Getting password on Roomba j7+ #95
Comments
|
What happens when you press and hold the home button as instructed?
…Sent from my iPad
Nick Waterton P.Eng.
________________________________
From: Jason A. Diegmueller ***@***.***>
Sent: Tuesday, September 14, 2021 1:16:41 PM
To: NickWaterton/Roomba980-Python ***@***.***>
Cc: Subscribed ***@***.***>
Subject: [NickWaterton/Roomba980-Python] Getting password on Roomba j7+ (#95)
Hello. I just got myself a Roomba j7+ and am having trouble fetching the username/password from it using the methods listed here. I'm also seeing the same thing on the dorita980 project, so I suspect this is more about the j7+ needing some new mojo vs. the older models, but that's purely a guess.
Here's the behavior I'm seeing when trying to fetch the username/password:
***@***.*** roomba]# ./getpassword.py -R 10.245.2.102
2021-09-14 13:15:16 INFO [Roomba.Password] Using Password version 2.0a
2021-09-14 13:15:16 INFO [Roomba.Password] reading/writing info from config file ./config.ini
2021-09-14 13:15:16 INFO [Roomba.Password] waiting on port: 5678 for data
2021-09-14 13:15:17 INFO [Roomba.Password] Robot at IP: 10.245.2.102 Data: {
"ver": "4",
"hostname": "iRobot-15DF6D60B10A4BA48A53015E91E330D2",
"robotname": "Roomba",
"robotid": "15DF6D60B10A4BA48A53015E91E330D2",
"ip": "10.245.2.102",
"mac": "50:14:79:B1:DF:0C",
"sw": "sapphire+1.0.17+Firmware-Production+52",
"sku": "j755020",
"nc": 0,
"proto": "mqtt",
"cap": {
"binFullDetect": 2,
"dockComm": 1,
"edge": 0,
"maps": 3,
"pmaps": 5,
"tLine": 2,
"area": 1,
"eco": 1,
"multiPass": 2,
"pose": 1,
"team": 1,
"pp": 0,
"lang": 2,
"5ghz": 1,
"prov": 3,
"sched": 1,
"svcConf": 1,
"ota": 2,
"log": 2,
"langOta": 0,
"expectingUserConf": 1
},
"cloudConnState": 14
}
2021-09-14 13:15:27 INFO [Roomba.Password] 0 robot(s) already defined in file./config.ini, found 1 robot(s) on network
2021-09-14 13:15:27 INFO [Roomba.Password] To add/update Your robot details,make sure your robot (Roomba) at IP 10.245.2.102 is on the Home Base and powered on (green lights on). Then press and hold the HOME button on your robot until it plays a series of tones (about 2 seconds). Release the button and your robot will flash WIFI light.
Press <Enter> to continue...
s<Enter> to skip configuring this robot:
2021-09-14 13:15:38 INFO [Roomba.Password] Roomba (Roomba) IP address is: 10.245.2.102
2021-09-14 13:15:42 DEBUG [Roomba.Password] Connection Successful
2021-09-14 13:15:42 DEBUG [Roomba.Password] Waiting for data
2021-09-14 13:15:52 ERROR [Roomba.Password] Connection Timeout Error (for 10.245.2.102): The read operation timed out
2021-09-14 13:15:52 ERROR [Roomba.Password] Unable to get password from roomba
2021-09-14 13:15:52 ERROR [Roomba.Password] Error getting password for robot Roomba at ip10.245.2.102, received 7 bytes. Follow the instructions and try again.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FNickWaterton%2FRoomba980-Python%2Fissues%2F95&data=04%7C01%7C%7C2bf1e8afba3b4311fe1208d977a36c3c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637672366039818082%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Zi57%2F3BkW6cDk%2B4zUegZLIwcmTa1f6Z8mkT9u%2BaknCQ%3D&reserved=0>, or unsubscribe<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FACYJIZZQPRDYUL26WPICONLUB57PTANCNFSM5EAT5S2Q&data=04%7C01%7C%7C2bf1e8afba3b4311fe1208d977a36c3c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637672366039828035%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pwZup3RssRxrOKTMea3hP9bzcer3YzRVzJFprGRrp7w%3D&reserved=0>.
Triage notifications on the go with GitHub Mobile for iOS<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7C%7C2bf1e8afba3b4311fe1208d977a36c3c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637672366039837988%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=xI6nZbb%2FzfbpLnlGpP1GZ43hq4ZJfNEWzJlYfmwklmw%3D&reserved=0> or Android<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7C%7C2bf1e8afba3b4311fe1208d977a36c3c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637672366039837988%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5tAxHm4rWnAPcrcMX9FyEWb0%2Ftwo3T8LpWFgwqndErg%3D&reserved=0>.
