Roomba 980 Wifi Connectivity Reverse engineering

Devices & Integrations
, ,
127

Hi @soedmond,
that sounds bad! Can you please run this code and share the output?

test.js

const dgram = require('dgram');

const server = dgram.createSocket('udp4');

server.on('error', (err) => {
  server.close();
  console.log(err);
});

server.on('message', (msg) => {
  try {
    var parsedMsg = JSON.parse(msg);
    console.log(parsedMsg);
    process.exit();
  } catch (e) {}
});

server.on('listening', () => {
  console.log('Looking for robots...');
});

server.bind(5678, function () {
  const message = new Buffer('irobotmcs');
  server.setBroadcast(true);
  server.send(message, 0, message.length, 5678, '255.255.255.255');
});


$ node test.js
Looking for robots...
{ ver: '2',
  hostname: 'Roomba-xxxxxxxxxxxxxx',
  robotname: 'Dorita',
  ip: '192.168.1.104',
  mac: 'xx:xx:xx:xx:xx:xx',
  sw: 'v1.6.6',
  sku: 'R98----',
  nc: 0,
  proto: 'http' }

maybe now in firmware 2.0 are more information in that response like a new port or something.

Another thing you can try is deny the internet connection to your roomba from the router, restar the roomba and try to send commands o look if is listen on port 443 or 80.
(maybe if new firmware detect no internet connection to the cloud, then open local API, i dont know.)

thanks!

128

@soedmond, Just use Zenmap on the Roomba to see what ports are open?

129

Hi facu,

I think the new 2.0 firmware is now using MQTT protocol instead of HTTP. Roomba is listening on port 8883 now. Not sure if Roomba would still work with HTTP protocol anymore after the new firmware update. Hopefully it would be easy to convert the current Smartthings scripts to work with firmware 2.0. Thanks.

Ed

130

Its time to open a new thread Roomba 980 Wifi Connectivity Reverse engineering firmware 2.0 :stuck_out_tongue:

1 Like
131

Whelp, i am the latest victim of the 2.0 firmware that broke it allā€¦ damnā€¦ that sucks lol.

132

Me too. Argh.
This control-freakery drives me insane. When I pay that kind of money for a robot, I expect to be able to do whatever I want with it.

133

I donā€™t suppose thereā€™s any way to restore the original firmware and block updates?

134

I havenā€™t been hit with this update yet so am not able to play around with it yet. Surely we can make it work with this update too? It will likely require a ā€˜proxyā€™ app but that isnā€™t much work. When/if i get the update I will look.

135

Damn, just noticed it didnā€™t work any longerā€¦ stupid question: where do you see the version number?

136

log into the roomba app and go to "about roomba. it will show u there its version 2.0

137

thank you @M.a.S.e

however the only ā€œaboutā€ section I see in the iOS app is ā€œAbout this appā€ and it shows 1.9.1. I donā€™t think this is the firmware version, though.

What I mean by that is that what changed must be the cloud settings. I had little time yesterday to look into it but for some reason I couldnā€™t find any blid ID after installing charles proxy any longer. I changed my iphone since last time I hacked the roomba and I canā€™t remember if this is the case but I must have installed a SSL profile on my phone in order to use Charles properly, right? I need to look into this again and find out whatā€™s really going onā€¦ but for some reason (maybe early onset Alzheimer, who knowsā€¦) I canā€™t get to work with charles properly any longer.

138

In the app go to the bottom three dots. That leads you to the care, help, history and settings page for your roomba.

Then select settings --> about vac. That will show you the firmware as opposed to the app version that you were finding before.

Mine just updated to firmware 2.0.0-34. I can still see status of the roomba but it will no longer send commands from ST to the roomba.

Instead it just gives a short ā€œpolling the apiā€ message with no actionā€¦

139

Indeed! 2.0! Thank you. Anyone has an idea on how to proxy the app again and what protocol itā€™s using now?

ElfĆØge Leylavergne

140

The app has changed protocols from sending clean/dock/start/stop/etc. via https to using the mqtt protocol ā€“ work is under way (by others!) to figure out how we can interact with the roomba.

Potential bonuses:

  • talking locally to the roomba

Potential blockers:

  • auth scheme involves aws ā€œiotā€ apis and its not immediately clear how to create valid auth tokens.
141

By others?, Thatā€™s good but why duplicate the work?

Please back up that statement with links. Then maybe people can chip in and accelerate this work.

142

sure, this is what was used to get started with the API initially, and has been tracked for some time:

143

Looks like the release notes for 9xx roombas have been updated:

Version 2.0
Release Date: 2016.12.19
Minor bug fixes.

Slap in the face :frowning:

On the plus (?) side:

App update imminent:

Version 1.10
Release Date: 2017.02.10
Updated the iRobot End-user License Agreement (EULA).
Support for Hebrew.
Bug fixes and usability improvements.
144

Some updates since the last post:

Great news: dorita980 has found a way to make MQTT calls work locally between PC-->Roomba!

Now we just need to figure out how to replicate this approach for smartthingsā€¦

Next blocker:

  • Issue a MQTT call through localHubAction (I suspect we canā€™t since we need to send 8883 which is a secure line)
  • Wait for cloud API calls to be reversed.
145

Another option is to have smartthings talk through rest980: GitHub - koalazak/rest980: REST interface to control your iRobot Roomba 980 via local server on your lan.

146

Iā€™ll just post this here for you guysā€¦

For those who donā€™t want to click, Q2 of this year is supposed to see Alexa integration for 900 series Roombas.