SamsungAC: ssl handshake error

[ronny332]

Are there any known issue for the SamsungAC binding for newer models? In our house we have 3 Samsung devices working, 2 devices are from 2013 and the newest one was introduced in late 2014.

Both devices of 2013 are working (Samsung Flagship Jungfrau), but the newest one does not connect. Openhab is reporting

15:18:16.666 [DEBUG] [.b.s.internal.SamsungAcBinding:267  ] - java.lang.Exception: Cannot connect to 10.0.0.125:2878 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

A short curl test shows the same result. I can connect to both older devices, but not to the newest one.

A short wireshark debug recording is showing no "big" data frames anymore. Is it possible samsung has left the XML communication between the remote app and the device?

[RemcoteWinkel]

You will have to put the ac server certificate in your java truststore as described. When I did it worked under Windows. 

What is remaining is a step by step guide for new users. Now many posts to read. But the answer is in this thread. A brief overview:

• Let Java trust your ac by extracting the ROOTCA certificate and add it to your cacerts truststore.
• Extract the private key from the apk and provide the (new) binding with its location.

Currently I lack time to explain this in detail, but the links and information in this thread provide all information.

In time we will publish a guide.

[MrMerlino]

Ok no problem :) i'm sorry but i understood that worked only under linux! If i'm able to make it working i try to write a wiki! Again, thanks to all!!!

[MrMerlino]

I make all the procedure correctly and i successfully installed all the certificate but still no working. The problem is that the binding stop always here: 13:23:53.773 [DEBUG] [.b.s.internal.SamsungAcBinding:208 ] - Configuration key is: Livingroom.certificate

I tryed also in another PC with a clean install....same problem. Looks like that the binding stop working when loaded certificate. I'm do this: download and unzip 1.8.1 version Modify openhab.cfg adding samsung configuration:

Host and port of the first AC to control

samsungac:Livingroom.host=10.1.1.246 samsungac:Livingroom.mac=MAC edited samsungac:Livingroom.token=d76b7f82-3d31-4635-89a6-2b0ad192866d samsungac:Livingroom.certificate=C:\Users\user\Desktop\OH1.8.1\addons\ac14k_m.pfx

samsungac:Livingroom.password=

Set samsung.item and sitemaps stop.

[MrMerlino]

I give up. I try with last computer. A clean installation and make all the file newly. Doensn't works. 17:33:00.154 [INFO ] [.b.s.internal.SamsungAcBinding:202 ] - No refresh interva l configured, using default: 60000 ms 17:33:00.170 [DEBUG] [.b.s.internal.SamsungAcBinding:208 ] - Configuration key is: accucina.certificate

Stop workings here. Is possibile that the binding is corrupted? I download it from here: http://bit.ly/20Dabae

[thomas70]

Try this certificate

https://github.com/openhab/openhab/issues/2863#issuecomment-184426045

[MrMerlino]

No idea... Also without the certificate line (in openhab.cfg) stops here:

DEBUG o.o.b.s.i.SamsungAcBinding[:208]- Configuration key is: camera.host

Could be a java problem? Really don't understand why i have a different output from you... All the other addons works corectly :(

[RemcoteWinkel]

I compiled a summary of this thread:

Getting your Samsung Smart Air Conditioner to work with OpenHAB

Samsung Smart Airconditioners from July 2015 on have a different way of working. You will need to adjust the certificates. Here is how to.

Step 1. Extract the ac's certificate and let your computer trust it The first thing to do is to extract the root certificate from your ac. Root certificates are usualy signed by Certification Authorities like VeriSign. The certificated is however not signed by a Certification Authority, but by Samsung itself. This self sifgned certicificate needs to be added to the Java truststore to be trusted by OpenHAB.

Extract the certificate like this, mind entering the correct ip address for your ac unit in the command:

echo -n | openssl s_client -connect 192.168.1.136:2878 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > samsungcert.crt

Don't mind the error message, it is part of the deal. Now we need to find the location of your Java cacerts:

sudo find / | grep cacerts

The output will tell you the correct path. Now add the key to your trusted certificates with the keytool utility:

sudo keytool -import -trustcacerts -keystore /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts -storepass changeit -noprompt -alias mycert -file samsungcert.crt

Step 2. Download or extract the keyfile from the app to supply to the OpenHAB binding There is a long version of this and a short one. The short one is downloading it here http://pastebin.com/MKTbFnK5 Prepare the file like this:

base64 -d < pasted.txt > cert.pem

The long one is extracting it from the app, To follow.

