Hi everyone,
I have a Nuki Smart Lock Go with firmware 5.4.6.
I’m trying to write a program to control it using your BLE documentation, but I’m encountering several roadblocks.
Device Details:
- Model: Smart Lock Go
- Firmware: 5.4.6
- Expected Generation: 1st-4th gen (based on model)
- Actual Service UUID: a92ee300 (not documented a92ee100)
- PIN: 6 digits (updated from 4 digits in firmware 5.2.2)
Protocol Choice:
Since the device uses service a92ee300 (Ultra protocol) instead of the documented a92ee100 (gen 1-4 protocol), I’m following the Ultra protocol flow as documented.
Current Flow (Ultra Protocol):
Exchange public keys (0x0001 → 0x0003)- Calculate X25519 shared secret
- Receive first challenge (0x0004)
- Send authorization authenticator (0x0005) with HMAC-SHA256
Expected: Receive second challenge (0x0004)- Actual: Receive “0x4c 0x00 0x01 0x71 0xb4” (Authorization Info)
- Result: Cannot proceed to authorization data (0x0006)
Error Analysis:
- Error 0x20: “Returned if the provided authorization id is invalid or the payload could not be decrypted using the shared key for this authorization id”
- This suggests the device is rejecting my authorization data payload
Questions:
- Is the Smart Lock Go (firmware 5.4.6) supposed to use Ultra protocol (a92ee300) or Legacy protocol (a92ee100)?
- After sending authorization authenticator (0x0005), should I expect a second challenge (0x0004) or Authorization Info (0x4C)?
- If I receive 0x4C instead of a challenge, how should I proceed with the authorization data (0x0006)?
- Are there any protocol changes between firmware versions that aren’t reflected in the current documentation?
Reference Implementation:
I’m comparing my implementation with the open-source nuki-cli-main project, which shows the expected Ultra protocol flow.
Please help me identify what I’m doing wrong or if there are documentation gaps.
Best regards,
ungoro