You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to port this code to Flutter(dart) so people can use it in their mobile devices to communicate with MiBand 3, However I am stuck in authentication. I am not familiar with js too much unfortunately :(
In the code, author shared the comment below.
// TODO: this is constant for now, but should random and managed per-device
this.key = new Buffer('30313233343536373839404142434445', 'hex');
Is this a problem? Why does it need to be managed per device?
I always thought the key was related to a value hardcoded in the MiBand(like a serial number or so)
Back to my Authorization problem. Can anybody please summarize the authentication process for MiBand3? Seems like auth differs for all the different MiBands (1,2,3,4) and the resources on the internet confuses me. I am interested in MiBand3. This repos web app works perfectly so this code is working with my MiBand3
await this.startNotificationsFor('auth')
await this.authenticate()
// Notifications should be enabled after auth
for (let char of ['hrm_data', 'event', 'raw_data']) {
await this.startNotificationsFor(char)
}
What did I understand wrong?
1-We run startNotifications on "auth" characteristic which is;
00000009-0000-3512-2118-0009af100700
which runs await this.authReqRandomKey() and requests the MiBand for a Random Key. However, aren't we supposed to run authSendNewKey(key) before requesting the random key? I am very confused here.
I am thinking maybe sending authReqRandomKey before authSendNewKey throws an error inside of _handleNotify which is;
else if (cmd === '100304') {
debug('Encryption Key Auth Fail, sending new key...')
this.authSendNewKey(this.key)
}
which fires the authSendNewKey for the first time. Inside of this we prepend 0108 to the constant Key I talked about in the beginning: this.char.auth.writeValue(AB([0x01, 0x08], key))
3-MiBand takes this constant Key and sends us a 100101 inside _handleNotify:
if (cmd === '100101') { // Set New Key OK
this.authReqRandomKey()
}
4-MiBand gets our request and sends us the random number:
else if (cmd === '100201') { // Req Random Number OK
let rdn = value.slice(3)
let cipher = crypto.createCipheriv('aes-128-ecb', this.key, '').setAutoPadding(false)
let encrypted = Buffer.concat([cipher.update(rdn), cipher.final()])
this.authSendEncKey(encrypted)
}
And we use this random number and do the AES stuff to get the encrypted key
5-We send the encrypted key to MiBand by: this.char.auth.writeValue(AB([0x03, 0x08], encrypted))
6-_handleNotify is triggered for the last time with a value of 100301:
else if (cmd === '100301') {
debug('Authenticated')
this.emit('authenticated')
}
I don't understand what does this.once('authenticated', resolve); inside of the AuthenticatePromise have to do any thing with the this.emit('authenticated') inside of the _handleNotify.
7- Now we are authenticated and ready to do the heart rate stuff.
A1-Setting on auth notifications (to get a response) by sending 2 bytes request \x01\x00 to the Des.
A2-Send 16 bytes encryption key to the Char with a command and appending to it 2 bytes \x01\x00 + KEY.
A3-Requesting random key from the device with a command by sending 2 bytes \x02\x00 to the Char.
A4-Getting random key from the device response (last 16 bytes).
A5-Encrypting this random number with our 16 bytes key using the AES/ECB/NoPadding encryption algorithm (from Crypto.Cipher import AES) and send it back to the Char (\x03\x00 + encoded data)
In A1 he talks about sending x01x00 to initiate the auth process. However I did not see something like that in this code. Was it specific to MiBand 2 and not MiBand3?
@dj0001 I am sure you can help me:) I have seen some of your very helpful comments in the issues. Can you please clarify this authorization process
The text was updated successfully, but these errors were encountered:
I am trying to port this code to Flutter(dart) so people can use it in their mobile devices to communicate with MiBand 3, However I am stuck in authentication. I am not familiar with js too much unfortunately :(
In the code, author shared the comment below.
Is this a problem? Why does it need to be managed per device?
I always thought the key was related to a value hardcoded in the MiBand(like a serial number or so)
Back to my Authorization problem. Can anybody please summarize the authentication process for MiBand3? Seems like auth differs for all the different MiBands (1,2,3,4) and the resources on the internet confuses me. I am interested in MiBand3. This repos web app works perfectly so this code is working with my MiBand3
What did I understand wrong?
1-We run
startNotifications
on "auth" characteristic which is;00000009-0000-3512-2118-0009af100700
This allows auth event changes to be listened by
_handleNotify()
function2-We run
authenticate()
:which runs
await this.authReqRandomKey()
and requests the MiBand for a Random Key. However, aren't we supposed to runauthSendNewKey(key)
before requesting the random key? I am very confused here.I am thinking maybe sending
authReqRandomKey
beforeauthSendNewKey
throws an error inside of_handleNotify
which is;which fires the
authSendNewKey
for the first time. Inside of this we prepend0108
to the constant Key I talked about in the beginning:this.char.auth.writeValue(AB([0x01, 0x08], key))
3-MiBand takes this constant Key and sends us a
100101
inside_handleNotify
:4-MiBand gets our request and sends us the random number:
And we use this random number and do the
AES
stuff to get the encrypted key5-We send the encrypted key to MiBand by:
this.char.auth.writeValue(AB([0x03, 0x08], encrypted))
6-
_handleNotify
is triggered for the last time with a value of 100301:I don't understand what does
this.once('authenticated', resolve);
inside of theAuthenticate
Promise
have to do any thing with thethis.emit('authenticated')
inside of the_handleNotify
.7- Now we are authenticated and ready to do the heart rate stuff.
Lastly, @creotiv in his how-i-hacked-xiaomi-miband-2-to-control-it-from-linux article
In A1 he talks about sending x01x00 to initiate the auth process. However I did not see something like that in this code. Was it specific to MiBand 2 and not MiBand3?
@dj0001 I am sure you can help me:) I have seen some of your very helpful comments in the issues. Can you please clarify this authorization process
The text was updated successfully, but these errors were encountered: