Roomba 980 Wifi Connectivity Reverse engineering

in terms of the API:

POST

URL

https://irobot.axeda.com/services/v1/rest/Scripto/execute/AspenApiRequest

blid=USERNAME&robotpwd=PASSWORD&method=getStatus
returns JSON for the current status of the robot

Remote Command controls
blid=USERNAME&robotpwd=PASSWORD&method=multipleFieldSet&value=%7B%0A%20%20%22remoteCommand%22%20:%20%22start%22%0A%7D

Sorry for the URL encoding but you get the idea.

This one will surprise surprise start the robot going.

Other commands, replace ‘start’ are stop, pause and dock

any questions please feel free to get in contact.

Sorry I haven’t had the time to follow up on this.

What was the high level of how you routed the app to use an HTTPS proxy? I’ve not seen that ability, and am unfamiliar with it. I get generating a cert, and also installing it though. :slight_smile:


update: I feel dumb–hah! Your using the wireless settings proxy, to point the traffic to a workstation with wireshark. I get it more now. Will have to try later, as I am not at the house. So high level steps:

  1. Generate an SSL cert on a PC
  2. Install cert to Android as root certificate
  3. Install wireshark
  4. Go to wireless settings on android phone with iRobot app
  5. Add IP/name of device with wireshark
  6. Trace info going to iRobot.axeda.com, and grab the URL string to piece out the pieces needed

Sound about right?

You might be able to simplify things by using Charles to create the proxy on your computer - it takes the hassle out of all the certification stuff


1 Like

Hi guys,
i wrote a node.js library to control Roomba 980 and a short tutorial to get your own username/password:

We need a way to obtain the username/password without a MITM!

2 Likes

Hi everyone,

I found this page after finding pretty much the same thing as you guys did. However, I would be interested in talking to the Roomba without the cloud. This is definitely possible - I have blocked Internet traffic and the app still works, plus there is a German company that offers a solution for a certain home automation server which I do not have that does the same thing. Has anyone managed to capture traffic to and from the Roomba? https://ip_of_roomba/ seems to work, but I would need to know the actual URL to get the data and my fiddler does not show me for some obscure reason.

Thanks a lot!
Jon

I had great success getting username/password from Charles, not difficult at all.

Now to wait for someone to put together a device type/app :slight_smile:

Good News Everyone!
I found a way to get username and password without Charles proxy or MITM attack!
Just run a script and get your username and password.
The script and source code is part of my dorita980 SDK library for iRobot Roomba 980

example:

$ git clone https://github.com/koalazak/dorita980.git
$ cd dorita980
$ npm install
$ npm run getpassword 192.168.1.103

Make sure your Roomba is on the Home Base and powered on. Then press and hold the HOME button on your roomba until it plays a series of tones (about 2 seconds). Release the button and your Roomba will flash WIFI light. Then wait...
========>
Good job!
Password: xxxxxxxxxxxxx
Username/blid: yyyyyyyyyyyy
Use this credentials in dorita980 lib :)

enjoy!

regards,

4 Likes

Hi facu,

Firstly thanks a lot for sharing your work. Really fantastic job.

I just got a Roomba 980, I would like to try to use your sdk but I am not very good with coding. I have a Raspberry Pi with HA-Bridge installed. So I can git clone your repo and install it to my Pi. How do I use it though? Can it be called though HTTP calls? Like http:ip-address/myRobotViaCloud.start() or something like that?

Thanks.

Hi kaznad,

You need to install node.js first on your Raspberry. Then create a directory for your project with a index.js file inside and this literal content inside index.js:

var dorita980 = require('dorita980');
var myRobotViaCloud = new dorita980.Cloud('MyUsernameBlid', 'MyPassword');

myRobotViaCloud.start().then((response) => {
  console.log(response);
}).catch((err) => {
  console.log(err);
});

the only thing you need to change here is the MyUsernameBlid and MyPassword strings with yours (read the readme to obtain yours). And start method if you need to do other thing like dock, etc.

Then in YOUR project directory run this to intall the sdk on your project:

$ npm install dorita980

Then to run your project just run:

$ node index.js

You dont need any url or something, just literaly this example (is in README too :p)

best regards,

Good work Facu on making retrieving the password easier!
I have a prototype device driver for smartthings now. Just need to make some more tweaks before publishing it.

