Open gaurav21r opened 4 months ago
Hi thank you for your interest,
For all the devices except AC devices, IR patterns are encrypted by Xiaomi, thus the files you will find in the database are as this from their servers.
The deciphering is made in about 5 lines of Python: https://github.com/ysard/mi_remote_database/blob/6751bd828c941087da77666641c749f59a42ed8d/src/crypt_utils.py#L37-L69
These 5 lines summarize hours of research, the reversing process has been described in a series of articles here: https://pro-domo.ddns.net/blog/retro-ingenierie-dune-application-android-xiaomi-mi-remote-partie-1.html
BUT the IR patterns for AC devices are not reverse engineered since the data is very different (and seems to be not encrypted).
The data is processed in the Xiaomi Mi Remote application by specific routines. This is probably because the way these devices are controlled is radically different.
In the AC files, you won't find any IR code for any specific function; the keys are apparently associated with ids. The ids themselves are associated with pieces of IR patterns, with code from a scripting language (LUA), or with combinations of key ids. Multiple field separators are used, such as &, @ or |.
All of this requires you to go back into the application to determine the processing applied to this data. You'll have guessed that IR patterns seem to be dynamic (lots of bitwise operations for example) and not fixed as is the case with other devices.
I can't tell you much more than that, but I suppose that having a device supported by the application at hand would enable you to progress quickly in creating a parser.
If you're able to work on this part, I'd be happy to add your knowledge to the project.
Once decompiled, you will find some/all ids to functions mappings in the file com/hzy/tvmao/p394ir/p395ac/ACConstants.java The app uses the library https://github.com/jasonsantos/luajava for its LUA to Java binding.
More generally you will find all the code related to AC devices in the package com/hzy/tvmao/.
If there is encryption it's as for the rest implemented in a native Android library: for example ./resources/lib/armeabi-v7a/libirdevice.so
With the following routines:
But as I said earlier, the biggest problem is to understand the processing of the data & LUA code.
This is really really fantastic work @ysard ! Can't thank you enough.
I am making an app for better sleep and cure some sleep related disorders for people. One of the essential aspects is the ability of the user to control their temperature and having an IR Blaster with old ACs will ensure this app is usable bythose beyond expensive Home Automation / Centralised Air Conditioning.
When I ran some of the commands mentioned in README, I got this:
Even opening the Database, I can see that the JSON still has cryptic parts inside. I'd like to contribute towards deciphering the AC side, but can you tell me some hints / places where I can start?
I understand Base64 encoding but can you point me to someplace where I can see how you have decrypted the other functions / frequencies, the AES details etc?