nalajcie
commented
3 years ago The secret for signing the api requests is per-app, so If Your camera is supported by original TuyaApp (as far as they haven't changed their secrets), the provided secret should work and no reverse engineering needs to be done. Please bear in mind that You still would need to write Your own app using the hidden API calls if You want to use the new sign algorithm...
Maybe You wanted to get the device token instead?
I no longer have any Tuya devices, so I wouldn't be able to help You.
Using mitm i got this
https://a1.tuyain.com/api.json?appVersion=2.0.4& appRnVersion=5.18& channel=oem& sign=f1fca92809005a9016f6bae9d62b33b5114cd7acb7b904465aaebebab5365928& platform=Redmi%206%20Pro& requestId=9c7341c4-447c-4f46-b140-d700ef9b93c4& lang=en& a=tuya.m.token.get& clientId=cvsvpwymfva7544jc7s4& osSystem=9& os=Android& timeZoneId=Asia%2FKolkata& ttid=sdk_tuya%40cvsvpwymfva7544jc7s4& et=0.0.1& v=1.0& sdkVersion=3.13.0& time=1609737548
deviceId: b11d6ef9a4a91cba0cce1ea830beb5db926a1a958b36 sid: in160968C70590794fr8uaJ36d2741ede718eebc082fa9c8caa8b209
{ "result": { "token": "3d336f02-990d-41f5-814e-31582d7e46a8" }, "status": "ok", "success": true, "t": 1609737549611 }
To get the secret; I need to follow the instructions u laid out, but I do not understand the instructions completely. Please lay out instructions for me using your testapp, it would be great. i have never reverse engineered an android app before.
Though i used online tool to https://developer.tuya.com/en/docs/iot/open-api/api-reference/api-list/api?id=K989ru6gtvspg https://www.devglan.com/online-tools/hmac-sha256-online to verify various combinations, secret is per vendor or per camera?