Actually some interesting changes in the latest app versions:
- Added a ton more error and warning messaging for faults in the BMS, inverter, etc. Unclear if this is visible in the UI yet, but seems like they are trying to give users access to more information that was previously not shown.
- Added a mechanism for firmware updates over Wi-Fi, I imagine this may be a mitigation strategy with the new BLE security stuff to avoid the possibility of bricking bikes.
- Some indications for a new BLE data-transport format based on TLVs, don't really think this is used much yet.
For the authentication changes (probably just interesting to the handful of people building their own stuff off the BLE interface):
- Enable notifications on 0x1001
- Read 32-byte nonce from 0x1001
- Compute auth payload using functions from 'libnativecrypto.so': buildAuthPayloadV2(vin, normalizedSoldDate, variant=2, nonce)
- Write auth payload to 0x1001
This leaves two main complications moving forward, dealing with 'libnativecrypto.so' calls and passing a proper 'normalizedSoldDate' (in the form 19700101). There are various anti-tamper methods in the JNI module and in the end it was easier for me to just reverse engineer and port the functions to Rust (can provide the source if you message me, otherwise gets a bit weird with licensing). For the second, I believe this should be easy enough for users to guess/find and input before connecting for the first time.
I have a version of Svag which may support these changes, however it'll have to wait until my bike gets the firmware update for full testing.
