Support for new (Dez 20) firmware

[nrother]

The new thermostat firmware 1.46 (from December 2020) seems to improves security and requires proper pairing of the thermostats.

I managed to pair them using bluetoothctl, and was kind-of able to talk to them using gatttool. Communication though this library fails, though. Is there anything you can do about this? Let me know if I can help you debugging.

I'm using a Raspberry Pi with RPi OS 10.

[ChrisScheffler]

Hello @nrother,
thank you for your report. I updated one of my devices and tried the sample script on it.
On first connect I was asked for the PIN by the OS (MacOS) and after entering the PIN (you receive it by long-pressing the termperature-dial) i could read and write with the library.
I have not tested it with linux so far. Could you try again after pairing with bluetoothctl?

[nrother]

Thanks for your quick reply and testing!

I've done the following on my Raspberry PI 3 B+ with NodeJS 12.20.0:

$ sudo bluetoothctl
[bluetooth]# scan on
[...]
[NEW] Device 00:1A:22:0D:D0:20 CC-RT-BLE
[...]
[bluetooth]# scan off
Discovery stopped
[bluetooth]# pair 00:1A:22:0D:D0:20
Attempting to pair with 00:1A:22:0D:D0:20
[CHG] Device 00:1A:22:0D:D0:20 Connected: yes
Request passkey
[...]
Pairing successful
[CC-RT-BLE]# trust
[CHG] Device 00:1A:22:0D:D0:20 Trusted: yes
Changing 00:1A:22:0D:D0:20 trust succeeded
[CC-RT-BLE]# disconnect
Attempting to disconnect from 00:1A:22:0D:D0:20
[CHG] Device 00:1A:22:0D:D0:20 ServicesResolved: no
Successful disconnected
[CHG] Device 00:1A:22:0D:D0:20 Connected: no
[bluetooth]# info 00:1A:22:0D:D0:20
Device 00:1A:22:0D:D0:20 (public)
        Name: CC-RT-BLE
        Alias: CC-RT-BLE
        Paired: yes
        Trusted: yes
        Blocked: no
        Connected: no
        LegacyPairing: no
        UUID: Generic Access Profile    (00001800-0000-1000-8000-00805f9b34fb)
        UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
        UUID: Device Information        (0000180a-0000-1000-8000-00805f9b34fb)
        UUID: Vendor specific           (3e135142-654f-9090-134a-a6ff5bb77046)
        UUID: Vendor specific           (9e5d1e47-5c13-43a0-8635-82ad38a1386f)
        ManufacturerData Key: 0x0000
        ManufacturerData Value:
  00 00 00 00 00 00 00 00 00                       .........
[bluetooth]# quit

Connection with eq3.exp from Heckie75 works. Interestingly, the first connection attempt with eq3.exp failed with Error: connect error: Function not implemented (38), but it seems to work reliably now.

I found this line in the syslog, which appeared at some time during the pairing process with `bluetootctl:

kernel: Bluetooth: hci0: unexpected SMP command 0x0b from 00:1a:22:0d:d0:20

Now I started playing with your library:

pi@raspberrypi:/opt/iobroker/iobroker.eq3-cc-rtble $ node -v
v12.20.0
pi@raspberrypi:/opt/iobroker/iobroker.eq3-cc-rtble $ DEBUG=ccrtble* node --experimental-repl-await
Welcome to Node.js v12.20.0.
Type ".help" for more information.
> const ccrtble = require("ccrtble");
undefined
  ccrtble adapter changed to to 'poweredOn' +0ms
> const devs = await ccrtble.discover()
  ccrtble starting discovery with 10000ms duration +9s
  ccrtble discovery started +6ms
  ccrtble discovered device @ 00:1a:22:0e:d7:e7 +442ms
  ccrtble discovered device @ 00:1a:22:0d:d0:20 +275ms
  ccrtble discovered device @ 00:1a:22:0e:d7:df +36ms
  ccrtble duration reached, stopping discovery +9s
  ccrtble discovery finished +6ms
undefined
> let d = devs[1]
undefined
> d.address
'00:1a:22:0d:d0:20'
> await d.getStatus()
  ccrtble:device:00:1a:22:0d:d0:20 initiating connection +0ms
  ccrtble:device:00:1a:22:0d:d0:20 connected to device +4s
  ccrtble:device:00:1a:22:0d:d0:20 resolving services and characteristic +2ms
  ccrtble:device:00:1a:22:0d:d0:20 successfully resolved services and characteristics (5 / 22) +664ms
Uncaught TypeError: Cannot read property 'on' of undefined

