SamsungAC: ssl handshake error

[ronny332]

Are there any known issue for the SamsungAC binding for newer models? In our house we have 3 Samsung devices working, 2 devices are from 2013 and the newest one was introduced in late 2014.

Both devices of 2013 are working (Samsung Flagship Jungfrau), but the newest one does not connect. Openhab is reporting

15:18:16.666 [DEBUG] [.b.s.internal.SamsungAcBinding:267  ] - java.lang.Exception: Cannot connect to 10.0.0.125:2878 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

A short curl test shows the same result. I can connect to both older devices, but not to the newest one.

A short wireshark debug recording is showing no "big" data frames anymore. Is it possible samsung has left the XML communication between the remote app and the device?

[Piotr-23]

Hi, I have exactly the same problem (2014 device). I described that here: https://groups.google.com/forum/#!category-topic/openhab/samsung-ac/K4vKqgz4_cE Would like to know how to fix it; thanks | Piotr

[ronny332]

All my research showed: samsung swapped the protocol/the way they are communicating with the ACs. At least the change is visible by using the remote app on iOS. Connecting to an old device from 2013 takes about 1s, to the new device it takes about 5-10s. Wireshark is showing lots and lots of very small requests (no ssl or anything detected) but in a seemingly unknown encoding or binary format. In my eyes the module of openhab should be marked as "broken" or "outdated" as it is only able to connect to older devices.

[RemcoteWinkel]

Same here. Worked fine until a few days ago. Log shows:

DEBUG o.o.b.s.i.SamsungAcBinding[:267]- java.lang.Exception: Cannot connect to 192.168.1.147:2878 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Some more details:

AC's didn't connect to the router anymore. Restored with WPS. They DO show up in the Samsung app on my Android and are controllable by it.

Enabling SSL logging shows:

[Raw read]: length = 5 0000: 15 03 01 00 02 ..... [Raw read]: length = 2 0000: 02 28 .( Samsung Air Conditioner service, READ: TLSv1 Alert, length = 2 Samsung Air Conditioner service, RECV TLSv1 ALERT: fatal, handshake_failure %% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA] Samsung Air Conditioner service, called closeSocket() Samsung Air Conditioner service, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure Samsung Air Conditioner service, called close() Samsung Air Conditioner service, called closeInternal(true) 13:05:59.033 DEBUG o.o.b.s.i.SamsungAcBinding[:267] - java.lang.Exception: Cannot connect to 192.168.1.181:2878 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

All internet resources point at importing certificates (which did not help) or something to do with JCE. Trying that now.

[steintore]

Hi, sorry for the delayed answer, I've been on vacation. I've written the Samsung AC binding, but unfortunately I cannot reproduce the issue on my air conditioner. @RemcoteWinkel have you upgarded the firmware/software of your AC, since it suddenly stopped working? Also, is it possible to get the IP-address and MAC-address using the old way:

java -cp org.openhab.binding.samsungac-1.7.1.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery

I can update the wiki with a note that it might not work for newer air conditioner, but all information from you guys with this problem could help med to solve this.

[steintore]

Could any of you post the values you received from the Samsung AC when running:

java -cp org.openhab.binding.samsungac-1.7.1.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery

Just to check if you have a different version than I've got: SERVICE_NAME=ControlServer-MLib MESSAGE_TYPE=DEVICEDESCRIPTION HOST=255.255.255.255:1900 NTS=ssdp:alive CACHE_CONTROL=max-age=60 SPEC_VER=MSpec-1.00 MODELCODE=SAMSUNG_DEVICE NICKNAME=536D61727420412F432837383235414431323433424129 SERVER=SSDP,SAMSUNG-AC-JUNG_COLD_13K

[RemcoteWinkel]

Hi Stein Torre,

No worries, I hope you had a pleasant holiday. Mine is about to start, so plenty of time to tackle this issue. I have not consciously tampered with the AC units. There has been a router firmware update though (ASUS RT-AC66U). The binding has always performed well until a few weeks ago. AC's are 8 months old.

The output of your question is surprising!

On my production machine: (Using 1.7.0)

domo@a20-olimex:~/prod/openHAB/addons$ java -cp org.openhab.binding.samsungac-1.7.0.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery java.io.IOException: Invalid argument at java.net.PlainDatagramSocketImpl.send(Native Method) at java.net.DatagramSocket.send(DatagramSocket.java:693) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.sendNotify(SsdpDiscovery.java:112) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.discover(SsdpDiscovery.java:59) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.main(SsdpDiscovery.java:46) Got the following response from Samsung Air Conditioner: {} domo@a20-olimex:~/prod/openHAB/addons$

Trying with 1.7.1 on a test server:

remco@IBM-PC:~/testHAB/test/openHAB/addons$ java -cp org.openhab.binding.samsungac-1.7.1.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery java.io.IOException: Invalid argument at java.net.PlainDatagramSocketImpl.send(Native Method) at java.net.DatagramSocket.send(DatagramSocket.java:693) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.sendNotify(SsdpDiscovery.java:112) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.discover(SsdpDiscovery.java:59) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.main(SsdpDiscovery.java:46) Got the following response from Samsung Air Conditioner: {} remco@IBM-PC:~/testHAB/test/openHAB/addons$

[Piotr-23]

Hi: the output from my system is similar:

piotr@piotr:~/openhab/addons$ java -cp org.openhab.binding.samsungac-1.7.0.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery java.io.IOException: Invalid argument at java.net.PlainDatagramSocketImpl.send(Native Method) at java.net.DatagramSocket.send(DatagramSocket.java:697) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.sendNotify(SsdpDiscovery.java:112) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.discover(SsdpDiscovery.java:59) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.main(SsdpDiscovery.java:46) Got the following response from Samsung Air Conditioner: {}

Best | P

[steintore]

Thanks for the quick response. Could you try this command:

java -cp org.openhab.binding.samsungac-1.7.1.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery -Djava.net.preferIPv4Stack=true

[RemcoteWinkel]

No success:

remco@IBM-PC:~/testHAB/test/openHAB/addons$ java -cp org.openhab.binding.samsungac-1.7.1.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery -Djava.net.preferIPv4Stack=true java.io.IOException: Invalid argument at java.net.PlainDatagramSocketImpl.send(Native Method) at java.net.DatagramSocket.send(DatagramSocket.java:693) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.sendNotify(SsdpDiscovery.java:112) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.discover(SsdpDiscovery.java:59) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.main(SsdpDiscovery.java:46) Got the following response from Samsung Air Conditioner: {} remco@IBM-PC:~/testHAB/test/openHAB/addons$

[Piotr-23]

Same here with 1.7.0

piotr@piotr:~/openhab/addons$ java -cp org.openhab.binding.samsungac-1.7.0.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery -Djava.net.preferIPv4Stack=true java.io.IOException: Invalid argument at java.net.PlainDatagramSocketImpl.send(Native Method) at java.net.DatagramSocket.send(DatagramSocket.java:697) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.sendNotify(SsdpDiscovery.java:112) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.discover(SsdpDiscovery.java:59) at org.binding.openhab.samsungac.communicator.SsdpDiscovery.main(SsdpDiscovery.java:46) Got the following response from Samsung Air Conditioner: {}

[ronny332]

Here is a wireshark dump.

The dump was created with a macbook air (as hotspot) connected by wifi with the Samsung AC, an usb ethernet nic was used as internet bridge. My iPhone was connected to the MBA hotspot by wifi, too. The was the solution to record all the traffic between the Samsung App and the AC device.

download Samsung.pcapng

192.168.2.1 is the MBA 192.168.2.2 is the iPhone 6 192.168.2.3 is the Sammy AC

[RemcoteWinkel]

Just to confirm, the Samsung ' Smart Air Conditioner' app for Android and the site www.samsungsmartappliance.com still function with the airconditioner units. I suspect a different communications method.

I also found Firefox having a difficulty with the AC's. When using https://192.168.1.181:2878/ I get:

192.168.1.181:2878 uses an invalid security certificate. The certificate is only valid for the following names: samsung.com, localhost The certificate will not be valid until 01.01.1960 01:00. The current time is 04.08.2015 22:29. (Error code: ssl_error_bad_cert_domain)

[RemcoteWinkel]

Update: Steintore is investigation the problem. I have provided resources for testing. Hang in there all, we are making progress, albeit with small steps.

Meanwhile I have asked Samsung if they did anything as the binding worked splendidly until a few weeks ago. Awaiting an answer.

[steintore]

@ronny332 Could you download the SsdpDiscovery.class file from here: SsdpDiscovery.class

Try and check if this discovery version works for you. Run it like this: java -classpath . SsdpDiscovery

Let me know your findings. Thanks

[Piotr-23]

Thanks. I am getting this:

piotr@piotr:~/openhab/addons$ java -classpath . SsdpDiscovery Exception in thread "main" java.lang.UnsupportedClassVersionError: SsdpDiscovery : Unsupported major.minor version 52.0 at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:800) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:449) at java.net.URLClassLoader.access$100(URLClassLoader.java:71) at java.net.URLClassLoader$1.run(URLClassLoader.java:361) at java.net.URLClassLoader$1.run(URLClassLoader.java:355) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:354) at java.lang.ClassLoader.loadClass(ClassLoader.java:425) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) at java.lang.ClassLoader.loadClass(ClassLoader.java:358) at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:482)

[RemcoteWinkel]

Update: Steintore found out there is something wrong with the certificates. When issueing openssl s_client -connect <ip-address>:2878 -msg -tls1 -ssl3 -debug -showcerts it ends with "Verify return code: 19 (self signed certificate in certificate chain)"

Samsung confirmed to me that they did a unattended and automatic firmware update on July 27th. I have now asked them to look into this issue.

[marnikvde]

For what it's worth, I have a Samsung Triangle unit, and I am looking at a similar issue:

C:\Users\mvander2\Downloads\distribution-1.7.1-addons>java -cp org.openhab.binding.samsungac-1.7.1.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery
Got the following response from Samsung Air Conditioner: {}

[steintore]

@marnikvde If you cannot discover the unit(s), I've created a new test-version of the binding where I've improved the discovery of the units, please find it here: https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!category-topic/openhab/samsung-ac/2BZjRB8aSUo

[marnikvde]

That looks better:

C:\Users\mvander2\Downloads>java -cp org.openhab.binding.samsungac_1.7.0.SNAPSHOT.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery
Sending multibroadcast to all possible network interfaces...
Broadcasting to /255.255.255.255
Retrieving response..........
Response retrieved: {}
Broadcasting to /192.168.0.255
Retrieving response............
Response retrieved: {192.168.0.170={LOCATION=http://192.168.0.170, SERVICE_NAME=ControlServer-MLib, IP=192.168.0.170, MESSAGE_TYPE=DEVICEDESCRIPTION, FIRMCODE=01538A150527, HOST=25
5.255.255.255:1900, NTS=ssdp:alive, CACHE_CONTROL=max-age=60, NODE_ADDRESS=BC8CCD5F0E6C0000, SPEC_VER=MSpec-2.00, MODELCODE=SAMSUNG_DEVICE, NICKNAME=616972636F206C6F7561, SERVER=SS
DP,SAMSUNG-AC-RAC_2013, MAC_ADDR=BC8CCD5F0E6C, ROOT_ADDRESS=BC8CCD5F0E6C0000, GROUP_ADDRESS=BC8CCD5F0E6CFFFF}}
Broadcasting to /192.168.56.255
Retrieving response..........
Response retrieved: {}

Got response from possible air conditioner(s):
{LOCATION=http://192.168.0.170, SERVICE_NAME=ControlServer-MLib, IP=192.168.0.170, MESSAGE_TYPE=DEVICEDESCRIPTION, FIRMCODE=01538A150527, HOST=255.255.255.255:1900, NTS=ssdp:alive,
 CACHE_CONTROL=max-age=60, NODE_ADDRESS=BC8CCD5F0E6C0000, SPEC_VER=MSpec-2.00, MODELCODE=SAMSUNG_DEVICE, NICKNAME=616972636F206C6F7561, SERVER=SSDP,SAMSUNG-AC-RAC_2013, MAC_ADDR=BC
8CCD5F0E6C, ROOT_ADDRESS=BC8CCD5F0E6C0000, GROUP_ADDRESS=BC8CCD5F0E6CFFFF}

[ronny332]

@steintore sorry for the late reply, we're are still on summer holidays. SSDP was working, even with a different library written in perl. The reply from the conditioner is a bit different from my older devices but usable. Everything else after this device lookup seems to be different from older conditioners.

[MrMerlino]

Hello, i wrote also in google groups. i'm sorry but i don't know where i have to write. Anyway, i try to gain the token using another way. i root my nexus tablet and then i go find information in the app folder and i found this:

?xml version='1.0' encoding='utf-8' standalone='yes' ?

map

#string name="Token-MACADDRESS"#U2FsdGVkX1/V5pno6jBmmEP0TUFQUrhMkX3IQTdn0jhBXK9rLJOeK1BdfO+2J7P9uqXNgp+fn2U=#/string#

/map

-> i delete my mac-address; change > and < with #

Then i try with my second AC unit and on the same file there is a new token. So could be the right way. I try using this token: U2FsdGVkX1/V5pno6jBmmEP0TUFQUrhMkX3IQTdn0jhBXK9rLJOeK1BdfO+2J7P9uqXNgp+fn2U

[samsungac:Cucina.host=IP_ADDRESS samsungac:Cucina.mac=MAC_ADDRESS samsungac:cucina.token=U2FsdGVkX1/V5pno6jBmmEP0TUFQUrhMkX3IQTdn0jhBXK9rLJOeK1BdfO+2J7P9uqXNgp+fn2U] but i got this error:

00:20:55.804 [INFO ] [.b.s.internal.SamsungAcBinding:261 ] - Broken connection found for 'Cucina', attempting to reconnect... 00:20:58.175 [DEBUG] [.b.s.internal.SamsungAcBinding:267 ] - java.lang.Exception: Cannot connect to 10.1.1.246:2878 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 00:20:58.180 [INFO ] [.b.s.internal.SamsungAcBinding:268 ] - Reconnect failed for 'Cucina', will retry in 60s

Thanks for your help.

[RemcoteWinkel]

I still think the reason for this is a change in Samsung firmware. This is distributed through the internet so hard to avoid unless you create a separate wifi network for the AC's with no internet connection.

I have contacted my local Samsung dealer and they relayed the issue to Samsung software development department. I hope they will fix it. If not, we will have to find a work around. So far no luck.

I also experienced drop of wifi connection. This is actually a feature of the system. It enters a deep standby when the ac is not working. And thus causing the wifi connection to drop. Amazingly this is default on a system that is supposed to be able to be switched on through the internet. It can be overridden by some settings on the outdoor unit. My mechanic will soon drop by to make the changes.

[MrMerlino]

Hi, today i try with a port scanner (only 2878 is open). I also create a direct connection to sniff packet (i have it if someone can use it). If i'll be able to fix the AC, i'll block internet connection with the firewall. it's absurd what happened. Think I have spent all that money just for home automation (real consumption are different from those declared) it makes me very angry..... thanks

[RemcoteWinkel]

You could try and ask for a downgrade of the software and then block internet access. Meanwhile we will have to wait for Samsung or a fix from Stein Tore.

It would help a lot if you (and others here) contact your local Samsung dealership (addresses are in the service manual). The more complaints from customers the more serious Samsung will take this.

Your findings from the rooted tablet steem from after a secure connection has been made. The AC's issue a token to establish your identity as owner because in the authentication process you have the press a button on the physical unit. (If you can touch it you own it). I noticed as well that my Android phone is perfectly capable of communicating over what seems a SSL connection. There might be a clue in there. I already sent Stein Tore (author of the binding) my sniffer files. If possible, upload yours as well.

[MrMerlino]

I'm no expert on this, but from the first to the last communication, the app that i use to sniff packet, didn't report ssl connection (for example, for email and gapp report an ssl connection).

[steintore]

@MrMerlino Can you please attach output from the communcation? What do you use to sniff packets? Please attach in one of the threads in the google groups discussion forum, and I'll have a look.

[MrMerlino]

https://groups.google.com/forum/#!category-topic/openhab/discussions/samsung-ac/DbmFgqJG1vk

Sorry for the late.

[MrMerlino]

https://community.openhab.org/t/samsung-ac-binding-sniff-packet/2701

Thanks

[MrMerlino]

Hello, do u have some news about it? thanks in advance!

[RemcoteWinkel]

Hi,

Samsung offered to restore software on my units. If this proofs succesfull you can ask for it too. I will keep you posted.

Verzonden vanaf mijn Samsung Galaxy smartphone.

-------- Oorspronkelijk bericht -------- Van: MrMerlino notifications@github.com Datum:2015-10-06 17:59 (GMT+01:00) Aan: openhab/openhab openhab@noreply.github.com Cc: RemcoteWinkel remcotewinkel@hotmail.com Onderwerp: Re: [openhab] SamsungAC: ssl handshake error (#2863)

Hello, do u have some news about it? thanks in advance!

---

Reply to this email directly or view it on GitHub: https://github.com/openhab/openhab/issues/2863#issuecomment-145909534

[MrMerlino]

thanks for reporting your experience! keep us updated! Could be a good solution!

[MrMerlino]

Upp! News? There is a way to help u? thanks :)

[RemcoteWinkel]

No luck. Appointment to install was not met. Now back to seller.

MrMerlino notifications@github.comschreef:

Upp! News?

---

Reply to this email directly or view it on GitHub: https://github.com/openhab/openhab/issues/2863#issuecomment-151141878

[MrMerlino]

Good morning, i buy a serial rs584 interface to check is if possibile to do something. Have a nice day

[MrMerlino]

I received the rs485 interface but today it's raining so i'll try tomorrow.

[RemcoteWinkel]

Hi,

I had an extensive discussion with Samsung. Their policy is that access from third parties (like openHAB) is a security threat. That is why they updated their software. They do not support anything else then their own app. They will however look into the handshake error and possibly fix it in time.

[MrMerlino]

Uppp! do you think there is the possibility to fix this problem?

[MrMerlino]

Hello! Don't know if can be useful anyway i try extract data from my tablet. On the app there is: libopenssl2 library rootcert.pem rootkey.pem cert.rsa and cert.sf file Not sure but the app lookslike just a webapp. Thanks in advance

[RemcoteWinkel]

Could be interesting, if the tablet is able to access the AC through SSL. I am still trying to convince Samsung to fix the problem.Their last remark on this issue is "We will improve the function and quality of our procudt step by step based on your opinion.". Once again it will help if others complain as well. For instance by mailing the company that is in your service manual. It is not appropriate for me to disclose the email address of the Samsung Support Representative in Korea here, but through your local service organization you might be able to reach them. Stating a SSL problem after the July update will certainly ring a bell in Korea.

[MrMerlino]

The connection is a normal encrypted connection; lookslike that works like this: AC send request to tablet tablet answer with a certificate (AC14K_M-KeyStore.bks). The file is a bouncy castle -> https://en.wikipedia.org/wiki/Bouncy_Castle_(cryptography)

[steintore]

Is it possible to extract the AC14K_M-KeyStore.bks-file? In that case we might be able to use it to avoid the handshake exception.

[RemcoteWinkel]

I did already. It is in the .apk file of the app, downloadable from the Samsung site. It is also possible to extract the certificates. I will drop you an email.

[MrMerlino]

Perfect :)

[brunofosi]

any updates?

[RemcoteWinkel]

No. Samsung continues to use a self signed certificate which is against industry best practices. Please contact you local representative about this. The more we consumers complain the more likely Samsung takes this seriously

[brunofosi]

I also don't understand why Samsung is adopting this practice! and they don't even make it available on their own Smartthings platform, which is ridiculous.

btw, i've noticed that there are some AC units that have different wifi ap settings.

look: https://itunes.apple.com/en/app/smart-home/id885787515?mt=8

when i install the app and choose to add a AC wall unit. it gives a different SSID!

it would be great to try to create a virtual wifi network with the same mac address as one samsung unit and with the same SSID and capture the traffic to see what happens

[RemcoteWinkel]

Splendid!

I did " openssl pkcs12 -in ack14k_m.pfx -out cert.pem -nodes" hit enter on password and then used the output file like:

openssl s_client -connect 192.168.1.147:2878 -cert cert.pem

I think I actually see my ac talking:

<?xml version="1.0" encoding="utf-8" ?>

I will try to add the certificate to my standard ca-certs later today. Will let you know the outcome.

[MrMerlino]

Excellent! At least we got an update :) Works also for me!

DPLUG-1.6

?xml version="1.0" encoding="utf-8" ?>#Update Type="InvalidateAccount"/>

[steintore]

Great news! I do think I'll have to do some alteration of the binding before this actually work, but @RemcoteWinkel let me know your results. I can make a small java-application to check how to implement it before I actually change the binding.

[MrMerlino]

@steintore The Answer "InvalidateAccount" means that you are not logged right? I extract the token from the xml (the same process with which I have got the bks certificate). This should means that the connection works correctly, right? How i can try to make communication with the AC? Thanks in advance :)