Re: Re: Re: Re: Re: Re: Changing back to unencrypted version?

• From: Axelle <aafortinet@xxxxxxxxx>
• To: dsx@xxxxxxxxxx
• Date: Fri, 20 May 2016 11:19:13 +0200

Hi Dany,

Your last megadump, the one that is unencrypted seems very strange to
me. I wrote a quick Python parser, and let me explain:

Flex MegaDump Response File:
-----------
Device model:             28                 Flex
Device type:             02              Tracker
Security scheme:       0000          Unencrypted
Sequence counter:                        01000000
Walking stride length:       d202                  722 mm
Running stride length:       8903                  905 mm
BMR:               b004                 1200

=> this one seems quite ok to me. Plausible values for stride lengths
for instance.

First MegaDump received after this upload (encrypted):
------------------------
Device model:             28                 Flex
Device type:             02              Tracker
Security scheme:       0100            Encrypted
Sequence counter:                        09000000
Model identifier:     574c301107                 Flex
Encrypted data:            a99fcf33ebb95acbf29dd5 ...

=> that seems correct too.

second MegaDump (now unencrypted!):
--------------------------------------------------
Device model:             28                 Flex
Device type:             02              Tracker
Security scheme:       0000          Unencrypted
Sequence counter:                        00000000
Walking stride length:       1107                 1809 mm
Running stride length:       0740                16391 mm
BMR:               0740                16391

=> this seems buggy. No sequence counter + same value for running
stride length and BMR + walking & running stride lengths are far too
long.

Or we're not understanding the megadump format correctly.

Cheers,

-- Axelle


On Tue, May 17, 2016 at 8:42 PM, dsx@xxxxxxxxxx <dsx@xxxxxxxxxx> wrote:

Hi Gang

I did some more experiments loading a fitbit flex tracker with a manually 
created server response, rather than from the fitbit web server.

It works well (needed to adjust some crc values in the response sent to the 
tracker, etc.).

But the most strange thing happening from time to time is, that after loading 
the tracker with a new manual server response,
the megadump followed sometimes is "ENCRYPTED" (see below).

Then after doing a second megadump (w/o a server response in between), it 
switches back to "UNENCRYPTED" ??!?

I still dont' know exactly what causes it to switch between "encrypted" and 
back to "unencrypted" megadump  output, but it does
(at least my flex tracker does). So, I'm still very convinced that the 
tracker can output megadumps in both forms, and the hidden
bit is somewhere in the megadump response file sent to the tracker.

Here is the output of my recent experiment:

Uploaded the following manually created server response file to the tracker:

Flex MegaDump Response File:
2802000000000100000000000000d2028903b004
52091c1d00000000000000ff08002248414c4c4f
20202020224245524549543f2020225355504552
21202020224a5548552120202020340000000020
0000000000000000000000000000000000005648
3b57000000000000000000000000000000000000
0000000000000000040000000556483b57024ceb
39570156483b5704be453b570100000001102700
80000000000afff03f03f03f03f0381c00000000
763e000000000000aa0000

First MegaDump received after this upload (encrypted):

2802000001000900000009574c301107a99fcf33
ebb95acbf29dd59ca87e00a9ba4a8e03bd243e6d
f0f7b38cab26364e84850e5e093b2a63cdb1caaa
8fe009806230fe10fe4dd62c108f61e24757be78
d7c6b9611dfe3e5cd819c445a6030f80a74471a9
b16b9fe9bd6f346c8c47de98112165fabb9246a1
a92980c0133e4640cf5b5c0b5b971fd3aa3e25d4
336d1c0932cb143d3077701faefd260475a78855
33729e6d5a01a7f385c3af5d238116b862d0a830
361643cc11dd5596e6d9b51f9a96af04341f68a6
72e4957a3d22b01c679d39c30e78e240850395ae
d1be9982e101af2ed2fce241ddb4325fd2321f6d
d94c2b13c3632d8ffa4585aa400926fa65f2f8a8
55472f54b68760d89d031ceaf214ffe50253a2ef
7f2c608189443dbcfc8a1e810aa9a458aaee739d
760b30e20c0100

Immediately, followed by a second MegaDump (now unencrypted!):

2802000000000000000009574c30110707400740
0000000000000000000014148e0e141800000000
d2028903b00452091c1d00000000000000ff0800
2248414c4c4f20202020224245524549543f2020
22535550455221202020224a5548552120202020
3400000000200000000000000000000000000000
00000000c0c0dd92133a570802053b5700a63c00
0000a63c3b570e00053a57009213000000a63c3b
570b00050000000000000000a63c3b570b010500
00000000000000a63c3b570b0205000000000000
0000a63c3b570b04050000000000000000a63c3b
572300059a0000a0bf0000004ceb39572300052f
0400ae4f000000c0c0c0ddc0c0c0ddc0c0c0dd62
3d3b5714000000000000000000000000000000be
453b577c010000000000000000000000000000c0
00000000c0c0ddc02dd4000000000000200100

Note: both megadumps are from the same tracker just a couple of seconds later.

Regards, Dany

• Follow-Ups:
  • Re: Re: Re: Re: Re: Re: Re: Changing back to unencrypted version?
    • From: dsx@xxxxxxxxxx

• References:
  • Re: Changing back to unencrypted version?
    • From: Axelle
  • Re: Re: Changing back to unencrypted version?
    • From: dsx@xxxxxxxxxx
  • Re: Re: Re: Changing back to unencrypted version?
    • From: dsx@xxxxxxxxxx
  • Re: Re: Re: Changing back to unencrypted version?
    • From: Axelle
  • Re: Re: Re: Re: Changing back to unencrypted version?
    • From: dsx@xxxxxxxxxx
  • Re: Re: Re: Re: Changing back to unencrypted version?
    • From: Axelle
  • Re: Re: Re: Re: Re: Changing back to unencrypted version?
    • From: dsx@xxxxxxxxxx
  • Re: Re: Re: Re: Re: Re: Changing back to unencrypted version?
    • From: dsx@xxxxxxxxxx

Other related posts:

• » Re: Re: Re: Re: Re: Re: Changing back to unencrypted version?- dsx@xxxxxxxxxx
• » Re: Re: Re: Re: Re: Re: Changing back to unencrypted version? - Axelle

1. Home
2. galileo
3. Archive
4. 05-2016

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---