persandstrom / python-verisure

A python module for reading and changing status of verisure devices through verisure app api.
MIT License
138 stars 42 forks source link

"Device not claimed" when doing camera-get-request-id #156

Open joszz opened 1 year ago

joszz commented 1 year ago

When I try to do an image capture from a camera, I first need to have a request id. When I try vsure [username] [password] --camera-get-request-id "[device_label]" ([device_label] I acquired through --cameras. It needs quotes I believe since there's a space in the label. Tried without quotes, and single quotes to no avail)

I get the following output; { "errors": [ { "message": "Request Failed", "locations": [ { "line": 2, "column": 3 } ], "path": [ "ContentProviderCaptureImageRequest" ], "data": { "status": 400, "logTraceId": "<retracted>", "errorCode": "CCCP_DEVICE_NOT_CLAIMED", "errorMessage": "Device not claimed" } } ], "data": { "ContentProviderCaptureImageRequest": null } }

what am I missing here or doing wrong? The capture is always allowed on any arm state. The output of cameras is; { "data": { "installation": { "cameras": [ { "visibleOnCard": true, "initiallyConfigured": true, "imageCaptureAllowed": "ALWAYS", "imageCaptureAllowedByArmstate": null, "device": { "deviceLabel": "<retracted>", "area": "<retracted>", "__typename": "Device" }, "latestCameraSeries": null }, { "visibleOnCard": true, "initiallyConfigured": true, "imageCaptureAllowed": "ALWAYS", "imageCaptureAllowedByArmstate": null, "device": { "deviceLabel": "<retracted>, "area": "<retracted>", "__typename": "Device" }, "latestCameraSeries": null } ] } } }

persandstrom commented 1 year ago

You are correct, the quotes " are needed.

Do you have another user for your automations than you use for the app? In that case, can that user see the cameras in the app?

joszz commented 1 year ago

I'm currently testing with the same user as I'm using for the app. That user can see the cameras in the app, take pictures etc.

joszz commented 1 year ago

I'm not so well versed in python but if there's a way to provide you with some more details, let me know and I'll try to get more info. I'm willing to test/debug things, but clueless where to start.

persandstrom commented 1 year ago

The only thing I can think of is is to record the communication between the app and verisure backend. I use Charles proxy for this. Try to compare the graphql commands between the recording and python-verisure to see if there are any discrepencies.

joszz commented 1 year ago

Bit of a learning curve here :) I see that Charles proxy is only free on trial basis so I tried having a go with postman which I've used before as a local proxy on windows intercepting http traffic (I also have a little bit of experience using burp, but also just with local stuff). It works on my phone capturing traffic but only for Chrome, I'm not sure why yet. Apps don't seem to capture any requests (tried several) proxied thru postman (I've installed the root ca of postman on my phone). I'm using a xiaomi phone if that matters at all (they can be a bit quirky when it comes to more technical stuff). All new ground for me but has this anything to do with certificate pinning? Other apps work with the postman proxy (however I can't capture anything in postman) , verisure however displays an error on the app saying it can't connect... Will try to figure this out. In the meantime if you have pointers for this noob in this field to look at and if you have time, I'd be greatful to learn ;)

persandstrom commented 1 year ago

I have managed to capture traffic using two different methods (both Android).

The first one is simple: Get an old device running an older version of android, I have a Nexus 5 with Android 6.0 and Charles can capture traffic from apps. I do not know at which version they added extra security.

The other option is a bit more complicated: Root an android, you can read more here: https://www.xda-developers.com/root/ Then install the Magisk addon: https://github.com/NVISOsecurity/MagiskTrustUserCerts I would suggest you to not root your main device.

There are probably other options as well, such as running an Android emulator instead of digging up old phones, but I have not tried that.

niro1987 commented 1 year ago

The way I have been monitoring traffic, is by installing mitmproxy on my windows machine. Run mitmweb from a command promp (run as admin). Edit the WiFi settings in your phone, adding the IP:8080 of the machine as proxy. Finally, install the mitm certificate on your phone.

rasmusbe commented 1 year ago

Oh, I found this issue now, it seems I'm having the same and I have posted my findiings including captured traffic in this issue https://github.com/home-assistant/core/issues/90534#issuecomment-1704254325