I have a BLE device (pool chlorinator) that I would like to control with a custom client, so I can integrate into Home Assistant.
I have sniffed the the BLE packets but the GATT payloads appear to be encrypted. I have decompiled the Android client app to see if I can resolve how to encrypt/decrypt.
Appears to be a Xamarin thing.
The manufacturer supplies an iOS app and an Android app.
I have downloaded and unpacked the android apk, and looked through a bunch of the assemblies using ILSpy. There appears to be a static SecretKey that is used for creating a session key, but I can't work out how it is initialised.
static Settings()
{
//IL_0019: Unknown result type (might be due to invalid IL or missing references)
List<DeviceType> obj = new List<DeviceType>();
obj.Add((DeviceType)1);
obj.Add((DeviceType)129);
ValidDeviceTypes = obj;
LOADER_V1_DEVICE_NAME = "DfuTarg";
LOADER_V2_DEVICE_NAME = "DFU";
LandscapeScreenProportion = 0.5;
byte[] array = new byte[16];
RuntimeHelpers.InitializeArray((global::System.Array)array, (RuntimeFieldHandle)/*OpCode not supported: LdMemberToken*/);
SecretKey = array;
}
How might I work out what SecretKey is? Maybe the IL code could be inspected (foreign to me)? Could I build an executable that runs the constructor in the dll somehow?