Step 3. Using the keyfile in OpenHAB Here is an example openhab.cfg configuration for the Samsung ac binding:

samsungac:Woon.host=192.168.1.145
samsungac:Woon.mac=BC8CAA7226CF
samsungac:Woon.token=6acb7452-bb3f-429c-912c-72bfbb5bf052
samsungac:Woon.certificate=/home/domorino/ac/cert.pem

Step 4. Download adjusted binding Get the beta-test binding, it was not yet in 18.2 from http://bit.ly/20Dabae

[vlad-ivanov-name]

Wouldn't it be dangerous to trust a root certificate issued by whatever third party? I think it makes sense to keep Samsung's cert in a separate keystore and use -Djavax.net.ssl.trustStore JVM startup parameter.

[MrMerlino]

Hello, i install correctly the certificate and with: "keytool -list -keystore cacerts" i can check it. But it doesn't works. I try also in a clean installation without antivirus and only with java last version. I think that on Windows with the last version something block the jar execution. No idea what is blocking the execution. There is a way to check it? sorry but i spend a lot of hours to fix this but i didn't find a solution. This are my checksum of the jar: MD5 Checksum: 94F5E2F102C386585FFA82C914F88313 SHA-1 Checksum: EB4AB314E642F81C0E7284D0143E7E744CAAFF15 SHA-256 Checksum: 900D77F27590BE97FFACD36AD90091698C6E15111C635FD3134E68397D6089F9 SHA-512 Checksum: 69BE0F2B197EFEDCF60EC407D0E1450093564EB4E2DB47F7E1786C91AD2FB9C75538A32D3C6A65D300244B0E1473D511C36041581782739DAD0D886FDE93A276

I should try with an old java version (< Java 1.7 Update 45)?

[MrMerlino]

I try also with an ubuntu distribution...and i have the same situation: So i think that is a mine error...but really don't understand where.

13:36:43.711 [DEBUG] [.b.s.internal.SamsungAcBinding:59 ] - Started Samsung AC Binding 13:36:43.723 [INFO ] [.b.s.internal.SamsungAcBinding:202 ] - No refresh interval configured, using default: 60000 ms 13:36:43.724 [DEBUG] [.b.s.internal.SamsungAcBinding:208 ] - Configuration key is: accamera.certificate

And stop here Can someone suggest me something to do? thanks

[steintore]

@MrMerlino This is strange, because it stop while trying to read the configuration, and it never finishes reading the configuration. It does not even try to connect, as this is done after reading the configuration.

If you remove the line in the configuration with certificate, what is then put in the log?

[MrMerlino]

Thanks for your support; is the same situation.... The jar file works with this command:

java -cp org.openhab.binding.samsungac.jar org.binding.openhab.samsungac.communicator.SsdpDiscovery

(https://cloud.githubusercontent.com/assets/14082105/13606019/7ca651ec-e54a-11e5-8629-7fa5c4d582bf.PNG)

And if i try to connect using openssl i can connect succesfully

[MrMerlino]

Can u check if the hash is the same? Thanks in advance to all.... I'm so sorry but really don't know what to do for fix this problem

[MrMerlino]

Finally, after spent a lot of hours, it works! The problem is on the file posted on dropbox! With the jar in the addon of the last versione (1.8.2) it works correctly :dancer: In the end! Thanks for all!

Now i have a bug. When i give a command to the AC, the apps take a lot of seconds (also minute sometimes) after give the command... For Exable 10h.57m.55s i give off command to the ac but on the log i have this: 2016-03-25 10:58:05.534 [INFO ] [runtime.busevents ] - ac_power2 received command OFF

when for example i change the temperature (from 20 to 24 i.e.) it took few minute to change it! is it normal? thanks in advance!

[RemcoteWinkel]

Hi MrMerlino,

I am glad it works for you too now! Perfomance is indeed an issue with the new situation. Using OpenHAB as a remote can be a pain. But for automating tasks everything works well.

My personal experience is that the first command is relatively fast, but perfomance decreases rapidly afterwards. I also sometimes see response times of over a minute.

I have a script that when turning on the the heating with a room temperature of under 18 degrees, the AC gets activated as well. So I send commands for temperature, fan speed, heating mode and turning the ac on after each other. This takes several minutes to complete. But I can live with it.

[steintore]

Could it be something with the software on the AC after the upgrade? I do not have any of the problems you guys describe. RemcoteWinkel; could you turn in debug-logging and send the sequences you do to the AC and e-mail me the log?

There might be some changes in the communication...

Den tirsdag 29. mars 2016 skrev RemcoteWinkel notifications@github.com følgende:

Hi MrMerlino,

I am glad it works for you too now! Perfomance is indeed an issue with the new situation. Using OpenHAB as a remote can be a pain. But for automating tasks everything works well.

My personal experience is that the first command is relatively fast, but perfomance decreases rapidly afterwards. I also sometimes see response times of over a minute.

I have a script that when turning on the the heating with a room temperature of under 18 degrees, the AC gets activated as well. So I send commands for temperature, fan speed, heating mode and turning the ac on after each other. This takes several minutes to complete. But I can live with it.

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/openhab/openhab/issues/2863#issuecomment-203069187

Stein Tore Tøsse stein.tore@kodemaker.no Kodemekker +47 971 25 770

KODEMAKER www.kodemaker.no

[RemcoteWinkel]

Issuing five commands takes more than four minutes on my (fast) testmachine. I guess trying this on the Raspberry doesn't make things better. I will put the SSL debugging on and mail you the results. I do have to say the status got update four times as well in the mean time, I never got the poll interval working.

Rule is: rule "Testac" when Time cron "0 0/10 * * * ?" then // heating, 24, aan

      sendCommand (z_ac_st, 20)
    sendCommand (z_ac_om,4)
    sendCommand (z_ac_p, ON)
    sendCommand (z_ac_w, 1)
    sendCommand (z_add_ac, ON)

end

Debug log is:

12:10:00.047 DEBUG o.o.m.r.i.e.ExecuteRuleJob[:53]- Executing scheduled rule 'Testac' 12:10:00.799 DEBUG o.o.m.s.s.ScriptExtensionClassNameProvider[:63]- Script actions have changed: HTTPActionService, PingActionService, AudioActionService, ExecActionService, TransformationActionService, 12:10:01.756 DEBUG o.o.b.s.i.SamsungAcBinding[:80]- InternalReceiveCommand [z_ac_st:20] 12:10:01.759 DEBUG o.o.b.s.i.SamsungAcBinding[:134]- [1/5] Sending command: 20 to property:AC_FUN_TEMPSET with ip:192.168.1.36 12:10:35.183 DEBUG o.o.b.s.i.SamsungAcBinding[:138]- Command[20] sent on try number 1 12:10:35.497 DEBUG o.o.b.s.i.SamsungAcBinding[:80]- InternalReceiveCommand [z_ac_om:4] 12:10:35.498 DEBUG o.o.b.s.i.SamsungAcBinding[:134]- [1/5] Sending command: Heat to property:AC_FUN_OPMODE with ip:192.168.1.36 12:10:40.619 DEBUG o.o.b.s.i.SamsungAcBinding[:138]- Command[Heat] sent on try number 1 12:10:40.966 DEBUG o.o.b.s.i.SamsungAcBinding[:80]- InternalReceiveCommand [z_ac_p:ON] 12:10:40.969 DEBUG o.o.b.s.i.SamsungAcBinding[:134]- [1/5] Sending command: On to property:AC_FUN_POWER with ip:192.168.1.36 12:11:43.217 DEBUG o.o.b.s.i.SamsungAcBinding[:138]- Command[On] sent on try number 1 12:11:43.414 DEBUG o.o.b.s.i.SamsungAcBinding[:80]- InternalReceiveCommand [z_ac_w:1] 12:11:43.418 DEBUG o.o.b.s.i.SamsungAcBinding[:134]- [1/5] Sending command: Low to property:AC_FUN_WINDLEVEL with ip:192.168.1.36 12:12:15.704 DEBUG o.o.b.s.i.SamsungAcBinding[:138]- Command[Low] sent on try number 1 12:12:15.965 DEBUG o.o.b.s.i.SamsungAcBinding[:80]- InternalReceiveCommand [z_add_ac:ON] 12:12:15.966 DEBUG o.o.b.s.i.SamsungAcBinding[:134]- [1/5] Sending command: On to property:AC_ADD_AUTOCLEAN with ip:192.168.1.36 12:14:38.002 DEBUG o.o.b.s.i.SamsungAcBinding[:138]- Command[On] sent on try number 1

[MrMerlino]

Maybe the biggest problem is that u can't send other command (i.e. zwave command) during this few minute!

Thanks :)

[steintore]

@MrMerlino please try this version; https://www.dropbox.com/s/mkgbude03y7knp6/org.openhab.binding.samsungac_1.9.0.SNAPSHOT-20160404.jar?dl=0 Give me feedback if it works or not, @RemcoteWinkel has been testing it, and it seems to at least be a great improvement.

[MrMerlino]

edit: don't know why but java is autoupdated to last version so i lost cacerts....i need to fix it, then i can try last jar.

[steintore]

The new pull request will hopefully solve the problems. Been running for some days at my place, with no issues. Also been tested by Mr @RemcoteWinkel .. so hopefully the speed and stability will improve a lot.

[RemcoteWinkel]

Last week the test binding functioned properly with a very acceptable performance on a Raspberry Pi 3B.

[MrMerlino]

Thanks for the new binding. This new bidning works fastly then the app. Really thanks for this.

[bioego]

Hi guys, trying to connect to my freshly installed Samsung Triangle RACs but it seems something has changed again (or I am missing something major which is totally possible).

I followed this thread to deal with the SSL connection and I noticed the following:

• Connection port has changed from 2878 to 8888 (checked with nmap): if I indeed try to connect to 8888 with openssl I get an answer from the AC. For the time being I just redirected all output for 2878 to 8888 using iptables and DNAT;
• Certificate has probably changed: using the cert.pem from this thread doesn't seem to work. Running "openssl s_client -connect 192.168.1.201:8888 -cert cert.pem" gives me this:

`CONNECTED(00000003)
depth=3 C = KR, O = Samsung Electronics, CN = ROOTCA
verify error:num=19:self signed certificate in certificate chain
verify return:0

Certificate chain
 0 s:/C=KR/O=Samsung Electronics/CN=DA_SET/emailAddress=tp6xrac16k@samsung.com
   i:/C=KR/O=Samsung Electronics/CN=DeviceCA/emailAddress=DeviceCA@samsung.com
 1 s:/C=KR/O=Samsung Electronics/CN=DeviceCA/emailAddress=DeviceCA@samsung.com
   i:/C=KR/O=Samsung Electronics/CN=CECA
 2 s:/C=KR/O=Samsung Electronics/CN=CECA
   i:/C=KR/O=Samsung Electronics/CN=ROOTCA
 3 s:/C=KR/O=Samsung Electronics/CN=ROOTCA
   i:/C=KR/O=Samsung Electronics/CN=ROOTCA

Server certificate
-----BEGIN CERTIFICATE-----
[edited]
-----END CERTIFICATE-----
subject=/C=KR/O=Samsung Electronics/CN=DA_SET/emailAddress=tp6xrac16k@samsung.com
issuer=/C=KR/O=Samsung Electronics/CN=DeviceCA/emailAddress=DeviceCA@samsung.com

Acceptable client certificate CA names
/C=KR/O=Samsung Electronics/CN=DeviceCA/emailAddress=DeviceCA@samsung.com
/C=KR/O=Samsung Electronics/CN=RemoteAccessCA(CE)
/C=KR/O=Samsung Electronics/CN=CECA
/C=KR/O=Samsung Electronics/CN=ROOTCA

SSL handshake has read 5220 bytes and written 1632 bytes

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA
[edited]
    Start Time: 1462180018
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)`

And that's it, from what I've seen I did expect to receive an XML with the status of the unit, am I wrong? Also I noticed that instead of 0 s:/C=KR/O=Samsung Electronics/CN=AC14K/emailAddress=AC14K@samsung.com as I've seen in other people's output I have the following: 0 s:/C=KR/O=Samsung Electronics/CN=DA_SET/emailAddress=tp6xrac16k@samsung.com Not sure if it does mean anything at all.

• Tried to extract the certificate from the APK: I managed to find the AC14K_M_Keystore.bks, it was in a different folder, but I failed to find in which file it is referenced and its password. The file mentioned in a previous post in this thread does not exists anymore.
• As far as openHAB is concerned: I'm still out of luck trying to obtain the token, I guess due to the fact that I'm still not able to connect to the units. Ssdp discovery does not return anything but I didn't really pay attention to that since I already knew the IP and MAC of the RACs.
• openHAB logs gives me this:

2016-05-01 22:33:04.883 [INFO ] [.o.core.internal.CoreActivator] - openHAB runtime has been started (v1.8.2).
2016-05-01 22:33:07.127 [INFO ] [o.o.i.s.i.DiscoveryServiceImpl] - mDNS service has been started
2016-05-01 22:33:07.221 [INFO ] [o.o.i.s.i.DiscoveryServiceImpl] - Service Discovery initialization completed
2016-05-01 22:33:10.408 [INFO ] [penhab.io.rest.RESTApplication] - Started REST API at /rest
2016-05-01 22:33:16.313 [INFO ] [c.internal.ModelRepositoryImpl] - Loading model 'default.sitemap'
2016-05-01 22:33:16.769 [INFO ] [c.internal.ModelRepositoryImpl] - Loading model 'samsungac.items'
2016-05-01 22:33:17.602 [INFO ] [.o.u.w.i.servlet.WebAppServlet] - Started Classic UI at /classicui/openhab.app
2016-05-01 22:33:21.727 [INFO ] [.service.AbstractActiveService] - HTTP Refresh Service has been started
2016-05-01 22:33:21.741 [DEBUG] [.s.internal.SamsungAcActivator] - Samsung AC binding has been started.
2016-05-01 22:33:21.773 [DEBUG] [.b.s.internal.SamsungAcBinding] - Started Samsung AC Binding
2016-05-01 22:33:21.777 [INFO ] [.b.s.internal.SamsungAcBinding] - No refresh interval configured, using default: 60000 ms
2016-05-01 22:33:21.778 [DEBUG] [.b.s.internal.SamsungAcBinding] - Configuration key is: Sala.certificate
2016-05-01 22:33:21.783 [DEBUG] [.b.s.internal.SamsungAcBinding] - Configuration key is: Sala.host
2016-05-01 22:33:21.786 [DEBUG] [.b.s.internal.SamsungAcBinding] - Configuration key is: Sala.mac
2016-05-01 22:33:21.787 [DEBUG] [.b.s.internal.SamsungAcBinding] - Configuration key is: service.pid
2016-05-01 22:33:21.788 [INFO ] [.service.AbstractActiveService] - Samsung Air Conditioner service has been started
2016-05-01 22:33:21.790 [DEBUG] [.b.s.internal.SamsungAcBinding] - Broken connection found for 'Sala', attempting to reconnect...
2016-05-01 22:41:06.860 [INFO ] [c.internal.ModelRepositoryImpl] - Loading model 'aircon.sitemap'
2016-05-01 22:42:22.366 [DEBUG] [.b.s.internal.SamsungAcBinding] - InternalReceiveCommand [ac_power:ON]
2016-05-01 22:42:22.367 [DEBUG] [.b.s.internal.SamsungAcBinding] - [1/5] Sending command: On to property:AC_FUN_POWER with ip:192.168.1.201
2016-05-01 22:42:22.368 [WARN ] [.b.s.internal.SamsungAcBinding] - Could not send value: 'On' to property:'AC_FUN_POWER', try 1/5
2016-05-01 22:42:22.403 [DEBUG] [.b.s.internal.SamsungAcBinding] - [2/5] Sending command: On to property:AC_FUN_POWER with ip:192.168.1.201
2016-05-01 22:42:33.263 [WARN ] [.w.internal.servlet.CmdServlet] - Received unknown command 'Uninitialized' for item 'ac_set_temp'
2016-05-01 22:42:35.237 [DEBUG] [.b.s.internal.SamsungAcBinding] - InternalReceiveCommand [ac_power:ON]
2016-05-01 22:42:35.238 [DEBUG] [.b.s.internal.SamsungAcBinding] - [1/5] Sending command: On to property:AC_FUN_POWER with ip:192.168.1.201
2016-05-01 22:42:35.304 [DEBUG] [.b.s.internal.SamsungAcBinding] - Command[On] sent on try number 1

` As you can see it reports a broken connection, tries to reconnect and then nothing happens. I tried giving some command using the item & sitemap from the binding page, but no go. This is with the cert.pem from this thread and no token since I couldn't find how to retrieve it.

Any ideas where to go from here? Thx Bioego

[RemcoteWinkel]

Hi Bioego,

Did you also extract the certs from the ac and add them to cacerts? What if you try with the instructions om my page domorino dot nl? I compiled this thread into a single howto.

If that doesn't work we can go and figure out what has changed.

[bioego]

Hi RemcoteWinkel, thanks for answering! The certificate on your page is the same I took from your post up above (same link from pastebin), and unfortunately it leads to the result of my previous post. Tried to redownload and process anyway but no changes.

One thing I forgot to mention though that I noticed while reprocessing the cert, not sure if important or not, when using base64 to convert the file I get an "invalid input" error (tried to download both using Windows and Linux, and also via copy/paste to notepad). If I use the "di" command instead of "d" it works, I found this suggestion on the net, seems related to the presence of delimiters in the file (the "i" stands for "ignore non-alphabet characters").

I'm planning to cut the RACs off the net as soon as I get them working, unfortunately they've been installed literally two days ago so I guess they were already updated (or they got updated while I was discovering about openHAB)...lucky me :(

[RemcoteWinkel]

Hi, I edited my post a bit. Did you extract the root certificate from the ac? It is a vital step because Samsung signs its certificates by theirselves and (luckily) my ssl implementation doesn't trust Samsung upfront. So you will have to make the Samsung ROOTCA a trusted certificate assigner on your system.

Regarding updates, they should only be done when you register your ac with Samsung, but as they are fairly new it is possible they came with updated software.Thanks for the hint on the bas64 command.

[bioego]

Hi, yes I extracted the cert from the AC following your post (and the procedure is the same on your page). As far as edits are concerned: I did this yesterday evening so I'm pretty sure everything was up to date. Also registered the certificate in the cacert.

