Open nccchirag opened 4 years ago
a-andreyev
commented
3 years ago any progress here?
Nope. As you could see, newcomers like me are able to reproduce the progress of the past year (to complete the pairing and listen to encrypted BLE adv packets), but not able to handle the decryption logic.
Magalex2x14
commented
3 years ago I can't remember the reason why I subscribed to this thread, didn't read it in full, but I have a feeling that I have the information you need. I am working on integrating Mijia ecosystem devices into Home Assistant (ble monitor integration) and I was able to figure out encryption in due time. In a nutshell, here's everything I know on the subject:
bind_key or beaconkeyI don’t own the device discussed here, so I don’t know how it works, but theoretically together we can try to implement its support in the HomeAssistant ble_monitor custom integration.
madprogrammer
commented
3 years ago The problem with this particular dimmer is that it is not paired with the Mi Home app (which allows to dump the beaconkey / bind_key) but instead it pars directly with a supported ceiling light.
One theoretically possible way of reverse engineering this could be to intercept a firmware update sent from the Mi Home app targeted to a supported ceiling light (although that firmware binary is probably encrypted), and then try to reverse engineer that firmware.
Another way is to play the guessing game and try to figure out the encryption with trial and error (seems not feasible)
The last and probably "cheapest" way is to ditch the original firmware of the dimmer and ether write a completely new firmware from scratch for the same board (which will not be compatible with Mi Home / ceiling light) or layout a new PCB which will fit into same enclosure, again with a custom firmware.
ominitay
commented
3 years ago It would probably be easiest to write custom firmware, considering this attempt has been going for 1 and a half years now...
There is an IDE provided on the MCU manufacturer's website which may be of use. It is Windows only, so unfortunately I can't be of use with testing this software...
Ernst79
commented
3 years ago We solved the decryption of the YLKG08YL, thanks to @rezmus. It's using the MiBeacon V2/V3 (legacy) format, in stead of the newer MiBeacon V4/V5 format. More info can be found in this issue of the BLE monitor repository. Support is added in BLE monitor 2.1.x (currently beta). The encryption key is 24 characters long, in stead of the usual 32 (in the decryption process, 4 bytes (8 characters) are added).
The code can be found here. To get the encryption key, check these instructions
Busyrev
commented
3 years ago The way to get encription key is described here. Succeeded with way 6. You should use India Location. Any account, fake ore real. Remove existing mi home before installing mod. Got keys. Next step is to connect it to raspberry.
Busyrev
commented
3 years ago @Ernst79 links in your previous post is 404 too
Ernst79
commented
3 years ago Thanks, I've updated the links (it got merged in the mean time, unfortunately the links weren't updated automatically).
BTW. Final version of BLE monitor (Home Assistant integration) is released, with support for YLKG07YL and YLKG08YL dimmers.
If any of you know an easier way to get the key, let me know, than I'll add that to the instructions.
For those who are interested, in the code, dimmer messages are (after decryption) parsed as obj0110(xobj) This message type 0110 is used for both remotes (YLYK01YL) as well as the dimmers, and consists of 3 bytes, in the code called button, value, press. Combinations of these three bytes are converted to output, like dimmer, press_type, remote_command and remote_binary. Dimmer sensors only use dimmer and press type output, the others are for remotes.
The decryption part of the code is at the end of the file, in decrypt_mibeacon_legacy(self, data)
rezmus
commented
3 years ago @Busyrev these 2 methods are working (pair with special mi home app or send miio cmd to ceiling paired with remote/dimmer), but the point is to auth device and read beaconkey directly via bt. some ppl in this issue were able to do that, maybe they can share working code. should be something similar to mikettle with a few adjustments.
gogui63
commented
3 years ago @Ernst79 Do you know how to get the encryption key without ceiling light ? I do not have any BT Xiaomi gateway and I can't connect to the dimmer directly
gogui63
commented
3 years ago 
Unfortunately, doesn't work :(
Ernst79
commented
3 years ago Did you use the modified version of the MiHome mod app (the one with dimmer at the end)?
gogui63
commented
3 years ago Yes mi home mod downloaded on step 6, I see on device list my dimmer but unsucessfully pair it
Ernst79
commented
3 years ago And bluetooth is enabled on your phone? @rezmus Any idea?
rezmus
commented
3 years ago kill app, restart bluetooth, use different phone. just paired mine, no issues.
https://ibb.co/M6x38KM https://ibb.co/3mcbttj https://ibb.co/z80S9WV
dezaxe69210
commented
3 years ago Hello guys thanks a lot for your very hard work! Can you tell me please what are the steps to test the device with another app? Jeedom to be more precise
Ernst79
commented
3 years ago The links I gave are referring to BLE monitor, which is an "custom integration" for Home Assistant. Support for other apps/software has to be developed by others, you will have to ask the developers of the Jeedom software (Bluetooth advertisement plugin) to implement the code in their software. But the hard part is done (getting the BLE messages decrypted and translating the messages to human readable text).
