Updated Connected by TCP API

A few months back, Connected by TCP started to roll out a firmware update to address security concerns. Prior to this update anyone who has access to the local network of a user with a TCP gateway had full control of the users lights.

Now if the user has a secured Wifi network this would not be a huge concern but if their network was unsecure, they were at major risk.  Because TCP could not force a user to have a secured Wifi I believe they felt it necessary to take this an extra step and require any local connection to first be initiated after pressing the sync button on the gateway itself.

Once a device is authenticated it saves it’s token and can now communicate freely with the Gateway.

The process involves:
– Securely connecting to gateway using ssl on port 443 setting the rejectUnauthorized to false
– Generate a UUID [myuuid]
– Press the Sync button on the gateway
– Send a log in command to the gateway in the format:

/gwr/gop.php?cmd=GWRLogin&data=<gip><version>1</version><email>[myuuid]</email><password>[myuuid]</password></gip>&fmt=xml

– Receive token from the response from gateway in the form of:

<gip><version>1</version><rc>200</rc><token>[mytoken]</token></gip>

– Save that token [mytoken] for future calls
– Request state of system using:

cmd=GWRBatch&data=<gwrcmds><gwrcmd><gcmd>RoomGetCarousel</gcmd><gdata><gip><version>1</version><token>[mytoken]</token><fields>name,image,imageurl,control,power,product,class,realtype,status</fields></gip></gdata></gwrcmd></gwrcmds>&fmt=xml

The return format of the response is still in the same format as outlined in my previous post of the TCP Connected API.

I will be updating my Node.js version of the ConnectedbyTCP interface have updated the Node.js Connected By TCP interface and will expand on this post with more details to come.





25 thoughts on “Updated Connected by TCP API”

  1. Thanks for posting this, I’ve incorporated the new protocol into a python module I help maintain. How did you figure out the changes?

    1. I started off by forcing the communication through my computer by bridging 2 Ethernet connections. The first being to the router and the second to the TCP gateway. Then I used WireShark to determine what ports and general communication protocol was being used.

      I found that I would get 401 responses back from the base url expect when it was calling the login request. That would give a 404.

      Then I… well I will send the rest to your email.

    2. Im confused how do i figure out my [uuid]. Ive got my token but not [uuid]‚ÄĘplease help, security update killed my whole automation system. Also is it possible to share your python build

  2. Prior to the update, I could easily find the gateway by looking for lighting.local. After the update it does not respond to that mDNS/Bonjour name anymore, and it even drops off of my router’s DHCP Client List after some period of time. Sadly, my $20 802.11n router doesn’t let me assign IP addresses based off the MAC address and the address keeps changing everytime the network connect is lost. Do you know of a good way to automatically find the gateway besides attempting to connect to every address in my subnet?

    1. Yes. SSDP is what you are looking for. The gateway readily responds to discovery requests. I plan to add this functionality to my node driver soon.

  3. Is this still working or has another upgrade broken it? I’m getting an error when calling SyncGateway

    { [Error: SYSTEM or PUBLIC, the URI is missing
    ] code: 70 }

  4. Thanks for your hard work, When running the script, I get the token from the gateway starting with a 1200z3vxgpvy1rohv3yygu3gbp48hlf37xewpgxxxx (I have modified the end of it for security, When I try to run a command, I get a 401. However if i grab a token from the greenwave site remote and run the command remote it works…. any ideas?

    1. Bit late, but I stumbled across this while looking into writing an app to control my lights. The 1 and 200 are the version response and the HTTP status code. Your token is the z3vxgpvy1rohv3yygu3gbp48hlf37xewpgxxxx portion.

  5. I found a way around their stupid forced upgrade.

    If you look at the traffic during its update you can see it pulls from the url:

    https://update.greenwavereality.com/roxy/update.php?mac=&project=Apollo3&current_version=

    and it spits out a bit of code:
    So i just spoofed the update to a newer (actually an older) version by making a copy of that page and hosting a http server with self signed certs, and adjusting the md5 sum to match the older fw. & a custom dns entry on my dns server, then you hold the connect button on for about 10 seconds while powering on and by default it tries to grab an update image..

    then of course i blocked their servers completely by ip and dns.

    https://www.exploitee.rs/index.php/Greenwave_Reality_Bulbs

    these guys did it a bit differently, but that doesn’t work on the newest firmware, so I just did it an easier way and let it think it was updating.

    i absolutely despise companies that pull shit like they did, good product, stupid developers/managers.

    1. @Someone,

      Hi, I will be playing around with one their gateways soon and I would like to know if you still have the code/html/xml you used to fool the gateway into downgrading? It seems the update server is down now so i cannot see the response.

  6. hello,

    is there any way of using the tcp bulbs without the gateway to your knowledge? you seem to have done a lot of work on these bulbs.

    thanks!

    1. Fred, hoping this gets to you. I know it’s a long shot…BUT did you ever get this questioned answered. I have been searching and searching and can’t seem to find if there is a way to get these bulbs connected WITHOUT the TCP gateway. Any help is much appreciated.

  7. I got the node-ssdp client working. The key was getting the urn correct for me. The code below discovers my TCP gateway locally:

    var Client = require(‘node-ssdp’).Client
    , client = new Client();

    client.on(‘response’, function (headers, statusCode, rinfo) {
    console.log(‘Got a response to an m-search:\n%d\n%s\n%s’, statusCode, JSON.stringify(headers, null, ‘ ‘), JSON.stringify(rinfo, null, ‘ ‘))

    });

    // search for a service type
    client.search(‘urn:greenwavereality-com:service:gop:1’);
    // client.search(‘ssdp:all’)

  8. Thank you for documenting your findings, this saved me a lot of legwork of wiresharking commands and figuring out the APO calls. I’m working on a little Web interface and have written some simple php script to generate a token and then also list any rooms and the devices you have connected to your hub. I listed the git project as my Web url. I was wondering if you’re able to list all your devices. I’m finding currently I only get devices back which are associated with a room currently. Thanks again for the public documentation. Very helpful!

  9. Thanks for all the work you did! I finally figured out how to get the did’s out of the Gateway. Your instructions were spot on but it took me a little while to figure out what I’m actually supposed to do (getting the token, extracting the did’s). Anyways, I’ve got OpenHab and I’m trying to implement your work into it but I’m unclear about how… I’ve put everything in the openhab folders and it seems like installing it through npm manager also worked but I’m unsure of what to do next. How do your scripts get my token/dids? I tried running index.js in node but it threw multiple errors, the first being “cannot find module ‘libxml-to-js'” Any input would be appreciated, thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *