0

I have a smart led bulb. I want to create my own server to control it but there are no APIs available for the bulb. So I decided to hack into my bulb to know where HTTPS requests are going but I am not getting any HTTPS requests when I click on the Turn On/ turn off button. I am getting some requests when I log in(Requests are encrypted) or fetch something in-app.

This is the screenShot of some requests. (I set up the fiddler and connected an Android device to it and it is working great.) enter image description here The a1.tuyain.com/api.json is the server address of that apk (Syska smart home) So what should I do to know what's happening when I turn on the bulb?

sanket kheni
  • 1,482
  • 2
  • 12
  • 29
  • Clever, that fiddler thing :-) It seems however that all communications are encrypted, so you won't be able to listen in on that. In order to bypass any firewalls, I would assume that the bulb connects to a tuyain.com server when turned on, to establish a channel for incoming commands, and that is probably encrypted too. So your app and your bulb are having secrets. I'd say you're stuck, unless you can convince [Tuya Global Inc](https://www.whois.com/whois/tuyain.com) that it's cool to let you send commands without their app, or tell you how to reconfigure the bulb to connect to your server. – Taqras Jan 16 '22 at 12:07
  • If you see the POST request and the full request path then HTTPS should already defeated. You should include a sample of the request and response content of such a request. – Robert Jan 16 '22 at 18:15
  • I found that TUYA is providing free APIs to work with their devices. So I suppose using APIs would be great than hacking into HTTPS requests. – sanket kheni Jan 18 '22 at 08:32

0 Answers0