Page 1 of 47 12345611 ... LastLast
Results 1 to 10 of 461

Thread: Decoded - EvoHome API access to control remotely.

  1. #1
    Automated Home Guru
    Join Date
    Jan 2013
    Location
    Glasgow
    Posts
    186

    Default Decoded - EvoHome API access to control remotely.

    Hi there,

    Having the new EvoHome and the new apps to control it, I was disappointed upon contacting Honeywell that they told me there was no API to access this from anything but their apps. It seems a shame, as their US wifi thermostats have a limited Beta 1 of API access going on right now (all-bet very limited Beta).

    I thought I'd have a look at the app and see if I could understand what they were doing. Initially I simply fired up a copy of Wireshark and sniffed all the traffic from the app to the internet. This did not prove particularly useful, as upon reading the packet trace, I could see that all of the traffic was encrypted and was completely using HTTPS to communicate to the Honeywell web server. What it did show me however, was that it was talking to rs.alarmnet.com, which is the same web site that the US is using and in fact you can login to the US website and use their website to do stuff with their US based thermostats.

    Now, I had to work out how to go about decrypting HTTPS traffic to the website. With a bit of effort I think I now have a setup that let's me decode and read the API access that the apps are using. The next step for me to check this out is to write some Python code that replicates what the app is doing and to query the website from a Linux box just to chekc out my findings are correct.

    Initially it looks like the app is doing:

    POST to HTTPS://rs.alarmnet.com/TotalConnect...PI/api/Session with the parameters:

    {
    "Username": "your username",
    "Password": "your password",
    "ApplicationId": "not sure if this is app or user specific yet, so have removed value in meantime"
    }

    It then returns the following JSON data:

    {
    "sessionId": "B4E8FE94-F397-4706-85D4-11AEB7D4ADCB",
    "userInfo": {
    "userID": your numeric userid,
    "username": "your username",
    "firstname": "your firstname",
    "lastname": "your lastname",
    "streetAddress": "your address line 1",
    "city": "your city",
    "state": "",
    "zipcode": "your postcode",
    "country": "GB",
    "telephone": "",
    "userLanguage": "en-GB",
    "isActivated": true,
    "deviceCount": 0
    },
    "latestEulaAccepted": true
    }

    The app next sends a JSON request for all the info about your site:

    POST to HTTPS://rs.alarmnet.com/TotalConnect...ns?userId=your userid&allData=True

    this then returns a JSON response with the full details of your site.

    Next it requests details on your gateway:

    POST to HTTPS://rs.alarmnet.com/TotalConnect...ocationId=your location&allData=False

    this then returns a JSON response:

    [{
    "gatewayID": XXXXXX,
    "mac": "YYYYYYYYYYYY",
    "crc": "ZZZZ",
    "locationId": your locationID,
    "isUpgrading": false
    }]


    I'm not publicly going to publish how I sniffed and decrypted all this traffic as I do not think it needs to be public knowledge, suffice it to say that the app is very secure and without access to kit and your iDevice, then you cannot break into the the app normally. You need physical access to the iDevice to change config on it to do this.

    However, if anyone who is more interested in how to use the API and has more knowledge than I to make use of it, please get in touch via PM.

    Roy.

  2. #2
    Automated Home Guru
    Join Date
    Jan 2013
    Location
    Glasgow
    Posts
    186

    Default

    Having been tested by a number of corporate firewalls, I've now managed to put together a basic python script to login to the Honeywell website and pull back my userdata. If you run this, then you should be able to retrieve your info which you can then post back to get your site info out of:

    -------------
    import requests
    import json

    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/Session'
    postdata = {'Username':'<your username>','Password':'<your password>','ApplicationId':'91db1612-73fd-4500-91b2-e63b069b185c'}
    headers = {'content-type':'application/json'}

    response = requests.post(url,data=json.dumps(postdata),header s=headers)

    print response.content
    --------------

    Easiest way I found to do this was to just spin up an Amazon web services AMI instance and run it in python in there.
    Last edited by roydonaldson; 26th March 2014 at 04:51 PM.

  3. #3
    Automated Home Jr Member
    Join Date
    Mar 2014
    Posts
    19

    Default

    Extending this a little bit, this script then pulls the full detail that Roy mentions above

    Code:
    import requests
    import json
    
    USERNAME = 'USERNAME'
    PASSWORD = 'PASSWORD'
    
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/Session'
    postdata = {'Username':USERNAME,'Password':PASSWORD,'ApplicationId':'91db1612-73fd-4500-91b2-e63b069b185c'}
    headers = {'content-type':'application/json'}
    
    response = requests.post(url,data=json.dumps(postdata),headers=headers)
    
    print response.content
    
    userData = json.loads(response.content)
    
    userId = userData['userInfo']['userID']
    sessionId = userData['sessionId']
    
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/locations?userId=%s&allData=True' % userId
    
    headers['sessionId'] = sessionId
    
    response = requests.get(url,data=json.dumps(postdata),headers=headers)
    
    print response.content
    This provides (amongst other things) the current readings from all of the zones which might be of use to people who want to log this information elsewhere.

    Andrew
    Last edited by watchforstock; 27th March 2014 at 11:18 PM.

  4. #4
    Automated Home Guru
    Join Date
    Jan 2013
    Location
    Glasgow
    Posts
    186

    Default

    I've now managed to write python scripts that Set Economy mode and Away mode running on a Raspberry Pi. I will post these scripts tomorrow for people to use.

    Next step is to connect the Raspberry Pi to my house alarm outputs. I want to have the Raspberry Pi monitor the state of the house alarm and if it sees it Full Set, then send Economy mode to the Honeywell EvoHome.

    I'd also like to be able to set it up to monitor the temperatures in all my zones and save these to a file.

