetooth chip: Zentri
Setting Wallbox to AP mode
Wallbox AP is ready, connect to WB0xxxxx-Hotspot using password N24z-Ji#4t, then press return
>

Truly you're a genius! Getting your head around all this stuff is hard work 👍

[jagheterfredrik]

Cheers!