Any more details about the 'configuration applet' which named as 'step-up' transaction in 'Unified Access Air Protocol Specification R1.1.pdf'. I wonder how to trigger this mechanism using apple's home? It's mentioned that 'Configuration applet will be selected only if a new device has been invited and a key data hasn't been provisioned into a lock prior to that' but how? The new device is with the same AppleID or just another user's device?

kormax / apple-home-key

Reverse-engineering Apple Home Key

215 stars 9 forks source link

Any more details about the 'configuration applet' which named as 'step-up' transaction in 'Unified Access Air Protocol Specification R1.1.pdf'. I wonder how to trigger this mechanism using apple's home? It's mentioned that 'Configuration applet will be selected only if a new device has been invited and a key data hasn't been provisioned into a lock prior to that' but how? The new device is with the same AppleID or just another user's device? #6

Closed webercheng closed 7 months ago

kormax commented 8 months ago

Hello,

Sorry, I have no idea what you're talking about. Google search yielded no results. Can you share a link to this info?

I've described why config applet is selected: during nfc communication, as a fallback if lock finds no info about a particular key. There's no known way of triggering it from Home app, and it doesn't make any sense to want to do that anyway. Key attestation packages for each device is different, but devices owned by one person have the same attesting key.

webercheng commented 8 months ago

Thanks for your reply but I am sorry there is no link.

I am developing a NFC smart lock based on the apple's HomeKitADK with the platform of nRF52840-DK. And I am very happy to find this repo which might help.

But I don't know how to implement the 'step-up transaction' process which corresponds to the sequence from '4.EXCHANGE' to '6.ENVELOPE' as described in your 'Readme.md'.

So as you answered if I want to trigger and test the process of 'Configuration applet' there is no way?

Can I force to enter the ‘Configuration applet’ in my code to proceed the process?

kormax commented 8 months ago

Sorry, but I can't help you in this regard, as I can only work with the information that I've obtained from public sources and/or testing, otherwise I would taint the public research. This repository indeed has some final info missing (regarding the attestation and encryption) which I forgot to add, but I'll add it only after a demo is published (very very soon).

If you have access to official documents everything needed should be there. Following the spec "by the book" is needed to pass the certification. Strange that it doesn't have the answers to your questions.

Beware that if you're under an NDA with Apple, which I assume you are based on what you're writing. I would refrain from using or posting any terminology from the document as it may be considered a violation.

webercheng commented 8 months ago

Gotcha! Thanks anyway!

kormax commented 7 months ago

In case you still have the same issue, perhaps this could be useful.