|
The white circle "fills up" with blue for ~2 seconds, then plays a happy little chime. Once that happens, I hit enter and get the output you see above. |
|
Appreciate you trying to help out on this. Yeah, same deal even with phone shutdown, so it doesn't appear to be competing MQTT clients. I grabbed a packet capture off of 10.245.2.116, which is the Rocky Linux box I spun up on the same subnet as the j7+. The j7+ itself is 10.245.2.102. Github won't let me directly attach the pcap, so I'm zipping it and attaching it. Let me know if there's anything else I can do to be helpful. |
|
Taking Roomba980-Python out of the equation, I am trying to connect directly using openssl with the iRobot intermediate & root chain passed as CA. It seems "unsupported certificate purpose" is what's biting me, although I can't sort out why. Also tried with MQTT Explorer on Windows in TLS mode, I get the same "unsupported certificate purpose". I'm not smart enough to sort this out, but hopefully this is useful: |
|
I've looked into this a bit. I don't think TLS is the problem, the connection seems to be made correctly. You don't need a certificate to connect to the iRobot MQTT server, it doesn't use them, it's just using TLS encryption, it doesn't verify certificates. What should happen is that we connect (using TLS) to port 8883 on the Roomba (which seems to work), then we send an MQTT reserved command ( The Roomba should respond with the same payload (in this case I can't tell what happens from your pcap file - there doesn't seem to be any TLS negotiation packets or anything. Maybe if you try the openssl connection (but without the certificates) we might get something, but it's possible that iRobot has changed the way the Roomba password is retrieved. What we really need is a raw pcap of the exchange between the app and the Roomba when it sets up the connection for the first time. You could try getting the password after a reset (press the clean button for 10 seconds) - sometimes this is all it needs. Unfortunately, I don't have a j7 to test things out on. We may have to wait for someone with a j7 to figure it out - it probably isn't that different from what we currently have. |
|
Is this an OpenSSL issue? Could just be an issue with our tools? EDIT: I'm a bit naive on the cert intricacies, but maybe something here as well with the way the cert was built? |
|
Another way to get password is using the IOS app Thor to sniff ssl connection on roomba app start, you dont need to reset the device.
|
|
The j7 has just one button indeed. When it's docked, and I hold the button..
Output using If a dev would like to work closely with me to debug this thing, I can follow some instructions, maybe over a screenshare. |
|
Following, as I've got the same issue. Can easily get packet captures for any device on the network, just need to know what to collect. |
|
A packet capture (decrypted) of the interaction with the j7 when you try to retrieve the password would be useful. Also a capture of what happens when a new j7 is added to the app may shed some light on how the password is retrieved by the app. It seems that pressing the start button is not putting the j7 in password retrieval mode, like pressing the home button does. It’s hard to troubleshoot without actually having a j7. a Wireshark .pcap file is fine, or a text file. |
|
I’ll see what I can do about getting some captures. I did use Charles Proxy on my iPad to sniff what was happening when I launch the iRobot app. I believe I have gotten my blid and password (will try tomorrow and see if I can get the plugin to work), but also found some aws access keys. From what I can tell, the app logs into AWS cognito, and retrieves information about the robots linked to the account, including the password. If this is the case, then maybe a more effective method of getting the necessary info would be to have the plugin simulate logging into the iRobot app and parsing the json output for the necessary fields. No need to interact with the roomba, press buttons, sniff traffic, etc. Will check tomorrow and see if I can link my homebridge to my j7 and report back. |
|
Here are some instructions on how to get BLID and password with |
|
The command works for my j7+but there's no password |
|
Following this as I'm having the same issue on a Roomba 694 |
|
Should work on a 600 series Roomba. How old is it? And what firmware version does it have? |
|
@NickWaterton my bad, turns out that being on separate VLANs was the problem. Stuff passes fine between them for control but not the BLID/Password discovery. All good now |
|
Thank you Matthew! @mjg59 that solves the whole problem. Code is now updated to use cloud passwords. You have to run: Where |
|
I can confirm on my J7+ the password worked in the HomeAssistant integration with the new method. Thanks to everyone for the great work! |
Are there dumbed down instructions for making this work? I'm not good with code. I can run CLI commands easily enough through SSH but I don't see any instructions for how to use what @mjg59 linked. |
|
This assumes you have downloaded Roomba980-Python, and you have a console window open, in the roomba directory (the one with password.py in it). You literally type That's it. Nothing else to do. Your Roomba IP address, blid, Roomba password etc are now all in the config.ini file. Everything should now work as described in the README file. |
|
Thank you. That did it. |
I did this method, but not seeing a robots or password field in the json |
|
I had the same problem, but got it working this way on:
I had an error using an old version if pip. Updating pip, did it again. Then executing not ./password.py, but directly While trying all this, I copied my commands to an RTF, where the upper single quotation marks The only issue I noticed was, that there no config.ini was created. So I saved my whole command line output. |
I finally got this working by using double quotes around my username and password. python getcloudpassword.py "username" "password" Everything else gave me the same KeyError: 'UID' that you were getting. |
|
Did anyone not from the US test this? I have a j7+ and a m6, both available via the app, but using this method I get: The M6 password was no issue, but the j7 still eludes my grasp :-) Asking for the region, as I saw Any ideas? |
|
I was getting the same Using quotes for username and password didn't work for me. |
|
In case this helps someone (was trying out multiple things unsuccessfully), the following worked for me:
|
Hello. I just got myself a Roomba j7+ and am having trouble fetching the username/password from it using the methods listed here. I'm also seeing the same thing on the dorita980 project, so I suspect this is more about the j7+ needing some new mojo vs. the older models, but that's purely a guess.
Here's the behavior I'm seeing when trying to fetch the username/password:
The text was updated successfully, but these errors were encountered: