Skip to content

Commit

Permalink
Migrate to V2 API, fix naming of buttons in homekit
Browse files Browse the repository at this point in the history
  • Loading branch information
jon-bell committed Jul 24, 2023
1 parent e9f8e69 commit b9ad9d0
Show file tree
Hide file tree
Showing 9 changed files with 691 additions and 643 deletions.
3 changes: 2 additions & 1 deletion .eslintrc
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@
"sourceType": "module"
},
"ignorePatterns": [
"dist"
"dist",
"node_modules"
],
"rules": {
"quotes": ["warn", "single"],
Expand Down
67 changes: 67 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,71 @@ Default recipes:

This plugin was created based on the code in [create new repository from template](https://github.com/homebridge/homebridge-plugin-template/generate)

## Release notes
- Release 1.1.0: Support for Anova Oven Protocol Version 2
- Release 1.0.0: Initial release (supports Anova Oven Protocol Version 1 only)

## Protocol notes
Inspiration from [mcolyer's oven API V1 reverse engineering results](https://mcolyer.github.io/anova-oven-api/).

### Procedure:
We can man-in-the-middle the HTTPS traffic from the Anova Oven app to find out how the app communicates with the cloud service.

Service domains:
* `wss://app.oven.anovaculinary.io/` - Oven Control API (V1)
* `wss://devices.anovaculinary.io/` - Oven Control API (V2)
* `https://uh9n6t5uyo-3.algolianet.com/` - Community Recipes
* `https://firestore.googleapis.com/` - Oven activity history, saved recipes

Running a man-in-the-middle against the firebase APIs is outside of the scope of my abilities, but here is how to do it for the Anova service:
#### Deploy proxy
1. Set up mitmproxy or Proxyman
2. Start an Android emulator (any device, tested on API34)
3. In emulator, set proxy: Settings -> Wifi -> Select network/edit -> Advanced -> Proxy
4. In emulator, install proxy's SSL root CA (navigate to the install URL in browser, then Settings -> Trusted credentials -> Install a certificate -> CA Certificate -> Select the downloaded CA)

#### Repackage app to trust user CAs
Android apps can specify whether or not to trust user-installed root certificate CA's. To snoop the SSL traffic, we need to edit the app to allow this.

1. Download the most recent Anova Oven App APK (e.g. [from apkpure](https://m.apkpure.com/anova-oven/com.anovaculinary.anovaoven))
2. Use [apktool](https://apktool.org) to unwrap the apk
3. Edit the file `res/xml/network_security_config.xml`:
* Before:
```
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">10.0.2.2</domain>
<domain includeSubdomains="true">192.168.4.1</domain>
<domain includeSubdomains="true">localhost</domain>
</domain-config>
</network-security-config>
```
* After:
```
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">10.0.2.2</domain>
<domain includeSubdomains="true">192.168.4.1</domain>
<domain includeSubdomains="true">localhost</domain>
</domain-config>
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
```
4. Recompile the APK: `apktool b .` (outputs to `APKName/dist/`)
5. Sign the APK.
1. If you do not already have a keystore setup for this: `keytool -genkey -v -keystore key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias apkfun` (the cannonical default keystore password to use is `changeit`)
2. Sign it: `jarsigner -keystore key.jks APKName/dist/APKName.apk apkfun`
3. Align the native libraries (you'll get some error if not): `zipalign -v 4 APKName/dist/APKName.apk`
6. Install the APK on your emulator (drag and drop the APK to the emulator)


©2023 Jonathan Bell, released under the Apache License 2.0
Loading

0 comments on commit b9ad9d0

Please sign in to comment.