homekit.md
August 27, 2020 ยท View on GitHub
HomeKit Message
HomeKit is Apple's smart home framework, and HomeKit messages are broadcast continuously by HomeKit compatible devices. This message type was first described by Guillaume Celosia and Mathieu Cunche in Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols. Celosia et al. note that the Global State Number field increments at each state change by a HomeKit device, which leaks information about the device usage.
HomeKit Message (btcommon.apple.type == 0x06)(This needs more work)
| Field Name | Info | Example | Length | Type | Notes |
|---|---|---|---|---|---|
| btcommon.apple.homekit.status | Status Flags | 01 | 1 | Bytes | Not sure what th flags mean |
| btcommon.apple.homekit.deviceid | Device ID | 222022f38f01 | 6 | Bytes | |
| btcommon.apple.homekit.category | Category | Range Extender (0x1000) | 2 | UINT16 | |
| btcommon.apple.homekit.globalstatenum | Global State Number | fa92 | 2 | Bytes | Don't know what this is |
| btcommon.apple.homekit.date | Unkown Data (maybe encrypted) | 02 | 12 | Bytes | Don't know what this is |
| btcommon.apple.homekit.confignum | Configuration Number | 02 | 1 | Bytes | Don't know what this is |
| btcommon.apple.homekit.compver | Compatible Version | c7 | 1 | Bytes | Don't know what this is |
The message fields, observed values and their meaning:
- Type: 1 byte, 0x06 -- indicates a HomeKit message
- Length: 1 byte, 0x0d -- number of bytes in message payload
- Status flags: 1 byte
- Device ID: 6 bytes
- Category: 2 bytes
- Global State Number: 2 bytes
- Configuration Number: 1 byte
- Compatible Version: 1 byte