python-broadlink icon indicating copy to clipboard operation
python-broadlink copied to clipboard
verified publisher icon mjg59

Error in protocol.md or implementation

Open hansmbakker opened this issue 8 years ago • 1 comments

There is an error in the payload of the authorisation packet in either protocol.md or in __init__.py

The offsets are different: In protocol.md, 0x01 is at offset 0x13, while in __init__.py, it is at offset 0x1e.

hansmbakker avatar Feb 04 '17 15:02 hansmbakker

there are some pretty big issues with the protocol.md.

My experience so far is to defer to the implementation (init.py). That documentation file has some pretty big issues.

One major one: the checksum calculation. protocol.md says:

  1. Generate packet header with checksum values set to 0
  2. Set the checksum initialisation value to 0xbeaf and calculate the checksum of the packet header. Set 0x34-0x35 to this value.
  3. Append the payload
  4. Set the checksum initialisation value to 0xbeaf and calculate the checksum of the entire packet. Set 0x20-0x21 to this value.

This is wrong. Step 2 is: Calculate the checksum of the payload. You can see this if you check the Auth code in init.py. (calculates the checksum of the payload, stores in 0x34/0x35; then calculates the checksum of the entire packet after appending the payload and puts it in 0x20/0x21)

The init.py is (mostly) confirmed working code. Defer to the known good implementation.

There's also at least one other pretty major issue with the protocol.md, this time not fixed in the init.py. The packet header says that it uses a 2 digit version of the year.

This is not what the official app does; that byte for the "2 digit year" is actually the current time "seconds" value. (fits in nicely as the next byte is the current-time minutes, followed by current time hours) The time appended into the packet by the official app is also in UTC time (thus the adding of the Timezone offset!).

(I've been doing these packet captures from an android virtual machine running the official google-appstore-app)

Ultimately however; these features don't matter. The device literally copy and pastes the parts of the header straight back out again. (I guess the logic is it ensures the checksum changes, and it allows the client to confirm the reply corresponds to the original request?)

pavram avatar Mar 08 '17 10:03 pavram