Add Comelit 6741W

[Krasto82]

Hi, is it possible to add wifi video intercom 6741W support? Even just the ability to open the gate and door. Thank you

https://pro.comelitgroup.com/en-gb/product/6741w

[gicamm]

Hi, unfortunately, I'm not in touch with this device. Could you look into it?

Thank you

[Krasto82]

Hi, unfortunately, I'm not in touch with this device. Could you look into it?

Thank you

Sure, if I can help in any way. I use it with google assistant at the moment

[ldina]

I'm interested too. I have the device and I can do any test you like. I'm using it with the alexa skill and it works but I look forward to use it in HA. I have downloaded the settings backup from the device and I can attach it if you think it useful. It has an http.cfg httpListenPort.0 = 0:2:8080 httpListenSSLPort.0 = 0:2:8443 httpPageCompression.0 = 0:2:1 httpWebLanguage.0 = 0:2:-1 httpAdminPassword.0 = 0:4:"comelit" httpAptManagerPassword.0 = 0:4:"admin" httpAdminEnabled.0 = 0:2:1

and some configurations related to mqtt in mqttslk.cfg and comelit cloud services on registerd.cfg

the device is reachable at PORT STATE SERVICE 53/tcp open domain 8080/tcp open http-proxy 8443/tcp open https-alt 64100/tcp open unknown

[gicamm]

Unfortunately, it's not just a matter of configuration. The intercom has a life of its own away from the Comelit hub, so I cannot work on the development side without it. I can help with the process, but it is really hard to add support without the device.

You need to start sniffing for the HTTP traffic. I really don't know which protocol it uses.

[ldina]

Thanks for the quick reply

Unfortunately, it's not just a matter of configuration. The intercom has a life of its own away from the Comelit hub, so I cannot work on the development side without it. I can help with the process, but it is really hard to add support without the device.

The device in my case is working standalone without a comelit hub. I can interact with it by the web interface or the app. The app relies on comelit cloud services to work when out of local network

You need to start sniffing for the HTTP traffic. I really don't know which protocol it uses.

in which direction ? source / target?

the http on 8080 and https 8443 are for the interactions with the web panel ui where you can setup all the configurations the 64100 is defined as the port for interactions with the mobile app.

If you point me in the right direction I can do any kind of tests.

Thanks a lot

[gicamm]

Can you do things from the web panel? Or is it just something you use to configure/manage the system?

[ldina]

The web seems for configuring / managing the device but I don't know if there is an exposed API or something like that.

[gicamm]

mmm, so you need to sniff the app's traffic

[ldina]

ok, the app talks to the device on the 64100 port, on that port a web server is listening so probably this is one way. I'll sniff around and I'll get back to you.

[Krasto82]

Thanks all for try to add!!

[ldina]

Hi all, here is a recap of what I learned so far. The device listens on: TCP

• 53/tcp open domain
• 8080/tcp open http-proxy ---/USED By modern by web control panel
• 8443/tcp open https-alt ---/USED By modern by web control panel
• 64100/tcp open unknown ---/USED By modern by legacy app

UDP

• 53/udp open|filtered domain
• 123/udp open ntp
• 161/udp open snmp ---/USED By SNMP, accessible by public
• 5353/udp open|filtered zeroconf

The device has two operating modes a modern one using comelit cloud services and a legacy local one using a dismissed app.

The Cloud mode

-The hosts involved are:

• developer.cloud.comelitgroup.com:443 --/USED by the swagger documentation https://developer.cloud.comelitgroup.com/mugconf/index.html
• eps.cloud.comelitgroup.com --/USED by the device to share info with the cloud about endpoints
• moduleapp.cloud.comelitgroup.com:443 --/USED by the modern app to talk with the cloud API
• checkweb.cloud.comelitgroup.com:80 --/ USED by the device for a connection checker keep-alive that calls home every while -Rely on a PJSIP-based infrastructure for the audio/video transmission -The audio/video is transmitted in UDP

I was able to sniff and decode a couple of interactions:

____DEVICE talks to cloud

POST /servicerest/p2p/start HTTP/1.1 Host: eps.cloud.comelitgroup.com User-Agent: libnebula-agent/1.0 Accept: / authorization: ccstoken DbKEsR6AiuEM11vR39pQMrREDACTED content-type: application/json Content-Length: 1007

