-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keychain with chip ST17H66B (iSearching) #94
Comments
I have such key fobs, but they have ST17H66T chip. Is support planned? |
ST17H66T is a chip without the ability to reflash. It uses one-time programmable memory, which is produced at the factory. |
Thanks for the information. |
This looks great, going to try this as soon as I find my Lenze programming jig. Do you mind if I link to this on biemster/FindMy? |
Программирование брелка с ST17H66BПотребуется адаптер USB-COM с выходами на 3.3В Талица соединений:
Пример строки запуска скрипта:
Остальные варианты описаны в README Последовательность программирования.
|
Интеграция в Home Assistant.После прошивки брелка прошивкой “KEY2” в Home Assistant отобразится новое устройство: Добавляем и нажимаем кнопку на брелке – появится новое Событие: “Button”. Брелок зарегистрирован. Переключение на шифрованную рекламу BTHome BLE v2 (encrypted).
На этом всё – теперь брелок работает с шифрованной рекламой. |
My advertisement keys are 28 bytes (see here) but when I try your flasher it complains that it must be 22 bytes. |
In fact nrf connect shows 28 bytes, the first six are 38 1f 8d 09 af 89 and the remaining 22 are the ones I put in your flasher (edit: the mac of the device is f8 1f 8d 09 af 89) |
Firmware (v2.0 beta4) and PHY62x2BTHome.html program (v1.8) have been updated. FindMy key Base64: EiM0RVZneImaq7zN3u/+7dzLuqmYh3ZlVEMyIQ== The FindMy beacon has been supplemented with battery status transmission.
So far, no new information about the FindMy bacon format has been found. There are no publications or descriptions from the creators of the “reverse engineering” of FindMy on the Internet. |
Really nice, with the latest firmware flashed I actually got a report from Apple 👍 . |
Depends heavily on the beacon transmission interval. Average current consumption as a function of beacon period. With a 3.0 V source. At longer intervals the chip sleep current (chip leakage) has a greater effect. Average sleep current - 2.8..3.5 uA - depends on the chip quality. At short intervals there is a large dependence on the set transmitter power in dBm. |
Cool, I set a 3s advertising interval but I see @biemster's code uses 5s, I'll change it. |
Is there a way to protect OTA access, with a password or something? I would not like if someone else passes by and changes the key.. |
If the button is not pressed, it is impossible to connect. The FindMy beacon does not have a connection request reception... |
ah sorry, I missed that! I just flashed an E2XT2319, as mentioned in the issue above, which went fine. But it does not have a button :D |
Button processing (FindMy mode): When the button is pressed, LED turns on, the FindMy beacon switches to transmitting BLE advertising with the AdvEventType = LL_ADV_CONNECTABLE_UNDIRECTED_EVT attributes. A first packet of BLE advertising events is transmitted in the quantity specified in "Number of event transmissions". The period of advertising events is 95 ms. Data in the packet is in BTHome format with "Button" = "1". If the button is released, the LED goes out. After the packet has been transmitted N*95ms, the speaker quietly clicks, the LED turns off regardless of the button (saving battery). If the button is still pressed, the first packet is transmitted again. If the button is released, the second packet of BLE "Number of Event Transmissions" announcements is transmitted, but with "Button" = "0". After the second packet is transmitted, the FindMy beacon with the AdvEventType attribute = LL_ADV_NONCONNECTABLE_UNDIRECTED_EVT begins to be transmitted. PS: I barely wrote it in English - Google translate is terrible :) |
@biemster - Now, to support "Find My" in Home Assistant, you'll have to fight with the writers of "Bluetooth" integration. But there you'll be sent to "Bluez", and there you'll be sent to the kernel, and there's Linus Torvalds :P |
😭 |
This integration does not receive the Find My beacon. For the BTHome mode option, an addition is planned - a key fob search. Upon request, when connected, it will give a sound signal... |
I forgot how frustrating it is to program these chips, I'm on it for three hours now and managed a grand total of 2! The third one I flashed only half, @pvvx your OTA bootloader does not replace the entire bootloader right? |
The question is not clear. Firmware installation via USB-COM adapter takes several minutes with soldering of wires. OTA:
|
I'm just installing BOOT_KEY2_v20.hex. Getting the chip to start in firmware upload mode has always been an issue for me, probably due to the hacky setup I'm using. When the flasher gets to The question was if flashing BOOT_KEY2_v20.hex only partially due to lost connection will brick the chip? |
Flash writing on PHY62x2/ST17H66B chips is always available. |
And it would be greate if this firmware implement key rotation. I found that if a tag with this firmware and an iPhone meet at the same place every morning, the location of the tag will not be reported by the iPhone. Even if the iPhone and the tag have been to other places the day before. I guess this is related to key rotation. The location of my other tags with nRF5x firmware(50 keys) get updated more frequently. |
There is no description of the key rotation algorithm yet. |
There is a description in the openhaystack paper, and also FindMy.py is able to deduce the current airtag key from the registered data on macOS, but what @lovelyelfpop probably meant is uploading N keys and just start broadcasting the next after let's say 15 minutes. Since uploading a bunch of keys might be cumbersome with the web flasher, we could also use one key as base, and after every time interval either add the curve generator to it (basically private key +1), or multiply by 2 (private key *2) with the latter being easier to implement. Although since this will be done very rarely efficiency should not be an issue. |
HI @pvvx Is this the you are looking for? |
Added musical accompaniment :) The buzzer is turned off by the button release event. |
The link offers an unnecessary device that consumes several watts - using ESPHome bluetooth_proxy devices Why all this? It's easier for me to patch the Linux kernel and Bluez. As a last resort, write another version of a BLE repeater in Zigbee. And there is no Bluetooth "AoA" and "AoD" functionality :( FindMy Scan works in https://github.com/pvvx/hcitooladv
D2:23:34:45:56:67-1eff4c0012190078899aabbccddeeffeeddccbbaa998877665544332210000b6 RSSI: 0xb6 = -74 Any BT adapter accepts "FindMy" but does not pass through Bluez to the "bluetooth" integration in HA. |
Is it possible to add button buzzer in homeassistant |
To do this, you need to write some kind of integration for "HA". The main problem with integrations for "HA" is that it requires constant support. "HA" is constantly changing and users always have thousands of questions. Support takes a lot of time and not everyone has it. |
I poked around in "Passive BLE Monitor Integration" and: "Passive BLE Monitor" works via HCI interface with BT adapter... Doesn't need a BLE stack. Also, the display interface in HA is not designed for long FindMy keys. |
I'm not a HA user, but this might change my mind |
@pvvx is this a supported device? |
Unknown. |
should I program with RX and TX on board only? |
What is the model of the chip? (small one in the second pic) I have the same keychain and unfortunately mine has the ST17H66T chip which is not flashable. |
Can't read at least with my phone camera, let me try with my microscope |
Yeah, I had to use a magnifying glass and a flashlight lol. |
Option with OTP on PHY6230. |
The markings don't say anything. Especially on OTP chips. The chip marking may indicate the OTP firmware order number. |
BK3431 |
PHY6230, having OTP, meets this ID:
PHY6256 also come with OTP. |
that's a beken 3431, and should be programmable. I'm working on those, but did not receive mine yet |
PHY6xxx is a Chinese SoC design. It is sold to other companies or labeled for the customer. iSearching - BLE, Flash |
Should I flash with PVVX firmware? Use TX and RX pins only? |
There is no firmware for the BK3431 chip. |
@yousaf465 an SDK seems to be here: https://github.com/yumzhi/ble |
|
Key fob on chip ST17H66B with firmware "KEY2"
iSearching - BLE, Flash
iSearching2 - BLE, Flash
iSearching3 - BLE, OTP (!)
There are a large number of variations of this device.
Switching to “FindMy” mode
FindMy
Select "Connect" and press the button on the key fob again.
The text was updated successfully, but these errors were encountered: