SmartThings Community

Yale Smartphone Alarm System integration

yale
dth_security
project_security

(Ash Stokes) #225

Ah hopefully I’ll pick it up, hoping to get some more done tomorrow as still can’t arm it but I’m sure by the other thread that’s the right URI now at least


(Mark C) #226

you could use postman, to test/try various url’s


(Ash Stokes) #227

Yeah cheers, been trying to POST it this morning, with the old URI’s I still get the same ‘disarmed’ status even when it’s armed in the Yale app…

However I think they’re still there just pointing to the old ones so will give the same status, as not sure if you guys are able to understand it more than me, but this is the way that HASS code works:


Not sure if they use different authentication…

Definitely the right API I’m hitting now though, I created a ad-hoc network on my laptop shared with my wifi adapter (not in use), connected my phone to the created network, ran wire shark on my laptop and accessed the app through my phone, I can see loads of requests to the IP ‘88.208.221.156’ which is the same IP it resolves to if you ping the URL they mentioned in HASS

‘Pinging mob.yalehomesystem.co.uk [88.208.221.156] with 32 bytes of data:’

Just wondering if anyone knows how to capture what URL it’s sending to? If wireshark can do that or a different program? as at the minute it’s just source IP/dest and information on the packet itself.


(Mark C) #228

try this in postman
image

This is the bit but its interperting where it puts the payload in the request

_HOST = “https://mob.yalehomesystem.co.uk/yapi
_ENDPOINT_TOKEN = “/o/token/”
_ENDPOINT_SERVICES = “/services/”
_ENDPOINT_GET_MODE = “/api/panel/mode/”
_ENDPOINT_SET_MODE = “/api/panel/mode/”
_ENDPOINT_DEVICES_STATUS = “/api/panel/device_status/”

payload = {
“grant_type”: “password”,
“username”: self.username,
“password”: self.password
}
headers = {
“Authorization”: "Basic " + self._YALE_AUTH_TOKEN,
}
url = self._HOST + self._ENDPOINT_TOKEN


(Ash Stokes) #229

when trying the above in postman I get the following, not sure if that’s what you’re getting?

{
“error”: “unsupported_grant_type”
}

I have found how I can grab the URLs it for the APIs I think, I just can’t do it on the network I’m on at the moment, so I will try and grab those later when I am home


(Mark C) #230

i kept getting the same, but not sure if its because i havent migrated and mine still works


(Daniel McDougall) #231

They are using oauth authentication in the Hass example. There is a smartthings toolkit for that I just haven’t used it.


(Ash Stokes) #232

I just tried changing the authentication from basic to oauth and inputting the token from the script, I then went to body > x-www-form-urlencoded and grant_type was missing even though it was in form data, after inputting I now get the below:

‘{
“error”: “invalid_client”
}’


(Daniel McDougall) #233

I feel like we are moving further away


(Mark C) #234

gives us
image

what about asking the Django if there is an api document?

and if you look no POST only GET


(Ash Stokes) #235

Ah right yeah I’m with you Mark, we can try!

What do you thinks the best step forward Dan? Would the old authentication way work do you think if we can get the right URI? I am going to trace it when I’m home and should be able to decrypt to see the full url with sub directories


(Daniel McDougall) #236

I’ll be honest I think marks got a better grip on this than I do.


(Mark C) #237

thanks, but im doing a lot of guessing, and bashing stuf into poastamn, more like fumbling round in the dark


(Ash Stokes) #238

I don’t think i’m getting anywhere with it… I tried to decode the packets as they were coming from the app from my phone and got the below, doesn’t really show any URI’s like I expected… I’ve stripped what I think is account specific, let me know if you want a full copy Mark or my credentials to test anything with on PM, I’ve hit a wall… may have to get a PI for HASS and bridge it to Smartthings, I miss the Yale intergration :cry:

POST https://jmt17.google.com/gcm/register4 HTTP/1.1
Host: jmt17.google.com
Accept-Encoding: br, gzip, deflate
Content-Type: application/x-www-form-urlencoded
app: com.yale.smartliving.home
User-Agent: Yale%20Home/243 CFNetwork/976 Darwin/18.2.0
Connection: keep-alive
Accept: /
Accept-Language: en-gb
Authorization: AidLogin 56207712236:1620203753841064301
Content-Length: 1365
info:

sender=591493296&app=com.yale.smartliving.home&device=562077122626&app_ver=2.0.4&X-subtype=5914932856&X-scope=*&plat=2&X-kid=2&X-gcm_ver=fcm-1.2.2&appid=emT70t5hk&pub2=MIIBCgKCnIs02RzAThUWyfho9bl6cRkTF70DU22XJ/jM+kUgb+O5coum0Jm2
lZTBYkEtivYU5Aja+4w7+IzkicRmo5VgsYz71Oa6n+3TNzsOjS94nb9J
11AZXu9eevpPKPfjxZ+iRBi5wLJy4/5yLhwzwOsvEw5GP/GrhC6ehg2W8LeIg3
YNiyVWjJo7xK49iqh07u0UFy8Rt6biqfFWjqM3zITdPtXwbanPIZs7Q1YoFCJh
B3DR5Qq4zTCRtq38BW4sqpt6ygK6x9oath6NwNNeIhJPx2f0bFTl4ued3Qrud+Ht
+/QHeR/pRDhmmdjTSMy0iVhM0pYLEFmEqQIDAQAB&sig=Gb16eyGARrTHsOYOiTRgFcbTS4V19AeekdjC6jm7f42vsuFmA9Wy7KhgkEF3cSspvwpG4XejqAS29k43C46nDEgaNtZifbqBnJbaTqcNjJQmqGdrLtzx7PgO-raZ_-L-WHz9brcTZEKaiHNQmZP_u0VzE6AhCE-2XG5UGc7EAWYL-pElrfFKglRab7hAGL9N9yRDRz3aG2KnP4AMM1pZemgszxlWU0wscS5EtAy0BUp_5JYkkfkKYNgAZOiqJjr4igQEK3dgow5X-BmhSpYz03AyTwR4-2yADxeVHbeQtwyLUO2_aaO6EI6F_BE0NZUfTgXoHh_bNPJMDaJQ54-Ypa5jExPAR0OtgO9aJu_qIVHBGvpKW3AG9LQjXhzTDU1WZsHrtxlu_9Sr_ukaKprq1h40doQWp3EiA8wDyVFesdJjEqn0R5dayKQeuQuik4tIMM55cU6cXabo5CaAWhjnDWiLFA-lDxrdZ-wv5MkP9gzZkdafC6zcwdI1H3H-mamd_CJz9nq-xq9xNRizRuvK2uHWnjW3OiEAOzhIJvpp_id=1:591493285196:ios:d9e9da2eb5e33bf5&apns_token=p_3378bff9916a9e


(Daniel McDougall) #239

Have you tried posting to the hass guys and seeing if they can help us fill the gaps in out knowledge ?


(Ash Stokes) #240

I’d not yet, I will post something later on, can’t get to there community page at the moment for some reason


(Ash Stokes) #241

No response yet from the HASS guys, although I’ve got quite a bit further, however think it’s time to give up… I managed to call the /o/token page in postman and I got the following response:

{
“access_token”: “xxxxxxxxxxxxxxxxxxxxxx”,
“expires_in”: 36000,
“token_type”: “Bearer”,
“refresh_token”: “xxxxxxxxxxxxxxxxxxxxxx”,
“scope”: “read write basic_profile groups”
}

So I then used that access token it gave me to then run a get command using OAuth2 and I got the following:

{
“result”: true,
“code”: “000”,
“message”: “OK!”,
“token”: “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”,
“data”: [
{
“area”: “1”,
“mode”: “disarm”
}
],
“time”: “0.0272”
}

So was thinking we’re all good and was going to test a POST to set the alarm after figuring the URL out, first thought i’d test arm my alarm in the Yale app, ran the GET again and still get “mode”: “disarmed”… that’s basically exactly what it was doing on the old URL?! Don’t really know where else I can go from here


(Daniel McDougall) #242

Get the full response like you did on the earlier. Will give us way more info.

Never give up never surrender. It took me ages to get this working when I first started, let’s just do a bit more debugging


(Ash Stokes) #243

This is the response below in Postman, this is ran after running the generate token from the /o/token/ url I’ve not been able to code it into the device handler for live logging, not even sure how i’d change it out for OAuth…

Yeah cheers do need to get it done, just feel like I’m back to square 1 with it showing me the incorrect status…

anything else you want to check lemme know.

cheers,


(Ash Stokes) #244

Can’t seem to figure out the URI to arm the alarm from postman, according to the old handler & the github for the new one in HASS it should be ’ ‘https://mob.yalehomesystem.co.uk/yapi/api/panel/mode/?mode=arm&area=1

I am definitely authenticated correctly, I can get the /services/ page, the device status & also I can run a GET to the same /mode/ page (although it’s incorrect when armed) I just can’t seem to figure out why this POST isn’t working… I couldn’t get the SOCKS proxy to work on IOS so can’t sniff the packets through that to get it either… this is my wall.