-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Discover local key from Eufy login details #1
Comments
I just got my eufy RoboVac 15C today and was planning on helping out with the efforts to get it to show up in HomeBridge. I assume there is a vast amount of information that can be shared between HomeAssistant/HomeBridge (I know the existing Eufy bulb HomeBridge support came from a porting of what HA uses). I was wondering how you managed to get your local key. I can grab the device key from the API along with my user id but even emulating Android I can't find the local key (I use iOS but to your point #1 it looks like it makes sense I can't see it in the logs). EDIT: I just saw your post here and that was exactly what I needed. I had been logcat-ing my emulator but either missed that or needed the |
The Home Assistant Eufy Page shows how to get the local key (access token): https://www.home-assistant.io/components/eufy/
"access_token" can be get from the first command |
@abalakov That is correct for older devices, but does not apply to the 30C line. The local key for these newer devices is not held by the Eufy API. |
is there a working implementation for the 30c? Have also had trouble finding the devices IP on my router, not sure what range of mac addresses they are using either |
@jimmyeao Have you tried using the deviceId instead of the IP? I have it working with my 30C https://github.com/joshstrange/eufy-robovac but ended up not using it as it a little buggy (probably my code) and at the end of the day I just use mine on a schedule or use the Eufy App as it's decent. |
Unfortunately I haven’t got an android device to be able to do this. The app works fine, was just a nice to have really :)
Jimmy White
…________________________________
From: Josh Strange <[email protected]>
Sent: Monday, August 19, 2019 3:41:54 PM
To: mitchellrj/eufy_robovac <[email protected]>
Cc: Jimmy White <[email protected]>; Mention <[email protected]>
Subject: Re: [mitchellrj/eufy_robovac] Discover local key from Eufy login details (#1)
@jimmyeao<https://github.com/jimmyeao> Have you tried using the deviceId instead of the IP? I have it working with my 30C https://github.com/joshstrange/eufy-robovac but ended up not using it as it a little buggy (probably my code) and at the end of the day I just use mine on a schedule or use the Eufy App as it's decent.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#1?email_source=notifications&email_token=ABHVAB7SEV7BSI35TZAVZ3LQFKWLFA5CNFSM4HHQTUVKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4TFMQI#issuecomment-522606145>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ABHVAB2LID3WCD5T6M7ZCRLQFKWLFANCNFSM4HHQTUVA>.
|
@jimmyeao I don't either but I used an android emulator on my mac to get the keys/ids. |
Ah, hadn’t thought of that!
Jimmy White
…________________________________
From: Josh Strange <[email protected]>
Sent: Monday, August 19, 2019 4:47:48 PM
To: mitchellrj/eufy_robovac <[email protected]>
Cc: Jimmy White <[email protected]>; Mention <[email protected]>
Subject: Re: [mitchellrj/eufy_robovac] Discover local key from Eufy login details (#1)
@jimmyeao<https://github.com/jimmyeao> I don't either but I used an android emulator on my mac to get the keys/ids.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#1?email_source=notifications&email_token=ABHVABZYETK55DSC7S4NOATQFK6CJA5CNFSM4HHQTUVKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4TM3GY#issuecomment-522636699>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ABHVABYLVY46D6QD3NLDIUTQFK6CJANCNFSM4HHQTUVA>.
|
Hey, @joshstrange @mitchellrj is it still accurate to use ADB to get the Running the command will output: $ adb logcat -e 'tuya.m.my.group.device.list'
--------- beginning of system
--------- beginning of main |
Hi, @abrahamduran
Worked for me. |
@resain did you use a real device or BlueStacks? 🤔 |
BlueStacks on Windows 10 |
My 15c MAX is running 1.1.3 and it no longer puts out the LocalID and DevID - Im hoping https://github.com/codetheweb/tuyapi/blob/master/docs/SETUP.md can get me that info @mitchellrj - any luck with the signing process? would be great to get the localkey online |
Figured I'd chip in too. Same as @robbrad I can't get LocalKey nor DevId from logcat when opening the Eufy Home app.
