search

piggz / harbour-amazfish

Amazfit Bip support for SailfishOS
GNU General Public License v3.0
103 stars 52 forks source link

Amazfit NEO pairing #375

Open jmlich opened 6 months ago

jmlich commented 6 months ago

There are many differences from my previous try:

I am trying to pair with Amazfit NEO. The device is connected to zepp application and I am getting token with

$ python3 -m huami_token -m amazfit -e user@domain.com -p 'Password' -b
...CUT...
╓───Device 0
║  MAC: E1:87:29:30:E4:E7, active: Yes
║  Key: 0xcaa04207ff084f260d8513a5d75d8dcf
╙────────────

The 0xcaa04207ff084f260d8513a5d75d8dcf (including 0x) was entered into dialog.

I can see authfailed message in daemon's log:

2024-05-12 17:34:36.615 : void MiBand2Service::characteristicChanged(const QString&, const QByteArray&) Changed: "00000009-0000-3512-2118-0009af100700" "\x10\x83\b"
2024-05-12 17:34:36.615 : Unexpected data
2024-05-12 17:34:36.615 : void HuamiDevice::authenticated(bool) false
2024-05-12 17:34:36.615 : void AbstractDevice::setConnectionState(const QString&) Connection state: "authfailed"

Whole log follows:

2024-05-12 17:34:36.526 : 9 nodes
2024-05-12 17:34:36.527 : Creating service for:  "00001801-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.527 : Creating service for:  "0000180a-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.527 : Creating service for:  "00001530-0000-3512-2118-0009af100700"
2024-05-12 17:34:36.528 : Creating service for:  "00001811-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.528 : Creating service for:  "00001802-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.528 : Creating service for:  "0000fee0-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.528 : Creating service for:  "0000fee1-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.529 : Creating service for:  "0000180d-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.529 : Got MiBand2 service
2024-05-12 17:34:36.529 : Starting notify for  "00000009-0000-3512-2118-0009af100700"
2024-05-12 17:34:36.529 : void MiBand2Service::initialise(bool) Writing request for auth number
2024-05-12 17:34:36.529 : QByteArray MiBand2Service::requestAuthNumber() Crypt Byte: 128
2024-05-12 17:34:36.529 : Writing to  "00000009-0000-3512-2118-0009af100700" : "8200020100"
2024-05-12 17:34:36.529 : virtual void NeoDevice::initialise() Neo Firmware:  "V1.1.2.58"
2024-05-12 17:34:36.529 : virtual void HuamiDevice::onPropertiesChanged(QString, QVariantMap, QStringList) "org.bluez.Device1" QMap(("Modalias", QVariant(QString, "bluetooth:v0157p0043d0100"))) ()
2024-05-12 17:34:36.530 : virtual void NeoDevice::initialise()
2024-05-12 17:34:36.530 : void AbstractDevice::setConnectionState(const QString&) Connection state: "connected"
2024-05-12 17:34:36.530 : void NeoDevice::parseServices()
2024-05-12 17:34:36.530 : Resolved services...
2024-05-12 17:34:36.530 : <!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node><interface name="org.freedesktop.DBus.Introspectable"><method name="Introspect"><arg name="xml" type="s" direction="out"/>
</method></interface><interface name="org.bluez.Device1"><method name="Disconnect"></method><method name="Connect"></method><method name="ConnectProfile"><arg name="UUID" type="s" direction="in"/>
</method><method name="DisconnectProfile"><arg name="UUID" type="s" direction="in"/>
</method><method name="Pair"></method><method name="CancelPairing"></method><property name="Address" type="s" access="read"></property><property name="AddressType" type="s" access="read"></property><property name="Name" type="s" access="read"></property><property name="Alias" type="s" access="readwrite"></property><property name="Class" type="u" access="read"></property><property name="Appearance" type="q" access="read"></property><property name="Icon" type="s" access="read"></property><property name="Paired" type="b" access="read"></property><property name="Bonded" type="b" access="read"></property><property name="Trusted" type="b" access="readwrite"></property><property name="Blocked" type="b" access="readwrite"></property><property name="LegacyPairing" type="b" access="read"></property><property name="RSSI" type="n" access="read"></property><property name="Connected" type="b" access="read"></property><property name="UUIDs" type="as" access="read"></property><property name="Modalias" type="s" access="read"></property><property name="Adapter" type="o" access="read"></property><property name="ManufacturerData" type="a{qv}" access="read"></property><property name="ServiceData" type="a{sv}" access="read"></property><property name="TxPower" type="n" access="read"></property><property name="ServicesResolved" type="b" access="read"></property><property name="WakeAllowed" type="b" access="readwrite"></property><property name="Sets" type="a{oa{sv}}" access="read"></property></interface><interface name="org.freedesktop.DBus.Properties"><method name="Get"><arg name="interface" type="s" direction="in"/>
<arg name="name" type="s" direction="in"/>
<arg name="value" type="v" direction="out"/>
</method><method name="Set"><arg name="interface" type="s" direction="in"/>
<arg name="name" type="s" direction="in"/>
<arg name="value" type="v" direction="in"/>
</method><method name="GetAll"><arg name="interface" type="s" direction="in"/>
<arg name="properties" type="a{sv}" direction="out"/>
</method><signal name="PropertiesChanged"><arg name="interface" type="s"/>
<arg name="changed_properties" type="a{sv}"/>
<arg name="invalidated_properties" type="as"/>
</signal>
</interface><node name="service0008"/><node name="service000c"/><node name="service001a"/><node name="service0020"/><node name="service0027"/><node name="service002a"/><node name="service005b"/><node name="service0070"/></node>
2024-05-12 17:34:36.530 : 9 nodes
2024-05-12 17:34:36.530 : Creating service for:  "00001801-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.531 : Creating service for:  "0000180a-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.531 : Creating service for:  "00001530-0000-3512-2118-0009af100700"
2024-05-12 17:34:36.531 : Creating service for:  "00001811-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.532 : Creating service for:  "00001802-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.532 : Creating service for:  "0000fee0-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.532 : Creating service for:  "0000fee1-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.533 : Creating service for:  "0000180d-0000-1000-8000-00805f9b34fb"
2024-05-12 17:34:36.533 : Got MiBand2 service
2024-05-12 17:34:36.533 : Starting notify for  "00000009-0000-3512-2118-0009af100700"
2024-05-12 17:34:36.533 : void MiBand2Service::initialise(bool) Writing request for auth number
2024-05-12 17:34:36.533 : QByteArray MiBand2Service::requestAuthNumber() Crypt Byte: 128
2024-05-12 17:34:36.533 : Writing to  "00000009-0000-3512-2118-0009af100700" : "8200020100"
2024-05-12 17:34:36.533 : virtual void NeoDevice::initialise() Neo Firmware:  "V1.1.2.58"
2024-05-12 17:34:36.533 : void MiBand2Service::characteristicChanged(const QString&, const QByteArray&) Changed: "00000009-0000-3512-2118-0009af100700" "\x10\x82\x01\x97\x9F""d\x10\xA9\x99&\xFA\x9B\xF3\xC8""Dm\xADJ\xEE"
2024-05-12 17:34:36.533 : Received random auth number, sending encrypted auth number
2024-05-12 17:34:36.534 : Writing to  "00000009-0000-3512-2118-0009af100700" : "8300057e4d35b66f3db36d080e90368991d1"
2024-05-12 17:34:36.555 : void MiBand2Service::characteristicChanged(const QString&, const QByteArray&) Changed: "00000009-0000-3512-2118-0009af100700" "\x10\x82\x01\xC9\xB2\xB2\x0Fsd\xCCq}\xF6""F\xB3\xE7h \xD5"
2024-05-12 17:34:36.555 : Received random auth number, sending encrypted auth number
2024-05-12 17:34:36.555 : Writing to  "00000009-0000-3512-2118-0009af100700" : "8300768f534da6d08cfbf243eacf9acf064a"
2024-05-12 17:34:36.556 : void MiBand2Service::characteristicChanged(const QString&, const QByteArray&) Changed: "00000009-0000-3512-2118-0009af100700" "\x10\x82\x01\xFF\xE7\f\x98\x91""aN\x02\x03;p\xCCUur\xF6"
2024-05-12 17:34:36.556 : Received random auth number, sending encrypted auth number
2024-05-12 17:34:36.556 : Writing to  "00000009-0000-3512-2118-0009af100700" : "8300bace6f93a6e61073960d631c74248c4b"
2024-05-12 17:34:36.571 : void MiBand2Service::characteristicChanged(const QString&, const QByteArray&) Changed: "00000009-0000-3512-2118-0009af100700" "\x10\x83\b"
2024-05-12 17:34:36.571 : Unexpected data
2024-05-12 17:34:36.571 : void HuamiDevice::authenticated(bool) false
2024-05-12 17:34:36.571 : void AbstractDevice::setConnectionState(const QString&) Connection state: "authfailed"
2024-05-12 17:34:36.571 : void DeviceInterface::onConnectionStateChanged() "authfailed"
2024-05-12 17:34:36.585 : void MiBand2Service::characteristicChanged(const QString&, const QByteArray&) Changed: "00000009-0000-3512-2118-0009af100700" "\x10\x83\b"
2024-05-12 17:34:36.585 : Unexpected data
2024-05-12 17:34:36.585 : void HuamiDevice::authenticated(bool) false
2024-05-12 17:34:36.585 : void AbstractDevice::setConnectionState(const QString&) Connection state: "authfailed"
2024-05-12 17:34:36.615 : void MiBand2Service::characteristicChanged(const QString&, const QByteArray&) Changed: "00000009-0000-3512-2118-0009af100700" "\x10\x83\b"
2024-05-12 17:34:36.615 : Unexpected data
2024-05-12 17:34:36.615 : void HuamiDevice::authenticated(bool) false
2024-05-12 17:34:36.615 : void AbstractDevice::setConnectionState(const QString&) Connection state: "authfailed"
2024-05-12 17:34:42.327 : Close notification 1 1
2024-05-12 17:34:42.327 :  but it is not found
2024-05-12 17:35:35.649 : virtual void HuamiDevice::onPropertiesChanged(QString, QVariantMap, QStringList) "org.bluez.Device1" QMap(("Connected", QVariant(bool, false))("ServicesResolved", QVariant(bool, false))) ()
2024-05-12 17:35:35.649 : void AbstractDevice::setConnectionState(const QString&) Connection state: "disconnected"
2024-05-12 17:35:35.649 : void DeviceInterface::onConnectionStateChanged() "disconnected"

It looks like the "\x10\x83\b" is the unexpected data. Maybe also @kirbylife can take a look.

jmlich commented 6 months ago

The Gadgetbridge is able to connect to Amazfit NEO without troubles. I tried to compare the pairing mechanism in gadgetbridge and amazfish. So far I can see the only difference, gadget bridge is using bytes 3-19 and amazfish bytes 3-17:

https://codeberg.org/Freeyourgadget/Gadgetbridge/src/branch/master/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huami/operations/init/InitOperation.java#L163

https://github.com/piggz/harbour-amazfish/blob/8efe63483330b31ff00728ad8e8c0f1b609bb547/daemon/src/services/miband2service.cpp#L44

The value "\x10\x83\b" for characteristics corresponds to this condition

value[0] == RESPONSE && 
(value[1] & 0x0f) == AUTH_SEND_ENCRYPTED_AUTH_NUMBER && 
value[2] == 0x08

doesn't seems to be handled in gadgetbridge either.

kirbylife commented 6 months ago

Are you able to pair other Amazfit watches on that version of Amazfish? or only the NEO is the one with the problem? Because it seems that the erroneously fetched data issue may also correspond to a problem of using the miband2 service for the Neo.

jmlich commented 6 months ago

I don't have any other Amazfit device to test.