Guide: Bypass matter attestation verifier

If you have a new matter device for which there is no PAA yet or the manufacturer isn’t wiling to provide you with one and you get:

CHIP_ERROR [chip.native.CTL] Failed in verifying 'Attestation Information' command received from the device: err 101. Look at AttestationVerificationResult enum to understand the errors
CHIP_ERROR [chip.native.CTL] Error on commissioning step 'AttestationVerification': 'src/controller/CHIPDeviceController.cpp:1145: CHIP Error 0x000000AC: Internal error'
CHIP_ERROR [chip.native.EM] Failed to send Solitary ack for MessageCounter:19271811 on exchange 23003i with Node: <0000000000000000, 0>:src/messaging/ExchangeContext.cpp:99: CHIP Error 0x00000002: Connection aborted
WARNING [root] Failed to commission: src/controller/CHIPDeviceController.cpp:1145: CHIP Error 0x000000AC: Internal error

You can follow these steps:

  1. Install Advanced SSH & Web Terminal add on and unselect Protection mode
  2. Identify which chip version the python matter server is currently using:
$ docker exec -it $(docker ps -f name=addon_core_matter_server -q) bash
$ pip freeze | grep chip
home-assistant-chip-clusters==2024.5.2
home-assistant-chip-core==2024.5.2
$ exit
  1. Build a modified version of home-assistant-chip-core and home-assistant-chip-clusters. If it’s 2024.5.2 you can skip these steps and use my built files

3.1. Fork GitHub - home-assistant-libs/chip-wheels: Python Matter Device Controller and make sure you select all branches, not just main

3.2. Navigate to Actions tab and Enable workflows

3.3. Create a new branch from the 2024.5.2 tag (replace with current version)

3.4. Upload chip-wheels/8766-Bypass-attestation-verification.patch at 8a5ec21d114010723cf428ffe79e244da7562390 · tronikos/chip-wheels · GitHub to your new branch

3.5. Create a new release from your new branch

3.6. Once the workflow finishes you will have some whl files in the release, example

  1. pip install the above whl files. Open Advanced SSH & Web Terminal (replace URLs with yours)
mkdir /tmp/chip
cd /tmp/chip
wget https://github.com/tronikos/chip-wheels/releases/download/2024.5.2b1/home_assistant_chip_clusters-2024.5.2b1-py3-none-any.whl
wget https://github.com/tronikos/chip-wheels/releases/download/2024.5.2b1/home_assistant_chip_core-2024.5.2b1-cp37-abi3-manylinux_2_31_x86_64.whl

docker cp /tmp/chip  addon_core_matter_server:/tmp

docker exec -it $(docker ps -f name=addon_core_matter_server -q) bash

pip install /tmp/chip/*.whl

# Identify process listening at port 5580
ss -ap | grep 5580

# Replace pid with the output of the previous command
kill 126
# matter server should restart using the modified libraries
  1. Pair your device with Home Assistant.

  2. Once paired restart the Matter Server addon. Modifications will be lost and the device should remain paired.

In case I delete my fork, here are the contents of chip-wheels/8766-Bypass-attestation-verification.patch at 8a5ec21d114010723cf428ffe79e244da7562390 · tronikos/chip-wheels · GitHub

diff --git a/src/controller/CHIPDeviceController.cpp b/src/controller/CHIPDeviceController.cpp
index 444b48bcf1..e014e531aa 100644
--- a/src/controller/CHIPDeviceController.cpp
+++ b/src/controller/CHIPDeviceController.cpp
@@ -1227,7 +1227,7 @@ void DeviceCommissioner::OnDeviceAttestationInformationVerification(
         }
     }
 
-    if (result != AttestationVerificationResult::kSuccess)
+    if (false && result != AttestationVerificationResult::kSuccess)
     {
         CommissioningDelegate::CommissioningReport report;
         report.Set<AttestationErrorInfo>(result);
1 Like