Open joszz opened 1 year ago
You are correct, the quotes "
are needed.
Do you have another user for your automations than you use for the app? In that case, can that user see the cameras in the app?
I'm currently testing with the same user as I'm using for the app. That user can see the cameras in the app, take pictures etc.
I'm not so well versed in python but if there's a way to provide you with some more details, let me know and I'll try to get more info. I'm willing to test/debug things, but clueless where to start.
The only thing I can think of is is to record the communication between the app and verisure backend. I use Charles proxy for this. Try to compare the graphql commands between the recording and python-verisure to see if there are any discrepencies.
Bit of a learning curve here :) I see that Charles proxy is only free on trial basis so I tried having a go with postman which I've used before as a local proxy on windows intercepting http traffic (I also have a little bit of experience using burp, but also just with local stuff). It works on my phone capturing traffic but only for Chrome, I'm not sure why yet. Apps don't seem to capture any requests (tried several) proxied thru postman (I've installed the root ca of postman on my phone). I'm using a xiaomi phone if that matters at all (they can be a bit quirky when it comes to more technical stuff). All new ground for me but has this anything to do with certificate pinning? Other apps work with the postman proxy (however I can't capture anything in postman) , verisure however displays an error on the app saying it can't connect... Will try to figure this out. In the meantime if you have pointers for this noob in this field to look at and if you have time, I'd be greatful to learn ;)
I have managed to capture traffic using two different methods (both Android).
The first one is simple: Get an old device running an older version of android, I have a Nexus 5 with Android 6.0 and Charles can capture traffic from apps. I do not know at which version they added extra security.
The other option is a bit more complicated: Root an android, you can read more here: https://www.xda-developers.com/root/ Then install the Magisk addon: https://github.com/NVISOsecurity/MagiskTrustUserCerts I would suggest you to not root your main device.
There are probably other options as well, such as running an Android emulator instead of digging up old phones, but I have not tried that.
The way I have been monitoring traffic, is by installing mitmproxy on my windows machine.
Run mitmweb
from a command promp (run as admin).
Edit the WiFi settings in your phone, adding the IP:8080 of the machine as proxy.
Finally, install the mitm certificate on your phone.
Oh, I found this issue now, it seems I'm having the same and I have posted my findiings including captured traffic in this issue https://github.com/home-assistant/core/issues/90534#issuecomment-1704254325
When I try to do an image capture from a camera, I first need to have a request id. When I try vsure [username] [password] --camera-get-request-id "[device_label]" ([device_label] I acquired through --cameras. It needs quotes I believe since there's a space in the label. Tried without quotes, and single quotes to no avail)
I get the following output;
{ "errors": [ { "message": "Request Failed", "locations": [ { "line": 2, "column": 3 } ], "path": [ "ContentProviderCaptureImageRequest" ], "data": { "status": 400, "logTraceId": "<retracted>", "errorCode": "CCCP_DEVICE_NOT_CLAIMED", "errorMessage": "Device not claimed" } } ], "data": { "ContentProviderCaptureImageRequest": null } }
what am I missing here or doing wrong? The capture is always allowed on any arm state. The output of cameras is;
{ "data": { "installation": { "cameras": [ { "visibleOnCard": true, "initiallyConfigured": true, "imageCaptureAllowed": "ALWAYS", "imageCaptureAllowedByArmstate": null, "device": { "deviceLabel": "<retracted>", "area": "<retracted>", "__typename": "Device" }, "latestCameraSeries": null }, { "visibleOnCard": true, "initiallyConfigured": true, "imageCaptureAllowed": "ALWAYS", "imageCaptureAllowedByArmstate": null, "device": { "deviceLabel": "<retracted>, "area": "<retracted>", "__typename": "Device" }, "latestCameraSeries": null } ] } } }