You are correct. On my phone I only captured packets to the server.
To control locally it would need extra steps to capture the packets from the server to the machine, rather than the outbound packets from the mobile app. Something like Kismet or wireshark could be used to intercept these packets.
I am not sure where it is going wrong beyond it being line 25 giving an error. We would need to see a copy of the full code to work it out.
It looks like you are trying to find your encryption key from the hex data, if this is the case you could try the CandySimplyFi-tool from the integration documentation.
Alternatively you could use xorknown.py from: @Alamot.. This can help guess the key and then can be used to decrypt with a known key.
Following up on my post from 18 months ago in case there are any new developers looking at this thread.
Im amazed that nothing further has happened with the automation of these integrations.
All you need is to take the command in an encrypted format such as
Selettore=2&Program=3&TimeProgr=60&RecipeId=NULL&RecipeStep=0&StartStop=1
Then encrypt it using the encryption key and Xor which gives you a value such as
2b1d141d0c0c170a1d454a5e280a171f0a1915454b5e2c11151d280a171f0a454e485e2a1d1b11081d311c45362d34345e2a1d1b11081d2b0c1d0845485e2b0c190a0c2b0c17084549
(I used xxxxxxxxxx as the encryption key)
This just needs calling then via a shell command such as;
shell_command:
oven_top_grill_60: /usr/bin/curl 'http://192.168.1.90/http-write.json?encrypted=1&data=2b1d141d0c0c170a1d454a5e280a171f0a1915454b5e2c11151d280a171f0a454e485e2a1d1b11081d311c45362d34345e2a1d1b11081d2b0c1d0845485e2b0c190a0c2b0c17084549'
Im currently doing this manually using https://md5decrypt.net/en/Xor/ (Type is Text/Hexadecimal) but amazed someone hasnt bundled this up into an integration where we can select the TimeProgr (Length of program) and Selettore (program) to control devices remotely.
Thanks
Hello,
Someone can explain all this fileds what means?
{ “statusLavatrice”:{ “WiFiStatus”:“0”, “Err”:“0”, “MachMd”:“5”, “Pr”:“3”, “PrPh”:“0”, “PrCode”:“8”, “SLevel”:“0”, “Temp”:“40”, “SpinSp”:“14”, “Opt1”:“0”, “Opt2”:“0”, “Opt3”:“0”, “Opt4”:“0”, “Opt5”:“0”, “Opt6”:“0”, “Opt7”:“0”, “Opt8”:“0”, “Opt9”:“0”, “Steam”:“0”, “DryT”:“0”, “DelVal”:“435”, “RemTime”:“3540”, “RecipeId”:“0”, “Lang”:“0”, “FillR”:“0”, “DisTestOn”:“0”, “DisTestRes”:“0”, “CheckUpState”:“0”, “T0W”:“0”, “TIW”:“0”, “T0R”:“0”, “numF”:“0”, “unbF”:“0”, “unbC”:“0”, “NtcW”:“179”, “NtcD”:“9”, “motS”:“0”, “APSoff”:“0”, “APSfreq”:“62500”, “chartL”:“157242” } }
In particolar i need to know if i can extract the time remaining for clean filter like this image from the app
I don’t think machine keeps track of this information, it’s most likely calculated by the app itself based on statistics from the /http-getStatistics.json?encrypted=1 endpoint
Anyway here is a bit more information about the fields from what I gathered on my washing machine.
Pr = Selected program
WiFiStatus = Remote control enabled
Temp = Temperature
SpinSp = Spin Speed
FillR = Fill percent
PrCode = Program code
MachMd = Machine state
PrPh = Wash program state
RemTime = Remaining time
SLevel = Soiling level setting 1-3
Opt1 = Prewash setting
Opt2 = Hygiene Plus setting
Opt5 = Extra rinse setting
Steam = Steam setting
Lang = Language
CheckUpState = Self-test
NtcD = Door state
Has anyone had any luck remote starting a Hoover H-Dish 300 dishwasher ?
I was able to sniff and decode the packets that the Wizard app sends to the machine but when I send the exact same encrypted requests using my browser/curl the machine does nothing even though it returns a “successful” message.
Nevermind, on my initial capture I was only seeing the parameter as “Start” and it needs to be “StartStop=1” to initiate a program.
If anyone else has the same Hoover dishwasher here are some of the commands to start the different programs. You’ll need to send a http-write request: http://[Dishwasher IP]//http-write.json?encrypted=1&data=[encrypted program command]
You’ll need to encrypt the commands below using your machine’s encryption key.
Pre-wash: DelayStart=0&ExtraDry=0&OpenDoorOpt=0&TreinUno=0&Program=P12&MetaCarico=0&OpzProg=0&w1=4&StartStop=1
Intensive 75C: DelayStart=0&ExtraDry=0&OpenDoorOpt=0&TreinUno=0&Program=P2&MetaCarico=0&OpzProg=0&w1=1&StartStop=1&
Universal 60C: DelayStart=0&ExtraDry=0&OpenDoorOpt=0&TreinUno=0&Program=P5&MetaCarico=0&OpzProg=0&w1=2&StartStop=1&
Eco 45C: DelayStart=0&ExtraDry=0&OpenDoorOpt=0&TreinUno=0&Program=P8&MetaCarico=0&OpzProg=0&w1=3&StartStop=1&
Total Care 50C: DelayStart=0&ExtraDry=0&OpenDoorOpt=0&TreinUno=0&Program=P13&MetaCarico=0&OpzProg=0&w1=5&StartStop=1
Stop: Reset=1
For the different options that you have available on each program you can change the “OpzProg” parameter. I’ve figured out these ones for now:
3-in-1 only: OpzProg=8
3-in-1 and half-load: OpzProg=10
3-in-1 and extra-dry: OpzProg=9
3-in-1 and eco: OpzProg=12
Hi @mmart how can I sniff the msgs that my app sends to the washing machine? I have a Candry Brava washing machine. I’ve been able to get the status of the machine by doin http://[MACHINE_IP]/http-read.json?encrypted=1 and then decrypting it and shows something like this
{
"statusDWash":{
"StatoWiFi":"0",
"CodiceErrore":"E0",
"StatoDWash":"3",
"MetaCarico":"0",
"StartStop":"0",
"TreinUno":"1",
"Eco":"0",
"Program":"P16",
"ExtraDry":"0",
"OpenDoorOpt":"0",
"DelayStart":"0",
"RemTime":"95",
"MissSalt":"0",
"MissRinse":"0",
"OpenDoor":"0",
"Reset":"0",
"CheckUp":"0",
"r1":"5",
"r2":"2",
"r3":"2",
"r4":"1",
"r5":"1",
"r6":"1",
"r7":"4",
"r8":"0",
"r9":"NULL",
"r15":"1"
}
}
arg names are quite similar to yours. I need to sniff the msgs sent from my app to replicate in automations
Some very smart people on this thread, I’m wondering if anyone has got this working with HomeBridge?
Oh wow
did you ever figure it out?
sorry…my first post here. A tale of woe.
This law (The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 ) kicked in recently…which forces IoT vendors to make stuff secure…no default passwords etc.
In the EU, Hoover (Candy…) decided that instead of fixing whatever was going on with their esp32 code, theyd rather just remove that feature…no we can no longer add certain products to the app, but existing products continue to function. I found this out when changing ssid, and removed the tumble dryer form the app, then went to re-add it. A temporary workaround was to set my location to e.g. USA, and it worked for a bit, but seems they require location to be on (android) and they blacklisted the thing again. Additionally, I swear I cant even get the tumble dryer to go into BLE mode (set dial to wifi, push/hold delayed start…BLE should appear on the menu).
Sigh.
Ive always knows theres an esp32 in there, somewhere. I’m at the point where I feel like ripping it out and writing my own controller. But if theres any EU/Uk folks here who can relate and have figured out how to get it to BLE mode, let me know. Theres some code further up the thread to spoof the app enrolment, and maybe we can then get it online and control via HA.
I have forked from [MelvinGr/CandySimplyFi-tool] and update de bin for windows.
I was finally able to get the key.
