Question about wifi-measurement

[andersdarljung]

I have the Blue Connect GO without premium service so I have to make manual measurements to update the data either via bluetooth or via wifi. My question is, did you find the api call for "Take a wifi measurement"?

I would love to schedule that to update the data instead of doing it via the app.

[volkerverkamp]

I support this request as I have the same use case.

[NemoN]

this feature would be great

[LordMike]

So to understand, you all have the Blue Extender box, and in the app, you can make a measurement, even when not home?

[andersdarljung]

Yes, that is correct, at least for me.

Den fre 14 aug. 2020 21:19Michael Bisbjerg notifications@github.com skrev:

So to understand, you all have the Blue Extender box, and in the app, you can make a measurement, even when not home?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/LordMike/MBW.BlueRiiot2MQTT/issues/21#issuecomment-674234311, or unsubscribe https://github.com/notifications/unsubscribe-auth/AL6GSJM32P3A23M3BUV6MLTSAWE47ANCNFSM4P7NS4VQ .

[LordMike]

@andersdarljung I would hope that with that extender, the Blue device does regular updates as if it was on sigfox, as BR says it's an alternative to sigfox if you have bad coverage...

.. but maybe that part is only for Blue Plus devices with bad coverage..

I'll check to see if I can find an API call for taking wifi measurements.

[LordMike]

I'm having some trouble identifying an API call from the code.. would it be possible for one of you to capture the internet traffic from the app, as you make a measurement?

For that, I use Fiddler, allow remote traffic, and use my local desktop as a proxy for the phone. You'll also need to install Fiddlers TLS certificate on the phone to allow fiddler to intercept HTTPS traffic (which BR uses).

It's a lot - but hopefully one of you will have done this before :)

[andersdarljung]

I can see if I can try it this weekend.

Den fre 14 aug. 2020 21:51Michael Bisbjerg notifications@github.com skrev:

I'm having some trouble identifying an API call from the code.. would it be possible for one of you to capture the internet traffic from the app, as you make a measurement?

For that, I use Fiddler https://www.telerik.com/fiddler, allow remote traffic, and use my local desktop as a proxy for the phone. You'll also need to install Fiddlers TLS certificate on the phone to allow fiddler to intercept HTTPS traffic (which BR uses).

It's a lot - but hopefully one of you will have done this before :)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/LordMike/MBW.BlueRiiot2MQTT/issues/21#issuecomment-674245856, or unsubscribe https://github.com/notifications/unsubscribe-auth/AL6GSJORIKN7T6JQUZPCGLTSAWITVANCNFSM4P7NS4VQ .

[LordMike]

If you'd like, @andersdarljung, we can try sharing your pool with me?

I don't know if I can make measurements on your end, but if I could, I could quickly decipher how to do a remote measurement?

In your swimming pool settings, there's a "Share the swimming pool" link. You can send the code to me by mail.

[andersdarljung]

@LordMike sorry that is a premium thing. I might be able to test fiddler to night.

[LordMike]

Oh damn.. Oh well.. Looking forward to it :)

-- no rush though.

[andersdarljung]

I just tried fiddler but don't get any good data from it. I see 2 connection to api.riiotlabs.com and lots to app-measurement.com

But I cant see any data from this, or any sort of api path.

Do you know if I do something wrong? Should i see more?

All connections use http acording to fiddler

[LordMike]

Yea, this is where the issues begin. :)

https://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/ConfigureForiOS

This guide should help you intercept HTTPS traffic from iOS. You need to go through all steps (I've skipped a few multiple times - didn't work out). Especially on iOS 10+, the last bit is very important:

On iOS 10 and later, after installing the FiddlerRoot certificate, go to Settings -> General -> About -> Certificate Trust Settings and manually enable full trust for the FiddlerRoot root certificate.

[andersdarljung]

I Will try it using the android version, there where a few Steps i hadn't done.

I'll leave the Link if someone wants it. https://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/ConfigureForAndroid

[dneumerk]

Is there any solution to trigger a new measurement via wifi?

[LordMike]

None. I have not investigated it myself.

[dneumerk]

LordMike, how can I easily find out, how this API call looks like? I have a pool without premium service, so the values are only updated on request per app. This fiddler stuff seems very complicated. Is there any description for beginners?

[LordMike]

Unfortunately I don't know of an easier way... perhaps if it's android, there's some app that can help you intercept traffic, like fiddler would do - but on the device itself. Such an app could be used for cheating in mobile games, so maybe something like that?.

Imo, the fiddler thing is fairly easy to do - but I completely get why it can seem daunting.

[dneumerk]

So I have fiddler running and see connections to api.riiotlabs.com. But what should I find? Which kind of call would you expect to see?

[LordMike]

If you can get SSL interception up and running, you should see calls to their API, with paths in them. If you don't have SSL interception, you'll only be able to see the encrypted HTTPS connections.

Once that's done. I'd expect to see paths like:

• /blue
• /blue/<someid>
• /swimming_pool/<someid>/lastMeasurements
• /swimming_pool/<someid>/weather

Once you see these. You're ready. Then:

1. Clear the fiddler log (Ctrl+X) to make it easier to spot the exact call needed for wifi measurements
2. Perform the wifi measurement in the app
3. Wait for it to complete
   • You should see some call that looks like wifi .. I expect it to be /blue/<someid>/wifi, or very similar
4. Save the fiddler session (File menu=> save => all sessions)
5. Send it to me via an email

Note that I will get signed request tokens in these dumps, but not the actual password/api keys themselves. Those are kept in the app and only used to make one-time signatures. But since you will be showing stuff like the Blue devices' serial etc, I'd advise you to send it to me by email, and not post it here, on github.

It'd be cool if this works out :)

[dneumerk]

Unfortunately, fiddler just picks a first request. If I enter the Wifi-command, no stream is captured. Do you have an idea?

Michael Bisbjerg notifications@github.com schrieb am Di., 8. Dez. 2020, 16:00:

If you can get SSL interception up and running, you should see calls to their API, with paths in them. If you don't have SSL interception, you'll only be able to see the encrypted HTTPS connections.

Once that's done. I'd expect to see paths like:

• /blue
• /blue/
• /swimming_pool//lastMeasurements
• /swimming_pool//weather

Once you see these. You're ready. Then:

1. Clear the fiddler log (Ctrl+X) to make it easier to spot the exact call needed for wifi measurements

2. Perform the wifi measurement in the app

3. Wait for it to complete

   • You should also see some call that looks like wifi .. I expect it to be /blue//wifi, or very similar

4. Save the fiddler session (File menu=> save => all sessions)

5. Send it to me via an email

Note that I will get signed request tokens in these dumps, but not the actual password/api keys themselves. Those are kept in the app and only used to make one-time signatures. But since you will be showing stuff like the Blue devices' serial etc, I'd advise you to send it to me by email, and not post it here, on github.

It'd be cool if this works out :)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/LordMike/MBW.BlueRiiot2MQTT/issues/21#issuecomment-740671603, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQE6PURGUGZAFV442E2NJRLSTY5RZANCNFSM4P7NS4VQ .

[dneumerk]

I give up. The first request of the app is often aknowledged inside of the app as error. These connections were captured in fiddler. After an error, it seems as if the connection is established for a while and the app works, but fiddler is blind to any traffic between app and the blueriiot server. Do they use a different kind of protocol?

[LordMike]

Yea, it's stuck on the ssl interception.

Try these guides:

• Android
• iOS

Basically, the app is detecting that somebody is messing with the traffic (hence the error). By trusting the certificate that Fiddler makes, you'll be telling your phone (and app) that "you" are a trusted publisher and allowed to make certificates.

[dneumerk]

I took an old Android device, so the app used fiddler's certificate. The call I was looking for is https://api.riiotlabs.com/prod/blue//releaseLastUnprocessedEvent The answer is 'OK' Mike, it would be great if you could include this as an additional command in your framework! Thanks!

[dneumerk]

Sorry, between the call has to be: https://api.riiotlabs.com/prod/blue//releaseLastUnprocessedEvent and the complete answer is: { "code": 200, "message": "OK" }

[dneumerk]

This tool always removes content between brackets. So between 'blue' and 'release' a string of the bluedeviceserial is missing.

[LordMike]

You can use the code-snippets to prevent styling and so on.. Enclose stuff in backticks (`), or use the button on the Github editor.

Are you sure it's releaseLastUnprocessedEvent ? .. It seems like that would be used for something else :O

[LordMike]

Also, if possible, do save these sessions as a file so I can look into it. Simply knowing the address or API endpoint isn't enough, I'll also need to know what was sent to it. Sometimes some additional content is sent, like a command or extra data.

But great that you got it working! :)

[andersdarljung]

Wow, great you got it working. I could't. And to LordMike, I think this is correct. I have had a suspicion that the device does scheduled measurements just as the premium subscription but hides the results. The time on the measurement seems to be about an hour apart, Even if I press the button more often than that. So at least for me this makes sense, because I think the api does just that, makes the last measurement visible.

[LordMike]

Aha!

What @dneumerk wrote to me in a mail makes sense then. Great. I'll have a look at it.

[LordMike]

I've done some quick coding.

You should now be able to send a command to the topic below, and I should call the API @dneumerk found. For now, you'll have to call it yourself, so you could put that in a schedule and call it as needed.

PREFIX/commands/release_last_unprocessed/BLUE DEVICE SERIAL

So post anything there (empty body is fine), and it should call the API and then do a force sync afterwards.

Also: The code should be up momentarily, as the :dev tagged image. If it works, I'll publish it as a version.