Of course the first thing I did as soon as the RACs were up was to download the app and register them in it :(

EDIT: I noticed now that the post you were mentioning was the last one you made, while I meant the summary post of March 5 (which is by the way the procedure I followed). Anyway: yes the result I posted were obtained after extracting the certificate from the AC and adding it to the cacerts.

[bioego]

Played around a bit with openSSL. The cert from the ac was added using the ca-certificates method (I'm on Debian Jessie by the way) as an additional step after adding it to the JAVA cacerts following the procedure detailed in the summary post of March 5.

Tried running the openssl verify against both the cert.pem from this thread:

# openssl verify cert.pem
cert.pem: C = KR, O = Samsung Electronics, CN = AC14K_M, emailAddress = AC14K_M@samsung.com
error 20 at 0 depth lookup:unable to get local issuer certificate

and against the certificate from the ac:

# openssl verify /etc/ssl/certs/samsungcert.pem
/etc/ssl/certs/samsungcert.pem: C = KR, O = Samsung Electronics, CN = DA_SET, emailAddress = tp6xrac16k@samsung.com
error 20 at 0 depth lookup:unable to get local issuer certificate

Again I'm noticing the different CN and emailAddress. Not sure whether the error 20 is to be expected since it is a self-signed certificate or not (I'm no expert regarding openssl).

[netsuso]

Hi, Bioego

I've downloaded the latest SmartAir apk (version 1.2.80 from March 29th, I assume it's the one you are using), and the bks file is exactly the same as for version 1.2.78 from which I originally extracted the certificate you can find on pastebin. So it seems there are no newer SSL certificates for Samsung A/C (thank god), and actually your openssl s_client connection looks good.

So you don't receive any feedback at all from the unit after the SSL connection is open, do you? Have you tried sending anything? (Even some carriage return, it should at least close the connection). Could you try sending this?:

If the protocol is the same, it should answer with a Ready response. If this is the case, then maybe the binding expects the A/C unit to send an "InvalidateAccount" as the first interaction, and maybe they have changed that with the newer units, not sending anything back until the authentication succeeds. But this is just a guess..

(If you receive the ready response, you just need to turn on/off your unit and it will automatically send you back an auth token)

[bioego]

Hi netsuso, I didn't use the SmartAir apk but the Smart Home apk: that's the app I'm using to control the RACs (actually I'm using the IOS version on an iPad but that's the android equivalent). Still I might try to run SmartAir and see if it works, maybe SmartHome just uses it for the AC control part. (will do that later tomorrow since its 2am here and I need to borrow my wife's smartphone for that).

Regarding SSL: no I do not receive anything, I tried sending a few CR but no answer (and it doesn't close the connection), if I type anything else I get this:

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.2.7</center>
</body>
</html>
read:errno=0

I'm really no expert: could you suggest some meaningful message to send to try and obtain an answer?

[netsuso]

Hi, bioego

That's a nginx web server, it doesn't have anything to do with the xml based protocol used by this binding. Maybe they have changed it to a web based protocol, but I don't know anything about that, maybe RemoteWinkel here has heard something...

In the mean time you could run a basic curl request to see what happens:

curl https://192.168.1.201:8888/

[RemcoteWinkel]

As you are able to communicate with the ac, your problem is not the connection but the protocol. We had a breakthrough in examining the decoded apk like netsuso showed us in his post of Feb 15th.

I would say Samsung should leave the old protocol intact as not everyone updates their ac but does update the app. I just ran a test and my 1.2.80 app connects fine with "old" ac firmware.

The other way around is not a given. If they implemented a new protocol for their ac units, it might mean the 1.2.80 app has extra functionality. When I have some time I will try to look into it.

Can you confirm the app "Smart Air Conditioner apk 1.2.80" works for your ac? ('in home' mode)

[bioego]

Hi,

@netsuso : I'll try that this evening as I get home. I did already try to connect with a browser but it just complained about not sending the valid certificate, not sure if using curl will change anything. I'll update as soon as I have info.

@RemcoteWinkel : ok I'll try the Smart Air APK this evening too and update accordingly!

Thanks!

[netsuso]

Sorry, bioego, I forgot the certificate part:

curl --cert cert.pem https://192.168.1.201:8888/

[RemcoteWinkel]

The good news: I decoded the apk (use latest APKtool build because of a bug just recently fixed, instructions on http://ibotpeaches.github.io/Apktool/build/ and I can see references to fridges and smarthomes, so pat on my own back. The bad news is: a lot of files to examine. Will try to find some time later this week.

[bioego]

Bad news on my side :(

@netsuso : curl connection results:

# curl -k --cert cert.pem https://192.168.1.201:8888
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.2.7</center>
</body>
</html>

@RemcoteWinkel : Smart Air Conditioner app is not working with my units. Tried both on IOS and on Android, the ac is not even detected. Even though the connection procedure described in SmartHome and SmartAir is the same (ac on, enter AP mode by pressing "timer" for 4 secs on remote, connect to ac network) when connected to the ac network it doesn't recognize the unit (IOS version surrenders immediately, Android tryes for half a minute but fails too). Smart Home works fine on both OS.

It seems that they went a long way to change the protocol on both unit and app.

Looking further at the nmap results I found another open port on the unit: 5050. Connecting to it using openssl gives the following:

# openssl s_client -connect 192.168.1.201:5050 -cert cert.pem
CONNECTED(00000003)
140227038512784:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

with curl and https:

# curl -k --cert cert.pem https://192.168.1.201:5050
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

with curl and http: its strange sometimes it gives no result (just stays there with no output until I ctrl-C), sometimes gives a "connection refused" error, other time it outputs the following string:

▒▒4▒io(▒3▒▒d▒1x▒▒▒▒▒▒[e▒s▒▒▒T▒47▒H3pE▒▒"@▒▒▒\8@w▒▒׊▒▒▒h^▒▒▒k▒▒c▒y▒▒E▒7a1Ҿ▒<▒Z▒H▒։▒▒▒▒▒X▒▒▒▒▒I▒▒▒▒}q▒N▒P6▒▒Q▒▒=5▒,▒ƲVs,▒▒▒▒▒W▒▒G▒W▒_;▒K:▒%▒▒▒▒▒▒c▒Χ▒k▒n▒\B{Z▒▒OG▒r¶^ա,▒▒}▒root@debserv:/home/bioego# PuTTY

As you can see it messes up the prompt and mentions PuTTY (which is the program I'm using to connect to the shell on the server from my main PC). If I pipe the output to a file the result is in the attached output.txt file.

output.txt

Not really sure what to make of it, but I've the impression that the changes made to these new units are quite major.

EDIT: I found something interesting: when playing around with wireshark I noticed that in the SSDP packets from the ac the LOCATION field was set as https://192.168.1.201:8888/capability. I tried to curl that address and here is the result:

# curl -k --cert cert.pem https://192.168.1.201:8888/capability
{"errorCode":"0","errorDescription":"Token is not valid"}

EDIT2: here are other info from the SSDP packets

NOTIFY * HTTP/1.1
NT: urn:SmartHomeAlliance-org:device:Air_Conditioner:1.0 deviceSubType/Room_Air_Conditioner modleID/TP6X_RAC_16K
NTS: ssdp:alive
HOST: 239.255.255.250:1900
CACHE-CONTROL: max-age = 1800
USN: uuid:[edited]::urn:SmartHomeAlliance-org:device:Air_Conditioner:1.0 deviceSubType/Room_Air_Conditioner modleID/TP6X_RAC_16K
SERVER: Linux/2.6 SHP/1.0 Air_Conditioner/1.0 deviceSubType/Room_Air_Conditioner modleID/TP6X_RAC_16K
LOCATION: https://192.168.1.201:8888/capability

The SERVER string had me thinking a bit about something I found when searching the net for clues on how to get a hold of this issue. It mentions SHP/1.0 which could be a reference to version 1.0 of the SmartHomeProtocol that Samsung is implementing after acquiring SmartThings and that is described as interoperable with other brands and IoT appliances. They also mention the availability of an SDK and Cloud API, even though I'm not sure those will be for free (http://developer.samsung.com/smart-home). Might be interesting anyway.

[Ontrackx]

Hi im trying to get this working in openhab windows, i have no clue how to extract certificate with java in windows. If anyone is willing to help in teamwiever please give me a sign

9:52:18.607 [DEBUG] [.o.b.s.internal.AirConditioner:98 ] - Disconnected from AC: 192.168.2.227 19:52:18.610 [DEBUG] [.b.s.internal.SamsungAcBinding:294 ] - java.lang.Exception: Could not connect using certificate: C:\Program Files (x86)\Java\jre1.8.0_91\lib\security\cacerts : org.apache.commons.ssl.ProbablyBadPasswordException: Probably bad JKS password: java.io.IOException: Keystore was tampered with, or password was incorrect

[allisgray]

Hi,

I am using the certificate and the binding from org.openhab.binding.samsungac_1.9.0.SNAPSHOT-20160404. However, this seems to insist on connecting on the (now) defunct port 2878 instead of

