Appologies for bumping this topic but i’ve taken a look into this,
for what i can tell it’s not possible.
i did a MITM attack and could see it settings up a connection to ‘https://account.groupeseb.com/services/oauth2/token’ to get the user account information and an API key. From then it gets it’s information of “https://sebplatform.api.groupe-seb.com:443”
I can read the https payloads as long as it goes about the user information, but when I send a vacuum request like ‘localize’ or ‘start’ then it receives 3 RSA public keys from ‘https://account.groupeseb.com/id/keys’ and they encrypt the payload before sending it over a websocket to a MQTT server of AWS.
https://(ENDPOINT)-ats.iot.eu-west-1.amazonaws.com:443/mqtt?
more info
(Device communication protocols - AWS IoT Core)
MQTT over WSS wss://iot-endpoint/mqtt
there is no internal traffic registered between the app and the vacuum, it all goes through the cloud MQTT server. It’s a closed api and as long as we don’t have the private key we won’t be able to decrypt those payloads.