Hi, Has anyone tried connecting Boneco devices? I have a W400 air washer, it works with a proprietary app via bluetooth. You can control humidification power, maintain a given level of humidity, etc. But there are absolutely no ideas how to add it into Home Assistant. Has anyone got it?
I really want at least some solution for Boneco. I have no idea how to do this myself. They are controlled via bluetooth. Three H400 devices at my home. Every evening you have to manually reduce the power for silence, and increase it again in the morning. You can’t turn it off automatically when you leave home. I really want support.
Please, please, please!
I tried contacting them, to send any kind of communication documentation, but they said they do not want to provide anything. Also tried to reverse engineer their app, but it is also written with react native so I was jot able to get any more information. I would try to create it, but I dont have the corrent api of how to communicate with the device
1 Like
Anyone tried capturing the bluetooth traffic the official app generates (iOS instructions, Android must have a way to do that too)?
I tried connecting with a few of the bluetooth scanner / explorer tools without much success: the device exposes custom GATT services and disconnects quickly not letting experiment with them much.
1 Like
I also tried but could not understand the logs correctly because of a lot of noise. It would be very beneficial if someone would just have this info, creating integration would be very easy
1 Like
I have Boneco w400 too… Any progress?
1 Like
I could get all the snoop logs and understand a pattern, but I could not successfully send commands to my unit. I can’t get it to work properly. Maybe someone has more knowledge in Bluetooth communication. I will still try to find out how to control the unit, but I don’t know if I will be successful.
I reached out to them and sent them this thread, but their response was that they are creating some kind of a cloud that will be implemented on new models, old models will still work the same, so would be nice to have local communication. They do not want to provide us with any details about how to communicate because they said it is secure information.
1 Like
I’m afraid that I don’t understand this (bluetooth logs) at all. It’s difficult to understand the manufacturer. Makes such good devices, but prohibits them from being fully integrated.
If it helps, this is all of the values, I have not been able to successfully control my unit
FWIW, I was expecting the packet capture to start with some form of handshake, which stops the airwasher from disconnecting after a timeout.
Also I’m not sure what the values you shared mean. I hoped for a BLE service/characteristic UUIDs and a value, like here: https://youtu.be/_2RuJ5-pF5I
These are the values I sent from my phone to boneco, I connected my old android phone and I’m sniffing it.
i can share service uuid and uuid, but I expect they will be different always for different devices
Ther3 is some kind of a handshace, there is 3 writes without a value, I guess it is handshake, they have different uuid client charasteristics that are send, but I cant understand how to send them properly. In your tutorial there is also no information about handshake, how to do it.
What information would you need more to understand?
That values that I shared are so long sent to boneco and received from it, they hold some kind of constants and value inside and dynamic value by time as I understand
i can share service uuid and uuid, but I expect they will be different always for different devices
Nope, they are vendor-specific, but should not differ across devices of the same model. My unit has Service UUID fdce123410134120b9191dbb32a2d132 / Characteristic UUID fdce234610134120b9191dbb32a2d132, just like yours.
But: after reading up on BLE, it seems you just need to know the handle ID (which determines the service/characteristic/descriptor accessed) and the value written. Your doc only has the values, right?
I cant understand how to send them properly. In your tutorial there is also no information about handshake, how to do it.
Yep, every device is different, and it’s probably impossible to use the nRF Connect app here because of the quick disconnect 
Still, the idea is to first determine if the BLE communication looks easily reproducible, by performing the same simple sequence (e.g. connect - turn off - disconnect) repeatedly, and checking if it results in identical ATT requests (with the same handles/values).
If we’re lucky, the next step would be to try and reproduce the requests using a client you control. I think the highlighted row from your screenshot can be imitated like this:
gatttool -b xx:xx:xx:xx:xx:xx -t random -I
connect
char-write-req 0x0021 0x01
…but I’m not sure about the best tool to do so: gatttool does not seem very well suitable for scripting and is being deprecated. Home Assistant seems to use bleak, if one is ready to write some Python.
1 Like
Hi guys. I have three BONECO H700 and also interested in integrating them into Home Assistant. Will this method work for BONECO?
Reverse Engineering Unsupported BT Devices and Integrating into HA
1 Like
Hi there! I have 2 devices H700 as well.Also interested in the integrations. I have an Android phone, tried to capture logs, but there are tons of noise in it.
Ahh, that sucks
guys, no updates?
1 Like
Hmm, I’m just stuck, because I do not know how to communicate with the device properly, I was not able to connect and send the command 
Android app does these steps every start:
- connect to device
- send auth request (using device key from pairing) and wait response (starts with bytes 040102)
- read device name (just c-string)
- read device state - byte array (little-endian encoding)
- 0 - fan / fan+fan_mode
- 1 - timer+history_active+lock+on_off_state
- 2 - target humidity / nothing
- 3 - change filter + change iss + clean + change water
- 4-7 - filter data (counter or date)
- 8-11 - iss data (counter or date)
- 12-15 - clean data (counter or date)
- 16 - on_off_timer_hours + clean mode support + on_off_timer_status
- 17 - on_off_timer_minutes
- 18 - min led brightness
- 19 - max led brightness
some bytes are only for fan devices, some for P series. I’ve tested with W400 around 2 years ago