Assistance with Decrypting/Decoding Encrypted Datapoint Data

[semihselcuk]

Hi @duckwc,

I hope this message finds you well. I came across your GitHub repo, and I found your work to be incredibly insightful. I'm currently working on decrypting or decoding a specific piece of data from a project, and I was hoping you could offer some guidance. Some context, I acquired this data from my Eletta Explorer machine where communicates with the Delonghi Coffee Link app through Cloud. I know your version communicates locally but I believe after we pass that layer I believe data should be handled similar way.

Here's an example of the data I'm dealing with:

{
        "property": {
            "type": "Property",
            "name": "app_data_request",
            "base_type": "string",
            "read_only": false,
            "direction": "input",
            "scope": "user",
            "data_updated_at": "2024-10-12T14:51:50Z",
            "key": 692851903,
            "device_key": 3006883,
            "product_name": "AC000WXXXXXXXXX",
            "track_only_changes": false,
            "display_name": "app_data_request",
            "host_sw_version": false,
            "time_series": true,
            "derived": false,
            "app_type": null,
            "recipe": null,
            "value": "DQeEDwMCVkBnCo0FWQlZEA==\n",
            "generated_from": null,
            "generated_at": null,
            "denied_roles": [],
            "ack_enabled": false,
            "retention_days": 30,
            "ack_status": null,
            "ack_message": null,
            "acked_at": null
        }
}

I suspect that the value (DQeEDwMCVkBnCo0FWQlZEA==\n) might be encrypted or encoded in some way. Could you provide any advice or point me in the right direction on how I might go about decrypting or decoding this data? Specifically, I’m curious about the method or approach you'd recommend for working with such data fields.

Any assistance or resources you can offer would be greatly appreciated.

Thanks in advance!
semihselcuk

[archaron]

Hi!
This is base64-encoded binary data:

0d  07  84  0f  03  02  56  40  67  0a  8d  05  59  09  59  10

[semihselcuk]

Hi @archaron,

Thanks for decoding the data. What does this binary data mean? I can see app and machine talking to each other. For instance, when I update the coffee recipe, the app sends the value DRuD8OsAAQAxAgUPAAAJAAAMABwAC/8nAAVG+mcKuKZZCVkQ to the machine. suspect this encoded data contains meaningful information about the recipe update, which I am attempting to decode and decrypt.

[duckwc]

Hi @semihselcuk, understanding the communication over the cloud might help a lot with the Cloud only machines like the Eletta.
I suspect there are 2 kind of "Encryption".

• One might be for security purpose to crypt the communication. I suspect however, that the communication with the cloud might be sent over a https transaction, which means that this encryption might be useless and not used
• The second type of ciphering might simply be the syntax used by the machine to communicate. The command codes are proprietary and not documented by Delonghi, so for understanding it, I would suggest to decompile the code from the Coffee Link apk and trying to find references to the "app_data_request" call and see how the "value" code is created and how the responde is handled....

Thank you for this contribution and good luck with the analyze

[semihselcuk]

Hi @duckwc,

Thank you for your response. Your suggestion to decompile the Coffee Link app has provided me with a great idea that I hadn't considered before. I was surprised to discover how straightforward it was to decompile an Android APK using apktool. From my initial search, I found numerous instances of ciphering within the app. I will attempt to understand the underlying logic.

[MattG-K]

@semihselcuk I shared here some of my findings with the Eletta Explore.