-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The local API has changed #39
Comments
Thanks for letting me know! Will take a look at this in a few days. Hopefully, it's just an auth system that's easy to replicate. |
I was digging in a bit to see if I can figure out what is going on... it seems that google has moved local communication to port 8443. I tried to do a little MitM but it seems that google is doing some application cert validation. (Either that or something else I did is wrong) They also changed it to require a client ssl for authentication. |
@stboch i think you're on point regarding application certificate: i figure :8443 was google's port for SSL so i did a GET to https://192.168.1.219:8443/setup/bluetooth/status (since auto-connecting to bt speakers is what i do with this api) after disabling certifcate validation i got 401, which reads "similar to 403, but in this case authorization is possible" |
What's odd for me is that this is still all working on 8008, and I'm even part of the preview program... This is the first time learning of the local API, so I guess I shouldn't bother spending too much time mucking about. |
It looks like the change has rolled back, every endpoint I have now tested returns the expected result 🎉 |
You're right! Though, I had to reboot my GH devices for it to revert |
I've been seeing this flip flop between available and unavailable for the past few days. Not entirely sure what's triggering it… |
I think they are preparing some sorts of authorization for higher security and maybe because of closing down NEST API and move it to the Cloud instead. |
So I finally got my hands on a GH and some updates. First, the simple way of logging network traffic (with PacketCapture) didn't work because it's a different port and other problems. Simultaneously, I was going through the latest decompiled app and found some interesting bits. Most of the requests had an extra header There are also more details on Also, not sure since when, but there's a lot of Nest libraries now. Including Weave stuff (maybe https://openweave.io, haven't really checked it out yet). That's it for now. If someone knows about the token or has any more info, feel free to comment here. I'm leaving this issue open. |
@rithvikvibhu All of my Google Home Mini in the UK are in a state where they return a 403, if I can help in debugging this let me know
|
Hey @6a61636b. That's interesting. |
According to the Google Home app it is running System firmware version: 156414, Cast firmware version: 1.40.156414 |
I can confirm the issue here in Norway on both a Chromecast Ultra and Chromecast 3 and the old Chromecast (not key fob). They all this morning returned 403. After a reboot they started working again.While they were at 403 I could not see any http data going through wireshark when using google home app. Everything went through 8443 and 8009. I have the pcap file from my chromecast while it had 403 error on google home app. Android -> chromecast ultra configuring and rebooting once if that helps. Would like to send it privately if you need it. Current Cast Version where API Works |
You need to use the small i. |
Captial i is to get the "headers only" lowercase is to include the HTTP response. He just want to see the headers (403 forbidden) so capital i is perfect. |
That's true but still if I use:
and if use:
So definitely a difference |
True, you need to add -X GET when using -I to specify method. Whereas -i somehow adds that manually. Wierd. Well spotted though |
Nothing weird about this. The help explains:
A |
@thorleifjaocbsen, how did you capture the packets? And where did you see the requests over ports 8009 and 8443? I'm asking this because normally http proxies won't be able to see them. I'd love to take a look at that pcap file. Please send it to [email protected], if possible. |
I have a AP connected to a switch, then I have that port mirrored to my computer (lan adapter) and did dump all traffic going from and to the AP. My andorid is connected to WiFi the Chromecast is connected via ethernet. 10.0.0.9 is my Android Device I'm connecting using Google Home -> Configuring my Chromecast -> Changing some settings -> Rebooting it -> done pcap. Filter: ip.addr == 10.0.0.8 or ip.addr == 10.0.0.9 Not sure if it helps. Sent you the file now :) |
This comment has been minimized.
This comment has been minimized.
@thorleifjaocbsen Thanks for the file! There's not much to find there. 8443 uses TLS so no luck there. Any idea what those TCP packets on port 8009 are? My GH is again back to sending 403 so I'll try some stuff with the android app. |
This comment has been minimized.
This comment has been minimized.
