Dishwasher - Candy simply FI - CDI 6015 WiFi

Feature Requests
141

Did you sniffed traffic of device(dishwasher, oven, etc…) or of smart phone(where you have installed candy app)?
Moreover I think that the trafic run on https from/to server. How did you do to decryp this trafic?

142

The app can talk to the remote server using https. But if it can, it will talk directly to appliance using http, encrypted with the custom method that is described in this topic. You can sniff the trafic anywhere between the appliance and the smartphone.

If you want to decrypt the trafic to the remote server its possible if you have a rooted device (either a real phone or the emulator) to install a.custom certificate and using mitmproxy on a computer.

143

Hi guys could anyone help me get my key? Not used VS before and cant get it to work. Copied the C++ code but cant get it to run.

Thanks Steve

1A616468461E170210111A2D3E07180A4356156C6E646A413710081D06310224084E5443554F4F6E6E6D604B2A090F0B02092B1316021106465E4B2C5944476F6B656743371902170B203E081A0E495843594C4D69676A6A46290C1D08250A10080F01435E4F53414869636060443816001E1A32100213415E46594B456B616B684E3A1301040D360A0B4B534B56494E6C6667684628000C465E4B594B4A666868654C311602041105094B534B3653404D6164686D4F261B1016082D1B1F4958435C4C4D69676A6A462B190C0722040D13231E154657415346486463606F492604000F18371902111046534B5944476F6B65674336080E370D090C4B53445A5B514E426C6E646A41290D1A1A3A07071643564C5046416E696D6D4B240015183008021D044657415346486463606F492D110900250B0211415E46584B456B616B684E3C04170817415E46594B456B616B684E2D09010E08361446534B5944476F6B656743165C415946574B45646C626B431E5C435E4F5641486963606044195143564C5346416E696D6D4B1B5D445140504E426C6E646A4116514B534B56494E6C666768461F55415E46584B456B616B684E1C564657415046486463606F4910594E5443544F4F6E6E6D604B1B5F495843223B2D284F4F6E6E6D604B1B575E405B4E5F4369676A1E696E14

144

hello, how do i find the ip of a connected candy washing machine? I can’t find it in the router ip of the connected devices

145

I can’t get the key from my Candy Dishwasher (Model: CDPN 1L390PW). I am getting the following error:

./simplyfi IP.IP.IP.IP getkey
## Candy Simply-Fi tool by Melvin Groenendaal ## 
error: find_xor_key_list, could not find key

Also, the Curl alternative gave me the following reply:

curl -s http://10.10.10.249/http-read.json?encrypted=1 | xxd -r -p
C=_~@U8: _1#dUezGEnQR)R}B';ovE6eUz@>1(0&MhX}@~o44W#TWoUyUaAmz\Ue+ELc!9UwnWQyz<~ClB0'"##EIwG[G=19w2*ovECw[;}C>`'.,!EIw'Uf:29\U
                                                                                                                             9>7'MhX}@~o;3Y8xHDwMkGo`jy\~3/[YI(9n]QeUz@>1$#$!QoUUf:29\U>?49MhX}@~o�&%_9R
wGk[@Fnzw8F$sW_'UsU|nK~_~?URKU!UsU|nK~_~?U      _]S>"9UwnWQyz<~CJwMkFo`jy\~xgUezGEnQ'DMhX}@~o>SQoUUf:29\U;BovEBw[;}C>BcUsU}nK~_~?U8�
wDk[@FnzwUp     yzC~DnJwM9{tyzC~DnB`U
                                     U{5:\

And if I try to get the key from the reply, nothing happens:

./xorknown.py ./crypted.txt '{"status' 16
Searching XOR-encrypted ./crypted.txt for string '{"status' (max_key_length = 16)

I already double-checked the Dishwasher IP address and tried with in another Linux box.

Any ideas or suggestions?

147

I implemented a simpler solution to recover the encryption key from an answer from an appliance. It doesn’t need to know a string from the plaintext, so it should work in more case.

  1. Go to https://www.online-python.com/pm93n5Sqg4
  2. Replace the “put the encrypted answer here” text with your encrypted answer in hexadecimal (no need to use the xxd command)
  3. Click on the green “Run” button.
  4. The key found will appear in the output below the “Run” button you just clicked.
2 Likes
148

Hi, what productline does this work with? I have just got a ‘candy smartpro’ and all 65K ports on its IP are closed

149

I don’t think this has been clearly established. I would guess most of the “simply-Fi” model with Wifi (at least one of the candy smartpro is a “simply-Fi”).

It easy to make them fail when you send a little bit too much traffic. Your port scan may have temporarily “killed” it.

I would suggest that you unplug the appliance, wait a little bit, re-plug the appliance, wait for it to connect to your wifi, and then try a single request (curl -v 'http://aaa.bbb.ccc.ddd/http-read.json?encrypted=1' ) and see if it respond.

Another think to check is what traffic the appliance send. The best is if you can intercept all the traffic to/from the machine. And then inspect this traffic in Wireshark,

Otherwise, If you can edit the value that you dns server answer, you can try to redirect simplyfimgmt.candy-hoover.com to your machine and see if you receive any traffic,

1 Like
150

“0 keys to test”

Here’s my “curl -s http://10.10.10.249/http-read.json?encrypted=1” anwser. Thanks :slight_smile:

313A323977043D16393914370216451F680D433D5F7E40551E3806073A205F31231502126555657A47456E511618521E29527D4227183B126F76453665551A7A403E31120603280322083012261F144D68051A1C587D407E6F01020734345705235457126F55795561416D7A5C5565032B454C6321183955776E5751797A3C7E43156C42301E2722232345497747145B473D313977322A186F764543775B3B7D433E1A6027182E052C21454977270455663A32395C550C0F393E0637270E144D68071A1C587D407E6F0317163B33591838784844774D6B476F606A795C7E14332F5B594906032805396E5D5165551A7A403E311207122423242102516F5507447A15143D5F7E40550025140006165A03680D1A01775B447D4445453E3C04452523594B55774D6B476F606A795C7E14383A5256743A183B55776E5751797A3C7E43156A5526123D55776E5751797A3C7E43157B58301422223D6E5D5165551A7A403E311227466B4D6F7D455F587D3F7E68450A126F55795561416D7A5C554444680D1A02775B447D4445450161550C557B15143D5F7E40553F7945497747145B473D313977057F55776E5751797A3C7E43154A07774D6B446F606A795C7E1405721502126455657A47456E51274E144D68796D7C1955657A47456E512746035570150912587D400A40461A

151

Your key is J780UwIwMLgsUw6w

I will update the script and update the url in my post

1 Like
152

Thanks. That was fast!!!

However, now I am having issues communicating with the dishwasher with the HACS integration:
Retrying setup: Error communicating with API: KeyError('OpzProg')

But it shouldn’t be the key because I can get replies:

./simplyfi 10.10.10.249 J780UwIwMLgsUw6w read
{
        "statusDWash":{
                "StatoWiFi":"1",
                "CodiceErrore":"E0",
                "StatoDWash":"2",
                "MetaCarico":"0",
                "StartStop":"0",
                "TreinUno":"0",
                "Eco":"0",
                "Program":"P5",
                "ExtraDry":"0",
                "OpenDoorOpt":"0",
                "DelayStart":"0",
                "RemTime":"120",
                "MissSalt":"1",
                "MissRinse":"0",
                "OpenDoor":"0",
                "Reset":"0",
                "CheckUp":"0",
                "r1":"2",
                "r2":"0",
                "r3":"2",
                "r4":"1",
                "r5":"0",
                "r6":"0",
                "r7":"3",
                "r8":"1",
                "r9":"NULL",
                "r15":"1"
        }
}

./simplyfi 10.10.10.249 J780UwIwMLgsUw6w config
{"response":"SUCCESS"}

And the getStatistics doesn’t give any reply.

153

This is a bug in the integration. I implemented a fix. You find the fixed version on https://github.com/dzamlo/home-assistant-candy, and the change on https://github.com/dzamlo/home-assistant-candy/commit/7e69c4a2cb294e1b761fab579e59aab37b172ca8

But I didn’t test it. Can you try it before I make the necessary work needed before proposing the changes upstream?

154

Sure, give me a minute.

155

It works. Thanks.

image

156

Thanks for the link now able to get a key. But am getting this error in the intigration any helpfully advise? Thanks

Retrying setup: Error communicating with API: KeyError(‘OpzProg’)

157

i have install candy simply fi in hacs, restart and go in integration add new integration but Candy is impossibile to find… i have disinstall all and reinstal but same problem

158

Thanks to the info in this thread I build an overcomplicated solution for my wahser.

Mandatory YMMV

  • calling curl -i 'http://<ip>/http-read.json?encrypted=0&ENCRYPT_KEY=%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00' (got {"response":"BAD REQUEST"}) I succesfully disabled the encryption
  • using my local dns server (I use adguard) I redirected all local calls to simplyfimgmt.candy-hoover.com to my local Home Assistant / Node Red server
  • in Node Red I created a flow listening on /api/av1/listen.json for calls from the washer with a bit of work to have a meaningfull state and the right spin number (just append 00 to SpinSp) and put everything in an home assistant entity

I think I lost the ability to control the washer from the app but I never used that feature so no big deal for me.

Not sure if someone is willing to try this way but you only need to ask for more details :wink:

1 Like
159

I made a custom component instead of using Node Red:

This is shitty code I made for myself, don’t expect it to work for you without modification.

@Edo78 : you may be interested at the code to get the status of the washer (the code is for a washer-dryer, but its likely to be the same/very similar for a lot of washer and washer-dryer):

and

1 Like
160

I got the statuses from a previous post of yours :+1:

161

There is someone who have problem with Hoover (Candy) dishwasher?

In HA have setup rest sensor but

After few minutes i can ping my dishwasher but the curl http://192.168.1.150/http-read.json?encrypted=0

Response: Connection refused

If i turn off and on my dishwasher the curl return to work good