-
-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloud API firmware 2.x.x #25
Comments
Hey @koalazak! I'd like to help. Can you provide some instructions? How do I find the app id to run your snippet? I guess it's from the mobile app? Cheers |
I think you can use any string with that format. I get my app ID sniffing the trafic. |
OK, it seems to do something. Which is the relevant output? :) |
So i did run a start stop cycle through the cloud and got readable output from your script. Is this what you're looking for? |
the output is all the messages sent to the topic What im looking for is what message and what topic we suppose to use in |
Running this script, then triggering the bot via the official mobile app. When I start the script, the output ends with "undefined". |
One sec, I'm sanitizing the output. |
ok, you are looking the messages published by the mobile app or robot to that topics. that is what i get too. and using the |
So do you have some instructions to obtain them? I have a ton of JSON output. But only after triggering something via the official mobile app. |
you can start making a MITM attack to sniff the data between the official mobile app and the cloud, getting the mqtt packets and decode them. Google about MITM |
No TLS on that? No chance to reconstruct the command from something like this? |
yes, TLS on that. bypassing with |
Is there a way to trigger the cloud api when you're on wifi? I have a proxy running to monitor the traffic. |
Never mind, i isolated my networks, now it tries to go through the cloud. I see a message with the app id, i also get the cloud icon in the app. But now my roomba doesn't react when i press start. |
Reset everything, now the roomba reacts, but I don't see the commands in the proxy. Only the requests for mission history, login, etc. Will debug a bit more... |
Its like the start/stop commands are in other format not json, like raw mqtt packets, a few bytes... |
Make sure you are creating certs with a valid CommonName. |
but if you are seeing the mission commands and commands when you set preferences, there is no problem with the cert. |
Hmm, I used mitmproxy instead of sslsplit. I'm a bit too tired to read through how to use sslsplit right now. There should be a option to see raw tcp traffic in mitmproxy. I'm seeing the http traffic, but I'm guessing mqtt gets lost. |
I think i have a working setup now redirecting to sslsplit. A test port 80 request got logged. I tried redirecting 8883 but get no traffic. Any tips to debug the problem? |
OK, finally got a start message :) Can I send it to you by email? It's quite long. Seems like it came over an upgraded ssl websocket carrying mqtt. Theres the upgrade, some garbage (probably mqtt), then start message, garbage, pause message. |
yes sure. |
I got to a version mismatch. It seems to be a sequence number. The question is where from. |
well, that is a step forward! There is not in state object? |
version is in every message received:
you can parse all the messages and store the version to use in the next call. can you share your code? zaktu.x@gmail.com |
Will send it later |
Sent the log. Btw, sending the previous command without the version actually gets a valid reply. But the robot doesn't start. The message I sent was: |
Bam! Your working start command! :) |
nice! |
I actually got the robot to react with the last posted one. "start" for start and "stop" for stop. There seems to be some kind of problems with the timestamps though, as it will start over and over again. |
Yes, it seems to be important. |
oh crap, that works but the robot now is receiving the start command every second :p. |
Send the stop message. Same format. x) |
you promise that i can not get a loop of start AND stop commands now? :p |
I can't, but my hope is that a hard reset will be able to fix it. :) Let me try if the app is still able to start it. |
Actually it is in a start stop loop. I'm resetting mine. |
Yep, a reset fixed it. But that means we have to find out where to get the right timestamps. |
Or maybe it's not about the timestamps but some of the other parts of the messages. The messages in the app seem to contain more information. |
reset as 10 second the start button? |
Didn't try that. I used the "reset roomba" option in the app. But you have to pair it again. |
reset with 10 second start button doest work. but yes with the App. |
@iosdeveloper opened a new issue for that: #31 |
@Letier do you have any progress in the cloud api reverse engeniering? |
No luck. :( It works with the iOS app at the moment, but doesn't do anything when I send the signals. The reset option in the app is greyed out, so I have no clue if I got it stuck in a strange state again. |
Managed to reset and catch another conversation with the app. Saw the start message. But I'm suddenly not getting it to start anymore. And there seems to be all kind of state from my past trials saved. I'll need to find a way to clean it up. Posting via the snippet doesn't seem to work anymore. |
So the situation seems to be that you somehow have to switch between certain states. The following cycles work for me: { "state":{"desired":{"command":{"command":"stop","time":Math.floor(new Date()/1000),"initiator":"rmtApp"}}}} I'm not sure if clean is a real command. I just tried it and the robot started moving. |
I dont like that aprouch :p may there is another fancy way haha. If i dont foudn the way y just implement that in next version. |
Hi Guys, did you try to contact iRobot support to get some additional info? |
I dont believe they'd be of much help: |
Snippet doesn't work for me. I think it can be because I use fake APP_ID. Could you please share the correct one? UPD1 Please ignore. It does login with APP_ID IOS-88888888-4444-4444-4444-121212121212 UPD2 We should pass host parameter when create a DeviceClient. I changed this part:
|
Nice, are you trying to send commands with |
I use AWSIoTData.thingShadow instead of AWSIoTData.device to create the object.
When I set the 'desired' state to 'command' it doesn't appear in the shadow state but instead it acts on my device. |
Hi, I'm implementing ur library in C for an IoT School Project, https://github.com/roombavacuum/libroomba
Is that helpful to ur could implementation? |
will close this issue and reopen if start with the research again |
Hi guys,
I have almost everything ready to make the Cloud API possible:
But i dont found the correct
topic
andmessage
content to send basic commands likestart
orstop
.Anybody sniff that data? or has that data?
My sniff data is weired and malformed, i dont know if my sslsplit is showingme the info in the correct encoding. When I send a command with my phone over the cloud I see some bytes in the comunication but no one string like topic o json message.
can anybody help?
here is the working snippet:
The text was updated successfully, but these errors were encountered: