I'm working an a Minew P1 and face the same issue; I want to read the sensory data. I've installed a BLE debugging profile on my iPhone and used "Apple PacketLogger" (part of XCode) to inspect the connection. For more, follow this tutorial: https://www.bluetooth.com/blog/a-new-way-to-debug-iosbluetooth-applications/

So now I'm able to fully see what data is going back-and-forth on the BLE line. Some services of the device are open - like an Eddystone Beacon Control service.

But they also have their own, which is on BLE characteristics "7F280002-8204-F393-E0A9-E50E24DCCA9E".

Sending a "sync history information" gets me the follwowing ATT send commands, followed by a bunch of ATT Receive packets (which contains the data)

Session 1: only requesting data via ATT Send

7F280002-8204-F393-E0A9-E50E24DCCA9E - Value: EF0C 7F1D AA25 E15F 7B12 BED6 45DD 5C99
7F280002-8204-F393-E0A9-E50E24DCCA9E - Value: 9AB1 258D 4B4A 3E34 9D19 6B04 280B F956

Session 2: only requesting data via ATT Send

7F280002-8204-F393-E0A9-E50E24DCCA9E - Value: FD9A 668A C70A D98F 2751 21CE 184E 3948
7F280002-8204-F393-E0A9-E50E24DCCA9E - Value: 2D58 C91E 1BAC 6CFB 014C F06F 557D 1420

This indicates some sort of encryption - two exact session, but their payload is completelty different.

I was hoping to find out what was going on here, and how to decode this. So far no luck yet, and I hope someone out there can help with this.