Do you have the ways to get the GenericKey? (old: "a3K8Bx%2r8Y7#xDh") #36
Comments
|
could you give me a guide on how to find the position in the android apk file? |
|
Hi @hemingfei, Do you have a capture of the bind process with the new AC units? I should check if the base protocol is the same. |
|
the capture is the discover but cannot bind. the apk I use is in http://www.5you.com/apk/362297.html |
|
the AC i cannot bind is in the list as the follow capture: open the APP->1->2->3
scroll down to see the ac pic |
|
Since search works in your case, the generic key is correct because it can decrypt the response packet. Can you create a capture of the binding process via Wireshark or https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture? I think there is a difference in the base protocol and the AC unit doesn't accept the current bind request format. |
|
I used this App to see the message, I control the Gree+ APP, turn on/off the AC's light. the message is shown in the screenshot. {"t":"pack","i":0,"uid":12813103,"cid":"f4911ef8f0f0","tcid":"53c3bf0212c4","pack":"UigBHq/IHIao6zm8J32fystjYcM6aZugv3v7vuzg5xoccH46GKQPqNIM7jovaWKtUFG3w+OPD8GQTZyRHQrEiaaQKtckDCKOVAxg27f8/vP1H08DEaJSwWFCtYKXBJILIIyRGSPtxXTmrZsux0BEt08WJK1aOKPEo7ZvGv2rU7BG7MoyFTvPbwsZMiWZ08vYTY+HfpnApS874kfeSsb/kg=="} the msg is ok with the format of controlling. how I get the ‘pack’ encrypted content to see if the json changed? And also, my problem is at the binding process, cannot bind. |
|
I will try 1 see if the binding have response 2 try tcp msg. another question: my another gree AC which I have binding success, when I send another discovery "t": "scan", there is no response. |
|
I checked the process again, and find all the process is OK and the new gree has no response when binding. Then I tried to catch the msg, want to see the binding process details. |
|
At first glance, these new units use the |
|
Any progress on this? I have the same issue, I can send the broadcast, get a response, but the |
|
@tg44 No progress on this unfortunately. I've tried disassembling multiple versions of the official Apps, but didn't find the encryption-related codes with the method I've used previously -- not even the old generic key which was stored in plain text before. Just as I've mentioned and you've found out, the new app versions hide these things somehow. The native library is suspicious but all of the disassemblers I've tried gave the same results with the many randomly-named empty exported functions. At that point I don't have other ideas where to continue. Someone with more experience in this field should take a look at the new apps. |
|
Do we have catched firmware files? |
|
Please check this issue for updates: #52 |
I bought a new Gree AC, it can controlled by gree's APP, and I used the udp try to controll myself. it can be discovered but cannot bind. my old gree AC can be discovered and bind success. so the problem is the new one changed the GenericKey.
Do you have way to get or hack the new generic key? please, I really want to get it. My 5 gree ACs, only the last one cannot controll myself.
The text was updated successfully, but these errors were encountered: