AEH-W4G2

[jcbshw]

Stumbled upon this looking to connect my new Hisense AC to home assistant. It has the W4G2 wifi module and uses the ConnectLife app. Nothing really comes up for this module when googling. I have attempted adding it to the other apps but the WiFi network is HIS-####### not HiSmart-####### or the other variations it is looking for.

Anything I can do to look at having support for this AC added?

EDIT: looks like the url the AC communicates with is ac-eu-link.hijuconn.com

[ehushagen]

I have just purchased this unit as well, model number AP1022CW1G and have the same issues. I've tried almost every app in the list of supported apps but have had no luck getting it to pair. Information does seem to be incredibly sparse on this model.

Edit: I have no idea if it is helpful or not, but I have nmap scanned all ports. The only one open appears to be UDP 5030.

[jcbshw]

I did a nmap scan when directly connected to the AC and TCP 5020 was open for me. Never noticed UDP 5030 open when the AC was paired to the app. Seems all traffic was HTTPS.

[evelant]

I picked up a couple of these ACs too. Seems like this repo doesn't have the ability to connect to whatever server "ConnectLife" uses. Hopefully the protocol is the same and it's as simple as finding the new endpoint.

[evelant]

OK so I took a look at the auth network traffic using mitmproxy, it's talking to:

POST https://auth-gateway.hijuconn.com/account/acc/login_pwd HTTP/2.0
{
    "accessToken": "pa2u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoX2mQ1PKNlTbu1rOmV3bKLU_-C1GjurjEGAhqYxgrBONlXd-5MZC6GtwLASr5jTWE5drMWncHgKTzlpdCBqLA85O8gm6eKRMOItp_HFPBgxjwT6wXuZ2TgWQXqvY2nxjDB2WHnwF6sCuFM_bUIxYlEXI2PV3O_puigM8sXQfEtSkaX2wIMyutjUXQSyJFpRa0X5NPiBTl67O0fU4W7POeWV_tCx9Xi-wvNbA4loZ-L3t42uPVsolnaICGu8I91faQatBVHgyscr0Z5B8cwUl0WMWKclNOa4xqAhX0rqEmF8YjKmmGwESF_dzsgIczemhDy",
    "appId": "47110565134383",
    "appSecret": "yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv",
    "languageId": "1",
    "loginName": "MY_EMAIL_HERE",
    "password": "E5o+7sDv0vuDw.....hashed password continues....zz405TLK1n0bjE/xV/g==",
    "randStr": "389429",
    "sign": "IzR2jIgqJwWr8hsWkueuhC6nI/UlMZs29cegGiwuhkyIBjcBwlMft4xVPsbRYX+DGEFGmK02PWzzIV8QBlXhSQ9beh71eMkhbtWOCkynMQ98cKuwqrlefxmwSBPu8YA3unX+5ue+fQJgE1uX4gy9NuqIV6XUbarGMNR3z7JrmFUG07M5n2d7AXyLwiNwbhNzortsZ8RG4Q2OL+T2MV4PF5dpFmrvizFSDBPTelprObQZOpKqIBPxOjsppKF8RGtaYrkOaIMqcS44sV2Swl0cGLLXbbVCxSk6to7ljvL+097I5BkEhOcchoq/80WBmUGazlWBvUwL+6qJIA8/sS9LLQ==",
    "sourceId": "td0010020000D51781E428534D17A50E67A07F2AC106",
    "timeStamp": "1652731738",
    "timezone": "EDT",
    "version": "2.1"
}

with response

{
    "response": {
        "accessToken": "pa1u47x.......long token here.... LAdOQ",
        "accessTokenCreateTime": 1652731738,
        "accessTokenExpiredTime": 86400,
        "customerId": "315843845029890",
        "refreshToken": "pr1u47x....long token here....PcK1Q53A",
        "refreshTokenExpiredTime": 2592000,
        "resultCode": 0
    },
    "signatureServer": "vj9IJbpirL6cp1dcrt8HBO8lj5An7L0z+PAkTNvtV1nA1RhZNGZbFqKzABlf/0ZEPIPz/IkHT47fCN5ZgtJm9joNGPBgfP85QWULd9DmCq1xn3EIDxHVQ51WpavyAQBY8LNXFFnDvzf44/u49tkLAzhnJjkm0nhmo5x0vXAMlS2OqkkMHnbJlwDQohbxnIcXfhiIaVHjNcZLhB0KPnrZgDQlHp84HVLiiDG6nkQuYGFK+gR3E3bjxIWgM8FRPTMXJeRRr+tXro6fkPZONWCkZ9lmUnZwMrxJlAQi40lI0WIOYUj4BYnys84QPyJRf/CM695zNXLFRGn9L2IZ5shvLw=="
}

I'm guessing that adding an implementation for fetching the accessToken and refreshToken from these endpoints is probably what's needed to make these ACs work but I haven't really looked at this codebase much and I'm not well versed in python so I don't know if I'll have time to do it anytime soon.

@deiger could you let me know if there is any more information needed to add support for the newer models with the ConnectLife app?

[deiger]

Hi, Is this your app? I'll try to fetch the relevant codes.

[ehushagen]

Yes, that's the one.

[evelant]

Yes, that's the app used by the newer Hisense models

[deiger]

So it seems that (at least) the discovery requests are somewhat different. For the previous models, there was a POST query to a user server (replaced here by auth-gateway.hijuconn.com), and then GET queries to a devices server to fetch the list of devices and LAN data (maybe bas-gateway.hijuconn.com here?). Could you check if you see further queries?

[evelant]

Yes, sorry, there are further queries (to bas-gateway.hijuconn.com as you already guessed) although I didn't see any device info in the responses. Let me capture more info and I'll post it here shortly.

[evelant]

@deiger Here is the series of requests and responses, obvious analytics calls omitted starting from a fresh login to the ConnectLife app

I'm guessing at some point it's opening a connection to a websocket or to local devices but mitmproxy isn't picking it up since I don't see any traffic captured when I control an AC with the app, but at least here is the auth flow.

POST https://auth-gateway.hijuconn.com/account/acc/login_pwd HTTP/2.0
accept: */*
content-type: application/json; charset=utf-8
accept-encoding: gzip, deflate, br
user-agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
accept-language: en-US;q=1
content-length: 660

{"timeStamp":"1652835843","loginName":"","accessToken":"","version":"2.1","appId":"47110565134383","languageId":"1","sourceId":"td0010020000F278F2200E3740B6BA5E3CEEF9380E49","password":"","randStr":"437002","appSecret":"yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv","timezone":"EDT","sign":"Lokg92Sz7Z7ExTT5GuFYgu7bES3PYT8AnqiiQGEpEdIPaSEpbsy0LifRVKGt17B4BFgJFyh4JBmmGE5JHmdnJLuLjU8wcwxJx3ZtkiYqNnvxRXUsh5xISCpSZEwhs6GoLJ8MIJinXLBm5qXPQTApG8jKu2+LFyKde\/JKosrVriaonnB6kTTNqXNExbwFNOd0cA77FwhGKE9FA7XHGTRHNoRCN8gqpaYLXg5mUKlPlKw51hEojr4C\/tkKHPvHIZwQIG1W4DEKvXhavS6pWtBGigBkrTvbgAo2Fj7\/vl4jFuBqrkjRHmt7OS7G9LhiRCIIUQzzdcXJNsPaqGAxvuqSVA=="}

HTTP/2.0 200 
date: Wed, 18 May 2022 01:04:04 GMT
content-type: application/json;charset=UTF-8
x-application-context: api-gateway:10002
content-length: 1319

{"response":{"resultCode":0,"customerId":"","accessToken":"pa2u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXfxZd8yYeFm0zx4nHuDgnb-yVh7tV5759vhggy2_OVt5m4y28FkaWgHdwQ6G2lLcV_p6faWIkh0K1EFVSTA_NB8kIQ413P0hd1HhYYRwC-4Gm6USHFDKwdE1WxZInT_KhRmVAlLFT4LRCBqjTVpS28UG6-cx8UhvdaZaZwHdap9jfsl4JJweIHl2rfI4HT2vXgqof_Unxvay-aoJQ2xjQlooBZVmarKscL-qlDuf3rJDUGPX-oHmadOAYkW8juSblxr8WPge8jqgy_jaq-W5KEBqU-fjx4URePfBhdxHoQZMw6OMkKBnhGoyfra5-fYHd","accessTokenCreateTime":1652835844,"accessTokenExpiredTime":86400,"refreshToken":"pr2u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXfxZd8yYeFm0zx4nHuDgnb-yVh7tV5759vhggy2_OVt5m4y28FkaWgHdwQ6G2lLcV_p6faWIkh0K1EFVSTA_NB8kIQ413P0hd1HhYYRwC-4GfDMWZt2yYoeSuEoFQLgrDpZt1nQgmppMlAIfUJvRJjrXIREln-xLgaP_L4EBizQ5BJJG-AnyuRqMzt9Nn4tcGGSBw87ImQuLXabVTskBswtQpnpJ24f2NpHDNhTDCr0FtVk4EzZUEKPhSIFEiZm_3FNOYSAAG4pq1z4Eyvcf5-PFiriEhUNKN_1jDjpOD0cPi48PO5lNmgRCXKOKHPlx5","refreshTokenExpiredTime":2592000},"signatureServer":"U0dwEZwPLX/dp+b1eUO7hPZbCrr1FZab4GZvv2niD/0vSwxE8V0ICbZmrFg6INp+6spi5CUBmlXh29dwDM4XMBpvqF0cOYEk5hGldppxWgu5ya0uri58RCL+sFCSBr/rh9q4ZMhYMUYRRG0sZIHmBoWP3jqC6B+zPJ9pCDJ7YACR99sClxasJR3HOOvIm/ic91Rxax35e4ZQCTvKZu7wzrCGs3UBrzRzjhsJ/Ff65c6espCGi+v9JTfPmHQCWqhXbio4yg6Al5QaT9PDM3aIzQZ2FIgJKNg1y52fLPQCsVGACAHwWHuxqRBljynrdhhkLJrOSI7+iIMUG9DenddwBg=="}

GET https://bas-gateway.hijuconn.com/account/get_pa_tos?accessToken=pa2u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXfxZd8yYeFm0zx4nHuDgnb-yVh7tV5759vhggy2_OVt5m4y28FkaWgHdwQ6G2lLcV_p6faWIkh0K1EFVSTA_NB8kIQ413P0hd1HhYYRwC-4Gm6USHFDKwdE1WxZInT_KhRmVAlLFT4LRCBqjTVpS28UG6-cx8UhvdaZaZwHdap9jfsl4JJweIHl2rfI4HT2vXgqof_Unxvay-aoJQ2xjQlooBZVmarKscL-qlDuf3rJDUGPX-oHmadOAYkW8juSblxr8WPge8jqgy_jaq-W5KEBqU-fjx4URePfBhdxHoQZMw6OMkKBnhGoyfra5-fYHd&appId=47110565134383&appSecret=yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv&languageId=1&randStr=445500&sign=vfQvMhTGoc4Tt7mdcu3XsfxnDYAeJ5yg6HPsP1aEf9FK9uq7C9PWGjcSu896ZFHAMp8xWKP3tCVOlGcknnIaZq4Au0d%2BDGcBcXIazYs3fRpO8IbXjdpwpXhQmcQl1VJB8Ani3KMaZ92UZiP/0g93fKP0Xs65BDIfJNeTFZg1KiiJ%2BkPhgaSe7wPARjmArt2XJQtl7oj6ZYdW5v5QwdUgcdPO9OF/NMBGBp%2Bp2Ojtzjh3nyI0gSsD8xv44YlmFdNGIbT2sd/6mM/gnuWx7t%2Bn1EB5%2BvxhFLkBBq%2BPNiyQMwmlFhcwPwJcCdY/5JFDSDO8TytbDLk8xNkg96crIW3OCg%3D%3D&sourceId=td0010020000F278F2200E3740B6BA5E3CEEF9380E49&timeStamp=1652835844&timezone=EDT&version=2.1 HTTP/2.0
user-agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
accept: */*
accept-language: en-US;q=1
accept-encoding: gzip, deflate, br
content-length: 0

HTTP/2.0 200 
date: Wed, 18 May 2022 01:04:04 GMT
content-type: application/json;charset=UTF-8
x-application-context: api-gateway:10002
content-length: 770

{"response":{"resultCode":0,"data":{"ppVersion":"4","tosVersion":"4","ppUrl":"https://app-resources.hijuconn.com/wgplatform/164273433592900775.html","tosUrl":"https://app-resources.hijuconn.com/wgplatform/164272948052500605.html","ppSHA256":"37dea41701a9df98119ff6f8b37ae0cf7b050d7bb84a12f057da797649024300","tosSHA256":"e3c651a5b38c164a0cdfb3601830608bd74f421fea21534d87c050e4c77d309d","updateCount":0}},"signatureServer":"cqMpn7jHLFYF03eJUkD4d6C6ttUMW4TbcTfZagCIF9c2F7LdM1ZASk+bhrH9UTH/FlZ/58oH5GcQx+Jhs6i0EBaeYE/gpV0s9JY5ByzVkxOIRCgdKRManWpj5yWI+7nyFrGbcAFlKbwkPYxIPpbWwAXyP1Ndo+ya9OH0jphHLwfVEzQROgS6S/owKZWeR0B8xSASIhTcuBLSrGVa1l7b3rdB5b5NEv7Hyp5qNTQZpbFJDFgm+YPmU8SIXMXIJWEuV7lf1i+AOMjzebEHhrHz7Tiv/vVcDDPvOpdYTSzHPcJxX/HLzj7NhEZWWq23unUpmnUiGQqCgTPdbo+Cakxfug=="}

POST https://auth-gateway.hijuconn.com/account/acc/login_pwd HTTP/2.0
accept: */*
content-type: application/json; charset=utf-8
accept-encoding: gzip, deflate, br
user-agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
accept-language: en-US;q=1
content-length: 662

{"timeStamp":"1652835860","loginName":"","accessToken":"","version":"2.1","appId":"47110565134383","languageId":"1","sourceId":"td0010020000F278F2200E3740B6BA5E3CEEF9380E49","password":"","randStr":"609053","appSecret":"yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv","timezone":"EDT","sign":"oyqIcAcqvaTpxRH21cLlQQ3q3H3zepR2sjrrz\/bf56TPpRzNqiqR6AVWMjrIMkL9s83KbXpYZFGmuJMEVUQxOlQQiSd+agq1s55+P3h4ZOocqnq8SX09zPAEqWJtU97RAOicyIrC++\/\/qfaWzDgv1b0ovCWcI\/WwipgudiyyTcmIhste0pTkOusSK2Si27+rjjofPOQSDhBBJi1B8giGFG8Dreyl9TSWZFr0EQgQUv3a7N+Kqbo\/uwEgFWmv7H42Lu0oSWC81fbooeZBLOxwCP4UpBmBpUaWIIb9GqTYFnEOiCtfv7GNPyUZt04xHjH8v1q5xsCFbr+J9Wl1Li3aCQ=="}

HTTP/2.0 200 
date: Wed, 18 May 2022 01:04:21 GMT
content-type: application/json;charset=UTF-8
x-application-context: api-gateway:10002
content-length: 1319