If you have specific questions regarding the code, let me know. Basically you/they should develop something that listens to BLE advertisements, decrypt the advertisements and translate the payload to something readable. The last two steps are (for BLE monitor) done in this file
Busyrev
commented
3 years ago Sebastian at telegram channel https://t.me/xiaomi_gw_v3_hack got link to get key without app or any other shit. https://github.com/rexbut/mikettle/blob/master/get_beacon_key.py not tried for now. Will post here if it works.
rezmus
commented
3 years ago @Busyrev you can read more here
Busyrev
commented
3 years ago Works. posted results here https://github.com/custom-components/ble_monitor/issues/353#issuecomment-846398163
Ernst79
commented
3 years ago Script to get the beaconkey is added in the BLE monitor documentation (including updated script for more devices).
Busyrev
commented
3 years ago Confirming total success. Got encryption key using get_beacon_key, installed HomeAssistant with https://github.com/custom-components/ble_monitor and cofigured device using key. It works.
wouterf11
commented
3 years ago @Ernst79 could you elaborate on how the BLE Monitor works for the YLKG08YL dimmer? How should the data on https://github.com/archaron/docs/blob/master/BLE/ylkg08y.md be combined into decoding a message, say: Click once 58 30 b6 03 | c1 | 69 44 c2 41 24 f8 | 17 4a bb 49 78 d3 02 | 00 00 | 63
with the beaconkey: 10 d8 99 8c 8e cd 72 9d e4 21 02 8d
From what I gather from xiaomi.py: key = "10 d8 99 8c 8e cd 8d 3d 3c 97 72 9d e4 21 02 8d" (beacon(1:6), 8d3d3c97, beacon(6:end)) nonce (iv) = "58 30 b6 03 c1 02 00 00 69 44 c2 41 24" (frame, dev, count, reverse mac(:-1) where count = (packet id, msg(-4:-1)) cipherdata = "17 4a bb 49 78" authdata = "11"
Is (any of) that correct? Many thanks in advance!
rezmus
commented
3 years ago @wouterf11 beaconkey is encrypted in this example (was not decrypted with token). use this sample data for dimmer to check your code.
https://github.com/custom-components/ble_monitor/issues/289#issuecomment-840572486
Ernst79
commented
3 years ago Here is a little python script that shows the decryption. Your message starts at frame ctrl and stops before rssi.
from Cryptodome.Cipher import AES
data_string = "043e25020103008b98c54124f819181695fe5830b603368b98c54124f88bb8f2661351000000d6ef"
aeskey = "b853075158487ca39a5b5ea9"
# frame dev ct ---mac------ ----encrypted payload- rssi
# ctrl id cipherpayld- -cnt-- tk
# 043e25020103008b98c54124f819181695fe 5830 b603 36 8b98c54124f8 8bb8f2661351 000000 d6 ef
data = bytes(bytearray.fromhex(data_string))
key = bytes.fromhex(aeskey)
key_1 = key[0:6]
key_2 = bytes.fromhex("8d3d3c97")
key_3 = key[6:]
key = b"".join([key_1, key_2, key_3])
print("key: ", key.hex())
xiaomi_index = data.find(b'\x16\x95\xFE')
xiaomi_mac_reversed = data[xiaomi_index + 8:xiaomi_index + 14]
print("reversed mac: ", xiaomi_mac_reversed.hex())
# reversed mac: 8b98c54124f8
framectrl_data = data[xiaomi_index + 3:xiaomi_index + 5]
print("frame ctrl: ", framectrl_data.hex())
# frame ctrl: 5830
device_type = data[xiaomi_index + 5:xiaomi_index + 7]
print("device type (product id): ", device_type.hex())
# device type (product id): b603
encrypted_payload = data[xiaomi_index + 14:-1]
print("encrypted payload: ", encrypted_payload.hex())
# encrypted payload: 8bb8f2661351000000d6
packet_id = data[xiaomi_index + 7:xiaomi_index + 8]
payload_counter = b"".join([packet_id, encrypted_payload[-4:-1]])
print("payload counter: ", payload_counter.hex())
# payload_counter: 36000000
nonce = b"".join([framectrl_data, device_type, payload_counter, xiaomi_mac_reversed[:-1]])
print("nonce: ", nonce.hex())
# nonce: 5830b603360000008b98c54124
aad = b"\x11"
token = encrypted_payload[-1:]
print("token: ", token.hex())
# token: d6
cipherpayload = encrypted_payload[:-4]
print("cipher payload: ", cipherpayload.hex())
# cipher payload: 8bb8f2661351
cipher = AES.new(key, AES.MODE_CCM, nonce=nonce, mac_len=4)
cipher.update(aad)
decrypted_payload = cipher.decrypt(cipherpayload)
print("decrypted payload: ", decrypted_payload.hex())
# decrypted payload: 01100300ff04The decrypted payload can be read as follows. 0110 = Button (= type of message according to the MiBeacon protocol) 03 = length of data 00 = button ff = value 04 = press
button, value and press are the names I use in BLE monitor, depending on the device type, they are translated to a message. See the def obj0110(xobj): function in https://github.com/custom-components/ble_monitor/blob/master/custom_components/ble_monitor/ble_parser/xiaomi.py. In this example, press 04 + button = 0 means "rotate left" with (256 - 255(= ff) = 1 steps.
I also tried your BLE advertisement + beaconkey, but it doesn't seem to be right, I get this as result.
decrypted payload: ab330e5cbc82
rezmus
commented
3 years ago I also tried your BLE advertisement + beaconkey, but it doesn't seem to be right, I get this as result.
he used sample data from old github, where beaconkey was not decrypted using token.
beacon_key = cipher(token, peripheral.readCharacteristic(HANDLE_BEACON_KEY)).hex()Thanks a lot!! I will have a look.
kirilldobr
commented
3 years ago I successfully got dimmer beakonKey using method 6 from FAQ, but after adding the integration to HA I am getting weird errors:
2021-05-23 13:30:03 DEBUG (MainThread) [custom_components.ble_monitor.binary_sensor] Data binary sensor received: {'rssi': -55, 'mac': 'F82441C371CD', 'type': 'YLKG07YL/YLKG08YL', 'packet': 1, 'firmware': 'Xiaomi (MiBeacon)', 'data': True}
2021-05-23 13:30:03 DEBUG (MainThread) [custom_components.ble_monitor.sensor] Data measuring sensor received: {'rssi': -55, 'mac': 'F82441C371CD', 'type': 'YLKG07YL/YLKG08YL', 'packet': 1, 'firmware': 'Xiaomi (MiBeacon)', 'data': True}
2021-05-23 13:30:16 DEBUG (MainThread) [custom_components.ble_monitor.binary_sensor] 5 MiBeacon BLE ADV messages processed for 0 binary sensor device(s) total. Priority queue = 0
2021-05-23 13:30:16 DEBUG (MainThread) [custom_components.ble_monitor.sensor] 5 BLE ADV messages processed for 1 measuring device(s).
2021-05-23 13:30:16 DEBUG (Thread-4) [custom_components.ble_monitor] HCIdump thread: main event_loop stopped, finishing
2021-05-23 13:30:16 DEBUG (Thread-4) [custom_components.ble_monitor] HCIdump thread: Scanning will be restarted
2021-05-23 13:30:16 DEBUG (Thread-4) [custom_components.ble_monitor] 3121 HCI events processed for previous period.
