This is a very, very beta interface for Bosch-Siemens Home Connect devices through their local network connection. Unlike most IoT devices that have a reputation for very bad security, BSG seem to have done a decent job of designing their system, especially since they allow a no-cloud local control configuration. The protocols seem sound, use well tested cryptographic libraries (TLS PSK with modern ciphres) or well understood primitives (AES-CBC with HMAC), and should prevent most any random attacker on your network from being able to take over your appliances to mine cryptocurrency.
WARNING: This tool not ready for prime time and is still beta!
To avoid running into issues later with your default python installs, it's recommended to use a py virtual env for doing this. Go to your desired test directory, and:
python3 -m venv venv
source venv/bin/activate
git clone https://github.com/hcpy2-0/hcpy
cd hcpy
pip3 install -r requirements.txt
Install the Python dependencies; the sslpsk
one is a little weird
and we might need to revisit it later.
Alternatively an environment can be built with docker and/or docker-compose which has the necessary dependencies.
Installing sslpsk
needs some extra steps:
brew install openssl
, andsslpsk
separately with flags: LDFLAGS="-L$(brew --prefix openssl)/lib" CFLAGS="-I$(brew --prefix openssl)/include" pip3 install sslpsk
pip3 install -r requirements.txt
hc-login.py $USERNAME $PASSWORD config/devices.json
or
docker-compose -f compose.yaml build
docker-compose -f compose.yaml run -T app /app/hc-login.py $USERNAME $PASSWORD config/devices.json
The hc-login.py
script perfoms the OAuth process to login to your
Home Connect account with your usename and password. It
receives a bearer token that can then be used to retrieves
a list of all the connected devices, their authentication
and encryption keys, and XML files that describe all of the
features and options.
This only needs to be done once or when you add new devices; the resulting configuration JSON file should be sufficient to connect to the devices on your local network, assuming that your mDNS or DNS server resolves the names correctly.
Use the following ./config/config.ini example:
devices_file = "./config/devices.json"
mqtt_host = "localhost"
mqtt_username = "mqtt"
mqtt_password = "password"
mqtt_port = 1883
mqtt_prefix = "homeconnect/"
mqtt_ssl = False
mqtt_cafile = None
mqtt_certfile = None
mqtt_keyfile = None
mqtt_clientname="hcpy"
ha_discovery = True # See section on "Home Assistant autodiscovery"
hc2mqtt.py --config config/config.ini
or
docker-compose -f compose.yaml up
This tool will establish websockets to the local devices and transform their messages into MQTT JSON messages. The exact format is likely to change; it is currently a thin translation layer over the XML retrieved from cloud servers during the initial configuration.
The dishwasher has a local HTTPS port open, although attempting to connect to
the HTTPS port with curl
results in a cryptic protocol error
due to the non-standard cipher selection, ECDHE-PSK-CHACHA20-POLY1305
.
PSK also requires that both sides agree on a symetric key,
so a special hacked version of sslpsk
is used to establish the
connection and then hand control to the Python websock-client
library.
Example message published to homeconnect/dishwasher
:
{
"state": "Run",
"door": "Closed",
"remaining": "2:49",
"power": true,
"lowwaterpressure": false,
"aquastop": false,
"error": false,
"remainingseconds": 10140
}
The clothes washer has a local HTTP port that also responds to websocket
traffic, although the contents of the frames are AES-CBC encrypted with a key
derived from HMAC(PSK,"ENC")
and authenticated with SHA256-HMAC using another
key derived from HMAC(PSK,"MAC")
. The encrypted messages are send as
binary data over the websocket (type 0x82).
Example message published to homeconnect/washer
:
{
"state": "Ready",
"door": "Closed",
"remaining": "3:48",
"power": true,
"lowwaterpressure": false,
"aquastop": false,
"error": false,
"remainingseconds": 13680
}
Example message published to homeconnect/coffeemaker
:
Whereas the reading of the status is very beta, this is very very alpha. There is some basic error handling, but don't expect that everything will work.
In your config file you can find items that contain readWrite
or writeOnly
, some of them contain values so you know what to provide, ie:
"539": {
"name": "BSH.Common.Setting.PowerState",
"access": "readWrite",
"available": "true",
"refCID": "03",
"refDID": "80",
"values": {
"2": "On",
"3": "Standby"
}
},
With this information you can build the JSON object you can send over mqtt to change the power state
Topic: homeconnect/[devicename]/set
, ie homeconnect/coffeemaker/set
Payload:
{"uid":539,"value":2}
As for now, the results will be displayed by the script only, there is no response to an mqtt topic.
There are properties that do not require predefined values, debugging is required to see what is needed. Here are some of those values found through debugging:
Set the time:
{"uid":520,"value":"2023-07-07T15:01:21"}
Synchronize with time server, false
is disabled
{"uid":547,"value":false}
The MQTT client listens on /{prefix}/{devicename}/activeProgram for a JSON message to start a program. The JSON should be in the following format:
{"program":{uid},"options":[{"uid":{uid},"value":{value}}]}
To start a dishwasher on eco mode (Dishcare.Dishwasher.Program.Eco50
):
{"program":8196}
To start a dishwasher on eco mode in 10 miuntes (BSH.Common.Option.StartInRelative
):
{"program":8196,"options":[{"uid":558,"value":600}]}
ERROR [ip] [Errno 113] No route to host
config.json
are publishedIt's possible to allow Home Assistant to automatically discover the device using
MQTT auto-discovery messages. With ha_discovery = True
in config.ini
or by
passing --ha-discovery
on the commandline, hcpy
will publish
HA discovery messages
for each recognised property of your devices.
Discovery messages currently only contain a state
topic, not a command
topic,
so autodiscovered devices will be read-only. You can still use the method
described in Posting to the appliance
above.
hcpy
will make some attempt to use the correct component
and for some devices set an appropriate device class.
You can customise these by editing your devices.json
to add or edit the
discovery
section for each feature. For example:
[
{ // ...
"features": {
// ...
"549": {
"name": "BSH.Common.Option.RemainingProgramTimeIsEstimated",
"discovery": {
"component_type": "binary_sensor",
"payload_values": {
"payload_on": true,
"payload_off": false
}
}
}
}
}
]
You may include arbitrary payload_values
that are included in the MQTT discovery
messages published when hcpy
starts. Default values are set in HADiscovery.py
for known devices/attributes. No validation is performed against these values.