Leiaz/python-awox-mesh-light

Different encryption method ?

Opened this issue · 0 comments

Hi. I am trying to control my ESMLzm_c9 light bulb (firmware 1.0.192, hardware 4.62) with my Raspberry Pi.

I seem to be able to connect to the light bulb, when it is unpaired or when it is paired with my awox control app (I got the mesh name and password from home assistant plugin connected to my awox account). The pairing procedure seems to work (writing to pair UUID, then reading it to get the bulb's key), but any command I send afterwards is just ignored by the lightbulb.

I "btsnooped" my phone when controlling the bulb from the app : I can see the pair packet going out, and I can even re-generate this packet from the python script (make_pair_packet) with the mesh name and password + the nonce from the snooped payload. Both the pair packet from my phone, and the re-generated pair packet from "make_pair_packet" coincide.

However, after connecting, when I try a command like "light.off()" for example, the light stays on. The command sent by my phone to switch on and off the light is encrypted all right, but its length is different from the one generated by the script (17 Bytes sent by my phone, vs. 20 Bytes from the "make_command_packet" function), which makes me think that the command interface is different.

I got the snooped pair reply from the bulb and built the session key to try and decrypt the other snooped command messages, and reverse engineer the interface, to maybe add it to this library, but no luck so far. Maybe the nonce or session key generation methods have changed as well.

Anyway, do you think it could be a version issue or a different model ? Where did you find the information about the bulb command protocol & packet format ?