-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
V2 Home Data api #155
Comments
Hmm.. I wonder if the app is already using it |
The app is using it and I can see it with mitm. But I can't figure out what the difference is in terms of the request headers for the one we do now and v2. I tried adding a few of the additional requests, but nothing would accept. The response seems to be the same as well, except that it also gives the new devices as well |
Next piece of the api that I have noticed that has changed: /api/v1/login is now /api/v3/auth/email/login And the request is
Where password is some encrypted version of the password I have yet to figure out I am trying to figure out if code login has changed as well, but it isn't ever asking me for a code for some reason |
I got home data working for v2 now - I hvae not figured out v3 login though |
If you're up for a challenge, I've been trying to RE the dyad vacuums, I was able to get the following set of bytes with the following local key: 'ELSYN0wTI4AUm7C4' It's been so long since i've touched any of the decryption logic, I honestly forgot how a lot of it works, if you're up for it, i'd be interested to see if you would have more luck @humbertogontijo I tried changing all of the version instances of 1.0 to A01, but that didn't make a difference
|
I changed every 1.0 to A01 in protocol.py file. All info except payload looks correct.
Could be a different salt |
How did you determine salt when you original reverse engineered it? |
For what it is worth, api seems to point towards rpc beeing a different code:
|
I got salt from decompiled android app |
oh it was just in plain text? Interesting, i'll go searching through and see if i can find another |
Looks like it is here: https://github.com/Lash-L/roborock_decompiled/blob/74802b6d018c2becdf8b7efe281937307ef10adf/sources/roborock/sawmill/common/msg/Msg%24LogRequest.java#L128 Mind taking a look and telling me what you think? |
Previously that was some files that hold these constants like salt and broadcast token. But I couldn't find them in your decompiled version |
I used http://www.javadecompilers.com/apk |
I don't think so. It was probably just an older version of the app. |
I see broadcast token here: https://github.com/Lash-L/roborock_decompiled/blob/b9a0741fae7f8e74152d3456e83155a2c2ccfbd2/resources/AndroidManifest.xml#L91 Here is it in a version from January: I don't see anything about the salt though |
I remembered it. I got it from here |
Based on the comment in this file, I looked into Before I spend more time looking into how both authentication methods work, I wanted to check if there is already some work done on this? Maybe someone already figured out how the new authentication works, or made significant progress. It'd be a shame to repeat work that has already been done. Is there a community where these things are discussed? |
Yes - we have fully Reverse engineered it, I have not taken the time to implement it into this library though. You can add me on discord @conway220 |
Seemingly Roborock has rolled out a new api version for the /user/homes/{home_id} request. It is now /v2/user/homes/{home_id}
It uses the same hawk authentication method, butI have been getting invalid token error when I have been trying. I will continue to figure out why, but if you wanted to take a look as well @humbertogontijo, more eyes would be nice.
Basically we want this for 2 reasons:
In case they depreciate v1 of the api
Some of the newer non-robot vacuum devices are received from this api.
Let me know if you figure anything out
The text was updated successfully, but these errors were encountered: