support for kisstoy lost(insertable) #837
Description
I recently purchased a Kisstoy (model: Lost, insertable) device. It seems to be from a newer production batch. When trying to connect it to Intiface, it throws DeviceSpecificError("HardwareSpecificError") and disconnects.
I have reverse-engineered the newer encrypted BLE protocol for Kisstoy/Galaku devices (advertised as QCPW). The newer production batches use a 12-byte obfuscated payload that currently breaks the existing Galaku driver in Buttplug.
Device UUIDs:
Service: 00001000-0000-1000-8000-00805f9b34fb
Write (No Response): 00001001-0000-1000-8000-00805f9b34fb
Notify: 00001002-0000-1000-8000-00805f9b34fb
Payload Structure (Unencrypted):
The 12-byte unencrypted buffer is: [0x23, 90, 0, 0, 1, CMD_ID, VAL1, VAL2, VAL3, 0, 0, CHECKSUM]
Byte 0: Header (0x23)
Byte 1-4: Core Header (90, 0, 0, 1)
Byte 5: Command ID
Byte 6-9: Values (Intensity/Level)
Byte 11: Checksum (Sum of Byte 0 to 10) & 0xFF
Command Mappings (CMD_ID at Index 5):
Vibrate: ID 49 (0x31), VAL1 = Speed (0-100)
Suction: ID 50 (0x32), VAL1 = Speed (0-100)
Suction+Vibrate: ID 51 (0x33), VAL1 = Suction, VAL2 = Vibrate
Thrusting: ID 113 (0x71), VAL1 = Speed
Heating: ID 128 (0x80), VAL1 = Level (0-3)
Battery Status (Notification):
Decrypt incoming 12-byte data from 0x1002.
If Byte[2] == 177 (0xB1), then Byte[4] is the Battery Level (0-100).
Python PoC (Encryption/Decryption Logic):
I have confirmed this logic works on my hardware and I'm happy to help with further testing if you decide to implement a new KisstoyEncrypted driver!