I would venture that initial customer registration provides an encryption code based on your email address and/or the device code or unique MAC Address. Where is that stored, and can it be discovered as part of reverse engineering? Is the MAC address the secret code on the box? Don’t laugh, they often are!
Not sure the entire functionality of the TI CC1110 SOC chip is? Does it do all the input monitoring, encryption, and transmission, all on its own, or does it pass it to another chip on board? Can the data flow between the chips be monitored to see if it is in plain text, and decoded or emulated? What external devices or chips are connected to that chip?
Can the firmware be rewritten to provide the same functionality but with different encryption that is known for both ends? Use the same hardware, but re-flash it with different software you have control over, forever freeing you from their handcuffs.
What are the connections between the smarts and the actual pump? Is it simple relay on/off to the motor and heater via a relay or two, that is switched remotely via WiFi commands, plus a waterproof thermostat/temperature sensor, or some form of analog to digital conversion or pulse width control and current monitoring that can be done with simple cheap IOT devices as substitutes? Is it one way traffic, or does it also provide feedback? Cheap off-the-shelf items can replace all this functionality, and be easily integrated into Home Assistant.
What chips are on each board? A detailed clear close up photo of both sides of each circuit board is worth a million words. This should be your first priority to post this here. Make sure you respect any electrical connections are disconnected, and when you reassemble, be mindful of any waterproofing such as gaskets are well bedded in their initial location.
Does the TI chip expose a web site or JSON over WiFi or Ethernet to outside monitoring? What does running the data through
WireShark on port 80 for both TCP and UDP reveal? Any other secret undocumented ports being used?
How about the traffic flow between the pump and the Intellicenter? Is that easier to emulate in HomeAssistant, rather than go via the app in Wifi, and not 900Mhz from the TI SOC through your Monster device? Alternatively, how generic is the Monster device and can it be repurposed, or just entirely bypassed?
Advertising warnings the Monster app has robust encoding is a big red flag, and probably provides incentive for it to be cracked, if it hasn’t been done already. Do some deep searching in this area, as some of the things that make marketing excited may be simple things like bit flipping or byte reversal, with amusing lack of CRC checking of each message.
Don’t give up - a simple pump does not take a lot to make it smart - after all it is just a motor turning a vane to move water. You may be able to hack and repurpose the existing hardware, or a simple add-on ten dollar chip module such as an ESP32 may be all that is needed to make this work independently from the vendor, but integrate well with HomeAssistant