I also tried with DEBUG=* which produces a lot of output, but this caught my eye:

  att 00:1a:22:0d:d0:20: read: 091520041a21042aebe0f4906c41af960929cd4d43e8d0 +29ms
  att 00:1a:22:0d:d0:20: write: 08220420020328 +0ms
  hci write acl data pkt - writing: 0240000b000700040008220420020328 +1ms
  hci onSocketData: 0240200900050004000108220401 +13ms
  hci   event type = 2 +1ms
  hci           cid = 4 +0ms
  hci           handle = 64 +0ms
  hci           data = 0108220401 +0ms
  att 00:1a:22:0d:d0:20: read: 0108220401 +14ms
  ccrtble:device:00:1a:22:0d:d0:20 successfully resolved services and characteristics (5 / 22) +640ms
Uncaught TypeError: Cannot read property 'on' of undefined
  hci onSocketData: 0240200900050004000108220401 +14ms
  hci   event type = 2 +0ms
  hci           cid = 4 +0ms
  hci           handle = 64 +1ms
  hci           data = 0108220401 +0ms
  att 00:1a:22:0d:d0:20: uh oh, no current command +15ms

I'm unsure how to debug the TypeError, but maybe this helps you :)

[ChrisScheffler]

I can reproduce the problem with linux. It looks like noble doesn't handle smp correctly. I have to invest some time to analyze this behaviour.

[ChrisScheffler]

@nrother could you please test the branch encrypted_tests? you have to pair your device with bluetoothctl first.

sudo bluetoothctl
[bluetooth]# scan on
[bluetooth]# pair XX:XX:XX:XX:XX
[bluetooth]# trust XX:XX:XX:XX:XX
[bluetooth]# disconnect XX:XX:XX:XX:XX
[bluetooth]# exit

[nrother]

This version seems to work much better, reading now (mostly) works! Thank you for your work! I'm still seeing some timeouts, but this might be due to actual connection issues.

Playing with dev.getStatus() and dev.disconnect() (with 2 different devices) I sometimes still manage to crash something in noble(?):

> await d0.getStatus()
  ccrtble:device:00:1a:22:0e:d7:df initiating connection +22s
  ccrtble:device:00:1a:22:0e:d7:df connected to device +4s
/opt/iobroker/iobroker.eq3-cc-rtble/node_modules/@abandonware/noble/lib/hci-socket/gatt.js:157
    this.writeAtt(this._currentCommand.buffer);
                                       ^

TypeError: Cannot read property 'buffer' of null
    at Gatt.onAclStreamEncrypt (/opt/iobroker/iobroker.eq3-cc-rtble/node_modules/@abandonware/noble/lib/hci-socket/gatt.js:157:40)
    at AclStream.emit (events.js:314:20)
    at AclStream.EventEmitter.emit (domain.js:483:12)
    at AclStream.pushEncrypt (/opt/iobroker/iobroker.eq3-cc-rtble/node_modules/@abandonware/noble/lib/hci-socket/acl-stream.js:40:8)
    at NobleBindings.onEncryptChange (/opt/iobroker/iobroker.eq3-cc-rtble/node_modules/@abandonware/noble/lib/hci-socket/bindings.js:270:15)
    at Hci.emit (events.js:314:20)
    at Hci.EventEmitter.emit (domain.js:483:12)
    at Hci.onSocketData (/opt/iobroker/iobroker.eq3-cc-rtble/node_modules/@abandonware/noble/lib/hci-socket/hci.js:455:12)
    at BluetoothHciSocket.emit (events.js:314:20)
    at BluetoothHciSocket.EventEmitter.emit (domain.js:483:12)

Also, I sometimes see a warning noble warning: unknown peripheral 001a220ed7df

This might be problems in noble, so I'm not sure if you can do anything about that...