Fix ECDH livestream for E340 doorbell and T8425 floodlight#779
Merged
max246 merged 9 commits intobropat:developfrom Feb 14, 2026
Merged
Fix ECDH livestream for E340 doorbell and T8425 floodlight#779max246 merged 9 commits intobropat:developfrom
max246 merged 9 commits intobropat:developfrom
Conversation
Closed
3 tasks
Collaborator
|
Branch destination should be |
max246
requested changes
Feb 9, 2026
max246
requested changes
Feb 9, 2026
Newer eufy devices (e.g. E340 doorbell) use elliptic-curve cryptography instead of RSA for P2P session key exchange. The cloud cipher API already returns an ecc_private_key field for these devices, but the local Cipher interface did not expose it. Add the optional ecc_private_key property so downstream code can detect whether a device uses ECC and act accordingly.
Some eufy devices negotiate the P2P session key using ECDH (prime256v1) rather than RSA. This adds a dedicated decryption function that handles the three envelope formats observed in the wild: - Raw shared-secret derivation (short key payloads) - Full ECIES envelope (public key + IV + ciphertext + HMAC) - Graceful fallback for unexpected formats The function uses the ECC private key returned by the cipher API to compute the shared secret and derive a 16-byte AES session key.
Devices that use ECC keys send encrypted payloads that RSA cannot decrypt. Instead of failing outright, the session now attempts RSA first and, on failure, transparently falls back to ECDH when an ECC private key is available. If both methods fail, encryption degrades gracefully to Level 1 so the connection is not lost. Additionally, guard AES-ECB decryption against non-block-aligned data. Some command responses (e.g. 36-byte status replies) carry a non-zero signCode but are not actually encrypted. Attempting to decrypt them caused crashes; the guard skips decryption when the payload length is not a multiple of 16 bytes.
The E340 (T8214) is a standalone device where the station serial number matches the device serial number — making it an integrated device. Add it to the serial-number-based detection list so that P2P connection routing and protocol-version decisions handle it correctly, just like other self-contained cameras and doorbells.
The E340 doorbell uses the same livestream command format as the Outdoor Pan & Tilt Camera (CMD_DOORBELL_SET_PAYLOAD) — a JSON payload containing accountId, encryptkey, streamtype, and related fields. Without this, the generic branch would send CMD_START_REALTIME_MEDIA which the E340 does not understand. Route the E340 through the existing Outdoor PT Camera livestream path rather than duplicating the logic, since the payload format is identical.
lenoxys
force-pushed
the
feat/e340-doorbell-support
branch
from
5282904 to
0dd59e9
Compare
Contributor
Author
done |
Contributor
Author
|
@max246 done, let's me know ! |
lenoxys
changed the title
Same ECDH+livestream pattern as the E340 doorbell: the T8425 uses ECDH key exchange and needs the CMD_DOORBELL_SET_PAYLOAD path to produce video data. Also adds T8425 to isIntegratedDeviceBySn (was the only floodlight model missing from the list).
lenoxys
changed the title
Contributor
Author
|
@max246, I discovered that the T8425 floodlight has the exact same issue — ECDH key exchange instead of RSA, and needs the CMD_DOORBELL_SET_PAYLOAD path. I've added support for it in the latest commit and updated the PR description accordingly. Tested on both devices. |
lenoxys
added a commit
to homebridge-plugins/homebridge-eufy-security
that referenced
this pull request
Feb 12, 2026
…pport Track lenoxys/eufy-security-client on branch feat/e340-doorbell-support which includes ECDH livestream fixes for E340 doorbell and T8425 floodlight (upstream PR bropat/eufy-security-client#779).
lenoxys
added a commit
to homebridge-plugins/homebridge-eufy-security
that referenced
this pull request
Feb 12, 2026
…pport Track lenoxys/eufy-security-client on branch feat/e340-doorbell-support which includes ECDH livestream fixes for E340 doorbell and T8425 floodlight (upstream PR bropat/eufy-security-client#779).
lenoxys
added a commit
to homebridge-plugins/homebridge-eufy-security
that referenced
this pull request
Feb 12, 2026
…pport - Add lenoxys/eufy-security-client (feat/e340-doorbell-support branch) as git submodule - Switch dependency from npm registry to local file: reference - Add build-lib script to build chain for submodule compilation - Temporary measure pending upstream merge of bropat/eufy-security-client#779
lenoxys
added a commit
to homebridge-plugins/homebridge-eufy-security
that referenced
this pull request
Feb 12, 2026
…pport - Add lenoxys/eufy-security-client (feat/e340-doorbell-support branch) as git submodule - Switch dependency from npm registry to local file: reference - Add build-lib script to build chain for submodule compilation - Temporary measure pending upstream merge of bropat/eufy-security-client#779
max246
approved these changes
Feb 13, 2026
Collaborator
|
Thank you! Approved it, you can merge it |
Contributor
Author
Not sure what to do, I'm not a |
Collaborator
|
ok need to press merge , just missed the cut release :( |
Contributor
Author
|
Any chance to have 3.7.1 ? |
Collaborator
|
sure we can do one during tomorrow if I manage :D just a bit.. complicate to release the 3 packages. |
Contributor
Author
|
Up to you ! No pressure ! |
Merged
jaburges
added a commit
to jaburges/eufy-security-client
that referenced
this pull request
Feb 16, 2026
Add T85V0 to isLockWifiVideo (gateway handshake), isIntegratedDeviceBySn (P2P routing), and CMD_DOORBELL_SET_PAYLOAD (1) livestream path (same as E340/T8425). ECDH fallback from PR bropat#779 handles key exchange; no WebRTC-only override needed in v3.7.1. Co-authored-by: Cursor <[email protected]>
jaburges
added a commit
to jaburges/eufy-security-client
that referenced
this pull request
Feb 16, 2026
Add T85V0 (Smart Lock S3 Max) basic streaming capability: - Add LOCK_85V0 device type (203) and core device properties - Add isLockWifiT85V0() static and instance methods - Enable ECDH encryption via isLockWifiVideo() - Enable P2P routing via isIntegratedDeviceBySn() - Route to CMD_DOORBELL_SET_PAYLOAD (1) for streaming - Add StreamLivestream/StopLivestream commands Based on latest upstream master (c1432e5) with restored T8425/E340 streaming routing from reverted PR bropat#779. Tested: Both T85V0 and T8425 streaming confirmed working. Co-authored-by: Cursor <[email protected]>
jaburges
added a commit
to jaburges/eufy-security-client
that referenced
this pull request
Feb 16, 2026
- Add DeviceUnlock command for T85V0 (removed non-existent DeviceLock) - Fix 'data not block-aligned' decryption errors in P2P session - Add block-alignment guards before AES-128-ECB decryption - Skip decryption with debug log for non-aligned data - Fixes lock commands that were failing due to upstream revert of PR bropat#779 Addresses the 'Skipping decryption, data not block-aligned' errors seen in Home Assistant logs for T85V0 lock operations. Co-authored-by: Cursor <[email protected]>
jaburges
added a commit
to jaburges/eufy-security-client
that referenced
this pull request
Feb 17, 2026
…ream PR bropat#790 Upstream reverted PR bropat#779 in commit c61c4a1, removing decryptP2PKeyECDH, the RSA-to-ECDH fallback chain, the block-alignment guard, and the ecc_private_key model field. This restores all of those plus the exact byte extraction fix for readNullTerminatedBuffer issues. Co-authored-by: Cursor <[email protected]>
This was referenced Mar 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The BATTERY_DOORBELL_PLUS_E340 (T8214) and the FLOODLIGHT_CAMERA_8425 (T8425) are already recognized by the library but livestream was broken — both devices use ECDH key exchange instead of RSA for P2P session negotiation, and require a different livestream command format than their generic paths.
Changes
ECDH key exchange — When RSA decryption fails during
CMD_GATEWAYINFO, the session now falls back to ECDH using theecc_private_keyfrom the cipher API. If neither succeeds, encryption degrades gracefully to Level 1.Livestream command routing — The E340 and T8425 require
CMD_DOORBELL_SET_PAYLOAD(same as the Outdoor Pan & Tilt Camera) instead of their generic command paths.Block-alignment guard — Prevents crypto errors when the device sends command responses with an encryption flag but non-block-aligned payload (observed with 36-byte status replies).
Integrated device registration — T8214 and T8425 added to
isIntegratedDeviceBySnfor correct P2P routing (T8425 was the only floodlight model missing from the list).Testing
Livestream tested end-to-end on both devices and confirmed working. Unit tests added for
decryptP2PKeyECDH.