Mine are back to 403 too except the ones that have Preview Program turned on, looks like those have different firmware update schedule |
Hey everyone, I got the API working over port 8443! Turns out the extra header I mentioned in the previous comment was needed. |
Okay, created a gist with info: Please try it out and see if it works. |
Also, I can't test a few cases. People with multiple rooted phones (with different Google accounts signed in), can you post the first and last few characters of the token? I'm curious if it's different for each home member. |
@rithvikvibhu thanks a bunch, tried the Frida method - works like a charm. |
Hah yes, thanks @klimov-gett. I'll add that bit. |
Google home mini has 2 locales (as I saw in sources) and it could be different. One for chromecast part and other for "assistant" part. But I cant find yet how to set locale for assistant. If someone find how change locale for assistant not chromecats through GHlocalAPI please inform. |
@magicse I agree with most of it, but the problem is that, in this case, we don't have access to the server to enable extensions and the client (app) is obfuscated, debugging isn't easy. That endpoint is for the public, which is |
I've updated the proto file for getHomeGraph. My previous comment has examples how to run it and also extract the local auth token. Now, this is only based on my home graph. Since I don't have a lot of devices, there might be some fields missing. I don't know what happens when the definition has missing fields. Please try it out and comment here if it works with your graphs or not. |
Works fine here |
Works for me too. I have a home mini, a chromecast and two third-party vacuums. All show up. The chromecast and the home mini have a local auth token. I also took a look at the bearer and where it is coming from:
Post data
I haven't touched OAuth in a while, but I feel like the client sends too many fields for normal OAuth. It could be possible, that less data also works. Maybe the error when not supplying an auth token helps
|
I have seen a request similar to this when the app requests a URI for the OAuth consent screen. This was a more complex one to reverse, but I managed to make something working. You can use the source code here: https://github.com/AngeloD2022/OnHubDesktop/blob/master/TemporaryAuthSolution/getToken.html In order to make a request regarding the GH app, you must change some things. Copying the following from a Reddit conversation @rithvikvibhu and I had. App Version: "2.23.112" (Not entirely sure this needs to be legitimate, but putting it here just in case...) Package Name: "com.google.Chromecast" (Yes, this is the iOS app's bundle identifier 🙄) Redirect URI: "com.google.sso.498579633514-hhlrn8mcjv1427j0s19dgfoe5cqaba4l:/authCallback" Client ID: "498579633514-hhlrn8mcjv1427j0s19dgfoe5cqaba4l.apps.googleusercontent.com" Mediator Client ID: "936475272427.apps.googleusercontent.com" All of the rest is either can remain unchanged or is generated randomly–– and the funny thing is... IT WORKS!? 😂😂 Here's what the response looks like: { "advice_code": "EMBEDDED", "uri": "THE LOGIN FORM URI", "client_state": "RANDOM DATA", "iosguard_challenge": { "device_challenge": "RANDOM DATA" } } |
@XoMEX And change the same for the oauthcode to refreshtoken request. (Inside of getToken()) |
@rithvikvibhu Under which license is your script? |
Yeah that would be a big improvement and would make it possible to get it in as an official component again. |
@XoMEX yes, for the request (to get access tokens), only the There was already a python package that handled getting both kinds of tokens, so I didn't have to write manual requests. @AngeloD2022 Huh, I thought that page was only for getting refresh tokens ( @Drakulix It's just a wrapper script with some values that calls functions from the |
Hi @rithvikvibhu, GetAssistantRoutines work well. But I cant get GetHomeGraph. Maybe I missed something? |
Ah sorry I forgot change HomeControlService to StructuresService service |
How to dump (see grpc traffic?) any how to to setup mitm + grpcproxy ? |
@luckydevil13 to get the whole thing working, as of now, the only things needed are:
How to actually make the request: This comment However, if you're interested in actually looking into what's happening, then get grpc-tools and mitmproxy.
|
Hey thanks for this, this has been great to follow along to. I've been able to get the local auth token's for my devices but when I make a request via post man (Adding the Token as a Bearer Token) and making a request to /setup/assistant/alarms port 8008 return 403 forbidden and port 8443 doesn't return anything. I'm assuming I'm doing something wrong here. Edit: I wasn't using HTTPS when using port 8443. I'm now getting a 401 Unauthorised status. Edit 2: My apologies. I read the gist above and I was able to get it to work :) |
Hi @rithvikvibhu . I need some help. How did you create the proto (protos/google/internal/home/foyer/v1.proto) file? I'm trying to figure out how to transfer a some configuration parameters to a HomeGraph, |
Honestly, It's manual work. First used Because of the way the converter works, the names don't work. So you'll have to rename all the message names. Also, create a service and method definitions. You can use the existing file ( |
For the 1 year anniversary of issue #39, this is a new design of the website with more details and docs on authentication.
Hi everyone! It's been exactly 1 year(!) (in 3 hours actually) since this issue was opened. Now that the API can be used again, I refreshed the website with a new design (finally mobile-friendly), features like search and updated detailed docs. It's available at the same site: https://rithvikvibhu.github.io/GHLocalApi/ It's been great to be a part of an active project like this one. I'd like to thank everyone in this thread for posting new findings, testing scripts, and creating new libraries to make it easier to consume the API. With 128 comments, this issue is getting long, so I'll be closing it. If there are any issues, please create a new issue here |
It looks like google have changed the api as I'm getting 403 Forbidden for anything other than /setup/eureka_info and that now return a public_key
The text was updated successfully, but these errors were encountered: