Any plans to use Tuya Web API instead of key's and ID's?

[charlesomer]

Since it's now rather difficult to get the Key's and ID's of devices - not to mention they can change. I wondered if it would be possible to integrate the api into the plugin? homebridge-tuya-web is no longer updated but seems to have a lot of working code.

Thank you Charles

[iRayanKhan]

I can try to integrate this. A little busy at the moment, but will add this to the list.

[Faisalthe01]

That would be great if you can do use Web Api like Homebridge-tuya-web since it is a pain and impossible to get local keys

[allenlicn]

tuya web does not support as many devices a tuya lan. does this integration mean the same supported devices will be available for tuya web as well?

[crampus]

I, too, am keen to see this implemented.

[iRayanKhan]

So Tuya-web doesn't support many devices, but using CodeTheWeb's tuyaAPI repo I can try to integrate this.

[Faisalthe01]

@iRayanKhan I think it supports. it is based on Home Assistant’a Tuya plug-in so it supports mostly all devices excepts sensors and garage door. But it is way easier to use it, since it is impossible to find local key and finding a key through tuya cloud api is also something not easy.

https://www.home-assistant.io/integrations/tuya/

Also, read this

https://github.com/iRayanKhan/homebridge-tuya/pull/55#issuecomment-514528594

[allenlicn]

@iRayanKhan i read that you worked out how to support sensors now. if tuya web setup can be integrated with the supported devices of tuya lan (now with sensors), that will be fantastic. really excited to see that

[MikeDProducer]

I have a new Tuya light strip I’m dying to get the keys for! Haha any news on new method to obtain the precious keys?

[crampus]

I have the beginnings of a theory, but it's untested, as the files I want to test are encrypted with a key I am uncertain on how to retrieve.

I went on a bit of a deep-dive to see if I can find any more information on the Tuya app yesterday. Tuya have been so generous as to include a list of all the other libraries used as a part of developing the Tuya Smart Application within the settings section of the app.

As at 15/04/2020, this stood as:

CocoaAsyncSocket
DACircularProgress
dsBridge
EZAudio
FLAnimatedImage
HMSegmentedControl
IOKeyboardManager
KSCrash
libextobjc
lottie-ios
Masony
MBProgressHUD
MJRefresh
MMKV
MQTTClient
NJKWebViewProgress
OpenSSL-Universal
Reachability
SDVersion
SDWebImage
SQLCipher
SSZipArchive
UICKeyChainStore
YYModel
TZImagePickerConroller
react-native
FFMPeg

Packages relevant to database encryption: OpenSSL, MMKV, UICKeyChainStore and SQLCipher. OpenSSL doesn't help us much as it's a broad-scope en/decryption toolkit, however:

MMKV uses AES-128-CFB for encryption and decryption SQLCipher uses AES-256-CBC for encryption and decryption UICKeyChainStore is a library to simplify native iOS/macOS keychain integration.

After performing an un-encrypted iOS backup to my Mac, and then browsing said backup with a third party utility (iBackup Browser: "freemium" commercial software), I was able to access the file storage used by Tuya Smart, cross-checking against Ucomen Home. They're all the same on the back-end.

I could be way off; however, my instincts say that the key for the devices is stored in /AppDomain-com.tuya.smart/Documents/tuyasmartcfg.db; which is AES-256 CBC encrypted, and the key used to decrypt the contents of the .db file could possibly be stored in /AppDomain-com.tuya.smart/Documents/mmkv/{{uid}}, which isn't viewable with any plaintext editors I tried, or it could be generated randomly or as a function of some other unique key, such as the TYUniqueIdentifier key in/AppDomain-com.tuya.smart/Library/Preferences/com.tuya.smart.plist. I have so far been unable to decrypt this database or the MMKV raw data file. It could also be the other way around; or the two could be independent. This is beyond what I know for sure.

🧂 (salt warning) 🧂 You know... It'd be nice if Tuya would come to the open source party just give us a little Advanced/Developer menu that lets the app expose the device key natively so we don't have to try and compromise the entire app platform just to open their potential market up to the Apple ecosystem's IoT/home automation market segment (thus more paying customers of the Tuya brand) or anything 🙄 🔫

Update: 16/04 Found UICKeyChainStore is a github repo. Linked accordingly. Turns out this uses an app identifier, which looks to be in the exact same form as the TYUniqueIdentifier key in/AppDomain-com.tuya.smart/Library/Preferences/com.tuya.smart.plist. One mystery solved. That key is for the KeyChain integration.

[MikeDProducer]

I can confirm the uComen app still works if you DO NOT UPDATE it. I haven’t tested updating this because I have a bunch of Tuya devices I don’t want to lose keys for.

[crampus]

For me, my uComen app goes through the setup process for my garage door trigger, then at the last second says the device is incompatible - uComen for iOS, version 1.1.3. I can still use the Tuya app, but at that point, I'd rather just go back to using the old-school RF opener if I'm honest.

Both setting up as a "Switch (Wifi)" which worked for initial setup a month or so ago, and as a "Garage Door Opener". Same story with current versions of Cocoon Connect and Kogan SmarterHome, which are all based off the same framework.

Other methods I've seen around the Internet:

• Downloading an older TuyaLan APK file from 2019 and running that on an Android phone or even the Android emulator in the SDK on a Mac or PC.
• Reflashing the Tuya device (if ESP chipset) to something that supports HomeKit at the device level, and bypassing this whole compatibility layer kerfuffle entirely.

[Faisalthe01]

@crampus good to know that im not alone trying to use all apps to get garage door key and id, none of them work except smart life which is blocked. Kogan have their own garage door opener but surprisingly it says not supported in that app too. I ended up using Http plugin for my garage door.

[crampus]

Decided to bug Tuya support - they won't add a dev menu to expose the keys. Dang it.

But made some progress nonetheless: • Early versions of the Tuya app are still available on Android by direct-downloading and installing APKs, because those lucky "ducks" can just bypass their store entirely. Android gives zero "fox". • These early versions store keys unencrypted in XML files. (v3.6.0, c. 2018) • see here • You'd need to root the device, so don't do so on a phone you care about (i.e. an android 😉, or on BlueStacks as per the above "see here" link)

Pros: Android handsets have zero resale, so they're cheap to buy secondhand Cons: You have to deal with Android ¯_(ツ)_/¯

[iRayanKhan]

I wonder if I can make a Tuya app and see if I can use their old API, or if they will force me to use the new one.

[Faisalthe01]

@iRayanKhan thank you. I hope you can come up with something. I can’t wait to use my garage door properly and not with http

[Faisalthe01]

For me, my uComen app goes through the setup process for my garage door trigger, then at the last second says the device is incompatible - uComen for iOS, version 1.1.3. I can still use the Tuya app, but at that point, I'd rather just go back to using the old-school RF opener if I'm honest.

Both setting up as a "Switch (Wifi)" which worked for initial setup a month or so ago, and as a "Garage Door Opener". Same story with current versions of Cocoon Connect and Kogan SmarterHome, which are all based off the same framework.

Other methods I've seen around the Internet:

• Downloading an older TuyaLan APK file from 2019 and running that on an Android phone or even the Android emulator in the SDK on a Mac or PC.
• Reflashing the Tuya device (if ESP chipset) to something that supports HomeKit at the device level, and bypassing this whole compatibility layer kerfuffle entirely.

What type of garage door opener do you have? Photo ?

[crampus]

It’s a generic unbranded model

See here for a picture of the opener and the front of the retail box (on imgur)

[Faisalthe01]

It’s a generic unbranded model

See here for a picture of the opener and the front of the retail box (on imgur)

I have the same. I had different one before that i returned and that showed up in HomeKit through Tuya Web but as a smart plug. I have a feeling that it might work with Ucomen app.

[crampus]

@Faisalthe01 Correct, it used to work. It worked two months ago when I first set it up.

The latest version of Ucomen has dropped support for this model. Thanks to Apple locking out alternate app stores and standalone .ipa installs of older versions of apps, I can’t even downgrade to the version from two months ago to test it out.

So my game plan now is to buy a cheap Android handset, root it, and extract the key that way using ucomen 3.6 - which is known to still store details unencrypted in a bunch of XMLs on Android

[RobVerhoeven00]

@iRayanKhan and other guys in this forum, let me starting to express my thanks for you guys to drive this connect between Tuya and homebridge. Big Thanks !!!!!

Also here 70+ devices around the house already connected via Homebridge/Homekit, different brands, some easy, some needed some Tasmota flashing...however,...these Tuya devices are giving the most pain in my head. Tried a lot of things to get the local key, tried other Tuya plugins (cloud, API, ..) for Homebridge, but nothing successful so far. Had initially installed the Tuya Smart app, did the whole proxy stuff, but it seemed that the app was blocked already.

Moved to the Ucomen app, but realised there is no way to download the 1.1.2 version, and now have all my devices on the 1.1.3. No luck here either ;-( The devices i have working in the Ucomen app from Tuya/LSC are: the Sirene, Water Sensor, 2 Tuya LED/Lamps, 2 door/window sensors. All connected via wifi , all working well in the Ucomen app.

But the connect with Homebridge seems impossible. So....i have lots and lots of hopes (and wishes) that you guys crack the code of finding the keys and/or find a way to enable this stuff in Homebridge.

Thanks in advance and kudo's to y'all ;-)

[allenlicn]

@RobVerhoeven00 try wi_fi socket app. Looks very similar to Tuya platform. Not verified whether keys are encrypted. Hopefully, the web API can be integrated instead of needing the keys. There is a Tuya web plugin but don’t think sensors or siren are supported either.

[RobVerhoeven00]

@RobVerhoeven00 try wi_fi socket app. Looks very similar to Tuya platform. Not verified whether keys are encrypted. Hopefully, the web API can be integrated instead of needing the keys. There is a Tuya web plugin but don’t think sensors or siren are supported either.

Thanks @allenlicn for your response,

Few questions: what is different on the wi_fi app compared to the other apps? Does this help to get the local key? Secondly, the Tuyba web plugin I already tried. Only supports my lamps, nothing else...so this is not working (good enough) for me.

Thanks !!

[allenlicn]

@RobVerhoeven00 less well known tuya platform apps may not have started encrypting keys yet like Ucomen at one point. If it works, turn off auto update to preserve ability to get local keys in the future.

A workaround with tuya web is ifttt with webhooks. There is a plugin for ifttt. It is not ideal but works around some not supported devices. For that you may have to move all your devices to more well known app like tuya or smart life to use ifttt.

While tuya lan does support more device types, siren is still not one of them (I don’t think). I believed contact sensors have been worked out but need to be ported yet.

[RobVerhoeven00]

@RobVerhoeven00 less well known tuya platform apps may not have started encrypting keys yet like Ucomen at one point. If it works, turn off auto update to preserve ability to get local keys in the future.

A workaround with tuya web is ifttt with webhooks. There is a plugin for ifttt. It is not ideal but works around some not supported devices. For that you may have to move all your devices to more well known app like tuya or smart life to use ifttt.

While tuya lan does support more device types, siren is still not one of them (I don’t think). I believed contact sensors have been worked out but need to be ported yet.

Thanks for the reply !! Appreciate it !

I will give wi-fi socket a try to see if that indeed works with getting the required local ID's. Will report back to here if it indeed worked.

Support for the sirene is not the biggest issue. The contact sensors is where, for me, it makes a difference. Lamps and Contact/Water sensors are in my view quite essential.

[RobVerhoeven00]

mmm...moved one Door Sensor over to the wi_fi socket app, and redid the certificate/proxy config again....but...no luck...no reaction at all....

IFTTT seems to be stopped as well by Tuya, I read in a different forum...just a few days ago they have announced this: https://youtu.be/aHF9Y2pYqSM

[allenlicn]

@RobVerhoeven00 that sucks. I guess the only hope is for the web api integration to work and expand more supported devices. Or switch to Home assistant.