1 Like

Thanks a lot for the quick tutorial. It works now, just that there is quite a lag after running it. But it is better than no integration.

boreddeaad, can’t wait for you to publish it. Let me know if you need beta tester :grinning:

Hi Guys,

I was doing some testing and found that the first time I ran the command. It will take about 45 seconds for the Roomba to respond. However the subsequent times, it only takes 10 secs to respond, even if it is the same command (eg. clean). Is this the same behavior that you guys encounter?

Also I manage to get it to work with Alexa and HA-Bridge. So I can say “Alexa, turn on Roomba” and the roomba will start cleaning and “Alexa, turn off Roomba” will send the command to dock the Roomba. Very cool stuff, thanks again for sharing this awesome code guys.

Hi kaznad,

The Cloud API is slow. I dont known why ( 5 seconds for me, not 45 :p).
Yesterday I published a Local API version (i extend the same npm module) to send commands directly to your robot in your LAN without the Cloud. Try to use this new feature (documentation is up to date)
its super fast (and super super fast if you know the robot IP address and dont use the auto-discovery option) :wink:

best regards!

1 Like

Hi facu,

That sounds fantastic. I will be sure to try it out later. Thanks again for your help.

The local commands doesn’t work for me. It outputs “Work in progress
” then nothing happens.
But the cloud commands still work.

You need to update dorita980 to version 2.2.0. Update your package.json to do that and run npm update on your project. Or just: npm install dorita980@2.2.0 --save

Thanks facu. It works now. Sorry I am not very familiar with npm. So when there is another update I just need to do npm install dorita980@2.2.0 --save? or I need to do another git pull?

I just realized that if I start the clean process and then run the dock process it will not dock. Have to run pause and dock together for it to dock. :grin:

Hi

Thanks for all information so far posted. Still it does not fully work for me.
My target, control the Roomba 980 via Domoticz.
My status, a fail when running the first command :unamused:

I have node.js v4.0.0 (I checked via node -v)
Gitclone
 did not give any error messages
At npm install I get an error message:





npm http GET https://registry.npmjs.org/semistandard

npm ERR! Error: failed to fetch from registry: request
npm ERR! at /usr/share/npm/lib/utils/npm-registry-client/get.js:139:12
npm ERR! at cb (/usr/share/npm/lib/utils/npm-registry-client/request.js:31:9)
npm ERR! at Request._callback (/usr/share/npm/lib/utils/npm-registry-client/request.js:136:18)
npm ERR! at Request.callback (/usr/lib/nodejs/request/main.js:119:22)
npm ERR! at Request. (/usr/lib/nodejs/request/main.js:212:58)
npm ERR! at Request.emit (events.js:88:20)
npm ERR! at ClientRequest. (/usr/lib/nodejs/request/main.js:412:12)
npm ERR! at ClientRequest.g (events.js:156:14)
npm ERR! at ClientRequest.emit (events.js:67:17)
npm ERR! at HTTPParser.parserOnIncomingClient [as onIncoming] (http.js:1256:7)
npm ERR! You may report this log at:
npm ERR! http://bugs.debian.org/npm
npm ERR! or use
npm ERR! reportbug --attach /home/pi/dorita980/npm-debug.log npm
npm ERR!
npm ERR! System Linux 4.1.13-v7+
npm ERR! command “/usr/bin/nodejs” “/usr/bin/npm” "install"
npm ERR! cwd /home/pi/dorita980
npm ERR! node -v v0.6.19
npm ERR! npm -v 1.1.4
npm ERR! message failed to fetch from registry: request
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR! /home/pi/dorita980/npm-debug.log
npm not ok

Logically the next command does not work either 


Any idea what to do?
I install all on Raspberry 2B.

Regards
Wilco

Hi @wdeboer,

sounds like you have two node.js instalations. In the error reporting you show says npm ERR! node -v v0.6.19. Do you see it? Its a very old node.js version.

Try to compile a new version of node.js and npm. I think the module request is not available for node 0.6.19.

regards,

1 Like