Huawei Band 7 about huawei-lpv2 HOT 26 CLOSED

Unfortunately, I can't tell you, because I don't have a Band 7. If it does speak LPv2, then yes, otherwise no. Also it's possible that it speaks newer version of LPv2 than I implemented, in this case support has to be added.

Regarding device_uuid - it's only necessary if you are on Apple systems. These systems don't allow to connect to devices by MAC address for privacy reasons (o_O) and instead require you to select the UUID. You should be able to see those UUIDs in device scan log.

If you are using Windows or Linux, then you need to specify device_mac, which is simply the MAC address of your Band 7.

from huawei-lpv2.

Message format is the same so that shouldn't be an issue. Authentication changed, so that would probably need to be implemented in here for a proper connection.

from huawei-lpv2.

Thanks for the quick response! I will write here in case of errors and in case it works.

from huawei-lpv2.

If there are problems with the connection, I have connection logs from the clock, they may be useful

from huawei-lpv2.

@MartinJM do you support Band 7 with GadgetBridge already? I have merged here the update that was needed to support devices which received an update to the auth scheme, so at least up to Band 4 the code should work. However, I don't know whether newer devices have even further protocol changes...

Unfortunately, I don't have the devices, the time to reverse them and to implement further protocol extensions. I'm happy to review code and merge it if it's clean enough and comes with tests though.

The connection logs are always helpful, at least you can estimate how bad the situation is, but looking how far it can get :)

from huawei-lpv2.

Yes, we support it in Gadgetbridge. The change is a lot larger than the previous update of the auth scheme. The split in Gadgetbridge starts here if you want to know the details: https://codeberg.org/psolyca/Gadgetbridge/src/branch/honor_wip/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/HuaweiLESupport.java#L432

Huawei Band 4e (which is the version I have) uses the "normal mode" that should be working in your code as well, the Huawei Band 7 uses the "HiChain mode", which I don't think is in here yet.

The encryption method that is used is also changed from CBC to GCM.

from huawei-lpv2.

Okay, I’ll send the logs now and immediately ask about the error: what’s wrong?
btsnoop_hci (2).log
gifwitherror.zip

from huawei-lpv2.

@MartinJM thanks a lot for the details. Wow, this sounds complicated. Sadly I definitively don't have resources at the moment to implement this in my library at the moment.

So, to answer @kiricheglov question, the library will not work with Band 7. Regarding your error message, I don't know why even discovery doesn't work. I see you get a warning

DeprecationWarning: There is no current event loop

Maybe the code has to be updated to work with Python 3.10, because there have been some changes to asyncio and you have to initialise an event loop explicitly or something like that. I can try to look into it on the weekend, but even if you get the scanning to work, as explained, the protocol support for Band 7 is unfortunately missing.

from huawei-lpv2.

The HiChain stuff is quite complicated indeed. Lucky for me @psolyca implemented it :)

Though even that wouldn't work right now. The log reports 0x08 as the auth version, whereas the HiChain implementation we have is for 0x04. This is the first time seeing 0x08 for me.

from huawei-lpv2.

Hi guys.

I do not use huawei-lpv2 to connect to any band. I converted it to a log parser.
I'm faster in coding in Python than in Java so it's my base to parse files.
BTW, I have implemented basic HiChain in my version. It only reads files and do not create requests. All steps for HiChain are not there.
https://github.com/psolyca/huawei-lpv2/tree/common_parse_log
The parser reads BT HCI logs (Wireshark) and homemade log from Frida RE (dump of master key).

There's a big caveat with HiChain for us but a huge security improvement for Huawei.
HiChain is a 2 operations processus for the 1rst BT link, connection then bind. Next BT link it's only bind .
Everything is in JSON format in a TLV plus some more TLVs.
Each operation is composed of multiple steps.
The Java code start here
I could detail each step but I have to write it down ^^

from huawei-lpv2.

I understand correctly? The parse.py file can read but not write data to the watch, right? I just need to be able to capture at least data on heartbeat and steps

from huawei-lpv2.

error.webm
why??

from huawei-lpv2.

I understand correctly? The parse.py file can read but not write data to the watch, right? I just need to be able to capture at least data on heartbeat and steps

No. You cannot communicate with the watch using this program, even in read-only mode. It can only read and decode logs like you uploaded before. However, you also need a key, which you must obtain with something like Frida. It is used for the development of GadgetBridge.

why??

Because you are using it incorrectly. If you can't code, I'm afraid your best bet would be to use GadgetBridge, if you don't want to use the official Huawei app. My code doesn't support the protocol that the newer devices speak, and Damien's code doesn't support communication with the devices and can only parse network logs.

from huawei-lpv2.

There's a big caveat with HiChain for us but a huge security improvement for Huawei.

