Bluetooth API: No response at lock/unlock command

Hi,

we try to implement Nooki BT API in an react native app.

All are going well by following API documentation and recommendation till the step when we send LOCK or UNLOCK command. We just do not receive any message in characteristic monitoring.
So far was implemented pairing authorizing, Nuki states and challenge.

I would like to have some glue how to monitor/figure out what is wrong and why do not receive the command status message from the device?

Hi, I have it working in my fork of: https://github.com/giejay/nukiPyBridge. Check out the lock action code, maybe that helps

@giejay thx for post.
But here I see some differences which can be the root cause of my problem. First of all you use noble BT driver(or some another), and it is working a bit different then our driver.

We dry to write an application in react-native, and noble is not supported in such environment.

Here is our lock command generation:

....
let data1 = Buffer.alloc(6);
        data1.writeUInt8(LOCK_ACTION_LOCK, 0); // 0x02 is lock C
        //data1.writeUInt8(0x00, 0); // TEST with fake command
        data1.writeUInt32LE(this.clConfig.appId, 1);
        data1.writeUInt8(0, 5); // no flags set

        let wData = Buffer.concat([data1, nonceK]);
....

after writing to BT succesifull, monitor the characteristic do not retrieve any message.
Even worst, if we evidently send wrong command, same bahviour is happen, no message retrieved on monitoring characteristic a92ee202-…

From my understanding, the message is just ignored by device. and I have no idea why.

this is not encrypted lock command (HEX): 023200000000ec29c87a7de5f7567f1a1680d5521926ebba1dac6594ee7ef65ef3931942fe8b

this is decrypted nonce received from challenge command: 595d34000400ec29c87a7de5f7567f1a1680d5521926ebba1dac6594ee7ef65ef3931942fe8b3d68

some advices for further tests are welcome. We just stuck at this step. We would like to receive at least error, what is better then just silence

UPDATE:
Detected new things. After some time device is disconnected:
2019-11-05 23:14:35.390 32218-1486/com.bluetoothnuki I/ReactNativeJS: 'RCU ', ‘---- _lock writeWithResponse wCmdWithChecksum_b64 done. Data written to: a92ee202-5501-11e4-916c-0800200c9a66’
2019-11-05 23:15:02.563 6044-7289/? D/EnterpriseDeviceManagerService: getCallingOrCurrentUserId(): move: cxtInfo.mContainerId = 150
2019-11-05 23:15:02.563 6044-7289/? D/EnterpriseDeviceManagerService: getCallingOrCurrentUserId(): move: cxtInfo.mContainerId = 150
2019-11-05 23:15:02.583 6044-7289/? D/EnterpriseDeviceManagerService: getCallingOrCurrentUserId(): move: cxtInfo.mContainerId = 150
2019-11-05 23:15:04.523 6044-8749/? D/EnterpriseDeviceManagerService: getCallingOrCurrentUserId(): move: cxtInfo.mContainerId = 10
2019-11-05 23:15:04.523 6044-8749/? D/EnterpriseDeviceManagerService: getCallingOrCurrentUserId(): move: cxtInfo.mContainerId = 10
2019-11-05 23:15:05.013 6044-6113/? I/PowerManagerService: [PWL] PARTIAL_WAKE_LOCK ‘gms_scheduler/com.google.android.gms/.clearcut.uploader.QosUploaderService’ ACQ=-18s158ms (uid=10025 pid=15559 ws=WorkSource{1010025 com.google.android.gms chains=WorkChain{(10025, clearcut)}})
2019-11-05 23:15:06.595 6044-7165/? D/EnterpriseDeviceManagerService: getCallingOrCurrentUserId(): move: cxtInfo.mContainerId = 10
2019-11-05 23:15:06.596 6044-7165/? D/EnterpriseDeviceManagerService: getCallingOrCurrentUserId(): move: cxtInfo.mContainerId = 10
2019-11-05 23:15:07.258 32218-1486/com.bluetoothnuki I/ReactNativeJS: 'RCU ', ‘&&&&& Error in receiving data [a92ee101-5501-11e4-916c-0800200c9a66]: BleError: Device 54:D2:72:43:07:64 was disconnected’
2019-11-05 23:15:07.274 32218-1486/com.bluetoothnuki I/ReactNativeJS: 'RCU ', ‘&&&&& Error in receiving data [a92ee201-5501-11e4-916c-0800200c9a66]: BleError: Device 54:D2:72:43:07:64 was disconnected’
2019-11-05 23:15:07.286 32218-1486/com.bluetoothnuki I/ReactNativeJS: 'RCU ', ‘&&&&& Error in receiving data[a92ee202-5501-11e4-916c-0800200c9a66]: BleError: Device 54:D2:72:43:07:64 was disconnected’

Hi Cusnir,

Could you please share with me an example of your full communication?

So I’d need an encryption key and the full message you’re sending to request the challenge and to perform the lock action.

regards,
Marc

@marc Thx for involving in my problem.
Here is what you request(as I understood) . SOme values are base64, and some are hex. I just extracted from our logs as is. If it will help, I can get HEX only values, just tell to me.

challenge:
prepare encrypted data:
data base64: W100AAEABAA1vw==
nonce base64: hXWEvIEBJ8C3vmLhYkZdFu6xPnZJRE7o
secretkey base64: QXMKVqWmPoYWP3bPFvfs2e02sgkgcmaexa3017nts4I=
encrypted message hex: ceac4dab9dc23315af4529f714a5cb7d641f9eddd34aedd4cd45
_requestNonceFromSL command HEX: 857584bc810127c0b7be62e162465d16eeb13e7649444ee85b5d34001a00ceac4dab9dc23315af4529f714a5cb7d641f9eddd34aedd4cd45

Challenge received data HEX: 1fef87b1dff741f8df814b790642808a9bcdbb101a85ab115b5d3400380049b2e9513b779d00b6ed09deccb03b713f574d198be4dd43ea5893d08fb7aae7f76a2b2f6665ed561cf1dee218e3efdc4b48c12f3c6b8274
decrypted challenge received HEX: 5b5d34000400fb3fc60589736fc8722a298526af2ab44b38870e91155c7d6966765d86b1d8493a68
extracted nonceK from decrypted recevied message HEX: fb3fc60589736fc8722a298526af2ab44b38870e91155c7d6966765d86b1d849

Sending LOCK not encrypted command HEX: 023200000000fb3fc60589736fc8722a298526af2ab44b38870e91155c7d6966765d86b1d849
Encrypted command HEX: 81afff35d028e873d7d21248932acc4c8be5536b58370dc95b5d34003e00

At this step, after writing the command to 202, monitoring 202 charactgeristic do not receive anything(NukiStatuses works well).

I found in BLE driver another method to read value from characteristic(not monitoring, but simple read), and I was able to read following value, immediately after write BASE64:
ga//NdAo6HPX0hJIkyrMTIvlU2tYNw3JW100AD4AzqxNq53CMxWvRSn3FKXLfWQfnt3TSu3UzUW4145PM0Cy3zo7DO4BYCnw7ZoA0WPMEmk+afeEL7S29WcjaSzrkRQeSWVMkBwLoteWGPSETWd1CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

After checking this, it looks to have here command which we sent, and something else inside, which I have no idea where from this is coming.
Or this is current value in characteristic which have to be sent, or this is something received from the device.

Thx in advance

Hi Cusnir,

So from your received challenge I’ve extracted the authId: 3431771

Your unencrypted lock action command is 023200000000fb3fc60589736fc8722a298526af2ab44b38870e91155c7d6966765d86b1d849

Your encrypted command is shorter than the unencrypted one, so it seems like it is missing something there.

I’ve generated a random nonce 7b4c9a2a9a7673ce5a03baca1158a69bf47970f39a1231b5.
If I now encrypt your command with commandId 0x000D (Lock Action), the nonce and the authId the message looks like this:
7b4c9a2a9a7673ce5a03baca1158a69bf47970f39a1231b55b5d34003e00e16409dd89902929d0dc41b0a3e3aef1bccb503b4074f85dce0f120be46878f7c55863a71f72c813c40fac94ff9e87c76faa733a1d17aa248af3b7f59de9

regards,
Marc

HI Marc, We perform changes (in fact in previous example was missing the lock command itself), but still the same result.

