Protocol Reference

Findings from reverse-engineering the Bluetti Android APK (v3.0.8).

Package: net.poweroak.bluetticloud Version: 3.0.8 (versionCode 1371) Decompiled with: apktool 2.7.0, jadx 1.5.5

Sections

Automated Setup

The APK download and decompilation is automated via mise tasks:

mise install          # installs java + jadx
mise run prepare-all  # download and decompile everything
mise run cleanup      # remove bluetti-files/

Key Facts

  • ~22,900 decompiled classes from a single APK

  • Two protocol generations: V1 (protocolVer < 2000) and V2 (>= 2000)

  • 100+ Bluetti device models across multiple product families

  • BLE communication is Modbus RTU over GATT characteristics

  • Two authentication schemes: legacy AES challenge-response and ECDH+ECDSA

  • Encryption keys and ECDSA keypairs are hardcoded, identical across all installations

  • Three cloud environments (dev, test, production) with full URLs embedded in the APK

  • 20+ backend microservices