Hi. I have some ProWarm thermostats, which are white label Tuya products. They do not use the Tuya or SmartLife apps, but have their own custom app (called ProTouch).
I used to use them after obtaining the secret local keys using the man-in-the-middle technique, but that has now been blocked by Tuya. Official Tuya devices can be accessed from the Tuya IoT website, but that doesn’t seem to have support for white labelled products (or maybe I’ve missed it).
It’s just the secret local key that I need. For the white label ProWarm devices that haven’t had to be re-paired since Tuya blocked the man-in-the-middle technique, I have the secret keys and those devices work fine with LocalTuya.
Anyone have any ideas?
The obvious way for this to work would be to associate the ProTouch app account in Tuya IoT platform, but I tried that and that doesn’t work.
Just to answer my own question, it turns out that unlike Tuya, Prowarm haven’t blocked access to the man-in-the-middle technique. I’d assumed that they had done. So I’m up and running with LocalTuya, though somewhat at risk if I ever need to re-pair again.
We’re struggling with the same issue over here, with regard to Wood’s Air Conditioners.
Unfortunately, they’ve blocked access to MITM, so I’m currently stuck.
If I were you I’d invest £20 in an Echo device. If you don’t like the idea of it, you could leave it in its box, but it would buy you access to the Alexa eco-system. If you can integrate your AirCon with Alexa, then you can use Alexa as a proxy to carry out command initiated by the HA system.
The whole home automation game is about finding paths through which one can control obscure devices.
1 Like
Please could you elaborate on how you can obtain these keys from the prowarm app?
Any resources you can share?
1) On a Linux system (e.g. Raspberry Pi), install the following:
a. sudo npm I @tuyapi/cli -g
b. sudo npm anyproxy -g
2) To create a man-in-the-middle attack, first generate a certificate like so:
a. sudo anyproxy-ca
3) Now start the man-in-the-middle like so:
a. sudo tuya-cli list-app
4) This will generate a QR code in the terminal, which you should scan to download the certificate to an Android phone
5) Install the certificate as a trusted certificate in the certificate store of the phone
6) Now set up the phone's wifi connection to go through a proxy, with the proxy ip and port being reported by the man-in-the-middle software started above.
7) Now go to ProTouch app, and show the devices. This will cause the device ids and local keys to be printed in the terminal.
8) Write down the data, and remove the certificate from the phone and stop proxying the connection on the phone.
9) You're done!
2 Likes