    Roy.
    Last edited by roydonaldson; 30th March 2014 at 07:41 PM.

  5. #5
    Automated Home Jr Member
    Join Date
    Mar 2014
    Posts
    19

    Default

    I now use a slight modification to the script below to store the temperatures from each of the zones to a database (integrated into an existing house temperature monitoring system. I run it as a cron task every 5 minutes and it's been very solid so far

    Code:
    import requests
    import json
    
    USERNAME = 'USERNAME'
    PASSWORD = 'PASSWORD'
    
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/Session'
    postdata = {'Username':USERNAME,'Password':PASSWORD,'ApplicationId':'91db1612-73fd-4500-91b2-e63b069b185c'}
    headers = {'content-type':'application/json'}
    
    response = requests.post(url,data=json.dumps(postdata),headers=headers)
    
    userData = json.loads(response.content)
    
    userId = userData['userInfo']['userID']
    sessionId = userData['sessionId']
    
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/locations?userId=%s&allData=True' % userId
    
    headers['sessionId'] = sessionId
    
    response = requests.get(url,data=json.dumps(postdata),headers=headers)
    
    fullData = json.loads(response.content)[0]
    
    for device in fullData['devices']:
        print device['thermostatModelType'], device['deviceID'], device['name'], device['thermostat']['indoorTemperature']
    It would be easy to change the print line near the end to write to a file or database to store these values for further analysis

  6. #6
    Automated Home Jr Member
    Join Date
    Mar 2014
    Posts
    19

    Default

    I'm now tracking my code for an API in a github repository: https://github.com/watchforstock/evohome-client

    If anyone wants to contribute code I'm happy to merge it in

    Andrew

  7. #7
    Automated Home Jr Member
    Join Date
    Apr 2006
    Posts
    22

    Default

    Hi Roy are you in a position to share the scripts that Set Economy mode and Away mode running on a Raspberry Pi ? what type of alarm system are you monitoring ? I have had some joy with comfort.

  8. #8
    Automated Home Guru
    Join Date
    Jan 2013
    Location
    Glasgow
    Posts
    186

    Default

    Code to Set Away Mode Permanent:

    -----------------

    # Set Away Mode Permanent via Honeywell EvoHome Web API

    # Load required libraries
    import requests
    import json

    # Ser your login details in the 2 fields below
    USERNAME = 'rYour UserID'
    PASSWORD = 'Your Password'

    # Initial JSON POST to the website to return your userdata
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/Session'
    postdata = {'Username':USERNAME, 'Password':PASSWORD, 'ApplicationId':'91db1612-73fd-4500-91b2-e63b069b185c'}
    headers = {'content-type':'application/json'}
    response = requests.post(url,data=json.dumps(postdata),header s=headers)
    userinfo = json.loads(response.content)

    # Extract the sessionId and your userid from the response
    userid = userinfo['userInfo']['userID']
    sessionId = userinfo['sessionId']

    print ('your userid is', userid)

    # Next, using your userid, get all the data back about your site
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/locations?userId=%s&allData=True' % userid
    headers['sessionId'] = sessionId
    response = requests.get(url,data=json.dumps(postdata),headers =headers)
    locationinfo = json.loads(response.content)

    # Extract the locationID from the response
    locationID = locationinfo[0]['locationID']

    print ('your location is', locationID)

    # Now create and set Away Mode Permanent
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/evoTouchSystems?locationId=%s' % locationID
    postdata = {'QuickAction':'Away','QuickActionNextTime':''}
    response = requests.put(url,data=json.dumps(postdata),headers =headers)

  9. #9
    Automated Home Guru
    Join Date
    Jan 2013
    Location
    Glasgow
    Posts
    186

    Default

    Code to Set Economy mode Permanent:

    --------

    # Set Economy Mode Permanent via Honeywell EvoHome Web API

    # Load required libraries
    import requests
    import json

    # Ser your login details in the 2 fields below
    USERNAME = 'Your UserID'
    PASSWORD = 'Your Password'

    # Initial JSON POST to the website to return your userdata
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/Session'
    postdata = {'Username':USERNAME, 'Password':PASSWORD, 'ApplicationId':'91db1612-73fd-4500-91b2-e63b069b185c'}
    headers = {'content-type':'application/json'}
    response = requests.post(url,data=json.dumps(postdata),header s=headers)
    userinfo = json.loads(response.content)

    # Extract the sessionId and your userid from the response
    userid = userinfo['userInfo']['userID']
    sessionId = userinfo['sessionId']

    print ('your userid is', userid)

    # Next, using your userid, get all the data back about your site
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/locations?userId=%s&allData=True' % userid
    headers['sessionId'] = sessionId
    response = requests.get(url,data=json.dumps(postdata),headers =headers)
    locationinfo = json.loads(response.content)

    # Extract the locationID from the response
    locationID = locationinfo[0]['locationID']

    print ('your location is', locationID)

    # Now create and set Economy Mode Permanent
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/evoTouchSystems?locationId=%s' % locationID
    postdata = {'QuickAction':'AutoWithEco','QuickActionNextTime' :''}
    response = requests.put(url,data=json.dumps(postdata),headers =headers)

  10. #10
    Automated Home Guru
    Join Date
    Jan 2013
    Location
    Glasgow
    Posts
    186

    Default

    I haven't sniffed it yet, but I'd guess that if you want to set this to end at a certain time that you'd need to set the time in the 'QuickActioneNextTime' field:

    # Now create and set Economy Mode Permanent
    url = 'https://rs.alarmnet.com/TotalConnectComfort/WebAPI/api/evoTouchSystems?locationId=%s' % locationID
    postdata = {'QuickAction':'AutoWithEco','QuickActionNextTime' :''}
    response = requests.put(url,data=json.dumps(postdata),headers =headers)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •