Believe it or not, I’ve never made (self-signed?) certificates for a domain I do not own. LetsEncrypt makes it look easy. I’m not sure how to properly make the subdomains work. Here is what the internet told me so far:
Full disclosure: This is for testing purposes only. I put all my barely updated security risk devices on a separate VLAN that cannot communicate with my main network, except for a single container, so I still need to make that proxy/relay work. I can’t have an open allow_anonymous listener on my main network because I’m paranoidafraid careful.
You don’t really need to fake the cloud garden domain (and id advise against it anyway), the devices don’t do any verification either of the common name, the SANs or the chain of trust.
In other words, as long as the server has a non-expired certificate, it’ll most likely work.
I am trying to setup a second Mosquitto broker (in a docker container) to get the MitM / DNS re-write approach to connect my Duux Edge Oil. I have setup a DNS re-write in my AdGuard Home DNS Server (this works). I see my device is also reaching out to collector3.cloudgarden.nl
My Mosquitto has the following configuration, but I can’t seem to get data from the Duux Edge Oil. I can access the MQTT via MQTT explorer on both 1883 and 8883. If I add 443 as a listener, I see a message I need to use netcap to bind a privileged port (443) to mosquito and can’t do anything.
Hope somebody can point me in the right direction. @KipK@Humvee@kimagure, sorry for tagging you but you seem to have some more knowledge on the MitM / DNS rewrite approach
@timothi , It espect to connect to MQTT server on port 443 with TLS enabled.
You either need to run mosquitto as root to bind to 443, or use netcap yes.
Or run mosquitto over a docker container, and then map the 443 external port to internal port of your choice.
Hi,
I recently purchased a relatively recent humidifier from Duux. The Neo. It is 2nd gen. I would like, as most people here, to integrate it locally in HA. It has the same MCU as shown in this thread multiple times.
See mine below:
I would like to flash the esp with esp home, with which I am relatively familiar.
However before I venture this way I would like know what to do once I have:
Soldered tty-USB to RX, TX, 3V, GND
Dump the original firmware
Try to reflash the firmware to ensure I have a possibility to go back
Flash esphome
Then… I would need guidance to know How to I reverse engineer the Esphome siwtch and other mode commands.
It has on/off, normal mode (Constant running at a given level) , auto mode (set point humidity at a given level), and three “speed” 1, 2, 3 for humidity exhaust.
Can anyone give a few pointers on how to go about that?
The Dnat redirect of mqtt to my broker seemed like the most elegant and less intrusive method, and I would be very comfortable setting up an mqtt generic humidifier in Ha but I am at a loss to set up a network device or whatever to redirect the humidifier packets. Not sure what tool to use or where to start… And the information available in this thread is not quite noob proof on network packet redirect setup.
To reflash the existing board, you’d need to know, or be able to capture the commands it sends to the secondary board then be able to replicate them with the ESPHome config; it’s doable but quite advanced.
The DNAT option requires no modification of the board or firmware, just needs to “advanced” network configuration. Essentially, you’d need to have a router with enough configuration to DNAT traffic from the DuuX to your MQTT server, it’s also fairly advanced.
The last, and easiest option which I think was also already convered here, is to use a DNS override; also requires a router (or more specifically a DNS) which allows overrides; you override the address(es) that the DuuX talks MQTT to by setting the IP it resolves to, to the IP of your MQTT server, and then make sure your MQTT server has a listener with TLS on port 443 to match.
I managed to get my Duux ThreeSixty 2 linked to HomeAssistant using ESPHome today. Thanks to @jkufner for the inspiration of using the M5NanoC6.
For the ThreeSixty, I cut off one end of the Grove cable and had to replace that with a JST-XH 2.54, also with power and ground inverted like how it was needed for the Whisper.
You can then use the following ESPHome configuration snippet.
Make sure you configure the other needed parts to your own requirements.
I did not, but it’s very easy to unscrew so I made you some.
The four screws are under the white sticker on the bottom, you can feel where the holes are by pressing around a bit on the sticker.I used a small knife to cut out the holes. For me one of the screws was right under the serial number so if you are gonna mess around, might want to take a picture of that before it’s ripped.
You’re going to find the original Duux control board (that’s been posted around here a couple of times already) also in this product.
Pinch/press the tab on the original JST to disconnect the stock ESP board
For the M5NanoC6, this is the cable you need to prepare. (!! the black and red wires are crossed)
It’s an official M5Stack Grove Cable. Cut off one side, and crimp it to JST-XH 2.54.
If you have never done this; you can find various assortment kits and criming tools on Amazon / AliExpress etc. for a couple $€.
There’s also plenty of Youtube videos explaining the process.
Then just insert the Grove side into the M5NanoC6, and the JST into the mainboard of the ThreeSixty.
I used a bit of tape to make sure the wires can not be pulled into the fan.
If you ever want to revert the device to be fully original, just screw it open again, take out your M5Nano and put back the original JST and screw it back together.
Thank you so much for the detailed instructions along with the photos, appreciate the time and effort you invested in this project itself and describing/documenting it for the community.
Hi,
This is to give an update, and hopefully help others get through it a bit more easily than I did. But I decided as recommended to go the MQTT redirect way.
I did the following:
set up a separate MQTT broker on my NAS using a container, TLS enabled with adequate certificates, listening on 443 as detailed by @Humvee and @hamido here and a lot more searching and failing online. Was the absolute hardest part for me.
setup an adguard home (HA Add-on), with DNS rewrite from the Duux device to the MQTT broker, as suggested by @timothi. That somehow worked flawlessly
Bridged the new TLS MQTT broker to my main HA MQTT broker. Best guide I found is here: Mosquitto MQTT Bridge-Usage and Configuration . But there are many other good ones. That was pretty easy having been through the step 1.
Once it is all publishing in HA MQTT, it is all clear.
Here is a typical JSON mqtt payload for the Duux Neo humidifier on topic “sensor/[MACADDRESS]/in”:
Set up a number of MQTTdevice and attached entities in configuration.yaml to integrate in HA frontend, based on example shown here by @csmale
Here is my input to yaml for those interested:
Great Post… Setup the DNAT using 443 → 8883 redirect on my Ubiquiti Gateway Ultra and manual tests (TELNET) looked hopefull, however nothing showed up in MQTT.
So I looked into my Pi-Hole to see if I could find this host collector3.cloudgarden.nl
However I couldn’t see any entry, so started to dig a little deeper.
Started a TCPDUMP on the router and monitored the DUUX traffic while operating the DUUX APP on my mobile phone and noticed frequent contact with:
ec2-35-156-44-172.eu-central-1.compute.amazonaws.com.8886.
Did I miss some information in this thread completely?
The AWS address is likely the loadbalancer address they’re using in AWS for their service, they’ll have their own network addresses pointing at them.
The fact there there is a number in “collector3” suggests there may be more than one. If I remember right, there was also something like api.cloudgarden.nl
What you’ll want to do is check your DNS for any lookups to sub domains of cloudgarden.nl and
I don’t remember if they had a hardcoded DNS in the DuuX, so you may either want to capture ALL DNS lookups, even those sent to remote servers like 8.8.8.8 etc as well as local ones, or, capture all requests to DNS ports. A good start is to assume they’re using plain old DNS and capture everything for port 53, the DNS port.
Stuck in the same situation. Have rewritten collector3.cloudgarden.nl and collector.cloudgarden.nl to my MQTT broker. These are the only addresses I can see from AdGuard Home. I simply added *.cloudgarden.nl now. With nslookup everything is properly forwarded.
In my docker I have changed 443 to 8883. I am able to directly connect on 8883. MQTT explorer successfully connects to 8883 with TLS enabled.
Seems like the only thing I can’t check / validate is if the certificates are working, I have used these steps here. This is where my knowledge runs out - anyone can share their way of creating the self-signed certificates?