Encryption Details

This page documents the complete cryptographic material found in the Bluetti APK, including all hardcoded keys, AES-128-CBC cipher parameters, IV chaining behavior, and key derivation formulas.

15.8 Complete Crypto Material

All keys are hardcoded in the APK and identical across all installations.

Key

Value

Source File

LOCAL_AES_KEY

459FC535808941F17091E0993EE3E93D

ConnConstantsV2.java:98

PRIVATE_KEY_L1

4F19A16E3E87BDD9BD24D3E5495B88041511943CBC8B969ADE9641D0F56AF337

SignatureCrypt.java:34

PUBLIC_KEY_K2

3059301306072a8648ce3d020106082a8648ce3d03010703420004A73ABF5D2232C8C1C72E68304343C272495E3A8FD6F30EA96DE2F4B3CE60B251EE21AC667CF8A71E18B46B664EAEFFE3C489F24F695B6411DB7E22CCC85A8594

SignatureCrypt.java:35

Key derivation formulas:

# Legacy challenge-response:
random_bytes = data[4:8]                           # from device hello packet
randomMd5 = MD5(reverse(random_bytes))              # 32 hex chars
bleConnAESKey = XOR(randomMd5, LOCAL_AES_KEY)       # 32 hex chars → 16 bytes

# ECDH (protocol v2+):
ecdh_shared_secret = ECDH_secp256r1(app_ephemeral_privkey, device_iot_pubkey)
bleConnShareKey = ecdh_shared_secret                # 32 hex chars → 16 bytes

Cipher: AES-128-CBC, IV chained from MD5(randomMd5), 16-byte blocks, no padding.