-
-
Notifications
You must be signed in to change notification settings - Fork 568
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No token in miio2.db after version 5.0.29 of MiHome app... #185
Comments
Could you check if there's another field which could have the token? Maybe they have done the same or similar as with the iphone app and encrypted it? Do you see |
There is content of miio2.db in JSON format (PRIVATE is private information, changed by me):
Finding of actual token in HEX or BIN representation in /data/data/com.xiaomi.smarthome, gave the only one result: some cache files contains HEX token in /data/data/com.xiaomi.smarthome/cache/smrc4-cache folder When downgrading to version 5.0.29, we can find actual token in miio2.db file again... |
I've installed 5.1.0 and I can confirm that. I've analysed the decompiled code and it seems that the token is no longer being kept locally, but instead it's being downloaded from the server on app opening. This can be observed when opening app after forcefully closing it. Previously, the device would show up immediately in the UI. Now it takes a moment, probably the app waits for the server response containing a list of devices, which contain tokens amongst other information. |
For few past days I've been playing around the communication between MiHome app and xiaomi servers. I've captured the traffic using the mitmproxy. The whole communication is using SSL so there's some setup required for the capture to work. |
Interesting findings, and it's very unfortunate that it's being made more difficult to obtain those tokens. Maybe we should add a note into the README file to warn about that. I'm wondering whether this change is done in the device specific communication part or in the main app. Can one downgrade the main app and regain the access, or will it be necessary to have an old version of the vacuum plugin available? To the cli tool with emails & password. The problem with such a cli tool would be that it needs to be updated regularly (assuming they want to block that way) depending on how they are blocking it. I'm not completely against it though. For cloud<->vacuum communication you may want to check https://github.com/dgiese/dustcloud - they have pretty much reverse-engineered it afaik. |
The change is at the main app level. Downgrades are possible now, but I wonder if they can somehow block it. For example they could make newer versions of plugins compatible only with newer app versions and disable access to older plugin versions for new installations. Regarding accessing the Xiaomi servers from the library, if the request could be made indistinguishable from those made by the app, then to block it Xiaomi would need to change something in the protocol, which in turn would require a new app version and immediate cut off of all their clients until they upgrade. But I partially share your concern, that's why I haven't yet disclosed the details of the protocol. Thanks for the link. I've been looking for some information regarding the communication between the device and the servers. I've seen that the protocol is the same but I don't know the token. But there's really nothing interesting in the payload anyway, when I look at the info on the linked page. BTW I see that Air Purifier Pro responds to miIO.ota, miIO.get_ota_state and miIO.get_ota_progress commands. It would be nice to capture the moment Xiaomi pushes the update and get the original firmware file like they did for the vacuums. |
Ok, I think it'd be fine to provide that functionality for fetching the tokens online (not just for the vacuum, but also for the other linked devices). It'd need finding out what type of requests the app is making (e.g. is there User-Agent and does it depend on version of the app or the OS behind etc.). I think they analyzed how the token for server<->device communication is delivered, but didn't pay much attention to it. Support for those commands is being worked in #153 - the same update procedure is apparently used for at least most of the other devices too, so that's why I started to implement it as a part of the |
Could you post and/or implement a PR for the responses from those? Looks like the vacuum responds only to |
@rytilahti Do you use the mihome app and could you provide the plugin (apk) of the vacuum cleaner? |
@syssi sure, let's discuss on discord. Looks like those commands work just fine now. |
have the same issue. Does anyone have any solution? I try to reset wifi configure and obtain the token. But it seems like after configure the wifi. The token will reset again. |
I found it easiest to get the token directly from the robot, with the modified firmware from the dustcloud-project you can simply login via ssh and do Here are the step-by-step instructions to get a rooted firmware: https://github.com/dgiese/dustcloud/wiki |
I was able to get the key to my lamp yeelink RGB
now I'm afraid of letting the children into my house, that they would not press 5 times on my switch, and do not restet my lamp) |
I got some private questions regarding the way Xiaomi app encrypts the communication with the Xiaomi servers. This is actually only one of the schemes. I've seen some other too, but didn't bother with them yet. The app sends POST requests to An RC4 key needs to be calculated first. The key is calculated using values of I hope the description is understandable. I've only focused on decrypting the traffic. I haven't worked on encrypting my own data and simulating the app. For that some other data is needed: for example the cookie, which is send as a request header - it needs to be obtained during a proper authentication, which is something I haven't been able to fully understand yet, as the app seems to be authenticating and authorising with multiple services. |
Has any progress been made here? I was under the impression that the lib was still working and bought one of those plugv3. I'd suggest to add a warning at the top of the README to mention that issue. |
Please downgrade the android app and retrieve the token. |
It's possible that way but doesn't sound like a good solution in the long run, I don't think iOS users can do that simply for example. Is there something that makes contacting the Xiaomi back end impossible or very difficult? I'll do some research here, it doesn't seem impossible but I might be missing something. As a first step, I'll push a PR with a warning in the README. Right now the documentation is lacking on the subject. |
Well, 3rd party apps such as the one from flole does contact the cloud, so I don't think they are trying to actively make it hard to do. A PR for the current situation sounds good, a separate "webdiscover" discovery module for fetching all the tokens from registered devices would be really useful in long term (which was also proposed by @yawor above). |
@rytilahti I though that maybe I'll be able to retrieve some info from the flole app, but their app doesn't connect to xiaomi servers directly. Instead it connects to flole's server, which probably does all the communication with xiaomi servers. |
In some respects the setup via flole's server, is worse than Xiaomi's
setup...
Nothing personal against Flole, but you are giving a unknown 3rd party
directly your userID/password without clarity/agreement how that is being
used and if that is safe
I would say we need an opensource implementation of the communication with
the Xiaomi cloud to indeed archive this
|
Unfortunately I won't have time anytime soon to look further into this. If anyone wants to try analysing traffic between the app and Xiaomi cloud, then the best approach is to use a mitmproxy software. It's written in Python and it can be used on different systems. |
Any updates on this? As mentioned in the docs of Home Assistant: https://www.home-assistant.io/components/vacuum.xiaomi_miio/#retrieving-the-access-token I've first tried to extract the token from the latest version which was installed on my phone. No token, so I've removed the app and downgraded to 5.0.30 but the app is continuously crashing on my OnePlus 3T. After multiple tries I finally managed to login but my devices where gone. Tried to re-add them but it's impossible to add a new devices. No devices are listed. |
Nevermind, came across this post: https://community.home-assistant.io/t/for-those-who-cant-find-the-xiaomi-vacuum-token/74631 so I downloaded 5.0.19 instead of 5.0.30, logged in and after a restart my Vacuum was visible. Repeated the steps and got my token. |
I was able to retrieve it the same way, however I cannot update to a new er
version of the app. Any ideas?
Op di 23 okt. 2018 23:02 schreef Roy Duineveld <notifications@github.com>:
… Nevermind, came across this post:
https://community.home-assistant.io/t/for-those-who-cant-find-the-xiaomi-vacuum-token/74631
so I downloaded 5.0.19 instead of 5.0.30, logged in and after a restart my
Vacuum was visible. Repeated the steps and got my token.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#185 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/Abw-nq1RqVMBIgrxFKyOcQDXj6HFtrwxks5un4PygaJpZM4Rvc_->
.
|
Uninstall the old version of the app and install the one new one afterwards (play store). |
Here's what I did for
|
Thanks for your reply, now I discovered another problem. When using the
tool on my phone to retrieve the code it discovered the encryption and
tried to lock the backup with a password. This is not working. Is it
possible the robo vacuum to share with other users/phones/tablets?
…On Wed, 24 Oct 2018 at 07:33, Sebastian Muszynski ***@***.***> wrote:
Uninstall the old version of the app and install the one new one
afterwards (play store).
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#185 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/Abw-nrSAcgKV2joYNpx1-BVC4fvLgA_pks5un_vAgaJpZM4Rvc_->
.
|
It does not work with the latest Mi home app version |
You can try downloading an older version from another app store or google for the apk |
Python code to encrypt/decrypt request body for MiHome HTTP Api with RC4 encoding.
Sample of output:
|
Newer versions of iOS Mi Home App do not send |
You can do a install of openhab and get the token from the cloud. |
Actually I do have a token. Also seems like new versions only send |
Which device model you search the apk URL? |
I'm searching for |
zhimi.airpurifier.v6-1.4.3_910 |
Please email to neanton at gmail com, and thanks in advance |
it is send. Succes |
Can you explain a little bit, perhaps here, how do you get the bin file? |
@gelonsoft thanks for the code! How can we use this code to decode also the response??
|
I suppose this can be closed now. The newest release added support to obtaining the tokens from the cloud (#1460) using micloud package (https://github.com/Squachen/micloud/) which might be interesting for anyone looking into how to communicate with the cloud interface. |
In versions 5.0.31+ there is empty field
token
inmiio2.db
file.They change something in application.
An investigation is required.
Tested on Mi Robot Vacuum Cleaner (1st generation)
The text was updated successfully, but these errors were encountered: