45 lines
1.3 KiB
Python
45 lines
1.3 KiB
Python
|
from py9b.link.bleak import BleakLink
|
||
|
|
||
|
from py9b.transport.base import BaseTransport as BT
|
||
|
from py9b.transport.packet import BasePacket as PKT
|
||
|
from py9b.transport.xiaomi import XiaomiTransport
|
||
|
|
||
|
from py9b.command.regio import ReadRegs
|
||
|
|
||
|
import time
|
||
|
|
||
|
link = BleakLink()
|
||
|
with link:
|
||
|
devs = link.scan()
|
||
|
print(devs)
|
||
|
|
||
|
tran = XiaomiTransport(link)
|
||
|
|
||
|
link.open(devs[0])
|
||
|
|
||
|
data = tran.execute(ReadRegs(BT.ESC, 0x68, "<H"))[0]
|
||
|
print('BLE version: %04x' % data)
|
||
|
|
||
|
if data >= 0x81:
|
||
|
print('Connected, fetching keys...')
|
||
|
keys = link.fetch_keys()
|
||
|
tran.keys = keys
|
||
|
print('keys:', keys)
|
||
|
|
||
|
# Recover longer keystream
|
||
|
req = PKT(src=BT.HOST, dst=BT.BMS, cmd=0x01, arg=0x50, data=bytearray([0x20]))
|
||
|
tran.send(req)
|
||
|
resp = tran.recv()
|
||
|
tran.keys += resp.data[9:]
|
||
|
print('Got %d bytes of keystream' % (len(tran.keys),))
|
||
|
|
||
|
data = tran.execute(ReadRegs(BT.ESC, 0x68, "<H"))
|
||
|
print('Version reported after encryption: %04x' % data)
|
||
|
|
||
|
data = tran.execute(ReadRegs(BT.ESC, 0x1A, "<H"))[0]
|
||
|
print('ESC version: %04x' % data)
|
||
|
data = tran.execute(ReadRegs(BT.BMS, 0x17, "<H"))[0]
|
||
|
print('BMS version: %04x' % data)
|
||
|
|
||
|
print('Serial:', tran.execute(ReadRegs(BT.ESC, 0x10, "12s"))[0].decode())
|