Password must be pre-generated

[NicolaiPetri]

Currently you must find or generate correct password. It would be nice to allow auto generation of passwords.

[Svenfabian]

Hi @NicolaiPetri . Is there any chance that you have a description for how to do to find or generate the password on the EER31800 module?

[NicolaiPetri]

Hi @Svenfabian, I took python code for here to generate password for my setup: https://gist.github.com/pascal-schetelat/4e31697a4c7e5fe7aeebe35d9053136b

I hope it helps, I will port this to c# when I have a bit of time.

[Svenfabian]

Thanks @NicolaiPetri

[Inrego]

I started getting 401 Unauthorized on my requests.. Anyone else? I've decompiled the app to see if I can find the password generation code to reverse engineer. But no results so far. I can only see the same method as implemented in the above python script.

[Inrego]

The url /rsa1/GateWayKey returns a key, but only after pressing the button on the module. From what I can see, the gateway key is then used to generate a password (instead of the my_char static key), and that password is then used to call /rs/login, and the result of that is used as a cookie for further requests. However, I can't get the login part to work. Also, I'm a bit worried about the lifetime of that cookie. The use case in the app, is for the electrician to finish setup of the devices, and therefore a very short-lived cookie is very likely. The GateWayKey is different every time, which means the button would probably need to be pressed every time to generate a new cookie.

I've yet to hear about anyone else having problems using the old method, so maybe it's just an issue in my end. I guess we'll see. I'm rooting more and more for Z2M to support the meters on my existing Zigbee Network, so I can get rid of this extra hub.

[henrik-olesen]

I just realized that I have not been getting updated values since this morning. I suspect that I am facing the same problem as you.

[verydrunk]

yup same here,

401 Unauthorized

[PentaSX]

I'm at the login part (POST) but cannot make it works. I have bad request from server. My knowledge of Java is poor and i'm trying understand what is needed in the body...

[Inrego]

Don't put it in body. Go to Authorization and choose basic auth and enter the username and password there.

[PentaSX]

When I do that, it freezes on "sending request" and finish with error "socket hang up". I already disabled ssl cert verification in postman but I don't know what to do know.

[Inrego]

Yeah, I had the same problem in postman. Try opening the url in your browser - it should ask for credentials (after you ignore ssl warning).

[filips]

You need to send it in a JSON encoded body, like this:

{"username": "m2madmin", "password": "..."}

[Inrego]

You need to send it in a JSON encoded body, like this:

{"username": "m2madmin", "password": "..."}

Really? Interesting..

[PentaSX]

It seems to work when I POST JSON without Authorization Header

But what's next? :)

[filips]

If the request is accepted you should have a "Set-Cookie: SID=xxxxxxxxx" on the HTTP 202 reply. Sending this cookie along with requests afterwards should make them go through as normal.

[PentaSX]

I just saw that cookie, thank you. It works in subsequent requests from my browser.

But this cookie is set to be expired when the session goes off.

I have to try from postman with that cookie.

[Inrego]

Doesn't matter how long the cookie works, if the password you generated still works. Then we can just make new cookies when needed programmatically.

[Inrego]

I'm afraid I won't have more time to put into it this week. I'll see if I get some time next week if it's not already fully solved by then.

[PentaSX]

I'll let you know if I can automate something on my side (I do that on PHP).

Thanks for your help.

[PentaSX]

Small guide :

1/ Push the button on the EER31800

2/ Get the key via HTTP GET on this URL : https:///rsa1/GateWayKey

3/ Convert the key and the MAC address to a password Use this website : https://www.tutorialspoint.com/compile_java_online.php Copy paste the class here : https://pastebin.com/raw/t59VjMkf Add your MAC and GateWayKey.

    String MAC = "<PUT_MAC_HERE>";
    String GateWayKey = "<PUT_GATEWAYKEY_HERE>";

4/ Send JSON data via HTTP POST to https:///rs/login

For exemple : { "username": "m2madmin", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }

5/ A cookie is returned named SID, get the value of it (SID=yyyyyy)

6/ Make subsequent requests with that cookie by adding it in headers : Cookie: SID=yyyyyy

It is now working for me 👍

[NicolaiPetri]

I will take a look at this in the weekend to see what’s possible.

[Inrego]

Did you manage to implement the new auth method?

[filips]

My tests showed that the SID was valid for around one hour.. AFAIK there’s no way of extending validity besides pressing the button and following the authentication flow again. Interestingly the SID is immediately invalidated if you try to do basic auth with the m2madmin user..

[Inrego]

Hmm, damn.. Since it only connects to the cloud after completed setup, there's no reason to believe they'll have a way to connect locally outside of that 1 hour window.. Adding support for them on zigbee2mqtt seems like the inevitable way to go, so we can just avoid using this bridge altogether

[PentaSX]

Hello,

On my side, the cookie was still working after an hour. I collected data since 3-4 days without issue.

It is invalid only if you press the button on EER. Also i tested to power off and on, the cookie was still working after that.

[filips]

Hmm that is interesting.. I wonder what caused the difference in behaviour. I just left a script to request indefinitely, and it started getting HTTP 401 after around that hour, even though I didn't touch the EER during that time.

[Inrego]

@PentaSX did you reuse the Gateway Key to get a new cookie on every request? Or did you use the gateway key once to get a cookie, which you then use on every request for a few days?

@filips same question to you. I think the difference could be this (maybe gateway key or issued cookie is invalidated after 1 hour, but the other is not).

[filips]

I got one cookie that I reused.

[PentaSX]

Since I get the cookie, i'm using it for all subsequent requests. I only call rsa1/GateWayKey and rs/login once at the begening.

At the moment I'm using an EER31600 at home, but i'm testing again the EER31800 since 12h25. I'll do some resquests this afternoon and tell you what happens with the same cookie.

[PentaSX]

It seems you are right, the SID expires after a while and I've got "403 Forbidden" response. But I am sure it worked 2 days ago, maybe the cookie expire if there's no activity on server side ?

[Inrego]

The password generated with the gateway key only works once. After retrieving a cookie, it no longer works and will return 403 Forbidden.

[PentaSX]

Yes i'm doing resquest to /rsa1/UsageMeters It worked for a while and now it's 403. If I remove the cookie it ask for user/password and drop 401.

[Inrego]

I think I'll try to focus on the zigbee way. This project was a workaround anyway, and it's quite fragile to updates on the bridge. Getting the PowerTags to pair to Z2M seems like a better way to integrate them into a smarthome setup.

[Inrego]

Link to issue here: https://github.com/Koenkk/zigbee2mqtt/issues/7975

@filips seems to already have made some progress in that regard.

[Ugo-en-pce]

Schneider is pushing a new firmware named 1.7.7 to the EER31800 to "improve" security. This change the way of login into the EER but you already figured out as I see (tried and worked fine). Old method works on 1.7.5 Thanks a lot for your work on it, but I guess if the cookies works on a limited time, it'll not be acceptable for a home assistant integration like before. I'm a little bit sad because I have some EER31800, EER31500, EM5, R9M60 who was perfectly working in home assistant and Schneider push the update of firmware without asking (very bad practice).