[Faisalthe01]

Really not happy with Tuya.

[crampus]

Okay.

So while keys are next to impossible to retrieve from iOS, they’re easy enough on Android.

What you’ll need: • An Android handset note: BlueStacks for Windows/Mac gets hung up on setting a lockscreen passcode (as it doesn’t lock; so you can’t add in certificate trusts) - you will need a dedicated Android/AOSP x86/x64 distro in a VM, or native Android device. • Installation from external sources enabled • Packet Capture (1.7.2 tested) or later • Tuya Smart Life (3.6.1 tested) later versions or other branded versions might work, but I make no guarantees or warrants of fitness for any given configuration, device, or sexual identity.

1. Install the certs on packet capture.

2. Filter to the Tuya app.

3. Start a capture

4. Trigger your IoT device

5. Stop the Capture

6. Decrypt the SSL packets

7. You will get a JSON payload with the local_key in plaintext.

8. Plug and play into your configs.

9. Magic.

[allenlicn]

@RobVerhoeven00 saw this in other repo. Try cocoon connect to get the keys and don’t update.

[charlesomer]

Any progress integrating the Web API instead of ID/Keys? 😄

[Faisalthe01]

Still waiting

[RobVerhoeven00]

Nothing yet, tested all the apps, but no luck so far. Really a need o enable this for the full integration with Homebridge. Needless to say that this will boost the sales for these devices as well, hence I don't understand the speed for Tuya to enable this...

[charlesomer]

I think this thread contains two desired outcomes for people:

1. Those who still want to use ID/Keys and alternative methods of finding them (or if Tuya ever makes them available in-app).
2. The integration of the Tuya Web API so you don't need the ID/Keys at all and instead just provide the plugin your Tuya credentials (like in homebridge-tuya-web).

Correct me if I'm wrong though :) If so, would it be a good idea to split the thread into two issues for each of these?

[iRayanKhan]

Hey everyone, and @crampus I need your help.

Can anyone identify what versions of the Tuya Smart app and uComen home app still allow getting keys using this plugins method?

If I can get the iOS app version numbers I can provide a way to still get the ID's/Keys.

[crampus]

As far as I can narrow down, uComen releases prior to February 2020 still work with the certificate proxy on iOS. I unfortunately don’t have a specific release version for a last known good config; just a rough timeframe.

If this is anything to go by for finding a .ipa file to sideload if that’s your intention;

uComen 1.12 is a maybe; 1.1.0 to be safe.

No idea for the TuyaSmart app sorry.

[Faisalthe01]

Hi, @iRayanKhan and @crampus, i think it was last year around November when Tuya blocked it. UComen does not support most devices such as Garage Door so if we can stick with Tuya app, that would be great.

[crampus]

Hi, @iRayanKhan and @crampus, i think it was last year around November

Oh cool, that puts Tuya at 3.12.X or 3.11.X

[undaunt]

Re: this - Grid Connect still works. Download it now.

Don't forget to disable automatic app updates.

[dkossman]

@undaunt what version of Grid Connect worked for you? i just installed it and got 1.1.4. I had the same problem with ucomen (i have 1.1.3, don't see any way to downgrade on iOS) as everyone else.

[dkossman]

Never mind - I was successful getting the key and ID using Grid Connect 1.1.4 :-). thanks for the pointer!

[tombeynon]

Grid Connect was the only one that worked for me, thanks! Still working on 1.1.4

[Faisalthe01]

Kogan Smarter Home 2.2.9 was working fine too. Not sure about the latest 2.3.0, i have not updated.

Also, i found another method on YouTube the other day. https://youtu.be/oq0JL_wicKg

[iRayanKhan]

Im gonna try to automate/auto-discover but that's a V3 feature, still need to do V2.

[iRayanKhan]

Closing: Keeping this plugin to LAN control, there may be other plugins in the future that may support the web api. The CLI wizard is a sufficient way to extract the keys.