Ha-ha, so they finally did something in the direction of what I tried to explain them back then ;-) Not bad! Old good times...

from huawei-lpv2.

I will look at these new data in GadgetBridge.
I'm first finishing basic setting requests to handle some Qr code problem on Huawei Band 7 (other version than yours it seems).

from huawei-lpv2.

I can program (at least I think so), I want to write software for my watch for Linux using gatttool and pexpect library, since there is little information about LPv3, I decided to ask here, how can I decrypt the data? And what can I get from the watch or what can I use without authentication with the watch?

from huawei-lpv2.

Can you join me on Matrix @psolyca:matrix.org ?
It will be better to talk than here, we have two rooms on Huawei-Honor but one specific for devs.
@zyv if you want to join just to have information, feel free to send me a message.

from huawei-lpv2.

I can program (at least I think so), I want to write software for my watch for Linux using gatttool and pexpect library, since there is little information about LPv3, I decided to ask here, how can I decrypt the data?

I don't think it's possible to do anything with gatttool and pexpect. The protocol is way too complicated for that. You can get a feeling by reading my wiki here in this repository. In my opinion, your best bet would be to either take Java code from GadgetBridge as a base, or else fork my repository to add support for HiChain here.

And what can I get from the watch or what can I use without authentication with the watch?

In my experience, nothing useful other than the battery level.

from huawei-lpv2.

Can you join me on Matrix @psolyca:matrix.org ? @zyv if you want to join just to have information, feel free to send me a message.

I'd be curious to join, but I only have a bouncer with running weechat - is there some way to get into matrix via an IRC gate or something like that?

from huawei-lpv2.

@zyv I will have a look, some bridges exist.

from huawei-lpv2.

@zyv there is no simple way to connect IRC to Matrix.
Many solutions use a homeserver or ou need to be already on a IRC server.
https://matrix-org.github.io/matrix-appservice-irc/latest/introduction.html
https://matrix-org.github.io/matrix-appservice-irc/latest/bridged_networks

from huawei-lpv2.

Some information from talking in Matrix: There is no difference in firmware/model version from the bands that we have confirmed work with the Gadgetbridge code, and the band of @kiricheglov.

So it could be possible that these bands just support multiple different methods of authentication, and either can be used to connect. This is not tested yet.

from huawei-lpv2.

Many solutions use a homeserver or ou need to be already on a IRC server.

@psolyca these links go into a different direction - enable Matrix users to access IRC, and not IRC users to access Matrix. I have found something called https://github.com/matrix-org/matrix-ircd and thankfully it can be installed from a snap. However, it feels everything but stable. I'm getting kicked out every minute or so. I guess I can try a native matrix client for weechat, another time to see if it's any more stable. I have DMd you via some online client (Element) though. Hopefully at least this would work...

from huawei-lpv2.

Okay, since there is no support for Huawei band 5-7, you will have to do it yourself. @zyv, can an you describe to me the plan by which I should start studying? Or can you help me with support?

from huawei-lpv2.

@zyv, can an you describe to me the plan by which I should start studying? Or can you help me with support?

Sorry, I don't have capacity to support you. I already have a full time job with unlimited working hours.

The plan could be roughly as follows:

1. Read the wiki of this repository to get basic understanding of the LPv2 protocol
2. Read the code in this repository to understand slim canonical implementation in Python
3. Read the code in the GadgetBridge repository to understand the new stuff
4. Maybe it's not a bad idea to document the knowledge - I have stopped with my wiki pretty soon, but this what I wish I had when I started - and I don't know if @psolyca team has good documentation
5. Get reversing setup ready, there are two ways to learn more about the protocol
   • I was just reading decompiled Java code of the app, which was OK for simplest stuff
   • You can root your device, extract keys and decrypt communication between app & watch
6. Implement more stuff - if you want to use Python, you will have to add quite some new protocol support to this project, if you want to use Java you can profit from excellent work of others...

That's all I can say though. Probably this plan doesn't help you, because it's so high-level, but to explain the details, a lot of time is needed. And I don't even know the details and the current state. I did this hack in 10 days about 4 years ago, and haven't worked on it ever since...

from huawei-lpv2.

and I don't know if @psolyca team has good documentation

We do not really have any documentation at the moment. Most of what we know is in the code. While we will be writing some documentation in the future, I think it will focus on the Gadgetbridge side first. Using the wiki from this repo and reading the code from Gadgetbridge will be your best bets for now I think.

Get reversing setup ready, there are two ways to learn more about the protocol

• I was just reading decompiled Java code of the app, which was OK for simplest stuff
• You can root your device, extract keys and decrypt communication between app & watch

For the older methods of authentication a bluetooth dump containing the pairing was also enough to calculate the keys and then decrypt any further communications. Though I'm not sure if that will still work with the newest auth from this thread - as I don't know how it works.

from huawei-lpv2.