FreeStyle Libre 2

Reverse engineering in progress.

Important device notes


Device Vendor ID Product ID
FreeStyle Libre 2 1a61 3950


This device uses the shared HID protocol used by other meters in the FreeStyle family, but introduces encryption.

Text commands are sent by the original software as message type 0x21, with responses as 0x60.


Following the handshake (Authorization), most of the messages sent to and by the Libre 2 devices are encrypted and protected with a 32-bit Message Authorization Code (MAC), and a 32-bit sequence number, independent between software and device.

The encryption covers the 55 bytes following the message type, while the MAC is calculated on the first 60 bytes of the message. A 64-bit MAC is calculated, but only 4 bytes of it are used.

Known messages that are not encrypt are pre-initialization commands, keep-alive commands (0x22) and error responses.

Authorization Sequence


The START AUTHORIZE message contains nothing but the sub-command itself.

The CHALLENGE response message contains the 8 bytes of the challenge, as well as 7 bytes of the initialization vector for encryption (zero-padded).

request-challenge-cmd = %x14 %x01 %x11
challenge-response = %x33 %x10 %x16 challenge-content challenge-iv
challenge-content = 8OCTET
challenge-iv = 7OCTET


The CHALLENGE RESPONSE message contains the response to the challenge expected by the device to authorize the requests from the software. The format of the message is as follows:

challenge-response-cmd = %x14 %x1A %x17
                         challenge-response-encrypted %x01
challenge-response-encrypted = 16 OCTET
challenge-response-mac = 8 OCTET

The procedure to calculate the challenge is not currently reversed, but some useful notes:

  • The authorization keys are generated based on the serial number of the device and the strings AuthrEnc (for encryption) and AuthrMac (for MAC).
  • The challenge-response-encrypted buffer is generated by encrypting challenge-content together with 8 bytes of random. The encryption is initialized with the initialization vector challenge-iv.
  • The challenge-response-mac is calculated on the first 20-bytes of the message, including the message type, length, and the constant 0x01.


challenge-accepted-response = %x14 %x22 %x18
                              (13 OCTET)
encrypted-challenge-response = 16 OCTET