Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Column ZToken of the iOS app contains a 96 character token #75

Closed
syssi opened this issue Sep 12, 2017 · 4 comments
Closed

Column ZToken of the iOS app contains a 96 character token #75

syssi opened this issue Sep 12, 2017 · 4 comments
Labels
enhancement

Comments

@syssi
Copy link
Collaborator

syssi commented Sep 12, 2017
edited
Loading

The ZToken column of the iOS app is encrypted now. The token cannot be used anymore by copy&paste because it has 96 characters now. The encryption is AES-ECB with an empty key. It can be deciphered by:

from Crypto.Cipher import AES
import binascii
keystring = '00000000000000000000000000000000'
iostoken = '16a935db276e19b1c7bef0739f2deb7d3aca43c5e26a3c6445351cb2fb8495ea0143db63ee66b0cdff9f69917680151e'
key = bytes.fromhex(keystring)
cipher = AES.new(key, AES.MODE_ECB)
token = cipher.decrypt(bytes.fromhex(iostoken[:64]))
print(token)
# Output: b'4a447a41467058496746505541597033'

The support for encrypted tokens could be implemented now.

https://community.home-assistant.io/t/beta-xiaomi-gateway-integration/8213/3052
https://community.home-assistant.io/t/issue-config-xiaomi-vacuum-by-v0-51-1/24304/12
https://community.home-assistant.io/t/xiaomi-philips-light-token-problem/26701
@rytilahti
Copy link
Owner

rytilahti commented Sep 12, 2017
edited
Loading

I have not yet looked into how the extraction works on iOS, but I think we could provide a small external tool to do automatic extraction of usable tokens if that's not too much effort. For Android this would require extracting the backup file (the hard part to do in python?) and reading the sqlite db for values (easily solvable).

@syssi
Copy link
Collaborator Author

syssi commented Sep 14, 2017

This was my thought: Just implement the 10 lines above to support 32char and 96char tokens. Internally there is the 32char token used always. If the user supplies a 96char token it will be decrypted on the fly.

rytilahti added a commit that referenced this issue Sep 14, 2017
@rytilahti
Add miio-extract-tokens tool for extracting tokens from sqlite databa…
3be9f4c 
…ses.

This is to simplify the process for token and device type extraction,
and will probably later merged to the CLI tool to generate config files
based on known devices.

Tested to work fine on .tar files extracted from Android backups,
support for Apple databases is incomplete. Related to #75.
@rytilahti rytilahti mentioned this issue Sep 14, 2017
Merged
@rytilahti
Copy link
Owner

rytilahti commented Sep 14, 2017
edited
Loading

I used the code in that PR, but as I have no iDevices, I can't really test it, so any help would be appreciated :-) (currently it will dump also raw information from the DB, as it was not clear what kind of info we can get from the DB).

edit: got an example DB from @syssi, the updated PR extracts Apple databases also just fine.

± miio-extract-tokens --help
Usage: miio-extract-tokens [OPTIONS] BACKUP

  Reads device information out from an sqlite3 DB. If the given file is a
  .tar file, the file will be extracted and the database automatically
  located (out of Android backups).

Options:
  --write-to-disk FILENAME  writes sqlite3 db to a file for debugging
  --dump-all                dump devices without ip addresses
  --dump-raw                dumps raw rows
  --help                    Show this message and exit.

rytilahti added a commit that referenced this issue Sep 14, 2017
@rytilahti
Add miio-extract-tokens tool for extracting tokens from sqlite databa…
69ae780 
…ses (#77)

* Add miio-extract-tokens tool for extracting tokens from sqlite databases.

This is to simplify the process for token and device type extraction,
and will probably later merged to the CLI tool to generate config files
based on known devices.

Tested to work fine on .tar files extracted from Android backups,
support for Apple databases is incomplete. Related to #75.

* Fix linting except for overlong lines

* Fix Apple database support

* Refactor the code into a class for further use
* add --dump-raw and --dump-all (prints devs without IP addrs, such as linked BT devices)
@rytilahti
Copy link
Owner

This has been fixed with #77, so I think we can close this.

@tomhoover tomhoover mentioned this issue Nov 2, 2019
Open
32 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@syssi @rytilahti