Unfortunately it seems, that this g-homa hack is not working anymore.
G-homa denied the old HTTP connections, so now the old versions of g-homa app is useless for gathering passwordhash and deviceID (all requests including the login are rejected by “connection expired” message), so now you have to capture and decrypt HTTPS requests, what is much more difficult - I had to root my bluestack and install root certificate of my Fiddler HTTP proxy to do this.
Also for HTTPS connection, there’s completely another “protocol” used, so the CURL scripts are not working anymore. The old one sends data by POST in XML structure, but the new one uses JSON, and also credentials are sent in one hash (accessToken) only. Now I'm not sure, if this token is constant, or it's calculated everytime in some previous HTTPS handshake from username and passwordhash.
I’m not expert for building curl messages (definitelly I'm not the dev guy), so maybe you can help me to do it, there’re the captured JSONs for switching ON and OFF:
For switching ON: {"body":{"accessToken":"th.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-xxxxxxxx-xxxx-xxxx-xxxx-XXXXXXXXXXXX","command":{"deviceNo":"XXXXXXXX-xxxx-xxxx-xxxx-XXXXXXXXXXXX","action":"1","key":"0","value":"1"}},"system":{"ver":"1.0.0","sign":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appKey":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","time":"1610475146","clientSys":"android-7.1.1","appVer":"3.0.24","clientModel":"OnePlus ONEPLUS A5000"}} For switching OFF: {"body":{"accessToken":"th.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-xxxxxxxx-xxxx-xxxx-xxxx-XXXXXXXXXXXX","command":{"deviceNo":"XXXXXXXX-xxxx-xxxx-xxxx-XXXXXXXXXXXX","action":"0","key":"0","value":"0"}},"system":{"ver":"1.0.0","sign":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appKey":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","time":"1610475146","clientSys":"android-7.1.1","appVer":"3.0.24","clientModel":"OnePlus ONEPLUS A5000"}}
Unfortunately it seems, that this g-homa hack is not working anymore.
G-homa denied the old HTTP connections, so now the old versions of g-homa app is useless for gathering passwordhash and deviceID (all requests including the login are rejected by “connection expired” message), so now you have to capture and decrypt HTTPS requests, what is much more difficult - I had to root my bluestack and install root certificate of my Fiddler HTTP proxy to do this.
Also for HTTPS connection, there’s completely another “protocol” used, so the CURL scripts are not working anymore. The old one sends data by POST in XML structure, but the new one uses JSON, and also credentials are sent in one hash (accessToken) only. Now I'm not sure, if this token is constant, or it's calculated everytime in some previous HTTPS handshake from username and passwordhash.
I’m not expert for building curl messages (definitelly I'm not the dev guy), so maybe you can help me to do it, there’re the captured JSONs for switching ON and OFF:
For switching ON:
{"body":{"accessToken":"th.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-xxxxxxxx-xxxx-xxxx-xxxx-XXXXXXXXXXXX","command":{"deviceNo":"XXXXXXXX-xxxx-xxxx-xxxx-XXXXXXXXXXXX","action":"1","key":"0","value":"1"}},"system":{"ver":"1.0.0","sign":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appKey":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","time":"1610475146","clientSys":"android-7.1.1","appVer":"3.0.24","clientModel":"OnePlus ONEPLUS A5000"}}For switching OFF:{"body":{"accessToken":"th.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-xxxxxxxx-xxxx-xxxx-xxxx-XXXXXXXXXXXX","command":{"deviceNo":"XXXXXXXX-xxxx-xxxx-xxxx-XXXXXXXXXXXX","action":"0","key":"0","value":"0"}},"system":{"ver":"1.0.0","sign":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appKey":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","time":"1610475146","clientSys":"android-7.1.1","appVer":"3.0.24","clientModel":"OnePlus ONEPLUS A5000"}}These messages are sent to https://rc.g-homa.com
Definitelly my environment for capturing is set up now, so I'm able to capture more, if needed.