2021-05-23 13:30:16 DEBUG (Thread-4) [custom_components.ble_monitor] HCIdump thread: Run
2021-05-23 13:30:16 DEBUG (Thread-4) [custom_components.ble_monitor] HCIdump thread: connected to hci0
2021-05-23 13:30:16 DEBUG (Thread-4) [custom_components.ble_monitor] HCIdump thread: start main event_loop
2021-05-23 13:30:31 ERROR (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 13:30:31 DEBUG (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failed
2021-05-23 13:30:32 ERROR (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 13:30:32 DEBUG (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failed
2021-05-23 13:30:33 DEBUG (MainThread) [custom_components.ble_monitor.binary_sensor] Data binary sensor received: {'rssi': -58, 'mac': 'F82441C371CD', 'type': 'YLKG07YL/YLKG08YL', 'packet': 1, 'firmware': 'Xiaomi (MiBeacon)', 'data': True}
2021-05-23 13:30:33 DEBUG (MainThread) [custom_components.ble_monitor.sensor] Data measuring sensor received: {'rssi': -58, 'mac': 'F82441C371CD', 'type': 'YLKG07YL/YLKG08YL', 'packet': 1, 'firmware': 'Xiaomi (MiBeacon)', 'data': True}
2021-05-23 13:30:33 ERROR (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 13:30:33 DEBUG (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failed
2021-05-23 13:30:35 ERROR (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 13:30:35 DEBUG (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failed
2021-05-23 13:30:35 ERROR (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 13:30:35 DEBUG (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failed
2021-05-23 13:30:37 ERROR (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 13:30:37 DEBUG (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failed
2021-05-23 13:30:37 ERROR (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 13:30:37 DEBUG (Thread-4) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failedMy configuration.yaml:
ble_monitor:
devices:
- mac: 'CD:71:C3:41:24:F8'
name: 'myDimmer'
encryption_key: '346B958D1E040ED240AB84B7'They seem to happen every time dimmer action is sent... Does anyone know what can cause such a behaviour?
Ernst79
commented
3 years ago Did you restart HA?
kirilldobr
commented
3 years ago Yes I did, but the result is the same.
It’s state changes between unknown (dark gray) and unavailable (light gray, during events).
Ernst79
commented
3 years ago Can you show the log from right after the start of HA?
kirilldobr
commented
3 years ago That's debug log enabled, of course.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] udev.sh: executing...
[cont-init.d] udev.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
2021-05-23 16:38:36 WARNING (MainThread) [homeassistant.loader] You are using a custom integration hacs which has not been tested by Home Assistant. This component might cause stability problems, be sure to disable it if you experience issues with Home Assistant
2021-05-23 16:38:36 WARNING (MainThread) [homeassistant.loader] You are using a custom integration ble_monitor which has not been tested by Home Assistant. This component might cause stability problems, be sure to disable it if you experience issues with Home Assistant
2021-05-23 16:38:36 WARNING (MainThread) [homeassistant.loader] You are using a custom integration yandex_smart_home which has not been tested by Home Assistant. This component might cause stability problems, be sure to disable it if you experience issues with Home Assistant
2021-05-23 16:38:42 DEBUG (MainThread) [custom_components.ble_monitor] Initializing BLE Monitor integration (YAML): {'devices': [{'mac': 'CD:71:C3:41:24:F8', 'name': 'Крутилочка', 'encryption_key': '346B958D1E040ED240AB84B7', 'reset_timer': 35, 'restore_state': 'default', 'decimals': 'default', 'use_median': 'default'}], 'bt_interface': ['DC:A6:32:F7:CD:74'], 'log_spikes': False, 'restore_state': False, 'active_scan': False, 'hci_interface': [], 'discovery': True, 'report_unknown': False, 'period': 60, 'decimals': 1, 'rounding': 1, 'batt_entities': True, 'use_median': False, 'is_flow': False, 'ids_from_name': True}
2021-05-23 16:38:42 DEBUG (MainThread) [custom_components.ble_monitor.config_flow] async_step_import: {'devices': [{'mac': 'CD:71:C3:41:24:F8', 'name': 'Крутилочка', 'encryption_key': '346B958D1E040ED240AB84B7', 'reset_timer': 35, 'restore_state': 'default', 'decimals': 'default', 'use_median': 'default'}], 'bt_interface': ['DC:A6:32:F7:CD:74'], 'log_spikes': False, 'restore_state': False, 'active_scan': False, 'hci_interface': [], 'discovery': True, 'report_unknown': False, 'period': 60, 'decimals': 1, 'rounding': 1, 'batt_entities': True, 'use_median': False, 'is_flow': False, 'ids_from_name': True}
