search

neilzilla / hass-renpho

Retrieve last weight and timestamp from Renpho app for use in Home Assistant
50 stars 6 forks source link

API/Password Hashing Question #15

Closed eliasthompson closed 2 months ago

eliasthompson commented 5 months ago

So full disclosure, I don't use Home Assistant but your project (and corresponding blog posts) seem to be the best, if not only, documentation on the Renpho API (great work by the way!).

I was looking at your source to try and hit it through Postman but obviously ran into password hashing complications. I believe I set up a pre-request script that follows the steps you have in your auth() method, but I keep getting an "Email was not registered" status message, which it definitely is. So in trying to just grab my hashed password from my sniffed network requests just to try that out (on iOS, using the Renpho Health app), all requests seem to POST to cloud.renpho.com instead of renpho.qnclouds.com, and the structure of the request payload is completely different.

So mostly just wondering if 1) the APi you're using is still working for you, and 2) if you were ever able to properly hash your password from plain text within Postman?

For reference, here is my current Pre-request script for POST https://renpho.qnclouds.com/api/v3/users/sign_in.json?app_id=Renpho:

eval(pm.globals.get('pmlib_code'));

const utf8EncodedPassword = CryptoJS.enc.Utf8.parse(pm.collectionVariables.get('password'));
const keyObj = pmlib.rs.KEYUTIL.getKey(pm.collectionVariables.get('key'));
const encHex = pmlib.rs.KJUR.crypto.Cipher.encrypt(utf8EncodedPassword, keyObj);
const encryptedPassword = pmlib.rs.hextob64(encHex);

pm.collectionVariables.set('encryptedPassword', encryptedPassword);

Body:

{
    "secure_flag": "1",
    "email": "{{email}}",
    "password": "{{encryptedPassword}}"
}
neilzilla commented 5 months ago

I personally haven't used this in years, when looking through the play store however it is based upon the old app which now appears as 'Renpho - Outdated Version', so there's a good chance this integration will no longer work.

I may update it in future but I cannot guarantee if or when as like I say I am not currently using the integration unfortunately, it looks like it might be time to sunset the repo.

antoinebou12 commented 2 months ago

https://hass-renpho.vercel.app/docs API swagger

Use Renpho - Outdated Version