Device discovery mechanism used by the J.O.E. App

[crazyelectron-io]

Did anyone have a look at the code that detects/finds the Jura device? My Z10 (or the App actually) can only function if I put both the phone and the Smart Connect in the default VLAN 0. If I use another VLAN, de Z10 connects to the network and gets a correct IP address but the App never sees the device.

My guess is that it has to do with the discovery mechanism used by the App.

[COM8]

This sound interesting. Hmmm... I'm not aware of such behaviour, but I also never looked in detail into the wifi code.

If you are interested, I can give you access to the decompiled JUAR Joe App code (Java) and you can have a look at it.

[crazyelectron-io]

Yes, I would like to have a look and see if I can figure out the detection mechanism. I will also do some Wireshark capturing.

[COM8]

@crazyelectron-io I invited you to the repo.

Feel free to report your findings here: https://github.com/Jutta-Proto/protocol-cpp/discussions/categories/jura-joe-app-reverse-engineering

[crazyelectron-io]

I'm a bit busy and can have a good look coming weekend. Thanks.

[FriedCheese2006]

I'm a bit busy and can have a good look coming weekend. Thanks.

I recently picked one up and ran into the same problem. The issue wasn't that the machine needed to be on the default VLAN. The problem I found is if the machine and the phone are not on the same VLAN, then it doesn't work. I reached out to Jura support. They just told me to update the app and then sent a "replacement" WiFi dongle which exhibits the same issue.

[benbender]

The detection works via UDP-Broadcasts. This also explains why it has problems crossing networks/vlans.

The JOE-App sends "0010A5F3000000000000000000000000" to the nework and the coffeemaker responds with its state, model, manufacturingdate etc. Those values are than used to derive the key for the handshake and initialize the "WifiFrogAdapter". There also seems to be a timestamp to be used while deriving the key which explains why the data sent differs between retries.

That's at least what the recent APK of the JOE-App does as I don't have a wifi-adapter at hand (on order, awaiting delivery).

@COM8 If you could add me to the reverse-repo that would be gladly appreciated!

[COM8]

@benbender awesome! Sure, please send a mail to jutta+b@uwpx.org.

[benbender]

I got my WIFI-dongle today and had to find out that Jura totally f'ed up their naming schemes. I'm having a Jura ENA 8 and thought, until now, that those are all the same besides the color. Turns out there is one with buttons (mine) and a "(EC)" model with a touchscreen. Only the one with the touchscreen is supported by the Wifi-dongle… So this journey ends here for my part and I ordered a BT-dongle instead.

Even if I can't go down the wifi-route, I wanted to document the fact that I'm quite certainthat it should be relatively easy to make the wifi-connection work via open-source software as well. From what I've seen, you have to open a udp-socket on port 51515, send the magic-string above as a broadcast and the wifi-dongle should basically respond with the data that is needed to make the connection. This data seems to be very similar to the data the BT-dongle provides via it's advertisment. There seem to be some subtle differences in the way the decryption is handled, but structurally it should be quite similar. Most of the stuff needed should be quite obvious from decompiled JOE-apk…

So I'm hoping someone with a compatible machine will pick that lead up and make it work for all of us! :)