atc1441/Activate a new device Mi Home Thermometer

## Activate a new device Mi Home Thermometer


This data can be found after activation on the MCUs flash, it contains the DID, Token and BindKey, also the Mac can be found in flash:
00 00 <-ID
1C    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <-Length and data
01 00
14    00 62 6C 74 2E 34 2E 31 34 30 68 66 71 6A 38 73 67 6B 30 30 <- Device ID
10 00
1C    D7 74 84 57 B3 00 61 19 A4 49 EC 44 95 81 56 FF 4A 16 3E 88 C5 2C FA 2E 2A 9C D9 C3 <- The shared KEY?
      <--- Token -----------------------> <-------------  Bind Key---------------------->
04 00
04    00 00 00 00

ASCII:
��������������������������������blt.4.140hfqj8sgk00�×t„W³�a¤IìD•VÿJ>ˆÅ,ú.*œÙÃ�����

Maybe important: 74 B1 94 38 C1 A4 C2 05  <-- MAC Address reversed. last two bytes unknown

###############################################
###############################################

This is the Acitvation and key entry of a new Device

###############################################
###############################################

Subscripe to notification from char 0x0010 and 0x0019

First read of Firmware id 0x0004
HEX:   31 2e 30 2e 30 5f 30 30 30 31 00 00 00 00 00 00 00 00 00 00
ASCII: 1.0.0_0001

Send write to:
0x0010 a2 00 00 00     <-- Get activating status

Notifi from 0x0019 -> 00 00 00 00 01 00    <---- if this is 02 then there is already a key active

Write to:
0x0019 -> 00 00 01 01    <-- Receive Ready

Notifi from 0x0019 -> 01 00 01 00   <--- if a key is already active then this would the device ID like "blt.4.140hfqj8sgk00"
##### Example of answer when activated #####
Notifi from 0x0019 -> 01 00 01 00 00 00 00 62 6c 74 2e 34 2e 31 34 30 64 63 37 31
Notifi from 0x0019 -> 02 00 36 34 67 63 30 30
############################################

Write to:
0x0019 -> 00 00 01 00    <-- Receive Ok
Write to:
0x0010 -> 15 00 00 00

Write to:
0x0019 -> 00 00 00 03 04 00

Notifi from 0x0019 -> 00 00 01 01

Write to:
0x0019 -> 01 00 6f ba 85 5d 10 cb 11 92 1f 60 a4 e5 d7 20 ba 3e b2 b2

Write to:
0x0019 -> 02 00 69 91 c8 d7 35 d5 f3 25 a6 9e 2b 4d c4 de 1d 01 35 4e

Write to:
0x0019 -> 03 00 86 0a a6 f6 4a 1c 35 65 5b f0 39 c2 5f 45 ef 9e 96 f1

Write to:
0x0019 -> 04 00 19 9b bb 3b cd 78 66 48 5f de

Notifi from 0x0019 -> 00 00 01 00

Notifi from 0x0019 -> 00 00 00 03 04 00

Write to:
0x0019 -> 00 00 01 01

Notifi from 0x0019 -> 01 00 f8 55 96 d4 95 96 ac 8e 58 88 05 04 c7 d0 09 ba 87 2e

Notifi from 0x0019 -> 02 00 08 16 b4 62 67 6b d4 ca 27 da 92 e7 d0 db 63 90 65 e7

Notifi from 0x0019 -> 03 00 4f f8 64 06 aa 1a 5e 78 e2 f3 48 7b de 14 7f 28 f6 af

Notifi from 0x0019 -> 04 00 8c e7 fd e0 e7 46 d8 47 1c d4

Write to:
0x0019 -> 00 00 01 00

Write to:
0x0019 -> 00 00 00 00 02 00

Notifi from 0x0019 -> 00 00 01 01

Write to:
0x0019 -> 01 00 dc 8b e6 a2 6e 6c 93 5d 67 2b 01 19 0f 53 00 3c 07 d5

Write to:
0x0019 -> 02 00 91 19 90 8d 87 41

Notifi from 0x0019 -> 00 00 01 00

Send write to:
0x0010 13 00 00 00

Notifi from 0x0010 -> 11 00 00 00

###############################################
###############################################

From here its the connection to that specific device with the new key.

