Add Bosch authentication support #4
Hey, any progress? I have gathered some info about it and if you have any progress lets see what can we do?
Hey, unfortunately I haven't had time to take a look at the Bosch app. I also don't have access to a bike with a Bosch motor to test either 😔
Please do feel free to share any information, more than happy to add support to BikeBridge.
@paychorealm69 wrote in #4 (comment):
Hey, any progress? I have gathered some info about it and if you have any progress lets see what can we do?
Hi @paychorealm69 and @bg443,
A quick update specifically on the authentication front, following some extensive MITM tracing and hardware testing over the last few days.
The great news for BikeBridge is: There is no proprietary app-level authentication handshake required to read live telemetry.
Unlike Shimano (which requires a specific challenge-response payload to be written to the bike), the Bosch Smart System's Live Data Interface (LDI) relies purely on standard Bluetooth LE Secure Connections (Bonding).
Here is how authentication works for Bosch telemetry:
The user pairs the bike via the standard Android Bluetooth settings (or a standard BLE pairing request is triggered).
Android stores the Long Term Keys (LTK).
When connecting, Android automatically encrypts the BLE link in the background.
As long as the link is encrypted, the Bosch bike cleanly accepts the standard 0x0100 CCCD write to enable the telemetry notifications on characteristic 00000011-eaa2-11e9-81b4-2a2ae2dbcce4.
The Caveat for Active Commands:
There very likely is a complex, proprietary cryptographic authentication mechanism, but it appears to be strictly isolated to the proprietary EBxx services. The official Flow App likely uses these for the "eBike Lock" feature and active motor configuration.
Since BikeBridge is operating as a read-only telemetry dashboard, we can completely bypass the proprietary authentication layer and rely entirely on standard OS-level Bluetooth bonding.
We are currently tracking the implementation of the telemetry parser over in #16!
No due date set.
No dependencies set.
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?