{"response":{"resultCode":0,"customerId":"","accessToken":"pa2u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXh5IO9Ew46sIL0_FQa3U9JTA5Qgz7py9O2Yj-a8HXZm4KEPeawvGOZNX3-mcNMT9jmJ3czmwACaJFBcBLc8n2el1MaquTqpxWN-2UZZgnPAN13XSE8i7zgUVnEe-KqsdAlPTEq6kuwdlyFYk_4NmXkaZhK1GO-S3fsiU1P1EbDuVzxfgxKKRmjr_YbNpFhpQgmqjL-5-cEtV-5MkQX4VGWY8XkzjLzJi6-zTpYiJ3AyWlQ1CcT9WHmhgMG8dRPF1CtHZooSNXjqfCeLaHjQ1kNZU0ghR_Dxh-MuAlYxfyT5H3lHcHvGh6uBArc9olxNRm","accessTokenCreateTime":1652835861,"accessTokenExpiredTime":86400,"refreshToken":"pr2u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXh5IO9Ew46sIL0_FQa3U9JTA5Qgz7py9O2Yj-a8HXZm4KEPeawvGOZNX3-mcNMT9jmJ3czmwACaJFBcBLc8n2el1MaquTqpxWN-2UZZgnPANI-8fFOZ-h7uHH4rRGrmOAvAyit86nXB9Xa-9qRcO65U_jhvG0mIvfNaR-3hBdBuQpu__lQtysjmud2a_puFovW_w8OknsAe_Y7FWiUozKJjasBd42foMDl72lKkNPJVP3sywL_jtVzZ8nHe5r8ohcq1ebuxinvfgoJgHKyGkw3pBF8A0KNHAQEuGm7tuMubYLxEaitqGlO9bhvyvmpeG6","refreshTokenExpiredTime":2592000},"signatureServer":"EoXE7fZIKN0vT2Ow4vpsvMn/MVPpJ0VzFbVaQ/fBDmMTHHNIFsKol4XXE/uPNot1nFwueEPKlytXTQac7m+M4q6xzknpy1P2dPhSdyE9AJF9h6y4XkpA2tNGIS+6PEbID5f+4zl4ZLjvoI5Dmbq4miivFgVcYzo02j/H9/bAFK6LY7rVNzBQzOLSPjbH6S6fZ/JAscF4LiIAT4c9B0MGZt6Lx/LpFVwEFAAeFeMLkvLGP+vVHSVhR5YBSsjFuKjJB2P9XwgM5eHTGAh4bkV0ErupYCaqVyi/w0kgzOkMR6G+SSg8+92ihPE8XdHtTP16M047G2Ot4COJQGV5/wV6FQ=="}

POST https://auth-gateway.hijuconn.com/account/acc/login_pwd HTTP/2.0
accept: */*
content-type: application/json; charset=utf-8
accept-encoding: gzip, deflate, br
user-agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
accept-language: en-US;q=1
content-length: 1158

{"timeStamp":"1652835861","loginName":"MY_EMAIL_HERE@HOST.COM","accessToken":"pa2u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXh5IO9Ew46sIL0_FQa3U9JTA5Qgz7py9O2Yj-a8HXZm4KEPeawvGOZNX3-mcNMT9jmJ3czmwACaJFBcBLc8n2el1MaquTqpxWN-2UZZgnPAN13XSE8i7zgUVnEe-KqsdAlPTEq6kuwdlyFYk_4NmXkaZhK1GO-S3fsiU1P1EbDuVzxfgxKKRmjr_YbNpFhpQgmqjL-5-cEtV-5MkQX4VGWY8XkzjLzJi6-zTpYiJ3AyWlQ1CcT9WHmhgMG8dRPF1CtHZooSNXjqfCeLaHjQ1kNZU0ghR_Dxh-MuAlYxfyT5H3lHcHvGh6uBArc9olxNRm","version":"2.1","appId":"47110565134383","languageId":"1","sourceId":"td0010020000F278F2200E3740B6BA5E3CEEF9380E49","password":"oB+XIzFlnR5+5fWa5LYQOGoDd7bScAOaB\/3dPDkJqbnBXIK5lsHRFqi1UD4H9yBMURuI7Z4gLSZ1Eo5FlgmvRA==","randStr":"619986","appSecret":"yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv","timezone":"EDT","sign":"hIU1BdxqhNlRZPQj71w1c\/9\/T0kj3BL5lmxsaOBvsCWS02xik8oI1aALHM0t58uvR2cWcKDQECk+UaYu6NhWjsVbEucW+jZHO95dyj8vY8nxe0t34AQx1gL+ZP2J7dUpefqsnVNmTjqNMQapblSJMhP6Q6VRnA9IuYe3NbiOexjsRQlyZeeKY0tETZ\/OM\/CSm0GmEl6QfwLii7DtLonmXlrOjXsOBxlhHvxhYTFdl4uvfdWzoCy\/N10lgwJiVZn3sPH26W5iF9jCiA3gV9k7uLaOlXFvpV0fU61Io+VNwDia02ngZEW7vC4IVtV2fSSjUE+HGMaxc8Pr11KGusTtjQ=="}

HTTP/2.0 200 
date: Wed, 18 May 2022 01:04:21 GMT
content-type: application/json;charset=UTF-8
x-application-context: api-gateway:10002
content-length: 1378

{"response":{"resultCode":0,"customerId":"315843845029890","accessToken":"pa1u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXqhDZNf93SpobHwOc8P-mVWkxYWqUFH67XBzHOOFHR6aNDt0baRlLhvFVJ_V2uvI0ZDPcCjTQS912yLCscQy3_NQc9CyH46rJfhCWYANbXvh4P3F-oTfnxJI6yPd2f5PH8IpRfqovZgMiTsvV8dEWBk3GDj15OM1f1epB3WFBOOhdTqRHXyRMeJDKLTsmtjk_L6ydGcYQ7kig-SqBLTi8UuRMZ8YlHAYjzahfR2Q3rebsk4vng9sDYsjDIFNL9bTf7fVKNGjrrEk3gXCtE8cxIhrecSDLBS1f1seQLy79wAjJy7pKXzzgwm6_KzTjNKWZ-o1wcdBt1X7XvYItkWDECA","accessTokenCreateTime":1652835861,"accessTokenExpiredTime":86400,"refreshToken":"pr1u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXqhDZNf93SpobHwOc8P-mVWkxYWqUFH67XBzHOOFHR6aNDt0baRlLhvFVJ_V2uvI0ZDPcCjTQS912yLCscQy3_NQc9CyH46rJfhCWYANbXvh4P3F-oTfnxJI6yPd2f5PHSAz3HQZmB1KXRhmPfdi1Cf1aofyuZlJbxq2eKOE1eVhCy1VdFWhOoQfs2r_l0FezkfXx59_h_Xu69g6xcTJWybuZOUbeB3guQ-JOj3ue0AlzkhwJySk3FOdxGMvOWieNKAazKrNkCblMNqsYDIGC_4EuIhp2-qaam-YkPgBv04aO7Hu88pSwEskN_-pUCb9fseuwtX3rjAWc2rwj-ivZ_Q","refreshTokenExpiredTime":2592000},"signatureServer":"fDy014WWT4hs4zmFgxG0unuZZ6+3wSwBNTbY3yOUZRPO3rdXVEGinYQ8VtMSP7UMGqlGrWB9axM7eqSlIL62xTj7aP4KHpFnNHK6tT1HH7xJT1sbsRiMiEoW2KYtXqxX+wCRsO7yoevJNZfcvDiXaovCe4DDFAO2MYMeu4C9vwOmIFAwp8LKLDo3YDgSegrScSs1YoNESCtBs8s5jJNlzGC6Abqtvybu6VB4z5uVByomsBcEBdOmo956oj8LJoqMbnADRplwMYWhwkmd4Jn9MY+Xg6gqYqmsD21CZU0Liu9SOcv2gzxouCHgax2u16cX44ZGm7QI9qPX29dDpRFDFg=="}

GET https://bas-gateway.hijuconn.com/account/check_pa_tos?accessToken=pa1u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXqhDZNf93SpobHwOc8P-mVWkxYWqUFH67XBzHOOFHR6aNDt0baRlLhvFVJ_V2uvI0ZDPcCjTQS912yLCscQy3_NQc9CyH46rJfhCWYANbXvh4P3F-oTfnxJI6yPd2f5PH8IpRfqovZgMiTsvV8dEWBk3GDj15OM1f1epB3WFBOOhdTqRHXyRMeJDKLTsmtjk_L6ydGcYQ7kig-SqBLTi8UuRMZ8YlHAYjzahfR2Q3rebsk4vng9sDYsjDIFNL9bTf7fVKNGjrrEk3gXCtE8cxIhrecSDLBS1f1seQLy79wAjJy7pKXzzgwm6_KzTjNKWZ-o1wcdBt1X7XvYItkWDECA&appId=47110565134383&appSecret=yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv&languageId=0&randStr=612442&sign=BDpGvH1PHhGImfCm4KJTu8QvWuuujbSE/pNngPZsCo/EY/vkiSLeSzw0Co0LXKtiIcqdueaXhnELD9hhQj3VpNp2TLvV/9Xlk/Tq8SaD6aQs61GcBSpk1RhSGczDYK%2BvOSrnQsOXD/EWZsssLhkBu1jQcGCyFNH3sE2kamshjV66Bj/Wpq%2BTcObLmvB/lw5QcfhoQHbwJljWD17e7ZYp8r4Lksp/o1Vv9ovRwn9fXNhGJ4ptg90JI30n72Yn1l8Z00j7BbLtkD95ffmRKRbDeIaH0KHrJpA2/NvB75Zi0DsrlcLwesm51Mc9BHKPR0242X4O66EnFNlDNgXBnyYPaw%3D%3D&sourceId=td0010020000F278F2200E3740B6BA5E3CEEF9380E49&timeStamp=1652835861&timezone=EDT&version=2.1 HTTP/2.0
user-agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
accept: */*
accept-language: en-US;q=1
accept-encoding: gzip, deflate, br
content-length: 0

HTTP/2.0 200 
date: Wed, 18 May 2022 01:04:21 GMT
content-type: application/json;charset=UTF-8
x-application-context: api-gateway:10002
content-length: 770

{"response":{"resultCode":0,"data":{"ppVersion":"4","tosVersion":"4","ppUrl":"https://app-resources.hijuconn.com/wgplatform/164273433592900775.html","tosUrl":"https://app-resources.hijuconn.com/wgplatform/164272948052500605.html","ppSHA256":"37dea41701a9df98119ff6f8b37ae0cf7b050d7bb84a12f057da797649024300","tosSHA256":"e3c651a5b38c164a0cdfb3601830608bd74f421fea21534d87c050e4c77d309d","updateCount":0}},"signatureServer":"cqMpn7jHLFYF03eJUkD4d6C6ttUMW4TbcTfZagCIF9c2F7LdM1ZASk+bhrH9UTH/FlZ/58oH5GcQx+Jhs6i0EBaeYE/gpV0s9JY5ByzVkxOIRCgdKRManWpj5yWI+7nyFrGbcAFlKbwkPYxIPpbWwAXyP1Ndo+ya9OH0jphHLwfVEzQROgS6S/owKZWeR0B8xSASIhTcuBLSrGVa1l7b3rdB5b5NEv7Hyp5qNTQZpbFJDFgm+YPmU8SIXMXIJWEuV7lf1i+AOMjzebEHhrHz7Tiv/vVcDDPvOpdYTSzHPcJxX/HLzj7NhEZWWq23unUpmnUiGQqCgTPdbo+Cakxfug=="}

POST https://bas-gateway.hijuconn.com/push/register_devicetoken HTTP/2.0
accept: */*
content-type: application/json
accept-encoding: gzip, deflate, br
user-agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
accept-language: en-US;q=1
content-length: 1198

{"timeStamp":"1652835862","version":"2.1","accessToken":"pa1u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXqhDZNf93SpobHwOc8P-mVWkxYWqUFH67XBzHOOFHR6aNDt0baRlLhvFVJ_V2uvI0ZDPcCjTQS912yLCscQy3_NQc9CyH46rJfhCWYANbXvh4P3F-oTfnxJI6yPd2f5PH8IpRfqovZgMiTsvV8dEWBk3GDj15OM1f1epB3WFBOOhdTqRHXyRMeJDKLTsmtjk_L6ydGcYQ7kig-SqBLTi8UuRMZ8YlHAYjzahfR2Q3rebsk4vng9sDYsjDIFNL9bTf7fVKNGjrrEk3gXCtE8cxIhrecSDLBS1f1seQLy79wAjJy7pKXzzgwm6_KzTjNKWZ-o1wcdBt1X7XvYItkWDECA","deviceToken":"c3f1ec2b7c5eefbe3031b84ee63bce23fb2b16fe1fca991e1f9b2750badfcbb4","appId":"47110565134383","deviceId":"D6424948-DAB6-41B1-8BD3-D8D969C18257","deviceplatform":"IOS","sourceId":"td0010020000F278F2200E3740B6BA5E3CEEF9380E49","languageId":"1","randStr":"629956","appSecret":"yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv","timezone":"EDT","sign":"cxYG\/uOHY25DxDoTd1Y6QJgwwWYrSuAxM5zbKlCqnhNUxzA2efc8gn1+CbSJ5oUt8F\/XR+U90Od3RLkxtCJsKTm6W7vDKT2tatYXjVvtwCxNYF\/R2HrnhhXL4rDovGExLfPiTiSKwk91Zq7DE4mygyj0S2NoUiFNYgD9KcRYsINzgVQMW6GBZ\/YwnYxDv56KmsTVgO\/V\/rPwDeFmlH7D+hKr6gpkd2C2U9+DRTCxv+Ot0v+JN8s\/aQDypCWL98czT3nBxQkuy568Ilg28udowM7lOvjYrq56wS+nb0jNSR5nHPBo1PyyMgkpyHLeABv8RDhPwQU2tdV9ohr0J3T5BQ=="}

HTTP/2.0 200 
date: Wed, 18 May 2022 01:04:22 GMT
content-type: application/json;charset=UTF-8
x-application-context: api-gateway:10002
content-length: 410

{"response":{"resultCode":0,"desc":"成功"},"signatureServer":"qcS/Wjprwpcie69jpTwOAmvTdVuDbzc8PQcrt8njIycRwEw8jkmc9J09pOp9fUiQ5ak/DvmhZq392IVKWJ/DsPO5MnGe/bddwK72AnJgqYSaQF15vf30pY418DhDtsTyAUHmlECXIzJWxtP3oCGdnUtAOLL6sBvcHDo2ipNtyVXrqHNbBIuzVGTCA68Gq6+FG+g2B79VeulI3anN8C/8Zsxg6y/LmfzmR2Sjihx/lQZx+lETypoxnHbtaCk+CDkF0fOn5Rz/jN/NGom3gx6XJjc9Fj+IVo752g4XlLOl+H7UeXAxjc9sE2UGyVydsSxCu2olZVgV/k/E7y9gm5IPlg=="}

