Tuya.com
English
简体中文
Register
Developer Platform
English
简体中文
Register
Developer Platform
MCU Standard Protocol
search
Search By Document Directory
MCU Standard ProtocolLTE Cat.1Feature ListBluetooth LE and LTE Cat.1 Combo

Bluetooth LE and LTE Cat.1 Combo

Last Updated on : 2024-06-04 08:28:56download

This topic describes the commands specific to the Bluetooth Low Energy (LE) and LTE Cat.1 combo protocol.

Product authorization

The Bluetooth LE chip stores authorization information. When connected to an LTE Cat.1 module, the Bluetooth LE module transmits activation and authorization data to the LTE Cat.1 module via UART communication. The LTE Cat.1 module is not allowed to proactively bind with and unbind from the cloud. When the Bluetooth LE module has been unbound, it should notify the LTE Cat.1 module of its unbinding.

This block diagram illustrates the interaction between the Bluetooth LE module and the LTE Cat.1 module.

LTE Cat.1Bluetooth LE1. Send heartbeat packet2. Respond to heartbeat packet3. Query product information4. Respond with product information5. Save Bluetooth LEversion numberStart PDP activationand cloud service6. Query working mode7. Respond with working mode8. Query LTE Cat.1 unique ID9. Return LTE Cat.1 IMEI, device typeand binding status10. Get the key11. Generate public key and shared key.Save shared key.12. Respond with LTE Cat.1 public key13. Sync authorization information14. Get uuid, auth_key, and (optional) psk_keyCall tuya_iot_set_ext_auth_info to set uuidauth_key, and psk_key15. Return authorization informationand the 32-byte key that is encrypted with a16-byte random number and shared key usingHMAC-SHA256.16. Sync activation information17. Start a 3s timer on receiving activation information18. Return activation status 019. The timer callstuya_iot_set_ext_ac-tive_info20. Return activation status 4 and save theactivation flag.LTE Cat.1Bluetooth LE

Query module’s unique identifier (0xD0 00)

The Bluetooth LE module sends the following data.

Field Bytes Description
Header 2 0x55aa
Version 1 0x03
Command 1 0xD0
Data length 2 0x0001
Data 1 Subcommand: 0x00
Checksum 1 Start from the header, add up all the bytes, and then divide the sum by 256 to get the remainder.

The module returns the following data.

Field Bytes Description
Header 2 0x55aa
Version 1 0x00
Command 1 0xD0
Data length 2 N
Data 1 Subcommand: 0x00
1
  • result: 0: Success. Other values: Failure.
  • The payload is invalid if the operation fails.
1 The binding status of the module.
0: Unbound.
1: Bound.
1 type: The module type. Only 2 and 3 are applicable currently.
  • 1: NB-IoT
  • 2: Wi-Fi
  • 3: LTE Cat.1
  • 4: Zigbee
  • 5: Bluetooth LE
N XXX (The unique identifier of the module)
Checksum 1 Start from the header, add up all the bytes, and then divide the sum by 256 to get the remainder.

Sync authorization information (0xD0 01)

The Bluetooth LE module sends the following data.

Field Bytes Description
Header 2 0x55aa
Version 1 0x03
Command 1 0xD0
Data length 2 N
Data N
  • Subcommand: 0x01
  • The encryption method.
    • 0x00: AES-CBC
    • 0x01: AES-CCM
    • 0x02: Other
  • Random number (16 bytes)
  • {“uuid”:“xxxx”,
    “auth_key”:“xxxx”,
    “psk_key”:“xxxx”}
    uuid, auth_key, and psk_key
Checksum 1 Start from the header, add up all the bytes, and then divide the sum by 256 to get the remainder.

The module returns the following data.

Field Bytes Description
Header 2 0x55aa
Version 1 0x00
Command 1 0xD0
Data length 2 0x0002
Data 35
  • Subcommand: 0x01
  • result: 0: Success. Other values: Failure.
  • The encryption method.
    • 0x00: AES-CBC
    • 0x01: AES-CCM
    • 0x02: Other
  • Use HMAC-SHA256 to encrypt the key with both the random number and shared key. key_len is 32 bytes.
Checksum 1 Start from the header, add up all the bytes, and then divide the sum by 256 to get the remainder.

Sync activation information (0xD0 02)

The Bluetooth LE module sends the following data.

Field Bytes Description
Header 2 0x55aa
Version 1 0x03
Command 1 0xD0
Data length 2 N
Data 1 + N
  • Subcommand: 0x02
  • {
    “devId”:“xxxx”,
    “localKey”:“xxxx”,
    “secKey”:“xxxx”,
    “env”:“xxxx”,
    “region”:“xxxx”
    }
    The data is encrypted with AES. The algorithm depends on the field of the encryption method.
    • Key: the first 16 bytes of the shared key.
    • iv: all zeros.
    • Padding: The data must be padded to ensure that its total length is an integral multiple of 16.
Checksum 1 Start from the header, add up all the bytes, and then divide the sum by 256 to get the remainder.

The module returns the following data.

Field Bytes Description
Header 2 0x55aa
Version 1 0x00
Command 1 0xD0
Data length 2 1
Data 1 (Subcommand) 0x02
Result 0 indicates the LTE Cat.1 module has received activation information and is currently activating. You can verify the activation result by checking the network status in basic services.
Checksum 1 Start from the header, add up all the bytes, and then divide the sum by 256 to get the remainder.

Get the key (0xD0 03)

The Bluetooth LE module sends the following data.

Field Bytes Description
Header 2 0x55aa
Version 1 0x03
Command 1 0xD0
Data length 2 0x42 (66)
Data 66
  • Subcommand: 0x03
  • Curves for elliptic curve cryptography (ECC).
    • 1: secp192r1
    • 2: secp224r1
    • 3: secp256r1
    • 4: secp256k1
  • The public key of the MCU: 64 bytes
Checksum 1 Start from the header, add up all the bytes, and then divide the sum by 256 to get the remainder.

The module returns the following data.

Field Bytes Description
Header 2 0x55aa
Version 1 0x00
Command 1 0xD0
Data length 2 0x42 (66)
Data 66
  • Subcommand: 0x03
  • Curves for elliptic curve cryptography (ECC).
    • 1: secp192r1
    • 2: secp224r1
    • 3: secp256r1
    • 4: secp256k1
  • The public key of the module: 64 bytes
Checksum 1 Start from the header, add up all the bytes, and then divide the sum by 256 to get the remainder.
Prev DocWeather Service
Next DocPositioning Service
Language
English
English
简体中文
844-672-5646
7×24 Service Hotline
Marketing Cooperation
marketing@tuya.com
Business Cooperation
vip@tuya.com
Customer Service
service@tuya.com
Media Inquiry
pr@tuya.com
Contact UsTuyaExpoApp MallTuyaGo
Privacy PolicyTerms of UseCalifornia Privacy NoticeBug Bounty
© 2024 Tuya Inc.
English
English
简体中文