Open cybernard opened 2 years ago
flaviut
commented
2 years ago What you describe can be done with TEST_MODE set. Setting TEST_MODE and WiFi settings requires downloading the image from the ESP32, modifying it, and re-uploading it.
There's unfortunately no path forward without flashing something.
In normal operation, the Vue connects to AWS IoT. You can't intercept this communication, since certificate pinning is in place.
cybernard
commented
2 years ago I would use dns to point a2poo8btpqc3gs-ats.iot.us-east-2.amazonaws.com to say 192.168.1.20 and then the server MY would have a self-signed cert.
When the device ask for the cert it will get a self-signed cert, from my imposter server, which definitely won't be pinned. Any attempt for it to verify the cert externally will of course be blocked or redirected to an imposter device.
Maybe it won't work. So unless the emporia hardware has a cert embedded in the firmware it can probably be faked.
Anyway, this guy has figured out how to log in to emporia to connect to their cloud. https://github.com/magico13/ha-emporia-vue
I was also wondering if this API could be used to obtain more information to help get local only data working. I would like to get second by second data, but I would like to avoid sending that much data over the internet.
flaviut
commented
2 years ago Maybe it won't work. So unless the emporia hardware has a cert embedded in the firmware it can probably be faked.
I recall there being a cert embedded, but you're welcome to do your own reverse engineering to confirm.
I was also wondering if this API could be used to obtain more information to help get local only data working.
Highly unlikely. I haven't actually looked into it, but I develop cloud services professionally.
cybernard
commented
2 years ago Could we create a server which mimics their cloud server? Pair the emporia vue with a local server which appears to be their server. It does have to as fully fledged as their server, it just has to appear to be.
I guess I will have to do some more research.
flaviut
commented
2 years ago Their server, from the Vue's perspective, is just a write-only mqtt server with encryption.
I don't believe the Vue communicates with any other server.
cybernard
commented
2 years ago So if I do connect the wires as described can I then ONLY change the wifi credentials, and not touch the firmware.
Also if I setup a mqtts server and receive the data directly as you did, how do I transform the data into something home assistant can ingest.
flaviut
commented
2 years ago So if I do connect the wires as described can I then ONLY change the wifi credentials, and not touch the firmware.
& TEST_MODE. But when it comes to embedded devices like this, there's not really a distinction between firmware and data. They're both stored in the same place.
setup a mqtts server
TEST_MODE doesn't allow for encryption, it'd have to be mqtt.
how do I transform the data into something home assistant can ingest
I have a script at https://github.com/flaviut/emporia-vue2-reversing/blob/master/parse_mqtt_dbg.py that parses the message. It's up to you how you get it into HASS. I've explored this path, it didn't work out for me.
Keep in mind that part of the process of installing ESPHome here is making a backup of the firmware. If you want to go back, you can restore the device to a state identical to where it started.
bluegrassiot
commented
1 year ago So if I do connect the wires as described can I then ONLY change the wifi credentials, and not touch the firmware.
&
TEST_MODE. But when it comes to embedded devices like this, there's not really a distinction between firmware and data. They're both stored in the same place.setup a mqtts server
TEST_MODEdoesn't allow for encryption, it'd have to bemqtt.how do I transform the data into something home assistant can ingest
I have a script at https://github.com/flaviut/emporia-vue2-reversing/blob/master/parse_mqtt_dbg.py that parses the message. It's up to you how you get it into HASS. I've explored this path, it didn't work out for me.
Keep in mind that part of the process of installing ESPHome here is making a backup of the firmware. If you want to go back, you can restore the device to a state identical to where it started.
Hi @flaviut! Thank you for all the work you have done on this project! I am just curious, you said going down the path of using the data in TEST_Mode didn't work out for you. Would you mind elaborating? I set mine up and I have it publishing the data to a broker. I was then going to make use of your python script to write it to influxdb and build out my own grafana dashboard. Before I do this, I was wondering why it didn't work well for you.
flaviut
commented
1 year ago My bad! It worked fine, but my end goal was always to get this data into Home Assistant so I can automate things based on it.
I never got that far. If you're happy with what you got & didn't have too much trouble setting it up, that's great!
You wrote an article Reverse-engineering the Emporia Vue 2 dated Jul 28, 2021
Here you showed you can communicate with it without all the soldering connections to the vue.
I was wondering if you had considered any of the following.
IP 192.168.1.20 (or whatever) to homeassistant.local (or etc via IP and/or DNS) and port 8883
If I don't want to change to a custom firmware, and I implement the above, which for me is easy, could we then have a local mqtt server and forward that to home assistant?
Can I use your wifi changer script to change the native wifi credentials without changing my firmware?