GET https://auth-gateway.hijuconn.com/account/get_user_profile?accessToken=pa1u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXqhDZNf93SpobHwOc8P-mVWkxYWqUFH67XBzHOOFHR6aNDt0baRlLhvFVJ_V2uvI0ZDPcCjTQS912yLCscQy3_NQc9CyH46rJfhCWYANbXvh4P3F-oTfnxJI6yPd2f5PH8IpRfqovZgMiTsvV8dEWBk3GDj15OM1f1epB3WFBOOhdTqRHXyRMeJDKLTsmtjk_L6ydGcYQ7kig-SqBLTi8UuRMZ8YlHAYjzahfR2Q3rebsk4vng9sDYsjDIFNL9bTf7fVKNGjrrEk3gXCtE8cxIhrecSDLBS1f1seQLy79wAjJy7pKXzzgwm6_KzTjNKWZ-o1wcdBt1X7XvYItkWDECA&appId=47110565134383&appSecret=yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv&customerId=315843845029890&languageId=1&platformId=103&randStr=618723&sign=uHQgj9cyj9VwN1pzhUoy1muTYqt7%2BfXVab0T5q6EDuH25a8WiEn5EA8v/4YTRfud/KRU689nYN5Np%2BifqGg4tkUxKyM/g7xj9aS1rV7aQvuaiOvYIJczKNqgFDrxXskj4Emex7%2BcMGkdtVqCLxUFyddouGjL94V3dkFvF0Xm9nuGPRKt/yipsdVCelE0uP1O9fEKuahMOtOeO1ysD2SZkOe4ARyhBKXsKaGM4c2g1ale4BGF5YXi1V%2BdewW5utzekrWd3ye3fH0PrasvyfdO1alzuLSG2U8cuha2oyOpvjGXrDL3gs3MHHTTRCFSOfjYXcUKlEcRM8CpY2P/Kyeqog%3D%3D&sourceId=td0010020000F278F2200E3740B6BA5E3CEEF9380E49&timeStamp=1652835861&timezone=EDT&version=2.1 HTTP/2.0
user-agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
accept: */*
accept-language: en-US;q=1
accept-encoding: gzip, deflate, br
content-length: 0

HTTP/2.0 200 
date: Wed, 18 May 2022 01:04:22 GMT
content-type: application/json;charset=UTF-8
x-application-context: api-gateway:10002
content-length: 1015

{"response":{"resultCode":0,"userProfile":{"id":43576,"source":"JUCONNECT","platformId":null,"customerId":"315843845029890","userId":"MY_EMAIL_HERE","firstName":"Fuck","lastName":"Off","language":"en","photoUrl":"","socialAuthProviders":null,"addresses":[{"addressType":"BILLING","street":null,"houseNumber":null,"postalCode":null,"city":null,"country":"US","gpsInfo":{"latitude":0.0,"longitude":0.0}}],"phoneNumbers":null,"birthDate":null,"gender":null,"company":null,"userMedia":null,"additionalData":[{"group":"Juhaokan","name":"CustomerId","value":"315843845029890"}],"country":"US","createTime":1652569913270,"updateTime":1652569913270}},"signatureServer":"NxT1GAPhK8UbuJDmOakWWGtvyAbcboStrLtfIjc4Y+QnIEWv55pftkUH/kHSbJ5DCOY2/47OREgUi3uL/rs9T/qwF/smdrVNwdsoi7ezuPzBV/Q5ProwiCSilf+FEPELxm9JZusNIXywCyBzqtqa0GjPSmoufNxFa68nMWeVPVsTYlW8VPJAaeZxjI8AympNPtNAlZVtZJhpIbTVCcYQiNU0cdD99notj0SE9hTcfDO0QjWIyrxZfxsb3OP7m/yK/UuNvsvc9Y4NqsvqVl/Ijl0UkAh2Nr49IhCWHWZiUU+AsJm5A+MjrS8uM+hKdtyrhnVWYZaz83bXZFWwrHKnSg=="}

POST https://bas-gateway.hijuconn.com/push/register_devicetoken HTTP/2.0
accept: */*
content-type: application/json
accept-encoding: gzip, deflate, br
user-agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
accept-language: en-US;q=1
content-length: 1196

{"timeStamp":"1652835862","version":"2.1","accessToken":"pa1u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXqhDZNf93SpobHwOc8P-mVWkxYWqUFH67XBzHOOFHR6aNDt0baRlLhvFVJ_V2uvI0ZDPcCjTQS912yLCscQy3_NQc9CyH46rJfhCWYANbXvh4P3F-oTfnxJI6yPd2f5PH8IpRfqovZgMiTsvV8dEWBk3GDj15OM1f1epB3WFBOOhdTqRHXyRMeJDKLTsmtjk_L6ydGcYQ7kig-SqBLTi8UuRMZ8YlHAYjzahfR2Q3rebsk4vng9sDYsjDIFNL9bTf7fVKNGjrrEk3gXCtE8cxIhrecSDLBS1f1seQLy79wAjJy7pKXzzgwm6_KzTjNKWZ-o1wcdBt1X7XvYItkWDECA","deviceToken":"c3f1ec2b7c5eefbe3031b84ee63bce23fb2b16fe1fca991e1f9b2750badfcbb4","appId":"47110565134383","deviceId":"D6424948-DAB6-41B1-8BD3-D8D969C18257","deviceplatform":"IOS","sourceId":"td0010020000F278F2200E3740B6BA5E3CEEF9380E49","languageId":"1","randStr":"620859","appSecret":"yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv","timezone":"EDT","sign":"P3742qKGlpb0fPIYAo5AQ9QZb83\/TbIM7ymcSTmjryi3fa5O2n8hubZMm1Y2UA200BjMqLByz67nBHEocPfu1fkJLXRVARjFT5\/4f6NNFsyLeW31RGSnHUwlPVqKWtMUDoLqJ7iV2cyZTUm8RwVUJcaENUcBf3zzPSoC4hudza\/vi8RCzbw8YaIHcX7KlcBow+ueGflMC8dov\/IeSoR7Z7NUBUFnRHaqFiYNMoLCPCdm0aoE\/uFSRgn06Semm14q1ekKcqw87qwniiDtOzfx1aEEYka4ssRf5Ye9e52T0DpS1QNI8+z7dkdUY41e7fM+SHwlxZ8fjfelPYdEiYrkLw=="}

HTTP/2.0 200 
date: Wed, 18 May 2022 01:04:22 GMT
content-type: application/json;charset=UTF-8
x-application-context: api-gateway:10002
content-length: 410

{"response":{"resultCode":0,"desc":"成功"},"signatureServer":"qcS/Wjprwpcie69jpTwOAmvTdVuDbzc8PQcrt8njIycRwEw8jkmc9J09pOp9fUiQ5ak/DvmhZq392IVKWJ/DsPO5MnGe/bddwK72AnJgqYSaQF15vf30pY418DhDtsTyAUHmlECXIzJWxtP3oCGdnUtAOLL6sBvcHDo2ipNtyVXrqHNbBIuzVGTCA68Gq6+FG+g2B79VeulI3anN8C/8Zsxg6y/LmfzmR2Sjihx/lQZx+lETypoxnHbtaCk+CDkF0fOn5Rz/jN/NGom3gx6XJjc9Fj+IVo752g4XlLOl+H7UeXAxjc9sE2UGyVydsSxCu2olZVgV/k/E7y9gm5IPlg=="}

GET https://auth-gateway.hijuconn.com/account/get_user_profile?accessToken=pa1u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXqhDZNf93SpobHwOc8P-mVWkxYWqUFH67XBzHOOFHR6aNDt0baRlLhvFVJ_V2uvI0ZDPcCjTQS912yLCscQy3_NQc9CyH46rJfhCWYANbXvh4P3F-oTfnxJI6yPd2f5PH8IpRfqovZgMiTsvV8dEWBk3GDj15OM1f1epB3WFBOOhdTqRHXyRMeJDKLTsmtjk_L6ydGcYQ7kig-SqBLTi8UuRMZ8YlHAYjzahfR2Q3rebsk4vng9sDYsjDIFNL9bTf7fVKNGjrrEk3gXCtE8cxIhrecSDLBS1f1seQLy79wAjJy7pKXzzgwm6_KzTjNKWZ-o1wcdBt1X7XvYItkWDECA&appId=47110565134383&appSecret=yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv&customerId=315843845029890&languageId=1&platformId=103&randStr=626187&sign=a7HZMXRaz4%2B7ZH%2Bti0q6NJmQlPvIlimghcEFR8Dqd2/NuYpJkZCROP7%2BOsNRbVTrJtAfxj3GIQOfaZwwqrGN5/ftSOWn8Sn7/sTQZQ2QeU8E6exQ9B8a5fEjT3trVDhakP3Og5E1Ofz3ZHGq%2BMISi/93Ispw0QxshgG3d%2B11GNKMxM3WpGEQv4DPEbKM7oH8FRFMvCK1Kdf%2BDELtvxgCRi6AuUBH4gczxEcUodkO2dv/CkHraDBQcyYy/UKz/3ueM9kMfy7vvKJYoDnl%2BZEkcM7BxrubuVNSmlw2B1caVsbEna5vvmBWv5nkIV8ctOYmmFRSsn%2BRS8ysJfhwtBw/cA%3D%3D&sourceId=td0010020000F278F2200E3740B6BA5E3CEEF9380E49&timeStamp=1652835862&timezone=EDT&version=2.1 HTTP/2.0
user-agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
accept: */*
accept-language: en-US;q=1
accept-encoding: gzip, deflate, br
content-length: 0

