Random musings about device ids and local keys #218
uzlonewolf
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm still trying to figure out how local keys are generated. My suspicion is it's a hash of the device id plus either the timestamp of when it's added, or the smartconfig token the device used when it was configured. I've been looking at device ids in hopes of being able to figure out what kind of hash they're using.
"Device20" IDs are simply the product_idx concatenated with the device MAC address. This might be an easy way of getting MAC addresses for older devices. The UUID field in tuya-raw.json matches the device ID.
"Device22" IDs look an awful lot like smartconfig tokens. Of the 46 IDs I have, every single one starts with "eb" (which would match the token region field), has 8 hex bytes in the middle, and ends with 4 "signature" characters from the character set
0, 1, 4-9, a-z
. If it wasn't for the 0 and 1 I would say it's base32. The UUID field in tuya-raw.json does not match the device ID; perhaps the device ID is a hashed version of this?As an alternate to downloading unique local keys for every device, I've been looking at using devices in a half-added state. Using smartconfig I've successfully programmed the WiFi info but with a nonsensical auth token. In this state they connect to the network and you can connect to them if you know their IP, but they do not broadcast discovery packets. Looking at app_agent.c.o in ghidra shows they should be using md5( WzYwFxIUbiFhMmNJ ) as the key when they're in this state, but the devices I have appear to be using a different key. I think I'm going to need to dump the firmware from an actual device to get the real key.
Beta Was this translation helpful? Give feedback.
All reactions