OpenHAB log excerpt: [DEBUG] [.b.s.internal.SamsungAcBinding:57 ] - Started Samsung AC Binding [INFO ] [.b.s.internal.SamsungAcBinding:202 ] - No refresh interval configured, using default: 60000 ms [DEBUG] [.b.s.internal.SamsungAcBinding:208 ] - Configuration key is: Livingroom.certificate [DEBUG] [.b.s.internal.SamsungAcBinding:208 ] - Configuration key is: Livingroom.host [DEBUG] [.b.s.internal.SamsungAcBinding:208 ] - Configuration key is: Livingroom.mac [DEBUG] [.b.s.internal.SamsungAcBinding:208 ] - Configuration key is: service.pid [INFO ] [.service.AbstractActiveService:169 ] - Samsung Air Conditioner service has been started [DEBUG] [.b.s.internal.SamsungAcBinding:286 ] - Broken connection found for 'Livingroom', attempting to reconnect... [DEBUG] [.b.s.internal.SamsungAcBinding:294 ] - java.lang.Exception: Cannot connect to 10.x.x.x:2878 : java.net.ConnectException: Connection refused

Conf in openhab.cfg: `samsungac:Livingroom.host=10.x.x.x samsungac:Livingroom.mac=08042e000000

samsungac:Livingroom.token=33965901-4482-M849-N716-373832354144

samsungac:Livingroom.certificate=ssl/samsung-rac-201507.pem

samsungac:.password=something

`

Any ideas or plans to make the port configurable? Or is it just not reasonable to do that because the whole protocol changed?

Thanks for your work so far, by the way!

[watou]

@allisgray Consider opening a new issue, or better yet, first a discussion at https://community.openhab.org, regarding the port number. Your report/question is more likely to go unaddressed here.

[allisgray]

Thanks @watou, created a topic there. Cheers, Gabe

[marko3dana]

Came to the same stage as @bioego . Any news regarding protocol on port 8888 ? It's definitely nginx behind it.. and responese I'm getting are json coded..

curl -XPOST -H "Content-Type: text/xml" -d "<?xml version=\"1.0\" encoding=\"utf-8\" ?><Request Type=\"GetToken\" />" --cert cert.pem "https://10.10.90.1:8888/capability" --insecure

and after it got response: {"errorCode":"0","errorDescription":"Token is not valid"}

[watou]

Any news regarding protocol on port 8888 ?

Please see #4522, and also this discussion. There is a test JAR there.

[mapilarc]

The other discussion doesn't help much. I guess the issue lies in the security. I've started from the beginning. I've unpacked the Samsung Smart Home application, note it's not Air Conditioner. I've located the file where BKS is processed. I believe I've got the password, it's "1%^tka1zvbac14km". BountyCastle installed and I can play with keytool.

I'm executing the following command:

keytool -importkeystore -srckeystore AC14K_M_KeyStore.bks -srcstoretype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -destkeystore ac14k_m.p12 -deststoretype PKCS12 -deststorepass 123456 -destkeypass 123456 -alias ac14k_m

I'm being asked for the password to the keystore. It's the one above. And then I need some other password. What it might be?

Enter key password for <ac14k_m>:

I'm not so good at security. Any ideas?

[marko3dana]

@mapilarc did you managed to get it working ?

[mapilarc]

Nope, no idea what to do further

[pipka76]

@mapilarc It is asking for private key password I guess. It has to be stored in the apk as well. How did you manage to resolve password for the storage anyway? (it is correct)

[pipka76]

So I have been playing around with my Samsung wash machine. I wanted to connect it somehow on my Fibaro. I know you guys are solving AC and different stuff, but it was somehow helpful even for my case. It looks like that as somebody mentioned, new products from smart home family communicate through 8888 port on SSL. Communication is base on standard HTTP protocol and JSON. I have spend many hours to reengineer the phone app code and I have found out that the API on 8888 is pretty rich. I'm still struggling with authorization issues for most of the commands. It is about correct setting of WWW-Authenticate header. Just to get closer info for somebody, the requests and endpoints looks similar to: POST /devicetoken/request HTTP/1.0 DELETE /devices/oven/customrecipes/xxx HTTP/1.0 GET /devices/0/configuration/networks HTTP/1.0 and many many more ....

However I'm always getting the result below, as I have not found out how to authorize.

HTTP/1.1 401 Unauthorized Server: nginx/1.2.7 Date: Sat, 22 Oct 2016 14:57:03 GMT Content-Type: application/json Content-Length: 57 Connection: close X-API-Version : v1.0.0 WWW-Authenticate: Bearer error="invalid_token"

{"errorCode":"0","errorDescription":"Token is not valid"}

[steintore]

Hi, this is exciting work. I do think you should post it on the OpenHAB Community for further discussion. It might be a common protocol which is used for all Samsung devices, and maybe we should create a new binding for it if you find out how the communication works.

[9037568]

Based on April comments, this issue is fixed.