HTTP/2.0 200 
date: Wed, 18 May 2022 01:04:22 GMT
content-type: application/json;charset=UTF-8
x-application-context: api-gateway:10002
content-length: 1015

{"response":{"resultCode":0,"userProfile":{"id":43576,"source":"JUCONNECT","platformId":null,"customerId":"315843845029890","userId":"MY_EMAIL_HERE","firstName":"Fuck","lastName":"Off","language":"en","photoUrl":"","socialAuthProviders":null,"addresses":[{"addressType":"BILLING","street":null,"houseNumber":null,"postalCode":null,"city":null,"country":"US","gpsInfo":{"latitude":0.0,"longitude":0.0}}],"phoneNumbers":null,"birthDate":null,"gender":null,"company":null,"userMedia":null,"additionalData":[{"group":"Juhaokan","name":"CustomerId","value":"315843845029890"}],"country":"US","createTime":1652569913270,"updateTime":1652569913270}},"signatureServer":"NxT1GAPhK8UbuJDmOakWWGtvyAbcboStrLtfIjc4Y+QnIEWv55pftkUH/kHSbJ5DCOY2/47OREgUi3uL/rs9T/qwF/smdrVNwdsoi7ezuPzBV/Q5ProwiCSilf+FEPELxm9JZusNIXywCyBzqtqa0GjPSmoufNxFa68nMWeVPVsTYlW8VPJAaeZxjI8AympNPtNAlZVtZJhpIbTVCcYQiNU0cdD99notj0SE9hTcfDO0QjWIyrxZfxsb3OP7m/yK/UuNvsvc9Y4NqsvqVl/Ijl0UkAh2Nr49IhCWHWZiUU+AsJm5A+MjrS8uM+hKdtyrhnVWYZaz83bXZFWwrHKnSg=="}

GET https://auth-gateway.hijuconn.com/account/get_user_profile?accessToken=pa1u47xnRnfcy7qqsjRweLt3ACThrT2VDNWZOfBKMV_OojBXuPkTqrR3trCAKOnpJoXqhDZNf93SpobHwOc8P-mVWkxYWqUFH67XBzHOOFHR6aNDt0baRlLhvFVJ_V2uvI0ZDPcCjTQS912yLCscQy3_NQc9CyH46rJfhCWYANbXvh4P3F-oTfnxJI6yPd2f5PH8IpRfqovZgMiTsvV8dEWBk3GDj15OM1f1epB3WFBOOhdTqRHXyRMeJDKLTsmtjk_L6ydGcYQ7kig-SqBLTi8UuRMZ8YlHAYjzahfR2Q3rebsk4vng9sDYsjDIFNL9bTf7fVKNGjrrEk3gXCtE8cxIhrecSDLBS1f1seQLy79wAjJy7pKXzzgwm6_KzTjNKWZ-o1wcdBt1X7XvYItkWDECA&appId=47110565134383&appSecret=yOzhz6junYno-nmULM3Wr7PU_dpSZN22ZdluvVWZ4uW5ZwwG8fIGCHTbrhcnU-iv&customerId=315843845029890&languageId=1&platformId=103&randStr=624017&sign=ndHl4YrWJYhtLf%2BdCgueexCtDXKFIkFy7zkhQKp505S85dXaGLdd4Ok0tfOVJ0GL6biPilliUJSz7NeBR97TC2ISXCqoVV7lwyPvSuSq2eMUcnAHiJVgTEi8n7IvbLBKLtQeeCWl1dMK898aVhk0RmndPY/CWyH4Cn0JD6qb4c8RkqgB7J6v2C/R7wx8OAMgL%2B0sKEoRp6JC14MFcH3FDNirmImQMb4Vqa7ngoRzpsLMcNU2O5H2Q25PKhfIJY1NZafn8vYXCTDOd7lcswQJMZHK0Ey5bk25UuI5kxL%2BqnfXYW2ZlRNXDYjICOa/X/2HZmFR8KrqisV7cUVexDcp6Q%3D%3D&sourceId=td0010020000F278F2200E3740B6BA5E3CEEF9380E49&timeStamp=1652835862&timezone=EDT&version=2.1 HTTP/2.0
user-agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
accept: */*
accept-language: en-US;q=1
accept-encoding: gzip, deflate, br
content-length: 0

HTTP/2.0 200 
date: Wed, 18 May 2022 01:04:22 GMT
content-type: application/json;charset=UTF-8
x-application-context: api-gateway:10002
content-length: 1015

{"response":{"resultCode":0,"userProfile":{"id":43576,"source":"JUCONNECT","platformId":null,"customerId":"315843845029890","userId":"MY_EMAIL_HERE","firstName":"Fuck","lastName":"Off","language":"en","photoUrl":"","socialAuthProviders":null,"addresses":[{"addressType":"BILLING","street":null,"houseNumber":null,"postalCode":null,"city":null,"country":"US","gpsInfo":{"latitude":0.0,"longitude":0.0}}],"phoneNumbers":null,"birthDate":null,"gender":null,"company":null,"userMedia":null,"additionalData":[{"group":"Juhaokan","name":"CustomerId","value":"315843845029890"}],"country":"US","createTime":1652569913270,"updateTime":1652569913270}},"signatureServer":"NxT1GAPhK8UbuJDmOakWWGtvyAbcboStrLtfIjc4Y+QnIEWv55pftkUH/kHSbJ5DCOY2/47OREgUi3uL/rs9T/qwF/smdrVNwdsoi7ezuPzBV/Q5ProwiCSilf+FEPELxm9JZusNIXywCyBzqtqa0GjPSmoufNxFa68nMWeVPVsTYlW8VPJAaeZxjI8AympNPtNAlZVtZJhpIbTVCcYQiNU0cdD99notj0SE9hTcfDO0QjWIyrxZfxsb3OP7m/yK/UuNvsvc9Y4NqsvqVl/Ijl0UkAh2Nr49IhCWHWZiUU+AsJm5A+MjrS8uM+hKdtyrhnVWYZaz83bXZFWwrHKnSg=="}

I saw some failed requests in there too, not sure what they are but seem websocket related, this might be the actual device communication part but mitmproxy doesn't seem to pick it up or proxy it successfully

POST /api/systemLog HTTP/1.1
Host: 123.56.19.132:9420
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
Accept-Language: en-US;q=1
Content-Length: 113
Accept-Encoding: gzip, deflate

{"title":"iOS-315843845029890","content":"初始化创建长链接","type":9,"addTime":"2022-05-17 21:17:35:479"}

POST /api/systemLog HTTP/1.1
Host: 123.56.19.132:9420
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Runner/1.2.0 (iPhone; iOS 15.4.1; Scale/3.00)
Accept-Language: en-US;q=1
Content-Length: 105
Accept-Encoding: gzip, deflate

{"title":"iOS-315843845029890","content":"webSocketDidOpen","type":9,"addTime":"2022-05-17 21:17:35:697"}

[mattclar]

I have this same Hisense AEH-W4G2 module. Happy to help with testing if needed

[evelant]

@deiger is the information I provided useful or is there something else specific you'd like me to look for?

