Data format 8 (Encrypted environmental)
The goal of encrypted firmware is to protect users of Ruuvi Dongle and Ruuvi Node against script kiddie -level attackers snooping on their environmental data or triggering false alerts such as "freezer is melting" by sending spoofed data.
The encryption uses nRF52-builtin AES128 encryption in Elctronic Codebook (ECB) mode. Data to be encrypted is temprature, humidity, pressure, voltage, TX power, measurement count and movement counts. The measurement sequence counter protects against replay attacks. All measurements where encrypted data and nonce are equal can be considred duplicates.
Data format has an unencrypted header, 16 bytes of AES-128 encrypted data, 1 byte nonce and 6 bytes long MAC address for iOS devices.
The encryption key is formed from 64-bit tag ID, 8 bit encryption nonce and a static password with length of 16 bytes by appending nonce to ID and XORing the 9 bytes with 9 first bytes of password
If a value cannot be determined for any reason, a special invalid value is sent. For unsigned values the invalid value is largest presentable number, for example
0xFFFFand for signed values the invalud value is smallest presentable number, for example
0x8000. Invalid values should be treated as NULL, NAN, NONE or similar by the parser.