Damn, I followed the thread read only to come to the end with a disappointing post. Anyone else working on this?
Thanks,
jrricky
2 Likes
Figured Iād bump this topic since it looks like it hasnāt gotten much tractionā¦
Iām also interested in an integration for this.
I got it to work with Node-RED over 2 Alexa-text commands first you state to unlock the door, then you state your 4 digit code you placed in your alexa.
between both you must set a delay of at least 2seconds
!
1 Like
Would really appreciate HA support for this lock
1 Like
Iām in the process of reverse-engineering the app to learn more about the server APIs.
Some info about the requests:
para: Base64-encoded encrypted (RSA before login, 3DES aftewards) API-specific request parameters
rid1: A Firebase Cloud Messaging token
rid2: A Mi Push token
tk: A password (used for account creation, modification, etc.)
About āparaā: The encryption key is generated upon account activation and stored by code in a native library via JNI. Account activation occurs with registration and email address changing. When logging in, the key is sent to the API client in an encrypted base64 format.
Before logging in, though, a āguestā encryption key is used. Iām looking more into this mechanism, as with it it seems possible to log in and decrypt user keys.
3 Likes
I have fully reverse-engineered the critical encryption mechanisms, and logged in with the API programatically. Iāve done a small write-up here (relevant keys are included): Lockly cloud API details Ā· GitHub
Iāll document the authentication APIs soon - then reverse-engineering the other APIs with a packet analyser becomes easier as symmetric encryption is used for authenticated APIs.
In the meantime, if anyone wants to get started with packet sniffing the authenticated APIs, the 3DES encryption key used for āparaā is stored in the Android app data after login under the des3_key_from_server key in the āSmartLockerā shared preferences file.
5 Likes
Looks like the 3DES encryption key is actually the same for all users: pgw1orWCS9fkdLd8ydk1XxMsWVh2QEPR (base64). Give it a try online here.
EDIT (hit the new user consecutive post limit!):
Iāve published almost all my current findings here: Unofficial Lockly API Documentation ā Unofficial Lockly API Documentation documentation
The only thing missing is the MQTT credential generation mechanism - Iāll document it soon.
5 Likes
To break that consecutive post limit, Iād like to thank you for the effort youāve put into this.
2 Likes
I confirm I was able to decode my dl using the 3DES key provided by you. Unfortunately I donāt have the knowledge to do more with it 
1 Like
got two Lockly, also setting up WireShark and MitM capture.
2 Likes
noticed Lockly integration with Alexa and Google
2 Likes
that pgXXXXXXkvXXmis Kevoās 3DES key.
they also made the generation 2 of Locklyās product line
1 Like
Thanks for the tip! May I ask how you know this? Perhaps they share the same Bluetooth packet format.
subādā¦ curious how this turns out. would love to ditch schlage/yale for lockly pro deadbolt.
+1 I would like to buy Lockly smart locks and integrate them in homeassistant,
I have contacted Lockly support about having an open API for hasio and they responded that āthey will look into itā. I know what that means but if enough of us contact them asking for this feature than maybe they will actually consider it.
Maybe we can just ask for Matter or thread support. that way they will allow this in a roundabout way.
If you do contact them, be nice and respectful to support. it is not their fault their devs and business decision makers are blocking this.
They are pretty awesome even not being in Home Assistant. In my old house I had 3 Schlage Camelot zwave locks and when we moved into our new house I was going to get the same but its an older model and the only place that I could find it available was Amazon and itās 3 times the original price and F that!
I first got 2 Lockly keypads with the thumbprint and didnt care for them, so I returned them and got 3 of the dead bolt version and 3 of the wifi module and couldnt be happier. Being able to use your fingerprint to open the door and to not have to enter a code is pretty awesome. You can transfer saved fingerprints from one lock to another if you have multiple which came in handy. I have the doors set to auto lock after 30 seconds so I feel safe about it always being locked and with the wifi module I can check from anywhere. Def would be nice to get it integrated though!
I just found out Lockly got a new product Z-Wave certified on 2022-11-02. Hopefully, it will come out soon and give the other Z-Wave lock manufacturers a run for their money.
1 Like
I just tripped over this, searched, and found its possible to special order oneā¦ Lockly Guardā¢ Deadbolt (728Z) Z-Wave Editionā¦ anybody tried it?