[deiger]

Sorry for the late reply. This is vastly different from other Hisense modules. Could you please try capturing the traffic sent to the A/C as well? If the issue is just with the bootstrap, we can deviate the code of discovery.py, but if the communication protocol with the A/C is different it might not be worth it.

[evelant]

@deiger Sorry but I'm not super familiar with inspecting network traffic. I used mitmproxy to capture the above but it didn't seem to pick up any traffic to the A/C. What tool would you recommend using to try to capture that traffic?

[deiger]

@evelant the same packet capture app should work also for the traffic against the A/C, but the packets would be sent to the local IP address of the A/C. Are you seeing the A/C in the Hisense app, and are able to control it?

[mattclar]

I cant seem to find a way to input a proxy for the AC to use? thats a requirement of using mitmproxy correct? Also tried capturing packets from the android app, no luck unfortunately as the app (like most other android apps apparently) is using SSL certificate pinning which defeats the mitmproxy 😢

[jcbshw]

Unfortunately it doesn't look like there is any local traffic between the app and the AC. All traffic captured with Wireshark when controlling the AC was via an external IP.

[evelant]

@mattclar I used mitmproxy as a proxy for the app on my iphone to inspect the traffic. I didn't see any local traffic from the phone to the AC. I'm not sure if it doesn't exist or if mitmproxy didn't catch it somehow. It seems like maybe the AC is communicating directly with hisense servers instead of with the app. I'm not sure how to capture that traffic if that's what's going on.

[evelant]

Also, has anybody opened one of these up and gotten a look at the mcu? Maybe if it's an esp32 or some such it could be re-flashed.

[jcbshw]

I finally had some time to look into this more. I used mitmproxy in SOCKS mode and utilized an iOS app Brook to create a VPN connection to the SOCKS proxy.

I do not see any responses that provide LAN info of the AC and it seems all communication is done directly with the server over websockets. Every request seems to have a random string and is signed along with the access token.

[brayStorm]

Also, has anybody opened one of these up and gotten a look at the mcu? Maybe if it's an esp32 or some such it could be re-flashed.

I have a Fujitsu Halcyon split heat pump. Set up with FGLair app, then blocked from internet and used this repository to connect control. I am now interested in swapping this component out for some ESP32s or 8266s. Do these photos help anyone?

[mattclar]

I think this confirms there is a websocket connection opening as the app is throwing out this log to a random IP address

EDIT: sorry i can now see this was already established

[maschmann]

Hi guys, same problem here. If I can provide any help, let me know. Using the android app, got 5 units with the newer W4G2 module and one with the older one. Have to fiddle with two apps which is quite annoying. Also did some research and as of now there is no public API nor any kind of documentation, though they are providing an alexa skill, which might be exploited for some refence information.

[djm193]

I have also 3 units with the new wifi module working only with connect life app. This apps works, however it is annoying that you cannot interconnect your AC with your other stuff in the house. I would really appreciate a working hass integration. If there is anything I can assist with just let me know

[maschmann]

I did some more research on the "Omnichannel strategy" Gorenje Group and Hisense are employing. There is not a single word about integrating something else than the currently existing Alexa integration, so my hopes are down for a quick solution. One idea that came up, is to check how the Alexa skill works and maybe reverse-engineer. The second option is my AC-technician: Maybe he can come up with five more "old" wLAN modules 🙄 It's just so bad to not offer any kind of external API integration. Even Somfy, Netatmo, etc. do so.

[evelant]

@maschmann If you've found some contact info of the company who made the integration perhaps send them an email and ask? Might get lucky and they'll be willing to work on an integration since hass is so high profile these days.

[maschmann]

@evelant I've tried - there seems to be no official way of contacting the people behind connectlife.io in any way - aside from vulnerability notifications. When researching ConnectLife LLC, you end up somewhere in Slovenia, but no contact info, so far. As I already stated: I've not seen something so closed before. I'll try to contact Hisense, but hopes are low.

// edit I've just written a lengthy email to ConnectLife on their privacy mail address, stating the case and providing some potential benefits of havign a public API or even SDK and letting open source add some additonal value like integrations to other platforms to their product. Curious if it works or if I even get an answer ;-) Will do the same with Hisense.

[maschmann]

First update: Hisense Germany just read "Air conditioning" and directed me to a local dealer, instead of reading my email. Customer service++

[maschmann]

Still no feedback from ConnectLife. I'll do some Wireshark runs to maybe catch the socket conneciton data in the local LAN.

// edit did some capturing. Since I use IPv6 mostly, it's beween a chinese endpoint and my external v6, TLS 1.2 encrypted. Plugging squid in between would need the modules to trust my selfsigned root-ca. Love it.

[djm193]

Still no feedback from ConnectLife. I'll do some Wireshark runs to maybe catch the socket conneciton data in the local LAN.

// edit did some capturing. Since I use IPv6 mostly, it's beween a chinese endpoint and my external v6, TLS 1.2 encrypted. Plugging squid in between would need the modules to trust my selfsigned root-ca. Love it.

Does it mean you came one step closer? Or was the "Love it" just ironically? Old Wifi Modules are not easy to get in Germany... also not from Italian Sellers...

[maschmann]

Sorry, this was totally ironic. So, not a single step closer 👎 I've found the old modules in poland, but they are not delivering to Germany. Since I need 5 pieces, this is a bit of a problem.

[mattclar]

Not a bad idea, or just work out how it's communicating with the actual aircon

On Wed, 8 June 2022, 10:23 pm imagio, @.***> wrote:

Also, has anybody opened one of these up and gotten a look at the mcu? Maybe if it's an esp32 or some such it could be re-flashed.

— Reply to this email directly, view it on GitHub https://github.com/deiger/AirCon/issues/160#issuecomment-1149845021, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGNYD6SRXMS7DFMETE7TYLVOCGDHANCNFSM5VAVJ6LQ . You are receiving this because you were mentioned.Message ID: @.***>

[maschmann]

Not a bad idea, or just work out how it's communicating with the actual aircon

The main challenge with this is: Communication seems to be encrypted. As far as I grasped the concepts there, it's certificate-based and so you can only "see" there is a request from the outside into your network and to your device, but not the body's contents. What we've seen so far are the requests from the app to cloud endpoints. The most interesting part would be:

Cloud (TLS) -> Home/(w)LAN -> AC (TLS)

Which is socket with TLS encryption, so e2e. That's where the need for a root cert for Squid and the device in question, the AC would be needed for. I'd have to be able to "trust" the cert, so squid could de- and encrypt the traffic between cloud and device. If someone manages that, it would be at least possible to try and send commands to the devices from inside the local network. This also depends on the level of trust, implemented in the communications protocol between cloud and AC, aside from transport layer security.

[iznaf]

You can buy the older module on ebay... About 60 EU for a piece, quite pricey... What plugin is compatible with the older module, for use with Homebridge? I just got the new unit now, using two apps is annoying...

[iznaf]

BTW ConnectLife can be linked to Google Home. I tried it and it works. What is left is to connect it to the Apple Home 😵‍💫

[evelant]

@maschmann @deiger @iznaf If it helps I think this might be the wifi module in question: https://fcc.report/FCC-ID/2AOKI-WFM38GUTH1/4567113.pdf

[amstrad83]

Hello, i'm new in town, i'm a developer and tech nerd and i've freshly installed 3 units with the new module, so if i can do something to help the cause of HA integration cont me in. i will really appreciate to connect and use the conditioner for free when my solar panel give me more than i use, but obviusly i can'0t do it with the simple application and alexa, i will need the full power of Home assistant.

