Flash/AIR Application

[twratl]

This is in response to your question on whether or not the flash/air app can be controlled/scraped.

Not sure it is worth trying to scrape or control the app...BUT a little network traffic sniffing tells me the app is using oauth to authenticate and tools exist to extract data from SWF files. So you should be able to get the consumer_key and consumer_secret from the flash file. Couple that with the login credentials and you SHOULD be able to query the server by hacking together an oauth request based on the network traffic seen by the app.

[nebulous]

I used mitmproxy with the desktop Air application to do just that, actually. Other $lifeEvents have kept me from exploring further unfortunately. Interestingly enough the app that runs on the device itsself has the option for a proxy server, so if it will trust a self-signed proxy server key, messages may be able to be intercepted and changed, allowing local control.

*which is all incredibly convoluted. Direct access to the rs485 would be ideal.

[twratl]

I was able to get the consumer key and secret from the flash file and just starting to explore if I can authenticate to the server and at least read status data. But to your point it would not be direct communication with the device.

Can we issue commands directly to the device over the network? It feels almost like the actual device just "phones home" on a regular basis instead of receiving "push" updates from the server...which may make it hard, if possible at all, to talk directly to the device on demand.

[nebulous]

Yeah I think it does just poll the central server for everything. It may use long-polling to simulate push.
As far as I can tell there are three ways to programmatically control the stat (and yes, could be delayed)

1. rs485 (or rs232 with rapaciously, ludicrously, ridiculously priced "SAM") (getting there -- see wiki)
2. locally run simulation of carrier's service - (now have working local server)
3. write client for carrier's service (meh, I think it's best to take them out of the loop)

I extracted the SWF for the app and didn't see the oAuth secret, any hints on the path for that? Option #3 above should be relatively straightforward with working oAuth.

[twratl]

So you have to decompile the SWF file. Sothink SWF Decompiler is a good choice. The trial version worked for me. Just navigate to the SWF file and you can expand the directory tree within the SWF.

I found what i needed in MyInfinity.swf/Action/com/carrier/net/MyInfinitySession

I am new to oauth so trying to figure that all out. I used Fiddler to see the network traffic of the app and the URLs it hits to authenticate.

I think a good first step is trying to just read the status info...

[nebulous]

Any further progress? I don't know if you noticed, but the definitions for each webservice endpoint are embedded in the swf as well. I haven't had a chance to find a decompiler that outputs the oauth keys, so I only have the consumer not secret. I'm guessing that the OAuth bit might actually be the same for all 'stats since they authenticate with user/pass on top of that.

[twratl]

No further progress. Both work and personal life picked up a bit recently. I can email you the details for oAuth if you want (really all the ruby code I have around this) if you think that would help you. I sniffed the traffic in Firebug and have what I need to get the status of each t-stat if I can figure out the oAuth part.

[nebulous]

Great, yeah stupid realLife has impeded my recent progress as well. But
sure, send me what you have and I'll check it out.

[twratl]

I might be missing something but I don't see an email address for you.

[nebulous]

Looks like I didn't have a public email address set on my profile. Whoops, fixed. For the record, you don't either :)

[ohayon]

I know this issue is quite old, but I would also love to get my hands on this ruby code and the secret for an iOS app I am working on. 📱 Is there any chance you could forward those old emails?