Decoding the Authorization: Bearer with base64decode returns my email address, role, userid, and some other stuff.
yes, I saw that too and it expires after 24h. Unfortunately, thereâs not much we can do with this as we wouldnât be able to successfully sign them and because they expire, we couldnât just let integration user find one of their JWT tokens to authenticate their calls
Isnât that like oauth where you just have to submit for a new token for each call or every couple hours or something?
Did you manage to control your lock on Android Virtual Device routing your traffic via Burp?
I can only log in, locking/unlocking is not working, fails connecting.
It is. Since the token is valid for 24h, you can use it to authenticate as many calls as you want for the next 24h.
And this is obtained by the app in the /login call which tradditionally (at least in most of the apps I have worked on) is passed in clear text over HTTPS.
In this case, it appears we are passing a hash of what I can only guess it the username/password.
Come to think of it, it may be 2 hashes stuck together as the Server can make the difference between an existing account with an invalid password and a non existing account. So it must have a way to get the username by itself
Youâre quite right.
The lock beeps (as in itâs being talked to by the Cloud/Dongle) but the unlocking actually doesnât happenâŚ
Strange
Actually I lied, it can get that part working. (unlocking the lock AND logging traffic in Burp)
FYI my hope was to decode the BT so I wouldnât need the lockly hub at all which I currently donât have. So perhaps slightly different objective ;p
mate, I hear you but:
- I know nothing about BT communication and wouldnât know where to start
- It would require having your HA hardware being in BT proximity to your lock, which could be difficult for some
But yeah, also realise that this means reliance on a cloud which is meh
If you want to talk me through how you got to where you got to with your screenshot above (with bluetooth), I could take a look
I mean if you want sure, but I understand Iâm doing things slightly differently, and being on the HA forum, getting it to work with HA is the goal. So feel free to keep focused on that.
Iâve purely been grabbing the BT logs from my device into wireshark and also grabbing characteristics and services via python etc so that I can see if I can send some commands directly from any IoT type device.
Looks promising ;p
Then I might have some issues with my burp configurations. Looks like some certificates fail, since Iâm not able to log into play store either. I had to sideload the apk.
Sideloaded the app too. Didnât want to bother adding my Google Account to the Virtual Device
Did some sniffing with one of my rooted android devices and analyzing the dump with wireshark, I managed to find some recurring packets.
a1f2c3b4 2800 c6694a5b6926426b12666c34c3a9
a1f2c3b4 1900 0a22557d35ea49c30813e9b19dc7
a1f2c3b4 2800 c6694a5b6926426b12666c34c3a9
a1f2c3b4 1900 0a22abcd991f303f03601e56f30a
a1f2c3b4 2800 c6694a5b6926426b12666c34c3a9
a1f2c3b4 1900 0a22abcd991f303f03601e56f30a
a1f2c3b4 2800 c6694a5b6926426b12666c34c3a9
a1f2c3b4 2900 0a1e8612e2f6a1538f73123b3a01
could be the auth to your door and weâd have no idea? ;p
Ye I have no idea how to decrypt this stuff, or if its even possible.
I also noticed some reoccurring packets via the dump from my phone, especially when I did a an action 3 times in the app and was able to locate it in wireshark, but still canât figure out how to combine/decrypt the packets currently.
Just expressing my interest in this integration as well.
1 Like
Looking for answers myself.
1 Like
Sold the house and I left the Lock on the door. Bought an Eufy lock which is integrated in HA.