@kikeenrique Nope you basically have to gist of it. I used Android APKs because they’re easier to obtain and arguably have better automated tools to analyze them but it’s basically just this. Letting it debug as you do various things with the device is also very helpful

@kikeenrique One thing I’ll note which is probably less relevant here but might be useful in the future: I lied a little bit and “pre-selected” the device to buy to increase the chances of things working before I spent money on hardware. If you’re flexible it makes things easier

@kikeenrique For example, for my scale, I specifically looked for Bluetooth-only devices to avoid a flow where it basically gets my home network credentials and does everything behind my back without app involvement (which means I have much less influence on what it can do)

@kikeenrique Also, you don’t usually see it on cheap hardware, but some of the larger companies do it sometimes where they obfuscate the app which might not be insurmountable but will waste your time and tokens. So I try not to engage with those if I can avoid it

@kikeenrique Here, I had a little scare because I asked the LLM before buying if it understood how the protocol works, and it seemed simple so I pulled the trigger on the purchase. But when I got the hardware and asked it to reverse again it said something was different

@kikeenrique It was briefly convinced I had to make an account because it was provisioning keys from the OEM server. But (I didn’t look closely) eventually it figured out that flow was not relevant, I think it might have been for another model, and figured it out