###############################################
###############################################

Send write to:
0x0010 24 00 00 00

Write to:
0x0019 -> 00 00 00 0b 01 00

Notifi from 0x0019 -> 00 00 01 01

Write to:
0x0019 -> 01 00 7c ad b1 75 f4 e0 d3 2a ec 1a 9b 01 32 ea 19 91

Notifi from 0x0019 -> 00 00 01 00

Notifi from 0x0019 -> 00 00 00 0d 01 00

Write to:
0x0019 -> 00 00 01 01

Notifi from 0x0019 -> 01 00 2a a1 e9 da de a8 25 c5 d5 bb c8 7b 9b e4 34 a3

Write to:
0x0019 -> 00 00 01 00

Notifi from 0x0019 -> 00 00 00 0c 02 00

Write to:
0x0019 -> 00 00 01 01

Notifi from 0x0019 -> 01 00 0f bc 4d 59 eb f8 18 44 78 e2 01 2a 7c d2 2a d4 ef bc

Notifi from 0x0019 -> 02 00 8f 00 50 a4 08 22 79 05 ed 46 97 a2 95 11

Write to:
0x0019 -> 00 00 01 00

Write to:
0x0019 -> 00 00 00 0a 02 00

Notifi from 0x0019 -> 00 00 01 01

Write to:
0x0019 -> 01 00 e7 11 5a 5f 31 34 74 b7 3d 2d f6 9a 4f a5 43 0d 93 d3

Write to:
0x0019 -> 02 00 20 2c 1c 28 63 45 aa a6 60 0e e5 e0 f2 66

Notifi from 0x0019 -> 00 00 01 00

Notifi from 0x0019 -> 21 00 00 00


	This data can be found after activation on the MCUs flash, it contains the DID, Token and BindKey, also the Mac can be found in flash:
	00 00 <-ID
	1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <-Length and data
	01 00
	14 00 62 6C 74 2E 34 2E 31 34 30 68 66 71 6A 38 73 67 6B 30 30 <- Device ID
	10 00
	1C D7 74 84 57 B3 00 61 19 A4 49 EC 44 95 81 56 FF 4A 16 3E 88 C5 2C FA 2E 2A 9C D9 C3 <- The shared KEY?
	<--- Token -----------------------> <------------- Bind Key---------------------->
	04 00
	04 00 00 00 00

	ASCII:
	��blt.4.140hfqj8sgk00�×t„W³�a¤IìD•VÿJ>ˆÅ,ú.*œÙÃ��

	Maybe important: 74 B1 94 38 C1 A4 C2 05 <-- MAC Address reversed. last two bytes unknown

	###############################################
	###############################################

	This is the Acitvation and key entry of a new Device

	###############################################
	###############################################

	Subscripe to notification from char 0x0010 and 0x0019

	First read of Firmware id 0x0004
	HEX: 31 2e 30 2e 30 5f 30 30 30 31 00 00 00 00 00 00 00 00 00 00
	ASCII: 1.0.0_0001

	Send write to:
	0x0010 a2 00 00 00 <-- Get activating status

	Notifi from 0x0019 -> 00 00 00 00 01 00 <---- if this is 02 then there is already a key active

	Write to:
	0x0019 -> 00 00 01 01 <-- Receive Ready

	Notifi from 0x0019 -> 01 00 01 00 <--- if a key is already active then this would the device ID like "blt.4.140hfqj8sgk00"
	##### Example of answer when activated #####
	Notifi from 0x0019 -> 01 00 01 00 00 00 00 62 6c 74 2e 34 2e 31 34 30 64 63 37 31
	Notifi from 0x0019 -> 02 00 36 34 67 63 30 30
	############################################

	Write to:
	0x0019 -> 00 00 01 00 <-- Receive Ok
	Write to:
	0x0010 -> 15 00 00 00

	Write to:
	0x0019 -> 00 00 00 03 04 00

	Notifi from 0x0019 -> 00 00 01 01

	Write to:
	0x0019 -> 01 00 6f ba 85 5d 10 cb 11 92 1f 60 a4 e5 d7 20 ba 3e b2 b2

	Write to:
	0x0019 -> 02 00 69 91 c8 d7 35 d5 f3 25 a6 9e 2b 4d c4 de 1d 01 35 4e

	Write to:
	0x0019 -> 03 00 86 0a a6 f6 4a 1c 35 65 5b f0 39 c2 5f 45 ef 9e 96 f1

	Write to:
	0x0019 -> 04 00 19 9b bb 3b cd 78 66 48 5f de

	Notifi from 0x0019 -> 00 00 01 00

	Notifi from 0x0019 -> 00 00 00 03 04 00

	Write to:
	0x0019 -> 00 00 01 01

	Notifi from 0x0019 -> 01 00 f8 55 96 d4 95 96 ac 8e 58 88 05 04 c7 d0 09 ba 87 2e

	Notifi from 0x0019 -> 02 00 08 16 b4 62 67 6b d4 ca 27 da 92 e7 d0 db 63 90 65 e7

	Notifi from 0x0019 -> 03 00 4f f8 64 06 aa 1a 5e 78 e2 f3 48 7b de 14 7f 28 f6 af

	Notifi from 0x0019 -> 04 00 8c e7 fd e0 e7 46 d8 47 1c d4

	Write to:
	0x0019 -> 00 00 01 00

	Write to:
	0x0019 -> 00 00 00 00 02 00

	Notifi from 0x0019 -> 00 00 01 01

	Write to:
	0x0019 -> 01 00 dc 8b e6 a2 6e 6c 93 5d 67 2b 01 19 0f 53 00 3c 07 d5

	Write to:
	0x0019 -> 02 00 91 19 90 8d 87 41

	Notifi from 0x0019 -> 00 00 01 00

	Send write to:
	0x0010 13 00 00 00

	Notifi from 0x0010 -> 11 00 00 00

	###############################################
	###############################################

	From here its the connection to that specific device with the new key.

	###############################################
	###############################################

	Send write to:
	0x0010 24 00 00 00

	Write to:
	0x0019 -> 00 00 00 0b 01 00

	Notifi from 0x0019 -> 00 00 01 01

	Write to:
	0x0019 -> 01 00 7c ad b1 75 f4 e0 d3 2a ec 1a 9b 01 32 ea 19 91

	Notifi from 0x0019 -> 00 00 01 00

	Notifi from 0x0019 -> 00 00 00 0d 01 00

	Write to:
	0x0019 -> 00 00 01 01

	Notifi from 0x0019 -> 01 00 2a a1 e9 da de a8 25 c5 d5 bb c8 7b 9b e4 34 a3

	Write to:
	0x0019 -> 00 00 01 00

	Notifi from 0x0019 -> 00 00 00 0c 02 00

	Write to:
	0x0019 -> 00 00 01 01

	Notifi from 0x0019 -> 01 00 0f bc 4d 59 eb f8 18 44 78 e2 01 2a 7c d2 2a d4 ef bc

	Notifi from 0x0019 -> 02 00 8f 00 50 a4 08 22 79 05 ed 46 97 a2 95 11

	Write to:
	0x0019 -> 00 00 01 00

	Write to:
	0x0019 -> 00 00 00 0a 02 00

	Notifi from 0x0019 -> 00 00 01 01

	Write to:
	0x0019 -> 01 00 e7 11 5a 5f 31 34 74 b7 3d 2d f6 9a 4f a5 43 0d 93 d3

	Write to:
	0x0019 -> 02 00 20 2c 1c 28 63 45 aa a6 60 0e e5 e0 f2 66

	Notifi from 0x0019 -> 00 00 01 00

	Notifi from 0x0019 -> 21 00 00 00