lukepighetti
commented
2 years ago @michaelmaston did you get anywhere with this?
Open michaelmaston opened 3 years ago
lukepighetti
commented
2 years ago @michaelmaston did you get anywhere with this?
If you look at the trace of FGLair you will see it do GETs to the following URL:
https://ads-field.aylanetworks.com/apiv1/dsns/{unit DSN}/lan.json
for each DSN in the group.
The response is something like ( I obfuscated things that might be unique to my systems):
{ "lanip": { "lanip_key_id": NNNNN, "lanip_key": "SomeKeyString", "keep_alive": 30, "auto_sync": 1, "status": "enable" } }
Then the app sends out POSTS to each unit's IP address like the following:
http://IP Address/local_reg.json
with the request body being something like:
{ "local_reg": { "uri": "\/local_lan, "notify": 0, "port": {SomePortNumber}, "ip": "{IP Address of app device}" } }
I created a small application that replicates this by POSTing this body to the Fujitsu unit's IP address with a port and IP address on the same PC as the app and I listen on that port for a connection. When I POST the above (with appropriate IP address and port values for my PC), I actually get the POST response back on that connection (e.g., I start the transaction on the regular IPAddress:80 port but the response is sent back to me on a separate TCP connection on a port I'm listening to. The response contains some keys and mentions a key exchange step but I haven't gone any further. It seems like this might be a way to get local control (or maybe change monitoring updates) without going to the Fujitsu cloud service. I'll have to sniff out the traffic between the app and AC unit separately to see this as Charles doesn't seem to be able to capture this traffic, at least on my phone.
Anyone else seen this or done any digging around to see what it does? In the trace the app keeps pinging the cloud service for updates to the devices but that might be because Charles is interfering somehow with the local connection when it's in the mix. Without the proxy in the middle, the app might not be using the cloud locally some/all of the time is my theory.