Here is test case:

challenge:
prepare encrypted data:
data base64: X100AAEABABYsA==
nonce base64: PumnH9y9pzDAHMiB5nRj8peKmvUXi2Zm
secretkey base64: NIo8qhYP2S97Gk62NA6JM82FRxrBhbXm3ZYLB4CqpQ4=
encrypted message hex: 34a6a0531d52c59487fb5f9f1a12fd99448b82afac468f5489fb
_requestNonceFromSL command HEX: 3ee9a71fdcbda730c01cc881e67463f2978a9af5178b66665f5d34001a0034a6a0531d52c59487fb5f9f1a12fd99448b82afac468f5489fb

Challenge received data HEX: f5a3dd83a802057b5cbde93c62e59d9440bb7f8b310971ee5f5d3400380008e33fed8e80712068513cf6a5a5693cece6f4e4ed344ff0af4eabb9385fe32cf143cad06045b84da9263355a6da722589d9cd04effb7817
decrypted challenge received HEX: 5f5d3400040015d92ab7c3120727aea03bf70a335f823e8f5969abf7649f363f2cdc2bda79f2bce3
extracted nonceK from decrypted recevied message HEX: 15d92ab7c3120727aea03bf70a335f823e8f5969abf7649f363f2cdc2bda79f2

Sending LOCK not encrypted command HEX: 02320000000015d92ab7c3120727aea03bf70a335f823e8f5969abf7649f363f2cdc2bda79f2
Encrypted command HEX: 92a39469d5ee8afa0e55ffd0308e898138bd53a6cc45660cc153923f0b58ccf08a00850371cf8e13bcc9e504551c9940d02ae7c41cebdb33169ed7734201

At this step, after writing the command to 202, monitoring 202 charactgeristic do not receive anything(NukiStatuses works well).

I found in BLE driver another method to read value from characteristic(not monitoring, but simple read), and I was able to read following value, immediately after write BASE64:
jB7xLXICCTGADACt2UYlj2tW1qwepYlSX100AD4AkqOUadXuivoOVf/QMI6JgTi9U6bMRWYMwVOSPwtYzPCKAIUDcc+OE7zJ5QRVHJlA0CrnxBzr2zMWntdzQgFtbVNKSWVMkBwLoteWGPSETWd1CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

After checking this, it looks to have here command which we sent, and something else inside, which I have no idea where from this is coming.
Or this is current value in characteristic which have to be sent, or this is something received from the device.

Can you please validate again the scenario.

Hi Cusnir,

If I try to decrypt your message 92a39469d5ee8afa0e55ffd0308e898138bd53a6cc45660cc153923f0b58ccf08a00850371cf8e13bcc9e504551c9940d02ae7c41cebdb33169ed7734201 with your sharedKey the decryption fails.

The message again looks way too small.

Just look at the received message from the Smart Lock containing just the challenge (1). This message is longer than the one you’re sending back (2) that should contain both the challenge and the lock action.

(1) f5a3dd83a802057b5cbde93c62e59d9440bb7f8b310971ee5f5d3400380008e33fed8e80712068513cf6a5a5693cece6f4e4ed344ff0af4eabb9385fe32cf143cad06045b84da9263355a6da722589d9cd04effb7817

(2) 92a39469d5ee8afa0e55ffd0308e898138bd53a6cc45660cc153923f0b58ccf08a00850371cf8e13bcc9e504551c9940d02ae7c41cebdb33169ed7734201

Did you maybe forget to add the 24-byte random nonce, the authId and the message length at the beginning of the actual transferred message?

regards,
Marc

Hi, Marc, I use same data, and I got new following rsult:

Here is test case:
challenge:
prepare encrypted data:
data base64: X100AAEABABYsA==
nonce base64: PumnH9y9pzDAHMiB5nRj8peKmvUXi2Zm
secretkey base64: NIo8qhYP2S97Gk62NA6JM82FRxrBhbXm3ZYLB4CqpQ4=
encrypted message hex: 34a6a0531d52c59487fb5f9f1a12fd99448b82afac468f5489fb
_requestNonceFromSL command HEX: 3ee9a71fdcbda730c01cc881e67463f2978a9af5178b66665f5d34001a0034a6a0531d52c59487fb5f9f1a12fd99448b82afac468f5489fb

Challenge received data HEX: f5a3dd83a802057b5cbde93c62e59d9440bb7f8b310971ee5f5d3400380008e33fed8e80712068513cf6a5a5693cece6f4e4ed344ff0af4eabb9385fe32cf143cad06045b84da9263355a6da722589d9cd04effb7817
decrypted challenge received HEX: 5f5d3400040015d92ab7c3120727aea03bf70a335f823e8f5969abf7649f363f2cdc2bda79f2bce3
extracted nonceK from decrypted recevied message HEX: 15d92ab7c3120727aea03bf70a335f823e8f5969abf7649f363f2cdc2bda79f2

