search

nkaminski / csrmesh

Reverse engineered bridge implementation of the CSRMesh BTLE protocol
GNU Lesser General Public License v3.0
70 stars 20 forks source link

How to get the pin ? #15

Closed deennoo closed 7 years ago

deennoo commented 7 years ago

Hello,

i'm using Awox c9 mesh bulb : http://www.awox.com/awox_product/smartlight-c9-mesh-2/

They really looks like your bulb, but with app we can't get the pin code, any idea how to get it please ?

already try : `csrmesh-cli --pin 1234 --dest A4:C1:38:65:0D:01 --level 40 lightbulb

Running: gatttool -b A4:C1:38:65:0D:01 --char-write-req -a 0x0011 -n 38ee41008046894c883bccbb57a320ba2186061f

Characteristic Write Request failed: Request attribute has encountered an unlikely error

Running: gatttool -b A4:C1:38:65:0D:01 --char-write-req -a 0x0014 -n 79f428ff

Characteristic Write Request failed: Request attribute has encountered an unlikely error`

nkaminski commented 7 years ago

The PIN code is used to derive a 128 bit AES key. CSRMesh also supports provisioning devices where the key is provided directly as opposed to deriving such from the PIN. Can you explain the setup and initial configuration process of the official app with a new device in as much detail as possible since that will help provide some insight as to how/where the network key is being derived or generated.

deennoo commented 7 years ago

Thx for your answer,

First plug the bulb Then the app Create an account who goes on cloud Then discover device and Drive it.

No need of cloud after this, just to create an account and discover bulb.

I'm think that pin is randomly created when tous create your account

nkaminski commented 7 years ago

PIN is likely stored in the cloud, your best bet is currently to either sniff the network communication ot baksmail and patch the app to print the key to the console. Both will be rather technically advanced solutions though.

On February 15, 2017 12:02:33 AM CST, deennoo notifications@github.com wrote:

Thx for your answer,

First plug the bulb Then the app Create an account who goes on cloud Then discover device and Drive it.

No need of cloud after this, just to create an account and discover bulb.

I'm think that pin is randomly created when tous create your account

-- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/nkaminski/csrmesh/issues/15#issuecomment-279924862

-- Sent from my Android device with K-9 Mail.

deennoo commented 7 years ago

Does getting value from the good handle can help to get the pin ?

Got only one handle value who change when turn on/off/change brightness/or white temp

nkaminski commented 7 years ago

If it is a 4 digit pin, you can use the network_key_bruteforce function to compute the PIN. If not, it will require computation with O(2^128) time complexity to derive the key from a packet which cannot be solved in any reasonable amount of time. You are much better off snooping the network communication between the app and cloud service using mitmproxy or similar.