Page 1 of 7
Midea/Inventor (and other brand) Air Condition API
Posted: Saturday 21 May 2016 16:36
by korniza
Hi gyus,
I have a AC which came with a wifi module. It can be controled by mobile app but there is not web interface so to get some interfacing with domoticz.
sniffing from my mobile device the connection I found that have some kind of API with Amazon. I tried to understand how the mechanism works but it was not on my level (notice).
I can understand that it perofrms a login using the following
Code: Select all
POST /v2/user/login?appId=1000&client=1&username=homeac&authCode=&appId=1000&src=0&stamp=20160521130119&format=xml&sessionId=&apcInfo=0&sign=9A047A4140F59363FA669D2218861D15&sign1=0FC88CC6E380EC746F13B6109A9D2330 HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.0; SM-G900F Build/LRX21T)
Host: app.v2.appsmb.com:8188
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
After that I m totally lost to understand the stream. Does anyone have any experience with Amazon API? I think I have the control of my AC in front of my eyes but I'm so "blind" to build the script.
I attached the sniffing files if someone likes to get some idea.
Thnaks, Zac
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Sunday 22 May 2016 23:13
by korniza
looking around to find a way to control my AC, i found httpie. It looks like a easy way to build a script. If you like take a look on
https://github.com/jkbrzt/httpie. It has a nice guide.
But still I m lost in translation! help required guys!
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Thursday 26 May 2016 22:03
by korniza
any help guys?
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Friday 17 June 2016 14:59
by LouiS22
Hi,
I've decompiled the original Midea Air apk,
https://www.dropbox.com/s/fludol5rk3ax1 ... X.zip?dl=0
The interesting part is in com.example.mideaoem.api, bunch of urls to play with.
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Sunday 26 March 2017 14:47
by onkelfu
Did you come any further on this? I'm also trying to send commands to my midea ac. thanks a lot!
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Sunday 26 March 2017 17:08
by LouiS22
onkelfu wrote:Did you come any further on this? I'm also trying to send commands to my midea ac. thanks a lot!
No, I put this on hold. But if you find anything useful, feel free to share it
AC season is coming!
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Sunday 26 March 2017 17:25
by onkelfu
I will share if I find something useful. At the moment I did a wireshark capture between the app on the iPhone and the AC. But I'm not sure what to do with the captured data. Sending the data to the AC via telnet doesn't work. I think there has to be an authentication first.
I also wrote Midea support but three mails, three times no answer about that.
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Sunday 26 March 2017 17:28
by LouiS22
onkelfu wrote:I will share if I find something useful. At the moment I did a wireshark capture between the app on the iPhone and the AC. But I'm not sure what to do with the captured data. Sending the data to the AC via telnet doesn't work. I think there has to be an authentication first.
I also wrote Midea support but three mails, three times no answer about that.
They won't
I've tried to get the API many times, without luck.
What I found is the web interface is in fact in amazon's cloud service, and the commands are sent via JSON.
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Sunday 26 March 2017 17:30
by onkelfu
There is amazon's cloud on the one hand but with the app you are also able to use "local" access without internet connection. It's only between the app and the AC. That's why I hoped that this would bring me further by capturing the traffic.
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Sunday 26 March 2017 17:32
by LouiS22
onkelfu wrote:There is amazon's cloud on the one hand but with the app you are also able to use "local" access without internet connection. It's only between the app and the AC. That's why I hoped that this would bring me further by capturing the traffic.
Ah I see your point. But when I started investigating, my goal was to control the AC from Domoticz
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Sunday 26 March 2017 17:39
by onkelfu
I have a loxone home automation and want to control the AC (got three of them). Loxone is a small locally installed server that is able to send TCP, UDP or HTTP commands. So it should nearly be the same way of getting it working with loxone as getting it working with domoticz.
Anyway, I contacted some of the developers of the Midea apps listed in the app stores. Maybe somebody is going to share some information with us
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Thursday 30 March 2017 0:12
by korniza
onkelfu wrote:I have a loxone home automation and want to control the AC (got three of them). Loxone is a small locally installed server that is able to send TCP, UDP or HTTP commands. So it should nearly be the same way of getting it working with loxone as getting it working with domoticz.
Anyway, I contacted some of the developers of the Midea apps listed in the app stores. Maybe somebody is going to share some information with us
Hope you get in contact with developers. Any news from developers?
I make also a research on the app and it seems they use Amazon AWS.
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Tuesday 02 May 2017 18:56
by kmanasis
Hello guys,
Im trying to connect my Inventor/Midea AC to the Xiaomi Smart Home app but it requires a different SSID from the one that the wifi dongle transmits. Is there any way to change the SSID?
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Sunday 01 October 2017 11:13
by halacs
Hi guys,
I'm happy to see I'm now alone with my problem and there are others who want to know Midea's API.
My fist questions are (to make sure we are on the common page):
- Which type of AirConditioner do you use?
(mine is Midea Blanc mono split. I have actually two, with different Wifi Smart modules: SK102 and OSK102 are the type of that two Wifi Smart modules)
- You use Android on your mobile phone, right?
(I use Android 7.1.1 on my OnePlus 3T mobile)
- Which mobile client app do you use? And what is the version of it?
(I use Midea Air v2.1.170705_03)
I whiresharked some traffic coming from my phone but it is over secure HTTP. The traffic is going towards mapp.appsmb.com domain. I can confirm that that domain is point to Amazon Cloud Services, but I don't know this means a VM or any other cloud services, such as Amazon IoT.
I tried to do a man-in-the-middle "attack" about the HTTPS, but it was failed. My assumption is that mobile application contains a server certificate and if it is not match with the received one, the connection is not established because of a TLS handshake failure. I found some .crt file in the APK file.
Any news from somebody? It would be nice to work together and share our finding.
Br,
Halacs
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Sunday 05 November 2017 22:14
by NeoAcheron
Hello everyone,
I have the same issue. After some extensive research, my Carrier air conditioner uses a Midea WiFi module, because I can control my air con via both the Midea app and the Carrier app. They seem to share the information about connected devices as well, which is a little scary.
I have tried wireshark, but the data seems to be encrypted. I have tried decompiling the APK, but its hard to follow, I'm guessing the developers of the app originally doesn't speak English. I tried contacting Midea and Carrier, but they don't even send a courtesy email acknowledging the request.
I'll continue looking for potential solutions, I would love to control the air con using the WiFi interface, instead of using an IR blaster. Local control without the reliance of their servers would be nice, what happens if they decide to retire the AWS instances?
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Monday 06 November 2017 7:39
by halacs
Hi,
I have partial success: current Android application (Midea Air - Airconditioner OBM v2.1.170705_03) communicates without encryption, so I can see most of the traffic. They use some kind of signature on all requests. At the login, they use SHA256 to encrypt the password with "dataKey" string as a key.
My current biggest problem is that it seems the amazon hosted sever which severs REST calls coming from the Android application just acts as a login and a proxy server: it handles users and devices but the actual device control commands just forwarded byte by byte to the device from the phone. This byte stream what I absolutely not understand yet. However, this must be also in the Android application in Java byte code so it is just a question of time to "decrypt". I found something which seems to be the solution and using bitwise operators.
Let's here an example reply from amazon (for privacy reasons and to make it shorter, I removed the middle of it):
{"msg":"","result":{"reply":"9dc2d77564cda3c827d.....d4da634109122e48cfef80274c0d824937f1e"},"errorCode":"0"}
HTTP parameters:
src: 17 (fixed)
appId: 1017 (fixed)
appKey:
language: en_US (fixed)
format: 2 (fixed?!)
clientType: 1 (fixed)
sessionId:
sign:
stamp: 20171001163834 (example only)
loginAccount: login email address
password: Util.encodeSHA256Ex(str2)
pushType: 1 (fixed)
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Monday 06 November 2017 9:01
by LouiS22
halacs wrote: ↑Monday 06 November 2017 7:39
Hi,
I have partial success: current Android application (Midea Air - Airconditioner OBM v2.1.170705_03) communicates without encryption, so I can see most of the traffic. They use some kind of signature on all requests. At the login, they use SHA256 to encrypt the password with "dataKey" string as a key.
My current biggest problem is that it seems the amazon hosted sever which severs REST calls coming from the Android application just acts as a login and a proxy server: it handles users and devices but the actual device control commands just forwarded byte by byte to the device from the phone. This byte stream what I absolutely not understand yet. However, this must be also in the Android application in Java byte code so it is just a question of time to "decrypt". I found something which seems to be the solution and using bitwise operators.
Let's here an example reply from amazon (for privacy reasons and to make it shorter, I removed the middle of it):
{"msg":"","result":{"reply":"9dc2d77564cda3c827d.....d4da634109122e48cfef80274c0d824937f1e"},"errorCode":"0"}
HTTP parameters:
src: 17 (fixed)
appId: 1017 (fixed)
appKey:
language: en_US (fixed)
format: 2 (fixed?!)
clientType: 1 (fixed)
sessionId:
sign:
stamp: 20171001163834 (example only)
loginAccount: login email address
password: Util.encodeSHA256Ex(str2)
pushType: 1 (fixed)
Wow, that's indeed some progress! Keep up the good work mate!
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Monday 06 November 2017 9:27
by halacs
Later, if I will know more about the API, is there anybody who could help me to implement an open-source java library with a small command line interface?
I have just a limited amount of time to work on this project, however, an opensource library would be a great output in corporation with other volunteer.
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Monday 06 November 2017 10:48
by LouiS22
halacs wrote: ↑Monday 06 November 2017 9:27
Later, if I will know more about the API, is there anybody who could help me to implement an open-source java library with a small command line interface?
I have just a limited amount of time to work on this project, however, an opensource library would be a great output in corporation with other volunteer.
I'm willing to help, though my JAVA knowledge is zero.
Re: Midea/Inventor (and other brand) Air Condition API
Posted: Monday 06 November 2017 10:52
by halacs
Cool, thanks!
I will let you know if I have any further progress and then we can choose another programming language which is better for you too.