Open yaydogan opened 5 years ago
Robdel12
commented
5 years ago Hey there! What I did (and it's probably fragile but has worked for 4-5 days so far) was connect my phone to a proxy (I used Charles proxy), and looked at the network request the Meross app sends to the device over the local network. It wasn't SSL so it was really easy to see what the payload was. That's also how I figured out what the devices IP was.
aralam
commented
5 years ago Hi, Trying to get some clarity. So here are the steps I took: 1) New plug (not yet configured for my network) 2) Power up the plug - amber light blinking 3) Start packet capture on the iPhone connected to home Wifi 4) Start Meross app on the phone. 5) Follow the config steps to connect a new smart plug to the point where app asks to join the WiFi network created by the new smart plug (mss110) 6) Go to WiFi settings on iPhone and select SSID of the smartplug 7) Go back to Meross app and continue the plug configuration to the point where the plug now needs SSID of home WiFi. Enter that and finish the configuration successfully. 8) Go to proxy and stop packet capture. 9) Log analysis show that smart plug had IP address of 10.10.10.1 during initialization process. Note the Basic Authorization token/key sent to http://10.10.10.1/config by my phone (presumably by Meross app as part of configuration) 10) Note that final IP of the smart plug got changed when it joined my home WiFi / LAN (192.168.2.20) 11) I configured the homebridge config.json with deviceUrl: 192.168.2.20 and authToken with th one captured from proxy. However I can’t seem to control the plug. 12) I even tried to POST the details to http://192.168.2.20/config using curl command but get 404 error.
Any ideas what am I missing?
Thanks for your help.
aralam
commented
5 years ago I wrote to Meross Twchnical Support to get info on their API. They were kind enough to send me their API. However, this API is only supported on version 1 hardware. Most new switches are on version 2 which does not support direct access.
chippoman
commented
5 years ago @aralam
I wrote to Meross Twchnical Support to get info on their API. They were kind enough to send me their API. However, this API is only supported on version 1 hardware. Most new switches are on version 2 which does not support direct access.
It does not make much sense that version 2 doesn't support direct access when all their app is doing is sending a JSON payload via POST.
For what it's worth, my Meross plugs also return 404 using curl, but they work after I made the following changes to index.js after comparing with the values being sent by the ios app (I used mitmproxy to capture traffic):
${this.config.deviceUrl}/config
seeligd
commented
5 years ago @aralam was there anything useful in the API documentation? It might be worth trying to decompiling the meross app apk to see how the signature generated. I was able to get it working only after using the messageId/sign keys that I found on my own network
aralam
commented
5 years ago I have been extremely busy at work and haven’t been able to put much effort into figuring this out. Hopefully, will get some break soon to pick this up again.
Outlookhttps://aka.ms/qtex0l for iOS
From: David notifications@github.com Sent: Wednesday, March 20, 2019 12:16:32 AM To: Robdel12/homebridge-meross-plug Cc: Alam_A; Mention Subject: Re: [Robdel12/homebridge-meross-plug] Question on API calls to Meross plug (#1)
@aralamhttps://github.com/aralam was there anything useful in the API documentation? It might be worth trying to decompiling the meross app apk to see how the signature generated. I was able to get it working only after using the messageId/sign keys that I found on my own network
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Robdel12/homebridge-meross-plug/issues/1#issuecomment-474714419, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AsA_l1-8J3MbO6PvakgFiU58mYL6YOIXks5vYeBQgaJpZM4ZHdRx.
jixunmoe
commented
3 years ago Looking at meross_v2.28.1 apk:
private static BaseBean setupSign(String strFrom, String strMethod, String strNamespace) { // setup some signature stuff
BaseBean bean = new BaseBean();
Header header = new Header();
long time = System.currentTimeMillis() / 1000;
String messageId = PackageFactory.f1();
header.setMessageId(messageId);
header.setSign(PackageFactory.calculateMD5AllParts(messageId, User.getInstance().key, String.valueOf(time)).toLowerCase());
header.setFrom(strFrom);
header.setTimestamp(Long.valueOf(time));
header.setMethod(strMethod);
header.setNamespace(strNamespace);
header.setPayloadVersion(Integer.valueOf(1));
bean.setHeader(header);
return bean;
}PackageFactory.calculateMD5AllParts just does a simple MD5 function with all strings concatenated together. You'll need to somehow get the key attached to the user, which I believe it can't be extracted without root?
public String getKey() {
if(this.key == null) {
this.key = SharedPreferencesUtils.getInstance().getString("key", "");
}
return this.key;
}Which might explains why the signature doesn't work for other user.
jixunmoe
commented
3 years ago Made a script meross-login to authenticate against meross api endpoint and extract user key/token/etc.
The login works (it returns user information), however I did not have time to test against my smart plug...
Hi, I am trying to understand how to control the Meross plug from local network instead of making API calls to cloud server. Looking at your code, I quickly tried sending a REST API (POST http://deviceIP/config using postman and I am getting 404 not found. Do you have packet captures between home bridge and meross plugs that you can share with me?
Thanks in advance.