Can't find token
gcorgnet opened this issue · 18 comments
Not sure if this is due to a recent update but my Xiaomi Mi Vacuum Cleaner has stoped being seen by my Home Assistant.
I tried to get the token again using MiToolkit but while the process goes through fine, I am not getting any token.
Note: I manually peeked inside miio2.db and I could see that the token column was indeed empty.
Am I missing something?
Same thing with here. The app won't get any tokens with the latest version of MiHome 5.1.1
Seems like they pull the token from the servers now:
rytilahti/python-miio#185
Downgrade the app to version 5.0.19 and you'll be able to extract the token again.
I used this:
https://www.apkmirror.com/apk/xiaomi-inc/mihome/mihome-5-0-19-release/mihome-5-0-19-android-apk-download/download/
confirm, now the only option is a rooted phone and a sniffer inside the app. YAY!
same here, i tried on several device, with both Mi Home 5.0.19 and the newer but always the program didn't extrac any token
same problem.
So how do you sniff the token inside the phone? do you know any tutorial?
thanks!
@mscalone No idea ATM.
Could be done with a proxy and a fake CA installed on the device but only if the app does not check the CA of the server.
oh god no. i just got my vacuum and was trying to get it to work in HASS...
Since it's an update and what sounds like a big change from Xiaomi in the Mi Home app, I would assume it'll take the devs some time to figure out a new way to get the token.
In the meantime, you can use your vacuum with the Mi Home app I would think.
Yeah, the bad news is the app only seems to pair if you keep the locale on Mainland Chinese, and i'm guessing not a lot of us can read mandarin.
The good news is i was able to extract my token with the apk @LarsNorgaard linked, but i have a spotty internet connection right now so its kinda harder :|
You can connect to Mainland China and the app will be 95% in English still
ok i got my token and i can ping\control from app just fine, but for some reason python-miio isn't able to discover the vacuum:
mirobo —ip 192.168.0.105 —token <redacted> info
ERROR:miio.device:Unable to discover a device at address 192.168.0.105
Error: Unable to discover the device 192.168.0.105
EDIT: my bad: was working with 0.3.2.
token extraction confirmed working with 0.3.5, will try HASS integration and report back.
EDIT2: make sure you are running HA 0.63.0, or else `python-miio is installed as 0.3.4 as a dependency and this happens:
mirobo --ip 192.168.1.105 --token <redacted> info
Unable to fetch info, this can happen when the vacuum is not connected to the Xiaomi cloud.
EDIT3:
Confirmed working on:
HASS == 0.63.0
Python == 3.5.3
python-miio == 0.3.5
apk version == 5.0.19
vacuum fw version == 3.39_003094
P.S.
For all the people that have reported not working with 5.0.19 apk, have you tried deleting the data from the app and doing the login again? make sure to select China Mainland or else it won't pair at all.
clearing data and installing 5.0.19 did work for me! remember to connect to the device after the downgrade and before reading the token.
My vacuum wants to update again. Im scare.
Did this for a friend recently. No idea sniffing the traffic between the device - servers due to some of the certificates are pinned, this can be circumvented but you'll see that all traffic is encrypted inside the TLS session. Now, what made me find the token was by using a rooted android device, installing latest xiaomi app, and found a folder called rc4_cache containing clear text decrypted traffic including the token. Theres ways to get privileges within the app as well, without using a rooted device and that is by using a tool called 'objection'. This tool patches the apk, adding some code which spawns a shell within the app - thus giving you read/write on the entire installation directory