nkaminski / csrmesh Goto Github PK

Hi.
Sorry to be a pain.
Can you please advise how to obtain the device ID for my Move devices?
Cheers!

I've got an A19 Household bulb, which is definitely running the CSRMesh stack (maybe 1.3?)

Steps:

• I turn it on
• discover via linux host: sudo hcitool lescan
• I obtain my mac: E0:34:E4:06:DD:A2 Feit Bulb
• I run the command as a regular user: csrmesh-cli --pin 0000 --dest E0:34:E4:06:DD:A2 --level 0
• the command executes two gatttool commands, and then nothing happens

Some platform details: Linux 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

I've attached the BLE Gatt information I gathered from an android app:

I noticed the app is already getting the LUX level from the blind controller, obviously the UART document lists all the commands... Can we use somehow access these items?

An Apache or MIT license might be preferred by some users of this source. Either offering a dual license, or possibly moving to academic license would be preferred.

I finally figured out how to read data from the Avion switches in order to determine their state (it turns out to be as simple as enabling notifications), but I need to be able to decrypt packets in order to do that. Since the responses are sent from the devices themselves I need #28 to do this. Any chance you can cut a new release so I can update my dependencies? Thanks!

The details provided "Feight Electric" HomeBrite Smart LED Bulb helps narrow down, but due to differences in global markets, it might be helpful to list the model numbers and names:

"A19 Household", Item No A0M800/827/LED/HBR (for example)

When I execute hcitool lescan I can see the MOVE2 which i'm assuming is my MOVE device. (I have noticed it is not CSRMESH like others have seen)

Executing the cli results in the following error:

Any ideas?

Hello,

Thank you for this script.

You can add on the README that this bulb work too :)

http://www.canadiantire.ca/en/pdp/feit-electric-homebrite-bluetooth-smart-light-bulb-40w-0522370p.html#srp

Are they a way to get the state of the bulb? (on, off or the level)

Thanks !

Tube

Is there any possibility in the future of a csrmesh-cli function that will poll a light for its current state (brightness values, RGB, etc) rather than just pushing settings to it, or is that just not how the protocol works? It seems like this functionality is the missing link in being able to really incorporate this strongly into home automation projects. If I could occasionally poll the light and be able to update sliders on Home Assistant, that would be marvelous.

My CSRMesh device has the handles on 0x1c and 0x1f, but it looks like they have the same UUID as the handles used on your device. Unfortunately gatttool doesn't seem to have any good support for this. I'm using https://github.com/mikeryan/PyBT/tree/pybt2 in https://github.com/mjg59/python-avion to do this by hand rather than relying on gatttool, which also means I can keep a persistent connection rather than reconnecting on every command. There's no high-level API, but it seems to work well enough.

I've been sniffing messages sent from some Avi-on CSRmesh devices that I have, and csrmesh.crypto.decrypt_packet is giving me garbled data (but a valid hmac) for messages where the 4th byte is non-zero.

I believe this is because the SEQ length in the CSRmesh protocol is 3 bytes not 4 bytes and the 4th and 5th bytes in the packet are the message's source address. This fixes the decryption for me and matches nicely with the 3 byte SEQ followed by a source address used in the Bluetooth mesh profile's network PDU (which looks to be heavily influenced by CSRmesh).

The reason this is breaking decryption is because the IV includes a 1-byte 0 padding between the SEQ and the source address / magic field, which is shifted by one byte if the SEQ is treated as 4 bytes. If the first byte of the source address is zero then this shift doesn't change the message and everything still works. Messages sent from devices not on the network (like a phone app or this library) always come from a source address of [0x00, 0x80], so this is not an issue for make_packet.

Current IV format used by decrypt_packet

IV format I believe is correct

Hi,

why are you using pycryptodomex and not pycryptodome?
When I walk through Home Assitants dependecy tree, I find 14 packages using pycryptodome, and 2 (including you) requiring pycryptodomex. Both libraries install themselves as pycryptodome. This results in a slot conflict.

Good day,

I've got 12 (yes, I know, why!) MOVE blinds sat in boxes, I also have a few Raspberry Pi Zero W's hanging around. Would someone be so kind as to point in the right direction of setting this up? Ideally I'd like to be able to trigger these from my home automation system, but to start, triggering them via the Pi would be awesome.

Many thanks in advance,

Mark

Hello, great job!
I also have some MOVE units and would like to control them from domotics software, so I'm very interested in your work.
I'm not a python developer, but should be able to tweak/run it.
I already captured some BT-traffic from the original app, so I guess I should be able to read in some packet and brute force the pin. but I'm having 2 questions:
-easiest way to get the binary packet in python? (hex-string and some kind of parsing??)
-does it matter which BT-packet and do I need the whole BT-packet or only the 'attribute protocol part'
(I'm not -yet- familiar with the BT protocol-stack)

I'm gonna try to make the BT-dongle work in linux now...

The instructions jump into control. Should the user attempt to configure a mesh via the HomeBrite app? Or will this cause the lightbulb to become unavailable? Any additional information is helpful. Also, please describe the limits of the support, for example, will GroupID destinations be possible, to send a command to a group of bulbs?

