Issues getting New Keyscanning to work.

[creedda]

The hcitool lescan part works and it is correctly identifying my Mac address for my smart blind. (Based on what I can see in hcitool and the name being presented) I have the blind very close to the pi (less than a meter) and I have tried upping the number of attempts. No dice. I also disconnected my bridge and verified that the IOS app still works. The blind I am trying to connect to works flawlessly with the IOS app. battery is at 100% (and solar charging).

Where to go from here? Happy to run some tests on my pi to try and get more data. I don't have an android phone or special LE sniffer though :/

Like I specified before I was able to control the blind through the hub via another library. Looking through what the api provides this is what I can see so far:

[Blind(name='Living Room',encoded_mac='gxxxxx7+',room_id='6xxxxxxx-0xxx-4xxx-axxx-2xxxxxxxxxx'), Blind(name='Big Window',encoded_mac='gxxxxx7+',room_id='6xxxxxxx-0xxx-4xxx-axxx-2xxxxxxxxxx'), Blind(name='Balcony Door',encoded_mac='rxxxxxxr',room_id='6xxxxxxx-0xxx-4xxx-axxx-2xxxxxxxxxx)]
{'rxxxxxxr': BlindState(position=-1,rssi=0,battery_level=-1), 'gxxxxx7+': BlindState(position=-1,rssi=0,battery_level=-1)}

(Note: The position, rssi, and battery level are not 0 or -1 when the bridge is on and connected to the blinds)

Not sure if any of that helps,

[dnschneid]

Could you please look through the iOS app and report on your blind's firmware version?

[creedda]

v2.0

[dnschneid]

Alright, so it isn't some magical new version with actual security. I guess the quickest way would be to see if the API can return the passcode, then we can backtrack to figure out why the scanning code isn't working.

[dnschneid]

For expediency, you might want to look into getting your hands on an old Android device to do the bluetooth hci log approach, though.

[creedda]

I added some logging to the keyscan and _connect functions to try and trace the script as it steps through the keys and I'm not convinced its trying them all correctly. I'll keep it up and let you know if I find anything or adjust it to get it to work.

[creedda]

No dice. Was not able to get it working.

I was however able to pull my encoded Mac and encoded passkey via https://github.com/ianlevesque/smartblinds-client

You mentioned in other posts that the encoded items are base64, but when I try and encode or decode using base64 I don't get valid Mac addresses so I am assuming the passkeys would be wrong too. Can you clarify what process I need to run these things through to get usable Macs and passkeys. Just making sure I'm not missing something.

[dnschneid]

echo $encoded | base64 -d | hexdump -e '6/1 "%02x " "\n"'
will give you the raw bytes for the encoded text.
The MAC address are those bytes in backwards order, separated by colons (aa bb cc dd ee ff becomes ff:ee:dd:cc:bb:aa).
The passcode is in the correct order; just remove the spaces.

[creedda]

Thanks, I followed your directions and did verify I was getting the same MAC address. My key is only 6 bytes long though. In your examples yours was 7 bytes?

It should look something like: (0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE)?

Whereas mine looks like (0x6X, 0xXX, 0xXX, 0xXX, 0xXX, 0xXE) (6X XX XX XX XX Xe)

Maybe thats why the scan failed?

I haven't been able to get the httpserver example working using the key. but I will try later tonight and see if I can get it to work.

Thanks,

[dnschneid]

My key ends in 0x00, so 6 bytes is probably right.

[creedda]

Interesting, So I should just be able to put in the first byte and it should work right?

My key starts with 60. So this is my setup a the beginning of the example:

BLINDS = {
'living_room': {
'description': 'Living Room',
'mac': 'EX:XX:XX:XX:XX:XD',
'key': 0x60,
},
}

Pos always returns 0 but gives a 200. I assume its because it always returns 0 until the first connection. All POST commands seem to produce a 504. Nothing seems to be coming out of stderr.

Going to investigate if my bluetooth is working correctly on my pi3. Make sure thats not the issue. Can you confirm that I have it in the right format?

[dnschneid]

It's possible that one byte isn't enough. Try specifying the entire key in a tuple and updating this line to drop the [0]

[creedda]

So I finally got it working. First I tried doing what you suggested, but I was getting the following error:

Traceback (most recent call last):
  File "httpserver.py", line 106, in <module>
    init_devices()
  File "httpserver.py", line 38, in init_devices
    blind['blind'].pos(200)
  File "/var/lib/homebridge/mysmartblinds/pysmartblinds/pysmartblinds/pysmartblinds.py", line 195, in pos
    return self._update()
  File "/var/lib/homebridge/mysmartblinds/pysmartblinds/pysmartblinds/pysmartblinds.py", line 145, in _update
    if not self._set(pos):
  File "/var/lib/homebridge/mysmartblinds/pysmartblinds/pysmartblinds/pysmartblinds.py", line 116, in _set
    if not self._connect():
  File "/var/lib/homebridge/mysmartblinds/pysmartblinds/pysmartblinds/pysmartblinds.py", line 96, in _connect
    True)
  File "/usr/local/lib/python3.5/dist-packages/pygatt/backends/gatttool/device.py", line 17, in wrapper
    return func(self, *args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/pygatt/backends/gatttool/device.py", line 48, in char_write_handle
    self._backend.char_write_handle(self, handle, *args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/pygatt/backends/gatttool/gatttool.py", line 53, in wrapper
    return func(self, *args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/pygatt/backends/gatttool/gatttool.py", line 497, in char_write_handle
    ''.join("{0:02x}".format(byte) for byte in value),
  File "/usr/local/lib/python3.5/dist-packages/pygatt/backends/gatttool/gatttool.py", line 497, in <genexpr>
    ''.join("{0:02x}".format(byte) for byte in value),
TypeError: unsupported format string passed to tuple.__format__

I figured you must have made additional changes to the script that was not accounting for a larger key. I then went back to the last version of the repository that still used the full key. I then inserted my 6 byte key and it worked!

So we know I have the right key. We just don't know why I can't control my blind with one byte only and why the scanner couldn't pick up my key.

I started trying to reduce the number of bytes in the key using the working code, and everything continued to work with only 5 bytes, but as soon as I removed the 5th byte it started giving me 504 errors and not working. So my setup requires that 5th byte. Maybe a different byte in the 7-6 bytes is selected as the key byte and the rest don't matter? Not sure just wanted to give you an update. Ill run some more tests and report my findings.

More than happy to run some tests for you if you want if you have ideas on things you want me to try.

[dnschneid]

Apologies you had to dig through the code history to get that working, but that's fantastic info. Thanks! It sounds like we should move towards requesting the key via the API, and leaving the scanning as a YMMV thing.