Unexpected public key response (Smart Lock 4th generation)


I’m trying to connect via bluetooth, from a Linux machine (bluez 5.71-3) programmatically, to a Nuki Smart Lock (firmware version 4.0.36), by following the docs at Nuki Developers (specifically the part “9. Command usage examples” “Authorize App”).

After putting the lock on pairing mode, I subscribe for GDIO indication and send the packet 0100030027a7 (in hex).
I get back a 20 bytes packet: 03002FE57DA347CD62431528DAAC5FBB290730FF (which matches the example in the docs).
But the next packet is: 002FE57DA347CD62431528DAAC5FBB29 which does not match the example in the docs (was supposed to be F684AFC4CFC2ED90995F58CB3B749DB9), and fails checksum validation.
This second packet is (weirdly) equal to part of the first packet.
Any clues? (I can share a pcap file if necessary)

Thanks in advance

Yes please send me a pcap as PM and l’ll look into it.

Thanks a lot Marc, sent as PM.