Breakout breakthrough

Last week I finally found some time to play with my recently received JN5168 modules and breakout boards. As of today I am able to connect any JN5168, with custom firmware, to my Hue. The problem I thought I was having was not with the Bee’s, but with the NXP demo software and a lost key.

Thanks to the comments of David, on this post, and not being able to connect my Bee’s anymore. I realised some info must have been lost and I started backtracking my findings. In this process I found the master key was never used. This made me realize the master key is only used during touchlink commissioning, which is never happening. So, the lights must connect through classical commissioning, and for that, another key is required as the default key is not working.

After reanalyzing the binaries from the inner light, I re-discovered the other secret key. The ZLL Commissioning trust centre link key : 81 42 86 86 5D C1 C8 B2 C8 CB C5 2E 5D 65 D1 B8. With this key in place I can once again, connect any jn5168 module to my Hue.

Next step; Modifying the NXP demo project to fit my needs.

Update (nov-21-2016)

Last week I succeeded in creating a custom ZLL device (2 actually, RGB and Monochrome). Read all about how you can connect your Mesh Bee to your Hue here: Custom firmware Hue lights.

 

Author: Peter

Comments

  1. Thanks, you are the best! This is exactly the key I was looking for. With this key I was able to decrypt the one packet that is sent when the lamp joins the hue network. An guess what, in this packet was the network key of my hue network. 🙂 After I added this key I was able to decrypt ALL network packets of my hue bridge. (Including the original lights)

    I now programed my Texas Instruments CC2531EMK with this network key, the hue pan id and the zigbee channel 11. (I had to plug out every lamp and the hue bridge for this to work, or else the TI stick just takes the next available pan id) I used the zigbee-gateway-server from the zigbee4java library to test if this works. After everything started up I switched on a cuple of lights and they automatically appeared in the console and I was able to control them! (Also the oder LivingColors remotes that I wasn’t able to join)

    The only thing that does not automatically appear is the Hue Tap switch. I hope the guys from zigbee4java will find a way to get those device to work too.

    Thanks again for your help!

  2. Hi Peter,

    thank you for sharing you insights !
    For some time I was thinking about the same project. I was wondering if it is possible to connect a microcontroller via Zigbee to the ‘Hue network’ and being noticed as a regular Hue device.
    If the answer was yes, I could imagine creating a custom PCB for controlling commercial RGB lightstrips. By adding an EEPROM for example, it could be realized to launch the last setting before power down, which I am missing on the original bulbs.

    A very interesting project. I will keep following your blog and maybe join the journey some day 😉

    Kind regards, David

    1. Hi David,

      There is no need to add an additional PCB, the JN5168 chip contains everything you need to do this, and more. I have already created custom firmware for a monochrome light and a color light, using nothing but the JN5168 onboard PWM pins to control the lights. A blog post with all the details is in the making, but it comes down to this; You can create custom lights, color and/or monochrome that will connect to a Philips Hue.

      Peter.

      1. Hi Peter,

        thank you for the reply !
        I thought about a custom PCB, because I guess you need some MOSFETs that are controlled by the JN5168’s PWM outputs to drive something like e.g. a LED stripe. But you are right, for testing, it won’t be needed.
        If you will write it in the next post, you don’t have to answer this, but I am questioning myself, if I would also need those Innr bulbs or similiar, to have a starting point for the firmware…
        In general I am wondering how much software work needs to be done in order to establish a connection.

        I am looking forward to read your next blog post !

        Kind regards, David

  3. Pingback: Innr SmartPlug for Philips Hue - part 1 - SevenWatt

  4. Hello,
    thank you a lot for the share !
    I am currently playing with CC2531 (802.15.4 processor from TI) and Philips Hue bridge and Hue Go. My current goal is to be able to observe Network Key with Ubiqua sniffer during commissioning. If I understand well, a classic commissioning does not involve ZLL master (used during touchlink instead ?), but the key you provide in your blog post. However, even with this new key (used as “Application or Trust Center Link Key” in Ubiqua), I am not able to decrypt commission packets and get Network key. I tried to do this with Hue Bridge fully reset, Go uninstalled from app, etc. But packets remain encrypted. I see David Masshardt has been able to do it, so did I misunderstood something in the commissioning protocol ? Or am I missing a specific step ?

    1. Nevermind, I finally found what was the issue. For anyone struggling on the samepoint, in Hue network, Hue bulbs are never fully reset to factory state if you try to make it join a network it has already been in (even if bridge has been reset to factory state). Instead, bridge will make the bulb update its network status to rejoin network. I have implemented the ZLL Factory reset network command (see ZLL spec for more info) over MT commands on CC2531 to force factory reset on Hue bulb. After this, it has needed to exchange keys to join a new network, so I have been able to observe key exchange.

    1. Hallo Joerg,

      do these PCBs ship with all components assembled?
      Im very interested, its hard to get all of these parts (esp. the JN16**).

      Grüße,

      Maxi

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.