argrento / huami-token

Script to obtain watch or band bluetooth token from Huami servers
MIT License
412 stars 94 forks source link

No luck getting pairing key #6

Closed jds11111 closed 4 years ago

jds11111 commented 4 years ago

None of these methods have come close to working. For example, when I try the xiaomi app way, it never lets me login with the URL supplied by the python code. The other way gives a pile of errors, among which are:

... ConnectionRefusedError: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/home/jay/Programs/miniconda3/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen chunked=chunked, File "/home/jay/Programs/miniconda3/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/home/jay/Programs/miniconda3/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn conn.connect() File "/home/jay/Programs/miniconda3/lib/python3.7/site-packages/urllib3/connection.py", line 300, in connect conn = self._new_conn() File "/home/jay/Programs/miniconda3/lib/python3.7/site-packages/urllib3/connection.py", line 169, in _new_conn self, "Failed to establish a new connection: %s" % e urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f94c2ed2210>: Failed to establish a new connection: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

....

I first paired my watch to the amazfit app. But then could not login to the amazfit site with those credentials.

Some details: Amazfit Bip S Android Phone Linux desktop using either firefox or brave browsers Python 3.7.6

jds11111 commented 4 years ago

Part of the problem is that there are conflicting instructions. There are two android apps, amazfit and Mï fit. The gadgetbridge documentation says to use Mï fit. This documentation says to use amazfit. These two act separately, and seem to even conflict with each other in pairing. The amazfit web page seems to have no communication with the android app. So which set of instructions should i follow?

Secondly, either the xiaomi website has certification problems, or I am being subjected to a MITM attack. Am I the only one struggling with this. I have deleted the data for both apps and uninstalled them from my phone, and reset my watch. So, I can try from the beginning again.

My guess is that the amazfit app and website are just mistakes, so will try with the Mï fit app. I do not really want to root my phone, so will then try one of those two nonrooted methods. Am I on the right track?

argrento commented 4 years ago

This all is strange. I just checked: both Amazfit login and Mi login method works for me.

@jds11111, I have the same watch. What does "it never lets me login with the URL supplied by the python code"? Wrong login/password? In the traceback you provided I see that error is at the urlib3. This is because, probably, Huami server refused to connect. Are you under VPN or something like that?

Amazfit app and Mi fit app used same server huami.com, but in different ways. Gadgetbridge wiki provides a way to get a token from sqlite db, my script takes it from Huami servers.

Certification problem with Xiaomi web site is ok. I see it all the time.

jds11111 commented 4 years ago

Yes, I was on VPN and tried it with the VPN off, but that changed nothing. Then, I also disabled pihole for a few minutes. I had tried each of these before, but apparently both were causing problems. The domain must be on a blacklist. So, that seems to have now retrieved the key. THANKS!

Part of the problem is an error in the instructions. The Mi Fit app does not work. It needs to be the Amazfit app.

So it now seems to be connected. Can I delete the Amazfit app now?

argrento commented 4 years ago

If you get api key and plan to use Gadgetbridge -- yes, you can delete Amazfit. To be honest, I prefer Amazfit app.

jds11111 commented 4 years ago

The app looked nice in my glance through, but I do not like being tracked and giving all those permissions to closed source corporate code. Gadgetbridge is a way to degoogle for me. It is not about convenience.