Hello! I'm super grateful for your amazing work! I was planning to try to do this myself until I came across your work. You saved me so much time!

I have 18 Move units and really want to get them working with the RB PI 3 I bought for this project. It's running the latest Raspbian with all of the required libs.

I've scanned for the CSRMESH using "sudo hcitool lescan" and found my MAC is the same as yours and everyone else's: "LE Scan ... 43:C5:5B:04:00:06 CSRmesh"

I reset my Move units and set the pin to 8888, because I used a 5 digit before. I powered off all but 1 unit for testing and to get this working. It's working in the app, and I shut off the app before trying the following...

When I run "./csrmesh-cli move --dest 43:C5:5B:04:00:06 --pin 8888 --position 0" from pi@raspberrypi:~/Desktop/csrmesh/bin, I get this output:

"Running: gatttool -b 43:C5:5B:04:00:06 --char-write-req -a 0x0021 -n 44a78b0080a06dba678d37d188b5d988f832ff
connect: Device or resource busy (16)

After 100s of tries it said it wrote to the Move successfully once, but it didn't react physically.

Your help would be greatly, greatly appreciated! Happy to donate to you or a cause of your choice to show you some appreciate beyond my gratitude for your project! Thank you again!

Great project; it should make writing an interface to my GE/Jasco Smart Switch go much smoother. I also wanted to point you in the direction of a repo here on GitHub that you may find interesting sshhsh/csrmesh_2_0_node. The docs directory is full of information that you might find useful. Personally I'm steering clear of the applications, include, and libraries directories as I'm reasonably sure they contain code which if I were to read would contaminate any open source software I might want to release in the future.

Thanks again.

First things first: Thank you for your effort in this field.

I installed csrmesh on my raspberry, but after
csrmesh-cli move --pin 8888 --dest 43:C5:5B:04:00:06 --objid 1 --position 254
I got
Running: gatttool -b 43:C5:5B:04:00:06 --char-write-req -a 0x0021 -n dfafdf0080b0c29f3137d618c42ee8c064cdff
Characteristic Write Request failed: Request attribute has encountered an unlikely error

bluetoothctl -v
5.45
correct pin and mac, app not running.
Can you please help me?
Thank you

Problem:
The command string built to is incorrect for a single network, one Pin, with more than one bulb.

Fix:
When there is more that one bulb in a network the Application will identify each bulb in the App as "Light Bulb 1", "Light Bulb 2", etc.

The light_set_cmd generated byte string must include a byte which identifies the bulb 0x01, 0x02 etc followed by a delim byte 0x80, after the command bytes 0x73, 0x11 and before level red, green, blue bytes.

The current "def light_set_cmd(level, red, green, blue):"
Given: light_set_cmd (200, 255, 255, 255)
Creates: "000073110000e4ffffff"

Modify the method to take the bulb number for the network:
def light_set_cmd(bulb_no, level, red, green, blue):"
Given: light_set_cmd (1, 200, 255, 255, 255)
Creates: "000073110180e4ffffff"

The packet may be directly sent to the target bulbs address.

The following Haskell routine builds a correct light_set_cmd byte string.

bulbCmd :: Word8 -> Word8 -> Word8 -> Word8 -> Word8 -> ByteString
bulbCmd bulb level red green blue =
  let bld = do
        P.putWord16le 0x0000
        P.putByteString cmd
        --P.putWord16le 0x0000  -- 0x0000 for a single bulb network
        P.putWord8 bulb -- Bulb #1 0x01, #2 0x02, etc.
        P.putWord8 0x80
        P.putInt8 lvl
        P.putWord8 red
        P.putWord8 green
        P.putWord8 blue
  in P.runPut bld
  where
    cmd = BS.pack [0x73, 0x11]
    lvl :: Int8
    lvl = let l  = fromIntegral level :: Int
              l' = (l `div` 2)  - 128
          in fromIntegral l' :: Int8

Hello I recently got a new raspy pi and I decieded to give another try with move blinds.
But after python setup.py install and after runing
csrmesh-cli move --pin 1985 --dest F6:4E:48:5C:06:84 --objid 0 --position 0
I got this error. I am not very familiar with python, so please help me :)

[+] Connecting to device F6:4E:48:5C:06:84
Traceback (most recent call last):
File "/usr/local/bin/csrmesh-cli", line 4, in
import('pkg_resources').run_script('csrmesh==0.9.1', 'csrmesh-cli')
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 666, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 1446, in run_script
exec(code, namespace, namespace)
File "/usr/local/lib/python3.7/dist-packages/csrmesh-0.9.1-py3.7.egg/EGG-INFO/scripts/csrmesh-cli", line 33, in
res = cm.movecontroller.set_position(args.dest, args.pin, args.position, args.objid, True)
File "/usr/local/lib/python3.7/dist-packages/csrmesh-0.9.1-py3.7.egg/csrmesh/movecontroller.py", line 11, in set_position
return gatt.send_packet(dest, 0x0021, packet, debug)
File "/usr/local/lib/python3.7/dist-packages/csrmesh-0.9.1-py3.7.egg/csrmesh/gatt.py", line 30, in send_packet
device=connect(dest.split(','), debug)
File "/usr/local/lib/python3.7/dist-packages/csrmesh-0.9.1-py3.7.egg/csrmesh/gatt.py", line 13, in connect
device = btle.Peripheral(mac, addrType=btle.ADDR_TYPE_PUBLIC)
File "/usr/local/lib/python3.7/dist-packages/bluepy-1.3.0-py3.7.egg/bluepy/btle.py", line 391, in init
self._connect(deviceAddr, addrType, iface)
File "/usr/local/lib/python3.7/dist-packages/bluepy-1.3.0-py3.7.egg/bluepy/btle.py", line 426, in _connect
self._startHelper(iface)
File "/usr/local/lib/python3.7/dist-packages/bluepy-1.3.0-py3.7.egg/bluepy/btle.py", line 284, in _startHelper
preexec_fn = preexec_function)
File "/usr/lib/python3.7/subprocess.py", line 775, in init
restore_signals, start_new_session)
File "/usr/lib/python3.7/subprocess.py", line 1522, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/lib/python3.7/dist-packages/bluepy-1.3.0-py3.7.egg/bluepy/bluepy-helper': '/usr/local/lib/python3.7/dist-packages/bluepy-1.3.0-py3.7.egg/bluepy/bluepy-helper'

Freshly installed with pip and I get the following:

AsusLaptop bluetooth # csrmesh-cli --pin 0000 --dest E0:34:E4:02:01:EB --level 0
Traceback (most recent call last):
File "/usr/local/bin/csrmesh-cli", line 16, in
p = cm.make_packet(cm.network_key(args.pin),cm.random_seq(),cm.light_set_cmd(args.level,args.red,args.green,args.blue))
File "/usr/local/lib/python2.7/dist-packages/csrmesh/init.py", line 26, in make_packet
payload = bytes([ a ^ b for (a,b) in zip(data, ebase) ])
TypeError: unsupported operand type(s) for ^: 'str' and 'str'

I changed that line to read payload = bytes([ ord(a) ^ ord(b) for (a,b) in zip(data, ebase) ])

And it runs, but nothing happens, I get :

AsusLaptop bluetooth # csrmesh-cli --pin 1111 --dest E0:34:E4:02:01:EB --level 0
Running gatttool -b E0:34:E4:02:01:EB --char-write-req -a 0x0011 -n 44986300805b3233372c203130302c742af81aa3
Characteristic Write Request failed: A timeout occured
Running gatttool -b E0:34:E4:02:01:EB --char-write-req -a 0x0014 -n 82167bff
Characteristic Write Request failed: A timeout occured

Help?

I might be doing something wrong, so I apologize in advance is this has an obvious solution. When I run the csrmesh-cli, I get the following error:

File "/usr/local/lib/python3.4/dist-packages/csrmesh-0.5.1-py3.4.egg/csrmesh/init.py", line 12, in network_key
pin2 = pin.encode('ascii') + b'\x00MCP'
AttributeError: 'int' object has no attribute 'encode'

The command: csrmesh-cli --pin 6789 --dest E0:34:E4:06:16:9D --level 255

Any insight would be much appreciated. Thanks for the cool project!

Hello,

i'm using Awox c9 mesh bulb : http://www.awox.com/awox_product/smartlight-c9-mesh-2/

They really looks like your bulb, but with app we can't get the pin code, any idea how to get it please ?

already try :
`csrmesh-cli --pin 1234 --dest A4:C1:38:65:0D:01 --level 40 lightbulb

Running: gatttool -b A4:C1:38:65:0D:01 --char-write-req -a 0x0011 -n 38ee41008046894c883bccbb57a320ba2186061f

Characteristic Write Request failed: Request attribute has encountered an unlikely error

Running: gatttool -b A4:C1:38:65:0D:01 --char-write-req -a 0x0014 -n 79f428ff

Characteristic Write Request failed: Request attribute has encountered an unlikely error`

Readme says that other MOVE commands should work but I'm unable to get anything other than Set Position to work. I have tried other write command such as Set Speed and Move Clockwise with no output on the MOVE unit. Gattool gives the response "Characteristic value was written successfully" but I see no clockwise movement or speed change.

It would be nice to have something to help discover remote address.

Things I've tried so far:

• hcitool lescan gives tons of (unknown) addresses, I even tried ~20 of them after filtering out semi-sequential random addresses, none worked.
• hcitool scan should't work for BTLE, right? https://www.domoticz.com/forum/viewtopic.php?t=8683 suggests "search for bluetooth devices", so I gave it a try. Nope. Empty list.
• sniffing move app traffic:
  • wireshark on raspberry doesn't capture a thing, probably something is broken
  • packetlogger on laptop only shows "advertising reports" and does not capture anything when I send a command from move app
  • btsnoop log from android contains packets correlating with the app commands, but the local/remote addresses are empty.

So it would be nice to have it described somewhere. Or even better, --scan option for the script.