Over the years I have liberated many devices from their proprietary protocols and the most popular ones I have done this for are Bluetooth devices which are cheap but limited by range compared to WiFi. ESPHome allows making Bluetooth repeaters but to make them work you need to know what signals to send which is why we have to reverse engineer the BLE commands being sent when you press a button in the app.

I had a Godrej Aer diffuser that I wanted to control from Home Assistant and this is how I got it to work. The tools you need are nRF Connect which is a mobile app that lets you scan for BLE devices and inspect their services and characteristics and ESPHome with an ESP32 board to act as a BLE gateway.

The goal is to figure out what specific Bluetooth command the device expects to perform an action like turning on or off. You achieve this by observing the communication when you use the devices official app. First power on your device and open nRF Connect and scan for nearby BLE devices and look for yours in the list. It will usually have a recognizable name so note down its MAC address which is its unique identifier.

Tap on the device to connect and nRF Connect will display a tree view of services and characteristics where services are categories of functionality and characteristics are specific data points within those categories. Look for characteristics that have a Write property because those are your prime suspects.

The most effective method is to disconnect nRF Connect from the device and open the official app and perform the action you want to reverse engineer like turning it on while keeping an eye on the logger in nRF Connect. Then switch back and reconnect and you might see the outgoing write commands. For the Godrej Aer after some experimentation I identified the following:

Service UUID: 6e400000-b5a3-f393-e0a9-e50e24dcca9e
Characteristic UUID: 6e400004-b5a3-f393-e0a9-e50e24dcca9e
Value for "Turn On": [0xBF, 0x62, 0x6D, 0x54, 0x18, 0x68, 0x62, 0x6D, 0x4E, 0x18, 0x9A, 0x62, 0x72, 0x49, 0x00, 0xFF]

This is a hexadecimal array which is common for BLE commands and it looks like gibberish but it is the specific instruction the device understands.

Now you integrate this with Home Assistant using an ESP32 board running ESPHome which is far more reliable than Home Assistants built-in Bluetooth especially for devices that require active connections. In your ESPHome configuration file you add the ble_client component and a template switch that sends the command.

ble_client:
  - mac_address: A4:C1:38:DE:D0:BF
    id: aer_troys_bedroom

switch:
  - platform: template
    name: "Aer Button"
    turn_on_action:
      - ble_client.ble_write:
          id: aer_troys_bedroom
          service_uuid: 6e400000-b5a3-f393-e0a9-e50e24dcca9e
          characteristic_uuid: 6e400004-b5a3-f393-e0a9-e50e24dcca9e
          value: [0xBF, 0x62, 0x6D, 0x54, 0x18, 0x68, 0x62, 0x6D, 0x4E, 0x18, 0x9A, 0x62, 0x72, 0x49, 0x00, 0xFF]

For the Godrej Aer you might need to find the turn off command in the same way or understand if the same command toggles the state. Compile and upload this to your ESP32 board and it should automatically appear in Home Assistant under the ESPHome integration.

The principles are universal for most BLE devices. Reverse engineering can be a puzzle so patience helps. Always start by observing the devices official app and before starting from scratch search online because someone else might have already done the work. Some devices send status updates via notification characteristics which you can subscribe to in ESPHome and some require bonding which is a secure pairing process that nRF Connect can sometimes initiate.

By reverse engineering these devices you are turning proprietary black boxes into transparent controllable components of your home.

If you end up doing this tweet me. I am @troysk704.