Protocol Reference¶
Findings from reverse-engineering the Bluetti Android APK (v3.0.8).
Package: net.poweroak.bluetticloud
Version: 3.0.8 (versionCode 1371)
Decompiled with: apktool 2.7.0, jadx 1.5.5
Sections¶
Automated Setup¶
The APK download and decompilation is automated via mise tasks:
mise install # installs java + jadx
mise run prepare-all # download and decompile everything
mise run cleanup # remove bluetti-files/
Key Facts¶
~22,900 decompiled classes from a single APK
Two protocol generations: V1 (
protocolVer < 2000) and V2 (>= 2000)100+ Bluetti device models across multiple product families
BLE communication is Modbus RTU over GATT characteristics
Two authentication schemes: legacy AES challenge-response and ECDH+ECDSA
Encryption keys and ECDSA keypairs are hardcoded, identical across all installations
Three cloud environments (dev, test, production) with full URLs embedded in the APK
20+ backend microservices