{"deviceUuid":"be4bdc9e-a822-47a0-8d1d-REDACTED-00001","data":{"authMode":"user_viper_token","secret":"REDACTED","timeout":10,"sdp":"BASE64 payload"},"protocol":{"name":"viper_p2p_v2","version":1}}HTTP/1.1 200 OK

--Decoded sdp=base64 payload

v=0 o=- 993454509 993454509 IN IP4 0.0.0.0 s=ice t=0 0 a=nego-wait:0 a=comelit-legacy-session:TCP a=comelit-session-id:MUX a=comelit-nego-aggressive:true c=IN IP4 0.0.0.0 m=audio 15001 RTP/SAVPF 0 8 b=RS:0 b=RR:0 c=IN IP4 79.9.97.164 a=sendrecv a=candidate:Sc0a80132 1 UDP 1862270975 79.9.97.164 15001 typ srflx raddr 192.168.1.50 rport 56373 a=candidate:Sc0a80132 1 UDP 1862270975 79.9.97.164 15002 typ srflx raddr 192.168.1.50 rport 56373 a=candidate:Hc0a80132 1 UDP 1694498815 192.168.1.50 56373 typ host a=ice-role:a a=ice-ufrag:5ab08d4b a=ice-pwd:20334ed64ed9fREDACTED

Server: nginx/1.23.3 Date: Thu, 23 May 2024 14:49:00 GMT Content-Type: application/json Content-Length: 942 Access-Control-Allow-Origin: https://developer.cloud.comelitgroup.com Access-Control-Allow-Methods: Access-Control-Allow-Headers: Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

{"result":"SUCCESS","data":{"sdp":"BASE64payload"}}

--Decoded sdp base 64 payload

v=0 o=- 1453034353 1453034353 IN IP4 0.0.0.0 s=ice t=0 0 a=nego-wait:0 a=comelit-legacy-session:TCP a=comelit-session-id:MUX m=audio 63603 RTP/SAVPF 8 c=IN IP4 45.77.52.30 a=sendrecv a=candidate:Sc0a8019c 1 UDP 1694498815 79.9.97.164 44914 typ srflx raddr 192.168.1.156 rport 54063 a=candidate:Sc0a8019c 1 UDP 1694498815 79.9.97.164 44915 typ srflx raddr 192.168.1.156 rport 54063 a=candidate:Hc0a8019c 1 UDP 2130706431 192.168.1.156 54063 typ host a=candidate:R2d4d341e 1 UDP 16777215 45.77.52.30 63603 typ relay raddr 79.9.97.164 rport 20820 a=ice-role:o a=ice-ufrag:59b3353f a=ice-pwd:7c4f38cb1971c0REDACTED a=ssrc:0 cname:user60696REDACTED@host-15709REDACTED

____Modern app talks to cloud

POST /servicerest/appbundlecheck/verify HTTP/1.1 Host: moduleapp.cloud.comelitgroup.com Accept: application/json Content-Type: application/json Content-Length: 214

{"ccapi":{"version":"1.1.0","endpoint":{"requuid":"1469265513","service":"appbundlecheck/verify","version":"1.1.0"},"login":{},"body":{"bundle":"com.comelit.bigapp","appId":"058dbeff-d5ee-4f26-a0a7-22e18e09fcc6"}}}HTTP/1.1 200 Server: nginx/1.23.3 Date: Thu, 23 May 2024 14:48:58 GMT Content-Type: application/json Content-Length: 196 Access-Control-Allow-Origin: https://developer.cloud.comelitgroup.com Access-Control-Allow-Methods: Access-Control-Allow-Headers: Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

{"ccapi":{"version":"1.1.0","endpoint":{"service":"appbundlecheck\/verify","version":"1.1.0","requuid":"1469265513"},"login":{},"body":{"allowed":true},"error":{"code":0,"action":0,"message":""}}}

The legacy mode

-It requires a dismissed APP "ComelitViP Remote” or older "App Intercall Remote ViP". I was able to download the first one from a legacy store and looking at. -It uses the 64100 port that has an active server listening, not identified at the moment -Not cloud-based, you can reach it locally or remotely via port forwarding

[Krasto82]

Hi, any news about gate open integration?

[gicamm]

Nothing new, I think no one is working on this feature.