Connection to Mi Band 2

Question

Can not connect to the mi band 2 using pangliang/miband-sdk-android lib. I unpaired the band and removed mifit app.

Here is code sample.

final MiBand miband = new MiBand(TestActivity.this.getApplicationContext());

    final ScanCallback scanCallback = new ScanCallback() {
        @Override
        public void onScanResult(int callbackType, ScanResult result) {
            BluetoothDevice device = result.getDevice();
            miband.connect(device, new ActionCallback() {

                @Override
                public void onSuccess(Object data) {
                }

                @Override
                public void onFail(int errorCode, String msg) {
                }
            });
        }
    };

    MiBand.startScan(scanCallback);

    MiBand.stopScan(scanCallback);

Logs:

D/BluetoothLeScanner: Start Scan
D/BluetoothAdapter: STATE_ON
D/BluetoothAdapter: STATE_ON
D/BluetoothAdapter: STATE_ON
D/BluetoothAdapter: STATE_ON
D/BluetoothLeScanner: onClientRegistered() - status=0 clientIf=6

Android version 6.0.1.

Also, i tried to connect without any additional libs and with paulgavrikov/xiaomi-miband-android library, and there is no effect in both cases.

What seems to be the problem? Is there any tricks to connect to mi band?

Answer 1

I've discovered two things: first - my question wasn't clear enough, and second - mi band 2 has another сonnection sequence and another service uuids.

When we start scanning for a BT devices, we use ScanCallback. When we get something in onScanResult method, we can try to connect to that device and we need to use GattCallback in this case.

Now we need to find a characteristic for auth with UUID "00000009-0000-3512-2118-0009af100700".

When we found it, we need to enable notifications on it:

private void enableNotifications(BluetoothGattCharacteristic chrt) {
        bluetoothGatt.setCharacteristicNotification(chrt, true);
        for (BluetoothGattDescriptor descriptor : chrt.getDescriptors()){
            if (descriptor.getUuid().equals(UUID.fromString("00002902-0000-1000-8000-00805f9b34fb"))) {
                Log.i("INFO", "Found NOTIFICATION BluetoothGattDescriptor: " + descriptor.getUuid().toString());
                descriptor.setValue(BluetoothGattDescriptor.ENABLE_NOTIFICATION_VALUE);
            }
        }
    }

Now we need to write a new value to auth characteristic:

chrt.setValue(new byte[]{0x01, 0x8, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45}); gatt.writeCharacteristic(chrt);

The first and the secon byte values are for auth, and the last of them are the key for auth.

Now we are waiting for some response in onCharacteristicChanged method and when we get there we must be sure that it was auth characteristic changed with right UUID. After that we get its value byte[] value = characteristic.getValue();

The first three bytes we get must be like this {0x10, 0x01, 0x01} and if it is ok, we write another request:

characteristic.setValue(new byte[]{0x02, 0x8});
gatt.writeCharacteristic(characteristic);

The first three bytes we get in response must be like this {0x10, 0x02, 0x01} and if it is ok, we write another request but now we need to use AES chipher:

byte[] value = characteristic.getValue();
byte[] tmpValue = Arrays.copyOfRange(value, 3, 19);
Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");

// here we use key like in our firt requst
SecretKeySpec key = new SecretKeySpec(new byte[] {0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45}, "AES");

cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] bytes = cipher.doFinal(tmpValue);

byte[] rq = ArrayUtils.addAll(new byte[]{0x03, 0x8}, bytes);
characteristic.setValue(rq);
gatt.writeCharacteristic(characteristic);

And now we wait for the last response from mi band 2, when we get it the first three bytes must be like this {0x10, 0x03, 0x01}.

That all steps of auth we need to do with Mi band 2. Hope this could be helpful for someone.