[huawei] Hacks for HiChainLite (Watch 3)

* use authMode instead of deviceSupportType * set authMode to 4 for hichain 3 and set 2 for any other hichain * use full HuaweiCrypto() constructor
2024-09-01 03:55:47 +02:00 · 2024-07-18 23:04:48 +08:00 · 2024-07-18 23:04:48 +08:00 · 676678defb
commit 676678defb
parent ae1cb4e893
8 changed files with 29 additions and 11 deletions
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/huawei/HuaweiCrypto.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/huawei/HuaweiCrypto.java
@ -83,15 +83,17 @@ public class HuaweiCrypto {
    protected int authVersion;
    protected int deviceSupportType;
    protected byte authAlgo;
+    protected  byte authMode;

    public HuaweiCrypto(int authVersion) {
        this.authVersion = authVersion;
    }

-    public HuaweiCrypto(int authVersion, byte authAlgo, int deviceSupportType) {
+    public HuaweiCrypto(int authVersion, byte authAlgo, int deviceSupportType, byte authMode) {
        this(authVersion);
        this.deviceSupportType = deviceSupportType;
        this.authAlgo = authAlgo;
+        this.authMode = authMode;
    }

    public static byte[] generateNonce() {
@ -150,7 +152,7 @@ public class HuaweiCrypto {
    }

    public byte[] digestChallenge(byte[] secretKey, byte[] nonce) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException, UnsupportedEncodingException {
-        if (deviceSupportType == 0x02) {
+        if (authMode == 0x02) {
            if (secretKey == null)
                return null;
            if (authVersion == 0x02) {
@ -170,7 +172,7 @@ public class HuaweiCrypto {
    }

    public byte[] digestResponse(byte[] secretKey, byte[] nonce) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException, UnsupportedEncodingException {
-        if (deviceSupportType == 0x02) {
+        if (authMode == 0x02) {
            if (secretKey == null)
                return null;
            if (authVersion == 0x02) {
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/huawei/HuaweiPacket.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/huawei/HuaweiPacket.java
@ -64,6 +64,7 @@ public class HuaweiPacket {
        protected byte authAlgo;
        protected byte encryptMethod;
        protected byte[] firstKey;
+        protected  byte authMode;

        public void setAuthVersion(byte authVersion) {
            this.authVersion = authVersion;
@ -128,6 +129,10 @@ public class HuaweiPacket {
            return this.interval;
        }

+        public byte getAuthMode() { return this.authMode; }
+
+        public void setAuthMode(byte authMode) { this.authMode = authMode; }
+
        public byte[] getIv() {
            byte[] iv = null;
            if (this.deviceSupportType == 0x04) {
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/huawei/packets/DeviceConfig.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/devices/huawei/packets/DeviceConfig.java
@ -605,7 +605,7 @@ public class DeviceConfig {
                this.tlv = new HuaweiTLV()
                        .put(0x01, challenge)
                        .put(0x02, nonce);
-                if (paramsProvider.getDeviceSupportType() == 0x02)
+                if (paramsProvider.getAuthMode() == 0x02)
                    this.tlv.put(0x03, paramsProvider.getAuthAlgo());
                this.isEncrypted = false;
                this.complete = true;
@ -1402,7 +1402,7 @@ public class DeviceConfig {
                byte[] message = this.tlv.getBytes(0x01);
                byte[] iv = this.tlv.getBytes(0x02);

-                HuaweiCrypto huaweiCrypto = new HuaweiCrypto(paramsProvider.getAuthVersion());
+                HuaweiCrypto huaweiCrypto = new HuaweiCrypto(paramsProvider.getAuthVersion(), paramsProvider.getAuthAlgo(), paramsProvider.getDeviceSupportType(), paramsProvider.getAuthMode());
                try {
                    pinCode = huaweiCrypto.decryptPinCode(paramsProvider.getEncryptMethod(), message, iv);
                } catch (HuaweiCrypto.CryptoException e) {
@ -1538,6 +1538,10 @@ public class DeviceConfig {
                if (authMode == 0x04)
                    this.tlv.put(0x06)
                            .put(0x07, phoneModel);
+                if (paramsProvider.getEncryptMethod() == 1 )
+                        this.tlv.put(0xd, (byte)0x1);
+
+
                this.complete = true;
                this.isEncrypted = false;
            }
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/HuaweiSupportProvider.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/HuaweiSupportProvider.java
@ -418,6 +418,11 @@ public class HuaweiSupportProvider {
    protected void initializeDeviceDealHiChain(final Request linkParamsReq) {
        try {
            if (isHiChain()) {
+
+                if (paramsProvider.getDeviceSupportType() == 4 )
+                    paramsProvider.setAuthMode((byte)4);
+                else
+                    paramsProvider.setAuthMode((byte)2);
                final GetSecurityNegotiationRequest securityNegoReq = new GetSecurityNegotiationRequest(this);
                RequestCallback securityFinalizeReq = new RequestCallback(this) {
                    @Override
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/requests/GetAuthRequest.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/requests/GetAuthRequest.java
@ -43,6 +43,7 @@ public class GetAuthRequest extends Request {
    protected byte[] doubleNonce;
    protected byte[] key = null;
    protected byte deviceSupportType;
+    protected byte authMode;

    public GetAuthRequest(HuaweiSupportProvider support,
            Request linkParamsReq) {
@ -57,7 +58,8 @@ public class GetAuthRequest extends Request {
        this.authVersion = paramsProvider.getAuthVersion();
        this.authAlgo = paramsProvider.getAuthAlgo();
        this.deviceSupportType = paramsProvider.getDeviceSupportType();
-        this.huaweiCrypto = new HuaweiCrypto(authVersion, authAlgo, deviceSupportType);
+        this.authMode = paramsProvider.getAuthMode();
+        this.huaweiCrypto = new HuaweiCrypto(authVersion, authAlgo, deviceSupportType, authMode);
    }

    @Override
@ -65,7 +67,7 @@ public class GetAuthRequest extends Request {
        byte[] nonce;

        try {
-            if (deviceSupportType == 0x02) {
+            if (authMode == 0x02) {
                key = paramsProvider.getPinCode();
                if (authVersion == 0x02)
                    key = paramsProvider.getSecretKey();
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/requests/GetBondParamsRequest.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/requests/GetBondParamsRequest.java
@ -55,7 +55,7 @@ public class GetBondParamsRequest extends Request {
            throw new ResponseTypeMismatchException(receivedPacket, DeviceConfig.BondParams.Response.class);

        paramsProvider.setEncryptionCounter(((DeviceConfig.BondParams.Response) receivedPacket).encryptionCounter);
-        if (paramsProvider.getDeviceSupportType() != 0x02) {
+        if (paramsProvider.getAuthMode() != 0x02) {
            if (((DeviceConfig.BondParams.Response) receivedPacket).status == 1) {
                stopChain(this);
            }
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/requests/GetBondRequest.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/requests/GetBondRequest.java
@ -49,9 +49,9 @@ public class GetBondRequest extends Request {
    protected List<byte[]> createRequest() throws RequestCreationException {
        try {
            byte[] iv = paramsProvider.getIv();
-            huaweiCrypto = new HuaweiCrypto(paramsProvider.getAuthVersion());
+            huaweiCrypto = new HuaweiCrypto(paramsProvider.getAuthVersion(), paramsProvider.getAuthAlgo(), paramsProvider.getDeviceSupportType(), paramsProvider.getAuthMode());
            byte[] encryptionKey;
-            if (paramsProvider.getDeviceSupportType() == 0x02) { //HiChainLite
+            if (paramsProvider.getAuthMode() == 0x02) { //HiChainLite
                encryptionKey = paramsProvider.getFirstKey();
            } else {
                encryptionKey = huaweiCrypto.createSecretKey(supportProvider.getDeviceMac());
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/requests/GetSecurityNegotiationRequest.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huawei/requests/GetSecurityNegotiationRequest.java
@ -42,7 +42,7 @@ public class GetSecurityNegotiationRequest extends Request {
        try {
            return new DeviceConfig.SecurityNegotiation.Request(
                    paramsProvider,
-                    paramsProvider.getDeviceSupportType(),
+                    paramsProvider.getAuthMode(),
                    supportProvider.getAndroidId(),
                    Build.MODEL
                ).serialize();