2021-05-23 16:38:42 DEBUG (MainThread) [custom_components.ble_monitor.config_flow] async_step_user: {'devices': '--Devices--', 'bt_interface': ['DC:A6:32:F7:CD:74'], 'log_spikes': False, 'restore_state': False, 'active_scan': False, 'hci_interface': [], 'discovery': True, 'report_unknown': False, 'period': 60, 'decimals': 1, 'rounding': 1, 'batt_entities': True, 'use_median': False, 'is_flow': False, 'ids_from_name': True}
2021-05-23 16:38:46 DEBUG (MainThread) [custom_components.ble_monitor] Initializing BLE Monitor entry (config entry): <homeassistant.config_entries.ConfigEntry object at 0x7fa942d460>
2021-05-23 16:38:46 DEBUG (MainThread) [custom_components.ble_monitor] async_setup_entry: domain {'devices': [{'mac': 'CD:71:C3:41:24:F8', 'name': 'Крутилочка', 'encryption_key': '346B958D1E040ED240AB84B7', 'reset_timer': 35, 'restore_state': 'default', 'decimals': 'default', 'use_median': 'default'}], 'bt_interface': ['DC:A6:32:F7:CD:74'], 'log_spikes': False, 'restore_state': False, 'active_scan': False, 'hci_interface': [], 'discovery': True, 'report_unknown': False, 'period': 60, 'decimals': 1, 'rounding': 1, 'batt_entities': True, 'use_median': False, 'is_flow': False, 'ids_from_name': True}
2021-05-23 16:38:46 WARNING (MainThread) [custom_components.ble_monitor] Available Bluetooth interfaces for BLE monitor: ['DC:A6:32:F7:CD:74']
2021-05-23 16:38:46 DEBUG (MainThread) [custom_components.ble_monitor] async_setup_entry: {'devices': [{'mac': 'CD:71:C3:41:24:F8', 'name': 'Крутилочка', 'encryption_key': '346B958D1E040ED240AB84B7', 'reset_timer': 35, 'restore_state': 'default', 'decimals': 'default', 'use_median': 'default'}], 'bt_interface': ['DC:A6:32:F7:CD:74'], 'log_spikes': False, 'restore_state': False, 'active_scan': False, 'hci_interface': [0], 'discovery': True, 'report_unknown': False, 'period': 60, 'decimals': 1, 'rounding': 1, 'batt_entities': True, 'use_median': False, 'is_flow': False, 'ids_from_name': True}
2021-05-23 16:38:46 DEBUG (MainThread) [custom_components.ble_monitor] HCI interface is [0]
2021-05-23 16:38:46 DEBUG (MainThread) [custom_components.ble_monitor] Spawning HCIdump thread
2021-05-23 16:38:46 DEBUG (MainThread) [custom_components.ble_monitor] HCIdump thread: Init
2021-05-23 16:38:46 DEBUG (MainThread) [custom_components.ble_monitor] 1 encryptors mac:key pairs loaded.
2021-05-23 16:38:46 DEBUG (MainThread) [custom_components.ble_monitor] whitelist: []
2021-05-23 16:38:46 DEBUG (MainThread) [custom_components.ble_monitor] 0 whitelist item(s) loaded.
2021-05-23 16:38:46 DEBUG (Thread-5) [custom_components.ble_monitor] HCIdump thread: Run
2021-05-23 16:38:46 DEBUG (Thread-5) [custom_components.ble_monitor] HCIdump thread: connected to hci0
2021-05-23 16:38:46 DEBUG (Thread-5) [custom_components.ble_monitor] HCIdump thread: start main event_loop
2021-05-23 16:38:47 WARNING (MainThread) [homeassistant.config_entries] Config entry 'MFC-J2510 E71354E3F408895' for brother integration not ready yet: Bad IPv4/UDP transport address BRW1C3E84A7D7C3.local@161: [Errno -2] Name does not resolvecaused by <class 'socket.gaierror'>: [Errno -2] Name does not resolve; Retrying in background
2021-05-23 16:38:48 DEBUG (MainThread) [custom_components.ble_monitor.binary_sensor] Starting binary sensor entry startup
2021-05-23 16:38:48 DEBUG (MainThread) [custom_components.ble_monitor.binary_sensor] BLE binary sensors updater initialization
2021-05-23 16:38:48 DEBUG (MainThread) [custom_components.ble_monitor.binary_sensor] BLE binary sensors updater initialized
2021-05-23 16:38:48 DEBUG (MainThread) [custom_components.ble_monitor.binary_sensor] Binary sensor entry setup finished
2021-05-23 16:38:48 DEBUG (MainThread) [custom_components.ble_monitor.sensor] Starting measuring sensor entry startup
2021-05-23 16:38:48 DEBUG (MainThread) [custom_components.ble_monitor.sensor] BLE sensors updater initialization
2021-05-23 16:38:48 DEBUG (MainThread) [custom_components.ble_monitor.sensor] BLE sensors updater initialized
2021-05-23 16:38:48 DEBUG (MainThread) [custom_components.ble_monitor.sensor] Measuring sensor entry setup finished
2021-05-23 16:38:48 DEBUG (MainThread) [custom_components.ble_monitor.binary_sensor] Binary entities updater loop started!
