Reverse enginering an app to use with node red

Hi all, first my question is not related directly with Node-RED but I want to use some closed source app I use with Node-RED for our smart light bulbs.

We have 4 smart light bulbs in our home (generic brand) with an app for android, iOS and for mac (mobile emulation directly downloaded from app store) I want to use my Running Node-RED instance to control these lights but I cant do it now.

Normally I use browsers developer tools for looking the requests but I never do it for an app

So I tried to sniff my traffic with wireshark but some how I cannot get the data I want

I have a seperate android phone that I can use for random things now I want to try to use a mitm to grab the request by installing my own sertificates to android phone.

Can someone suggest me some ideas or ways to do it ?

Sadly app is not an electron app so I cannot use developer tools with this app
android app store link
apple appstore link

if I cant do it maybe I can flash them with tasmota or similar software but I love the cloud features so I'm trying to do it with this way. Thank you for reading and I'm open for suggestions. :vulcan_salute:

if I cant do it maybe I can flash them with tasmota

Unless I'm the only member of the forum to have this approach :man_shrugging: , then the community isn't about to facilitate the process of hacking/circumventing a device that is closed source.

So, IMO if the device allows you, then install tasmota.

Personally I hate (yes that is strong word) trying to overcome a device that isn't open to an accessible API - I much prefer devices to have a publicly accessible API, and this is one thing I look for when setting up an infrastructure.

3 Likes

It depends on your level of skill and the tools available.

The first step is to use wireshark to isolate the traffic - now you may have to do this at your firewall if it supports some form of PCAP or you may have to implement something at an ethernet switch level to obtain port mirroring

Once you have the packets you can look to see if they are in fact SSL encrypted in some form or simply an SSL header placed on some open packets

From there you have to perform repetitive actions and try to look for trends in the packets you capture that would highlight specific areas of interest

Lastly i usually then go and disassemble the android app and step through it to see if there is any chance of accessing it through there.

But i would only do all of these after working out that i could not flash them with some open source firmware.

The best tool for MITM is Charles Proxy on Android

Craig

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.