Sending LOCK not encrypted command HEX: 02320000000015d92ab7c3120727aea03bf70a335f823e8f5969abf7649f363f2cdc2bda79f2
random nonce: 8c1ef12d72020931800c00add946258f6b56d6ac1ea58952
Encrypted command HEX: 92a39469d5ee8afa0e55ffd0308e898138bd53a6cc45660cc153923f0b58ccf08a00850371cf8e13bcc9e504551c9940d02ae7c41cebdb33169ed7734201

Command sent to device HEX: 8c1ef12d72020931800c00add946258f6b56d6ac1ea589525f5d34003e0092a39469d5ee8afa0e55ffd0308e898138bd53a6cc45660cc153923f0b58ccf08a00850371cf8e13bcc9e504551c9940d02ae7c41cebdb33169ed7734201

At this step, after writing the command to 202, monitoring 202 charactgeristic do not receive anything(NukiStatuses works well).

I found in BLE driver another method to read value from characteristic(not monitoring, but simple read), and I was able to read following value, immediately after write BASE64:
jB7xLXICCTGADACt2UYlj2tW1qwepYlSX100AD4AkqOUadXuivoOVf/QMI6JgTi9U6bMRWYMwVOSPwtYzPCKAIUDcc+OE7zJ5QRVHJlA0CrnxBzr2zMWntdzQgFtbVNKSWVMkBwLoteWGPSETWd1CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

**

Here is decryption of sent message example:

**

++++ Processing receiving data for get nuki states command HEX: 8c1ef12d72020931800c00add946258f6b56d6ac1ea589525f5d34003e0092a39469d5ee8afa0e55ffd0308e898138bd53a6cc45660cc153923f0b58ccf08a00850371cf8e13bcc9e504551c9940d02ae7c41cebdb33169ed7734201
++++ Encrypted message HEX: 92a39469d5ee8afa0e55ffd0308e898138bd53a6cc45660cc153923f0b58ccf08a00850371cf8e13bcc9e504551c9940d02ae7c41cebdb33169ed7734201
++++ Nonce HEX: 8c1ef12d72020931800c00add946258f6b56d6ac1ea58952
++++ Shared Secred message HEX: 348a3caa160fd92f7b1a4eb6340e8933cd85471ac185b5e6dd960b0780aaa50e
crypto_secretbox_open: cipher_base64: kqOUadXuivoOVf/QMI6JgTi9U6bMRWYMwVOSPwtYzPCKAIUDcc+OE7zJ5QRVHJlA0CrnxBzr2zMWntdzQgE=
crypto_secretbox_open: nonce_base64: jB7xLXICCTGADACt2UYlj2tW1qwepYlS
crypto_secretbox_open: key_base64: NIo8qhYP2S97Gk62NA6JM82FRxrBhbXm3ZYLB4CqpQ4=
crypto_secretbox_open: ret_base64: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfXTQADQACMgAAAAAV2Sq3wxIHJ66gO/cKM1+CPo9Zaav3ZJ82PyzcK9p58vhY
++++ crypto_secretbox_open return: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfXTQADQACMgAAAAAV2Sq3wxIHJ66gO/cKM1+CPo9Zaav3ZJ82PyzcK9p58vhY
++++ decrypted message length: [46]
++++ decrypted message as HEX: 5f5d34000d0002320000000015d92ab7c3120727aea03bf70a335f823e8f5969abf7649f363f2cdc2bda79f2f858
++++ Decrypted Data HEX: 5f5d34000d0002320000000015d92ab7c3120727aea03bf70a335f823e8f5969abf7649f363f2cdc2bda79f2f858
++++ authorizationId: 3431775
++++ Received command: 0d
++++ Received payload: 02320000000015d92ab7c3120727aea03bf70a335f823e8f5969abf7649f363f2cdc2bda79f2
validating: 02320000000015d92ab7c3120727aea03bf70a335f823e8f5969abf7649f363f2cdc2bda79f2
validation of command1: 2

Also, decrypted message bypass CRC validation

Hi there.

Can somebody drive me to the right direction?
Do somebody what can be wrong?

Thank you in advance