[AlecDusheck]

Hi everyone,

I know this issue is pretty dead, but I've done some pretty extensive reverse engineering on the ConnectLife app. I've found a few things:

• They use a basic refresh token / access token for authorization
• Requests are "signed" for whatever reason. You can see this via the sign / randStr tokens in the above screenshots. The randStr is based off previous requests, the sign value is based off a RSA public key built into the app binary (RsaSignUtil.kt for those poking around in the APK)
• Once the state of your devices are gotten via the conventional API, device commands are sent over socket. Having some difficulties actually intercepting these, but its pretty clear when you look through the binary.

Would love to bounce some ideas off anyone else doing research into creating some sort of unofficial library for ConnectLife. Other then the things above, it's not too difficult considering you are only aiming to support a few device types.

P.S.: Python script to generate sign values: https://gist.github.com/AlecDusheck/c352fd080a32f071a97c3a54c8533356

[evelant]

@AlecDusheck Awesome, glad to see someone found out some more about it. I don't have time to hack on it at the moment but I've got 3 of these things so I hope the rest of the mystery gets solved 🙂

I also wasn't able to intercept the socket traffic. That's where I left off. Not sure how to get it.

[AlecDusheck]

I've had some more free time and have successfully reverse engineered the websocket logic. While I was never able to mitm it, reverse engineering the binary gave me all the clues:

• Make a call to https://bas-gateway.hijuconn.com/msg/get_msg_and_channels to retrieve your list of device push channels and the pushServerIp/pushServerPort
• For the above step, you'll need an accessToken and the logic to generate the sign param
• Assemble your connection string, as this: ws://wcl-mpush.hijuconn.com:8080/ws/jucon_pc_5_<omitted>?token=<omitted>, token using your accounts accessToken
• Decode requests as they are given in a weird JWT token format. You'll see the server sends you state updates as well.

Once finished, I'll publish a sample library with all my findings.

[jcbshw]

Awesome! Looking forward to trying seeing as I've just brought my AC back out.

[mattclar]

Fantastic news! Thanks for putting in the hard work to get this going

On Sat, 13 May 2023, 12:25 pm Jake Shaw, @.***> wrote:

Awesome! Looking forward to trying seeing as I've just brought my AC back out.

— Reply to this email directly, view it on GitHub https://github.com/deiger/AirCon/issues/160#issuecomment-1546499909, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGNYD3XL3CV23KX5QSIOJ3XF3WJ3ANCNFSM5VAVJ6LQ . You are receiving this because you were mentioned.Message ID: @.***>

[djm193]

Really nice to see! Thanks man

[sabaatworld]

This is very exciting. Hopefully you will be able to get the library working!

[quidquid]

Whoa, nice—I've also been following this and trying to reverse-engineer the app requests. Got hung up looking for the RSA signing key in the (ios) app bundle, like "I know you're in here! 👀" Anyway, I'm down to work on some code

[roelteeuwenNL]

Excellent! I've a ATAG induction cooking plate which connects via WiFi to the ConnectLife app. There is no integration/API via ATAG. When I would only see the on/off status of my cooking plate I'm able to connect it to my extractor hood (turn off/on).

[JuanmanDev]

Hi all! While we wait until @AlecDusheck brings more good news.. I have found something that could help: https://hicloudmanager.hijuconn.com/#/restrict https://hicloudmanager.hisensehvac.com/hidom

I can use the same account as I have in the app. But I dont see any device (I had 2 AC). I think is not connected to the same servers just only the auth API, but if anyone found some more, please share. (Extra, has a websocket, spolier: could be related with the firebase commented below?)

Also I had tried debugging the app with no luch, BUT the app has a lot of logs that could be useful. The backend seemt to be a firebase. The Android App uses Flutter that difficults the decompiling.

This seems to be the firebase config and other useful things:

    <string name="google_api_key">AIzaSyB-vKLh0qzwv0ddJqCmjVfa3w4q86xUbXI</string>
    <string name="google_app_id">1:99698616259:android:47e9b2e03cc15db3abbf76</string>
    <string name="google_crash_reporting_api_key">AIzaSyB-vKLh0qzwv0ddJqCmjVfa3w4q86xUbXI</string>
    <string name="google_storage_bucket">connectlife-b9531.appspot.com</string>

    <string name="default_notification_channel_id">AIzaSyBV5TPO5WAtD4jxx03VXJ8IOvikYDtvatU</string>
    <string name="default_web_client_id">99698616259-6ohb4sd2fu0oap08etjv6l1r82a9hka4.apps.googleusercontent.com</string>

    <string name="clear_text_end_icon_content_description">Clear text</string>
    <string name="client_id_token_debug">99698616259-1muojg71mutfo9fltd86fjsijitsurhv.apps.googleusercontent.com</string>
    <string name="client_id_token_release">99698616259-7r1uhp21ujvht3e1r7ssje489q0m56fc.apps.googleusercontent.com</string>

    <string name="server_client_id">99698616259-6ohb4sd2fu0oap08etjv6l1r82a9hka4.apps.googleusercontent.com</string>

    <string name="library_android_database_sqlcipher_author">Zetetic, LLC</string>
    <string name="library_android_database_sqlcipher_authorWebsite">https://www.zetetic.net/sqlcipher/</string>
    <string name="library_android_database_sqlcipher_isOpenSource">true</string>
    <string name="library_android_database_sqlcipher_libraryDescription">Android SQLite API based on SQLCipher</string>
    <string name="library_android_database_sqlcipher_libraryName">SQLCipher for Android</string>
    <string name="library_android_database_sqlcipher_libraryVersion">${clientVersionNumber}</string>
    <string name="library_android_database_sqlcipher_libraryWebsite">https://www.zetetic.net/sqlcipher/</string>
    <string name="library_android_database_sqlcipher_licenseLink">https://www.zetetic.net/sqlcipher/license/</string>
    <string name="library_android_database_sqlcipher_repositoryLink">https://github.com/sqlcipher/android-database-sqlcipher</string>

from the APK\resources\res\values\strings.xml

I would like to create a basic web app with this config, but seems a bit dificult (I dont have more time for today) https://firebase.google.com/docs/web/setup https://firebase.google.com/docs/android/setup

[AlecDusheck]

Hey!

I unfortunately haven’t been able to poke too much more due to some recent life events, but I’ll be able to take a closer look later next month!

That web app is actually incredibly interesting, but you might be right about it not being connected to the same gateway. I’ll take a brief look when I’m back, but if it is, this would be an incredibly easy way to get access.

While the app uses Firebase, I’m not sure if it’s actually used for device control. Hisense has their own socket endpoints for receiving device action pushes, which don’t seem to use the Firebase functionality. I was making an assumption Firebase is used for notifications, possibly?

Thanks!

[JuanmanDev]

Hola!

Firebase is used to have a realtime database that give you some ways to control:

• A client regfister to receive updated on the data base, so, if you change the temperature in the app, the app send the change to firebase cloud data base, and the cloud send the change to all clients connected (The AC and other apps conected to same account)
• Everytime the database has a change on the temp, send a notification to the AC in someway

This could explain why there is a permanent socket to received the notifications.

(this could be also done with a dual statu with desired temp + current state to ensure the AC receives the change, but is the same process)

I have create a repo for the progress if someone would like to check (the web try is there, but failing the login): https://github.com/JuanmanDev/ConnectLifeInspection_1

I see a library to connect ESP32 to Firebase, so eveything is possible....

I think about the https://github.com/deiger/AirCon/issues/160#issuecomment-1117369350 about the open port 5030 on UDP and the 5020 https://github.com/deiger/AirCon/issues/160#issuecomment-1120349785

This makes me thinks about this a ephimeral port, so this could change with the time, but this ports are usually TCP.

On the docs Firebase requires a TCP connections, but there is a library to use UDP for IoT devices with firebase.

About using the hisense socket endpoints... I thinks this is a proxy (that could hide a firebase key to access)

Disclamer: I'm not an expert about nothing I have write :D

[vpaulos]

So, how to connect this new g1 modules and connectlife app to home assistant?