2021-05-23 16:38:48 DEBUG (MainThread) [custom_components.ble_monitor.sensor] Entities updater loop started!
2021-05-23 16:38:50 WARNING (MainThread) [homeassistant.helpers.entity] Updating state for remote.xiaomi_miio_192_168_1_82 (<class 'homeassistant.components.xiaomi_miio.remote.XiaomiMiioRemote'>) took 0.639 seconds. Please create a bug report at https://github.com/home-assistant/core/issues?q=is%3Aopen+is%3Aissue+label%3A%22integration%3A+xiaomi_miio%22
2021-05-23 16:39:09 ERROR (MainThread) [pyhap.characteristic] SecuritySystemCurrentState: value=0 is an invalid value.
2021-05-23 16:39:09 ERROR (MainThread) [pyhap.characteristic] SecuritySystemTargetState: value=0 is an invalid value.
2021-05-23 16:39:40 WARNING (MainThread) [homeassistant.helpers.template] Template variable warning: 'dict object' has no attribute 'click' when rendering '{{ value_json.click }}'
2021-05-23 16:39:41 WARNING (MainThread) [homeassistant.helpers.template] Template variable warning: 'dict object' has no attribute 'click' when rendering '{{ value_json.click }}'
2021-05-23 16:39:41 WARNING (MainThread) [homeassistant.helpers.template] Template variable warning: 'dict object' has no attribute 'click' when rendering '{{ value_json.click }}'
2021-05-23 16:39:48 DEBUG (MainThread) [custom_components.ble_monitor.binary_sensor] 0 MiBeacon BLE ADV messages processed for 0 binary sensor device(s) total. Priority queue = 0
2021-05-23 16:39:48 DEBUG (MainThread) [custom_components.ble_monitor.sensor] 0 BLE ADV messages processed for 0 measuring device(s).
2021-05-23 16:39:48 DEBUG (Thread-5) [custom_components.ble_monitor] HCIdump thread: main event_loop stopped, finishing
2021-05-23 16:39:48 DEBUG (Thread-5) [custom_components.ble_monitor] HCIdump thread: Scanning will be restarted
2021-05-23 16:39:48 DEBUG (Thread-5) [custom_components.ble_monitor] 3085 HCI events processed for previous period.
2021-05-23 16:39:48 DEBUG (Thread-5) [custom_components.ble_monitor] HCIdump thread: Run
2021-05-23 16:39:48 DEBUG (Thread-5) [custom_components.ble_monitor] HCIdump thread: connected to hci0
2021-05-23 16:39:48 DEBUG (Thread-5) [custom_components.ble_monitor] HCIdump thread: start main event_loop
2021-05-23 16:39:51 WARNING (MainThread) [homeassistant.components.media_player] Updating samsungtv media_player took longer than the scheduled update interval 0:00:10
2021-05-23 16:40:15 ERROR (Thread-5) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 16:40:15 DEBUG (Thread-5) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failed
2021-05-23 16:40:16 ERROR (Thread-5) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 16:40:16 DEBUG (Thread-5) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failed
2021-05-23 16:40:16 DEBUG (MainThread) [custom_components.ble_monitor.binary_sensor] Data binary sensor received: {'rssi': -44, 'mac': 'F82441C371CD', 'type': 'YLKG07YL/YLKG08YL', 'packet': 1, 'firmware': 'Xiaomi (MiBeacon)', 'data': True}
2021-05-23 16:40:16 DEBUG (MainThread) [custom_components.ble_monitor.sensor] Data measuring sensor received: {'rssi': -44, 'mac': 'F82441C371CD', 'type': 'YLKG07YL/YLKG08YL', 'packet': 1, 'firmware': 'Xiaomi (MiBeacon)', 'data': True}
2021-05-23 16:40:16 DEBUG (MainThread) [custom_components.ble_monitor.sensor] Sensor device with mac address F8:24:41:C3:71:CD has the following settings. Name: F82441C371CD. Temperature unit: °C. Decimals: 1. Use Median: False. Restore state: False. Reset Timer: 35.
2021-05-23 16:40:16 DEBUG (MainThread) [custom_components.ble_monitor.sensor] async_added_to_hass called for ble dimmer F82441C371CD
2021-05-23 16:40:17 ERROR (Thread-5) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 16:40:17 DEBUG (Thread-5) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failed
2021-05-23 16:40:19 ERROR (Thread-5) [custom_components.ble_monitor.ble_parser.xiaomi] Decryption MiBeacon V2/V3 advertisement failed: No encryption key found
2021-05-23 16:40:19 DEBUG (Thread-5) [custom_components.ble_monitor.ble_parser.xiaomi] Invalid data: Data decryption failedBtw, i'm running on a RPI B4, Home Assistant OS 5.13
Ernst79
commented
3 years ago You have entered the MAC address reversed (per two characters in your config
kirilldobr
commented
3 years ago Script told me that mac address is
{'mac': 'cd71c34124f8', 'evtid': 4097, 'pid': 950, 'beaconkey': '346b958d1e040ed240ab84b7'}I double checked mac address in the config, it's the exact same. I am not seeing something obvious, aren't I (
kirilldobr
commented
3 years ago I got it! The script returns MAC address in the reversed order! Everything works now.
Thank you for your help and your amazing work, I've been following the YLKg08YL thread closely, it inspired me to create a proper home automation ✨
Ernst79
commented
3 years ago I will change the script to return the real MAC. I can understand its confusing.
rezmus
commented
3 years ago @Ernst79 mac is reversed in miio cmd response (method 6 he used). just bold in faq to reverse it during remote/dimmer setup in HA.
afaik mac for dimmer/remote (not from bundle) always starts with F8:24:41.
Ernst79
commented
3 years ago Ah, you’re right. I’ll highlight it in the FAQ
psylity
commented
2 years ago I've made a full python code that pairs and reads Yeelight dimmer data. For those who want the working code - check it out https://github.com/psylity/yeelight-dimmer-python
psylity
commented
2 years ago Also I'm glad to present ESP-IDF component that adds Yeelight YLKG08Y support to your ESP32 projects - yeelight-dimmer-esp32
Busyrev
commented
2 years ago @psylity @AlexxIT do you know any way to read battery level for this dimmers?
onlysunjun
commented
2 years ago kill app, restart bluetooth, use different phone. just paired mine, no issues.
https://ibb.co/M6x38KM https://ibb.co/3mcbttj https://ibb.co/z80S9WV
Dose the xiaomihome app need the old version? the web url is cannot work,https://github.com/custom-components/ble_monitor/issues/353 ,could you share the xiaomihome app? thx
AlexxIT
commented
2 years ago @Busyrev Does any Xiaomi software show the battery value?
Busyrev
commented
2 years ago Does any Xiaomi software show the battery value?
No idea, I`m not using xiaomi software at all.
psylity
commented
2 years ago @psylity @AlexxIT do you know any way to read battery level for this dimmers?
There is no place left in standard ble packet to store the battery level information.
Artoria2e5
commented
4 months ago https://stackoverflow.com/questions/70426330/decrypt-aes-128-ccm-on-nodejs-without-auth-tag reports that the mac_len=4 is actually incorrect: the message contains no MAC at all. I believe this means that the encryption scheme is not regular CCM, but CCM* in ZigBee 802.15.4 Annex B. The 13-byte nonce seems to match.
As a result:
mac_len should be 0. Of course, this is not allowed in regular CCM, so the library won't accept it; you have to use a wrong one. (It is a mistake to decrypt without verify in CCM too, but sometimes two wrongs make a right haha)b'\x11' is unnecessary. An update is only needed to make the MAC match. If there is no MAC to check against, no update is needed.(Also, I don't think you should bother libraries to support a mac_len=0. It's reckless and weird -- it's overall hard to justify.)
The C code with aes_ccm_auth_decrypt works because MBEDTLS allows you to make the same mistake. It gives a return value MBEDTLS_ERR_CCM_AUTH_FAILED, but the decrypted data is already there!
Inputs from @matthias-schulz