hey_siri.md
August 12, 2020 ยท View on GitHub
"Hey Siri" Message
"Hey Siri" messages are emitted by a device when the voice assistant Siri is used. Of note, a perceptual hash of the voice command is included in the packet. This message format, as well as a dictionary attack on the perceptual hash value was first described Guillaume Celosia and Mathieu Cunche in Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols.
Hey Siri Message (btcommon.apple.type == 0x08)
| Field Name | Info | Example | Length | Type | Notes |
|---|---|---|---|---|---|
| btcommon.apple.siri.perphash | Perceptual Hash of Command | d6ec | 2 | Bytes | From Cunche Paper |
| btcommon.apple.siri.snr | Signal-to-Noise Ration | 43 | 1 | Bytes | Not sure if dbm or db |
| btcommon.apple.siri.confidence | Confidence Level | 00 | 1 | Bytes | Not sure what scale is used |
| btcommon.apple.siri.deviceclass | Device Class | Homepod (0x0007) | 2 | UINT16 | |
| btcommon.apple.siri.randbyte | Random Byte | ca | 1 | Bytes | Not sure the purpose of this |
The message fields, observed values and their meaning:
- Type: 1 byte, 0x08 -- indicates a "Hey Siri" message
- Length: 1 byte, 0x07 -- number of bytes in message payload
- Perceptual Hash: 2 bytes -- perceptual hash of the user's voice command
- SNR: 1 byte
- Confidence: 1 byte
- Device Class: 2 bytes
- Random Byte: 1 byte