Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Libre 2 Protocol #8

Open
DreadRoberts opened this issue Jul 13, 2019 · 12 comments
Open

Libre 2 Protocol #8

DreadRoberts opened this issue Jul 13, 2019 · 12 comments

Comments

@DreadRoberts
Copy link

@DreadRoberts DreadRoberts commented Jul 13, 2019

I have a Libre 2 and would like to get the data from it. Did you have the chance to look at the protocol of such a device?

@Flameeyes

This comment has been minimized.

Copy link
Collaborator

@Flameeyes Flameeyes commented Jul 14, 2019

I don't have a Libre2 myself to reverse, as it is not available in the UK where I live, which is why there are no specs here for it yet.
If you want to try your luck at taking a look at the protocol and see if it uses the usual FreeStyle base, it might be possible to get it documented still.

@pascalfribi

This comment has been minimized.

Copy link
Contributor

@pascalfribi pascalfribi commented Aug 3, 2019

Just as some info. I was trying to get data from a Libre 2. I do not have one myself but had to remotely debug.

The libre 2 seems to respond to the commands of the original Libre. Especially reading serial number and stuff works.

But $history? or $arresult? return Garbage. This will return a lot of data, but the content is always the same thing which does not make any sense.

As I do not have a device myself it is hard to debug this any further.

@Flameeyes

This comment has been minimized.

Copy link
Collaborator

@Flameeyes Flameeyes commented Sep 15, 2019

I've added a file with the list of known commands from the previous FreeStyle devices in Flameeyes/glucometerutils@beecba3

You can run it with

./reversing_tools/abbott/freestyle_hid_console.py /dev/hidraw2 < reversing_tools/abbott/known-commands.txt

to generate a log of responses to those. Maybe they use some of the other answers this time around.

@steve8x8

This comment has been minimized.

Copy link

@steve8x8 steve8x8 commented Nov 18, 2019

Using strings -n 4 $file | LANG=C grep '^\$[a-z][a-z0-9]*[a-z][,?]*$' | LANG=C sort > commands with the firmware file extracted from the MacOSX app, I have built a new list of possible commands.
Since it will take several days (or longer) for me to get hold of the reader device again, perhaps someone else can make some sophisticated use of the list?

@DreadRoberts

This comment has been minimized.

Copy link
Author

@DreadRoberts DreadRoberts commented Dec 3, 2019

I think the Libre 2 is encrypting the data some how with the serial number

@deival1980

This comment has been minimized.

Copy link

@deival1980 deival1980 commented Dec 17, 2019

Hello DreadRoberts,
how do you come to the conclusion that the data might be encrypted?
Can you share some data with us?

@deival1980

This comment has been minimized.

Copy link

@deival1980 deival1980 commented Dec 17, 2019

Is it possible that it is the same on Libre1 reader with the most actual firmware 2.4.8 installed?
I now see in Wireshark what you are meaning I think.
With the Libre1 and firmware 2.4.8 I see also at beginning of USB transfer a message saying "ECDHE-RSA-AES256-GCM-SHA384" afterwards the only message is ASCII readable is the message with the serial number of the reader. The rest seems to be encrypted maybe really with the serial number...

@deival1980

This comment has been minimized.

Copy link

@deival1980 deival1980 commented Dec 17, 2019

My previous paoting is not completely correct, the plain text command "$patch" at the end of the transfer of the original software (Libre1 FW v2.4.8)also seems to report unencrypted data.

@DreadRoberts

This comment has been minimized.

Copy link
Author

@DreadRoberts DreadRoberts commented Dec 31, 2019

Is the firmware automatically updated when the Libre 1 device is connected to the Libre Software?
My current understanding of the process is the following:

  1. Software: request the Serialnumber with the command 0x05
  2. Device: answer to request with 0x06
  3. Software: sending challenge based on the serial number with 0x14
  4. Device: answer to challenge with 0x33

I also wrote a small python script to communicate with the device to test various commands (pywinusb is required):

import pywinusb.hid as hid
import time
import datetime

all_devices = hid.HidDeviceFilter(vendor_id = 0x1a61).get_devices()
target_usage= hid.get_full_usage_id(0xFF00, 0x01)
data_buffer_ascii = []

def response_handler(data):
    global data_buffer
    global data_buffer_ascii
    data_buffer = data[1:]
    data_buffer_ascii = []
    data_buffer_ascii.append("".join(chr(d) for d in data[3:data[2]+2])) # data[2] defines the length of the response

device = all_devices[0]
device.open()
device.set_raw_data_handler(response_handler)

data_sn = [0] * 65
data_sn[1] = 0x05 # serial number
# data[1] = 0x15 software version

device.send_output_report(data_sn)
time.sleep(0.5)
print(data_buffer_ascii)
@steve8x8

This comment has been minimized.

Copy link

@steve8x8 steve8x8 commented Jan 6, 2020

For a reason that isn't completely clear to me (I'm a Python absolute beginner), the freestyle_hid_console.py script by Flameeyes does not work, as reported in Flameeyes/glucometerutils#68 - but I do have a spare device and am willing to run some more tests if guided appropriately.

@Flameeyes

This comment has been minimized.

Copy link
Collaborator

@Flameeyes Flameeyes commented Jan 21, 2020

@DreadRoberts which (country) site did you manage to find desktop software for the Libre 2? I was provided with a device to test with, but on the German website there's no desktop software at all.

@steve8x8

This comment has been minimized.

Copy link

@steve8x8 steve8x8 commented Jan 22, 2020

If you're registered you get access to FreeStyleLibreInstaller-EU_7184.exe roughly 60 MB in size; there's also a MacOS app (53MB). Whichever link you send through GMail, a Google proxy will visit it...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.