Also tried emptying the storage of the app, and having adb open from a fresh phone reboot. Still nothing. I am on a Galaxy S7, running Android 7.0 The thing is that I got these 2 values in the past, around the time when this repo was first created but ended up not using them. Now I wanted to give it another try, but they don't show up using ADB. Happy to help in any way I can should you need extra info @mitchellrj |
Ok. I was able to get the local_key, by downloading an older apk version of EufyHome (2.3.2). |
+1 for @bmtKIA6 's solution. |
Briefly tested my RoboVac 30C (#1 (comment)) with the recently acquired Thank you so much @mitchellrj and @bmtKIA6 👏 |
Was anyone able to use this method with a RoboVac 11c? I can sniff the deviceID, but not the localKey. Is that the current name of the string? I am using BlueStacks on Mac and the EufyHome 2.3.2. |
Not entirely the same issue, but I'm a Home Assistant user who similarly cannot fetch I used the official guide with auto-discovery turned on and off. |
Does anyone have this working for a 30c that can share the config yaml settings? |
Sorry everyone, my 30C has now broken and I won't be replacing it any time soon. I can't help with resolving this issue at this point. |
Happy to update documentation or accept fixes though if people find them. |
@jimmyeao I do. I'll share the code as soon as I have my hass setup back online (just moved houses and I have all my stuff in boxes) |
My config card: https://gist.github.com/pabsi/d5a9d4211a4c0da5bb88c89a0311dd0d Had edge mode cleaning by doing this: home-assistant/core#25483 I don't have this vacuum anymore but happy to help in any way I can. Regards, |
found an easier waty to get the token, thanks to an old version of the app: https://github.com/lorenzofattori/robovac30c_homeassistant |
I've spent the past few hours implementing API clients for both the Eufy API as well as the Tuya API, complete with the request signature hash, copious amounts of MD5 hashing (were the original developers paid per amount of The file below can be ran as a script and takes Eufy Home credentials - email and password as positional command-line arguments. You'll need to The clients can of course be used to also send commands to the Tuya cloud and obtain cloud control of the Robovac (or other devices) if desired. License is public domain. I'd love for this to be integrated into Home Assistant at some point with an easy GUI-based set up process that just takes Eufy credentials and autodiscovers every device on there. I may clean it up later and restructure the code, put it in a dedicated repo, etc but in the meantime I figured I'd post it here if anyone finds this useful. Enjoy! Edit: the code is now on GitLab. |
code reviewed and can confirm functionality. Andre, this is worth a separate repository! |
@cvbraeuer I’ve refactored it a bit and put it on GitLab: https://gitlab.com/Rjevski/eufy-device-id-and-local-key-grabber |
@Rjevski excellent, thank you for your hard work! |
Cloned the repository today, and can also confirm this works out of the box. Very useful tool. Thanks |
Hi guys, I'm trying to use the code @Rjevski published, but getting an issue (see traceback below), it is something related to the fact the user_id that I get has 40 characters and with 'eh-' becomes 43, that is not multiple of 16. I trucated to 16 and the error does not happen, but of course the authentication fails.
|
@lvcabral Does this work with the old version of the Eufy Android app someone recommended above? My reverse-engineering was based on it, I wonder if your account uses a newer auth mechanism that just wouldn't be supported by that app to begin with and would explain why my code doesn't work either. |
I guess they changed something on the backend, I can login to the old app, but the device always shows as offline, in the same Android tablet, if I upgrade to the current app version, the device correctly shows as online. |
Just wondering, how did you add the vacuum to the Tuya app? If there's a way to do that (and then use the Tuya developer portal to control the device and/or get the local key) then it's probably better for everyone involved to just do that rather than reverse-engineering the Eufy app and keeping up with their updates. |
It works with both Tuya Smart and Smart Life, and integrates with Home Assistant, the trade off is that the app panel, compared to Eufy one, is really bad (with Chinese options) and the Amazon Alexa integration is not enabled (probably Eufy did it via their own backend) so I would prefer to have it on Eufy app. Will keep investigating. |
I have managed to use the old method (using the 2.4.0 APK) by creating a new account (and pairing the robot) using the old app, I suspect the creation of an account using newer apps is using a different type of ID and switching something on the backend that the old app (2.4.0) does not recognize. I created a new account with a different e-mail and it showed the local key. After that I managed to login on my iPhone with the latest app and it works. So I do recommend to keep the old app on an android device or VM. |
So, btw, your script gave me the following error: Traceback (most recent call last):
File "/usr/local/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/local/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/Users/alex.martin/git/eufy-device-id-and-local-key-grabber/eufy_local_id_grabber/__main__.py", line 10, in <module>
for home in tuya_client.list_homes():
File "/Users/alex.martin/git/eufy-device-id-and-local-key-grabber/eufy_local_id_grabber/clients.py", line 311, in list_homes
return self._request(action="tuya.m.location.list", version="2.1")
File "/Users/alex.martin/git/eufy-device-id-and-local-key-grabber/eufy_local_id_grabber/clients.py", line 260, in _request
return data["result"]
KeyError: 'result' after a bit of troubleshooting I noticed it was this error: {'t': 1645166510522, 'success': False, 'errorCode': 'USER_SESSION_INVALID', 'status': 'error', 'errorMsg': 'Session has expired, please log in again'} Printing the results of all requests I noticed in the prior request, the following was part of it {
// removed some
'mobileApiUrl': 'https://a1.tuyaus.com',
// removed some
'timezoneId': 'America/Phoenix'
// removed some
} so a quick change in constants.py: -TIMEZONE = "Europe/London"
+TIMEZONE = "America/Phoenix"
# from Eufy Home Android app
@@ -16,7 +16,7 @@ TUYA_CLIENT_ID = "yx5v9uc3ef9wg3v9atje"
# for other regions you may need to change this?
# TODO: is this somehow returned by the Eufy API, and if so, can we set this automatically?
-TUYA_ENDPOINT = "https://a1.tuyaeu.com/api.json"
+TUYA_ENDPOINT = "https://a1.tuyaus.com/api.json" ..and boom! it worked. Device: Red Robot, device ID <hidden>, local key <hidden> ...so you probably should update your script to automatically set those values correctly ( Otherwise, just giving a heads up that I'll be attempting to re-write your code into NodeJS so I can implement it into a re-write of https://github.com/apexad/homebridge-eufy-robovac |
Feel free to improve and/or fork it. Unfortunately I don't have the time to work on this further but glad to hear the community is still getting some use out of it.
… On 18 Feb 2022, at 07:04, Alex Martin ***@***.***> wrote:
@cvbraeuer I’ve refactored it a bit and put it on GitLab: https://gitlab.com/Rjevski/eufy-device-id-and-local-key-grabber
So, btw, your script gave me the following error:
Traceback (most recent call last):
File
***@***.***/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/runpy.py", line 197, in
_run_module_as_main
return
_run_code(code, main_globals, None,
File
***@***.***/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/runpy.py", line 87, in
_run_code
exec(code, run_globals)
File
"/Users/alex.martin/git/eufy-device-id-and-local-key-grabber/eufy_local_id_grabber/__main__.py", line 10, in <module>
for home in tuya_client.list_homes
():
File
"/Users/alex.martin/git/eufy-device-id-and-local-key-grabber/eufy_local_id_grabber/clients.py", line 311, in
list_homes
return self._request(action="tuya.m.location.list", version="2.1"
)
File
"/Users/alex.martin/git/eufy-device-id-and-local-key-grabber/eufy_local_id_grabber/clients.py", line 260, in
_request
return data["result"
]
KeyError:
'result'
after a bit of troubleshooting I noticed it was this error:
{'t': 1645166510522, 'success': False, 'errorCode': 'USER_SESSION_INVALID', 'status': 'error', 'errorMsg': 'Session has expired, please log in again'}
Printing the results of all requests I noticed in the prior request, the following was part of it
{
// removed some
'mobileApiUrl': 'https://a1.tuyaus.com',
// removed some
'timezoneId': 'America/Phoenix'
// removed some
}
so a quick change in constants.py:
-TIMEZONE = "Europe/London"
+TIMEZONE = "America/Phoenix"
# from Eufy Home Android app
@@ -16,7 +16,7 @@
TUYA_CLIENT_ID = "yx5v9uc3ef9wg3v9atje"
# for other regions you may need to change this?
# TODO: is this somehow returned by the Eufy API, and if so, can we set this automatically?
-TUYA_ENDPOINT = "https://a1.tuyaeu.com/api.json"
+TUYA_ENDPOINT = "https://a1.tuyaus.com/api.json"
..and boom! it worked.
Device: Red Robot, device ID <hidden>, local key <hidden>
...so you probably should update your script to automatically set those values correctly.
Otherwise, just giving a heads up that I'll be attempting to re-write your code into NodeJS so I can implement it into a re-write of https://github.com/apexad/homebridge-eufy-robovac
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you were mentioned.
|
I used this tool and got deviceid and local key. Can this just be added? Sorry didn't have time to read all the issues out there on this. https://gitlab.com/Rjevski/eufy-device-id-and-local-key-grabber |
This repository is down :( anyone have a fork of it? |
… Sent from my iPhone
On 10 Aug 2023, at 20:00, Daniel Gomez ***@***.***> wrote:
This repository is down :( anyone have a fork of it?
—
Reply to this email directly, view it on GitHub<#1 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AK4C6PURPRUNDTXC6EYUEXDXUUOULANCNFSM4HHQTUVA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
The Robovac 30C (and presumably future models) back off onto Tuya for command and control of the devices. The Eufy integration also uses a new (or custom) URL signing mechanism for Tuya cloud APIs. All previous versions of the Tuya cloud API use variations of an MD5 (32-bit) hex digest as the request signing mechanic. The Eufy app uses some other signing mechanism with produces a 64-bit signature (possibly SHA256-based).
Authentication with Tuya itself, and fetching the device key is fairly simple (and worryingly insecure), but without understanding the signing method, we can't emulate requests.
Authenticating with Eufy
This is already well-understood and implemented in google/python-lakeside.
Fetching the Tuya settings from Eufy
The Eufy APIs serve up some information needed to link to the Tuya API.
Using those settings to log in to Tuya
Eufy takes its own user ID, formats it to an alternate ID (that it hopes doesn't overlap with an existing Tuya one), and then also encrypts that user ID to make a password. If the user doesn't exist, the Eufy app automatically registers it, and then logs in.
This is horrible security. I hate this. This isn't a bug, this is just terrible design. The only information you need to derive the user login and control their devices is the user ID (a 6-digit number).
So you now have a user ID and password. Now we just need to do the login and get the device details. This is where I'm stuck, but given a function
get_request_signature
, it works something like this...First, request a login token - this is a public key used to encrypt the login request
Then do the login/reg:
Then you list the locations (homes):
And get the devices:
Here's the utility methods used above for the Tuya part:
If anyone else can figure out the signing part, that will go a long way to resolving this.
Other approaches that haven't worked
The text was updated successfully, but these errors were encountered: