thanks a lot… I also would like to use my oven and washing machine in HassIO
First step is testing / improvement the postman collection. Didn’t get much feedback for now ^^, please take some time to test on your devices, thanks.
1 Like
Hello,
Great job!
I owned a fridge, washing machine and dry machine.
I will try to see what we can get.
Thank you for the work you’ve done!
1 Like
Any feedback? I would like at least some confirmation that it is working on your side, or not. As I only tested with the one device that I have.
Hello Maxime,
You ve done very good job so far but i was not lucky to get my washing machine to work with.
can you please share a cnfiguration .yaml ion case that something is not going as to be.
thank you!
Hi, I try use postman and console but i get 404 errors. I got dryer and washing machine. With Api i get only 404 errors and locally I get only some long strings and my app is disconnecting from my account candy.
i downloaded Postman - please write step-by-step how to test…
1 Like
I tried your Postman setup and I get status and a long string of numbers and letters …how this can help you/us?
I got the same results.
I’m tring to retrieve the KEY (from already enrolled app) to decode all request and response
I’ve found the way to retrieve the KEY and decode all request and response! as soon as possible I will share the list of requests for all washer-dryer programs
2 Likes
Good job Paolinho! I am waiting for the good news!
These 404 errors are coming from an invalid link. Check api/v1//api/v1.
It has to be /api/v1/ only once…
I´ve got a used Hoover-Candy Washer, which is already registered in any account, so I cannot register it on the herokuapp-Server anymore. However, it is a machine with wifi-initial-setup. I sniffed the communication between app an washer during the setup. It is encrypted already with an initial-key like: http://192.168.1.x/http-config.json?encrypted=1&data=xxxxxxxxxxxxx (many hexadedimal bytes). I decoded these bytes using a known plaintext attack (knowing that ssid an password had to be in there). Now I have the new encryption key. More tests later…
This is what I got:
statusLavatrice":{
“WiFiStatus”:“1”,
“Err”:“255”,
“MachMd”:“1”,
“Pr”:“9”,
“PrPh”:“0”,
“SLevel”:“2”,
“Temp”:“90”,
“SpinSp”:“4”,
“Opt1”:“0”,
“Opt2”:“0”,
“Opt3”:“0”,
“Opt4”:“0”,
“Opt5”:“0”,
“Opt6”:“0”,
“Opt7”:“0”,
“Opt8”:“0”,
“Steam”:“0”,
“DryT”:“0”,
“DelVal”:“255”,
“RemTime”:“136”,
“RecipeId”:“0”,
“CheckUpState”:“0”
}
Should be enough to find a key 
Hi guys. Amazing job. I do not yet own a Candy branded device but the progress here would heavily influence my purchase decision (dishwasher + washing machine)
Also I wonder if they’re any good 
beyond the wifi part.
Anyway hoping to see if there was any updates since the last post in June. Thanks!
1 Like
Hi, could you tell me step by step the process for getting this data, please?
Thanks.
Is your machine already registered in the app? Do you know your IP-Adress? If it is, first of all do;
http://ip_of_the_machine/http-read.json?encrypted=1
then you will get the encrypted data. With this you can search in it with any tool for known-plaintext-attacks for any word I posted (“CheckUpState” / “WiFiStatus” / …), knowing that the key-length is 16. If you dont find a tool, you can post the encrypted data here, I can try to help.
Ok, thanks!!
I will try later. If I have any problem I will ask you again.
ok. I used a python script called xorknown.py on my linux machine. And remember: your encrypted data is hexadecimal, you have to convert it to ascii first, then use the tool. You will get the complete output and the key to decrypt it easier next time