[german] FritzBox - Smart-Home - Steuern über http

Post your questions and help other users.

Moderator: Martin

S.M.T
Posts: 15
Joined: 24 Aug 2019 12:11

[german] FritzBox - Smart-Home - Steuern über http

Post by S.M.T » 26 Aug 2019 09:02

Guten Tag,

ich würde gerne eine Smart-Home Steckdose von AVM (FritzBox) über eine url einschalten lassen.
Der Aufbau der url sollte so aussehen: fritz.box/webservices/homeautoswitch.lua?ain=123456789012&switchcmd=setswitchon&sid=0
Die "AIN" ist die Adresse des Schaltaktor´s und bleibt gleich.
Die "SID" ändert sich regelmäßig und dies ist mein Problem. (Sicherheitsmerkmal von AVM)
Wäre die "SID" statisch gewesen, hätte ich den Aktions-Typ URL in Browser öffnen nehmen können.
Mit den Informationen von AVM kann ich leider nix anfangen: https://avm.de/fileadmin/user_upload/Gl ... erface.pdf

Der folgende Beitrag scheint auch eine Rolle zu spielen: viewtopic.php?f=4&t=2561

Wer kann mir ein Beispiel eines Flow/Code zeigen?

Gruß Sebastian

User avatar
Desmanto
Posts: 2709
Joined: 21 Jul 2017 17:50

Re: [german] FritzBox - Smart-Home - Steuern über http

Post by Desmanto » 26 Aug 2019 19:03

I don't understand German well. But it seems the sid is required and can be obtained during first box setup. Can you check if the sid is in the fritzbox menu?

If it require some MD5 calculation, we can use script hash() to calculate it.
Index of Automagic useful thread List of my other useful posts (and others')
Xiaomi Redmi Note 5 (whyred), AOSP Extended v6.7 build 20200310 Official, Android Pie 9.0, Rooted.

S.M.T
Posts: 15
Joined: 24 Aug 2019 12:11

Re: [german] FritzBox - Smart-Home - Steuern über http

Post by S.M.T » 27 Aug 2019 09:28

Good day,

here is the translated text of my first article. I'm sorry for my bad english.

I would like to turn on a smart home outlet of AVM (FritzBox) on a url.
The structure of the url should look like this: fritz.box/webservices/homeautoswitch.lua?ain=123456789012&switchcmd=setswitchon&sid=0
The "AIN" is the address of the switch actuator and remains the same.
The "SID" changes regularly and this is my problem. (Security Feature of AVM)
If the "SID" had been static, I could have taken the action type URL in Open Browser.
With the information from AVM I can unfortunately do nothing: https://avm.de/fileadmin/user_upload/Gl ... 3Nov18.pdf

The following article also seems to play a role: viewtopic.php?f=4&t=2561

Who can show me an example of a flow / code?

Greetings Sebastian

User avatar
Desmanto
Posts: 2709
Joined: 21 Jul 2017 17:50

Re: [german] FritzBox - Smart-Home - Steuern über http

Post by Desmanto » 29 Aug 2019 18:43

The calculation method of the SID is presented at the end of the pdf : http://avm.de/fileadmin/user_upload/Glo ... ion_ID.pdf
There are two version of the calculation, for 4.74 and 5.50 above. Which OS version do you use?

If you are using 5.50 above, you can try to use http request to http://fritz.box/login_sid.lua
It should return xml file, which you can check the result in {response}. Add debug condition dialog after the http request to check it.
We need the node "Challenge", to calculate the SID, combined with the username password.

Since I don't have FritzBox, I need to see the xml content to see how to parse the "Challenge" node. The rest of the calculation can be done using the document
Index of Automagic useful thread List of my other useful posts (and others')
Xiaomi Redmi Note 5 (whyred), AOSP Extended v6.7 build 20200310 Official, Android Pie 9.0, Rooted.

S.M.T
Posts: 15
Joined: 24 Aug 2019 12:11

Re: [german] FritzBox - Smart-Home - Steuern über http

Post by S.M.T » 29 Aug 2019 20:39

Hello Desmanto,
Desmanto wrote:
29 Aug 2019 18:43
The calculation method of the SID is presented at the end of the pdf : http://avm.de/fileadmin/user_upload/Glo ... ion_ID.pdf
There are two version of the calculation, for 4.74 and 5.50 above. Which OS version do you use?
I have the FritzBox 7490 with the OS version 7.12
Desmanto wrote:
29 Aug 2019 18:43
If you are using 5.50 above, you can try to use http request to http://fritz.box/login_sid.lua
It should return xml file, which you can check the result in {response}. Add debug condition dialog after the http request to check it.
We need the node "Challenge", to calculate the SID, combined with the username password.

Since I don't have FritzBox, I need to see the xml content to see how to parse the "Challenge" node. The rest of the calculation can be done using the document
return xml file:

Code: Select all

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<SessionInfo>
<SID>0000000000000000</SID>
<Challenge>fd1003f2</Challenge>
<BlockTime>0</BlockTime>
<Rights/>
</SessionInfo>
Greetings Sebastian

User avatar
Desmanto
Posts: 2709
Joined: 21 Jul 2017 17:50

Re: [german] FritzBox - Smart-Home - Steuern über http

Post by Desmanto » 30 Aug 2019 17:54

I miss your link for the document explaning the calculation in English.

Base on your result, you should first use action HTTP request to http://fritz.box/login_sid.lua,
This will give your response in xml, which has the challenge node. Use script after http request

Code: Select all

username = "test";
password = "test123";

challenge = findAll(response, "<Challenge>(.*)</Challenge>", true)[0][1];
chapass = challenge + "-" + hash(challenge + "-" + password, "UTF-16LE", "MD5");

url = "http://fritz.box/login_sid.lua?username={username}&response={chapass}"
This will combine the challenge code you got with the password, calculate the md5 and combined back to the challenge. Then create the url with the challenge response.
Change the username password to yours.

After this, use HTTP request again, with the url is {url}. This will result in valid SID you can use later. Use script to get the SID.

Code: Select all

sid = findAll(response, "<SID>(.*)</SID>", true)[0][1];

command = "http://fritz.box/webservices/homeautoswitch.lua?ain=123456789012&switchcmd=setswitchon&sid=";
commandurl = command + sid;
use the {commandurl} to set the device on.

You have to try this, and if you get error, use debug dialog to see the error.
Index of Automagic useful thread List of my other useful posts (and others')
Xiaomi Redmi Note 5 (whyred), AOSP Extended v6.7 build 20200310 Official, Android Pie 9.0, Rooted.

S.M.T
Posts: 15
Joined: 24 Aug 2019 12:11

Re: [german] FritzBox - Smart-Home - Steuern über http

Post by S.M.T » 31 Aug 2019 20:49

Desmanto wrote:
30 Aug 2019 17:54
I miss your link for the document explaning the calculation in English.
Sorry, unfortunately I have not found a link to the document in English.

Thank you so much.
Now I can turn my Smart Home socket to switch on and off.

The password did not work immediately. A user password does not work. It must be the main password.
Greetings Sebastian

--------------------------------------------------------------------------
Ich danke dir sehr.
Jetzt kann ich meine Smart Home-Steckdose ein- und ausschalten.

Das Passwort hat nicht sofort funktioniert. Ein Benutzerpasswort funktioniert nicht. Es muss das Hauptpasswort sein.
Gruß Sebastian
Attachments
fritzbox_steckdose.jpg
fritzbox_steckdose.jpg (66 KiB) Viewed 35274 times

User avatar
Desmanto
Posts: 2709
Joined: 21 Jul 2017 17:50

Re: [german] FritzBox - Smart-Home - Steuern über http

Post by Desmanto » 01 Sep 2019 13:08

Your link in the first post is already in English and I missed that. I looked around, got the German version. Further googling redirect me back to your link :D
Nice to know that it is working.

BTW, please remove your image, it is leaking your username password in the element name.
Index of Automagic useful thread List of my other useful posts (and others')
Xiaomi Redmi Note 5 (whyred), AOSP Extended v6.7 build 20200310 Official, Android Pie 9.0, Rooted.

S.M.T
Posts: 15
Joined: 24 Aug 2019 12:11

Re: [german] FritzBox - Smart-Home - Steuern über http

Post by S.M.T » 01 Sep 2019 15:02

Desmanto wrote:
01 Sep 2019 13:08
BTW, please remove your image, it is leaking your username password in the element name.
It is not the real username and password, this is just for this image.

User avatar
Desmanto
Posts: 2709
Joined: 21 Jul 2017 17:50

Re: [german] FritzBox - Smart-Home - Steuern über http

Post by Desmanto » 01 Sep 2019 16:25

S.M.T wrote:
01 Sep 2019 15:02
It is not the real username and password, this is just for this image.
Oh, then it is fine then. No problem with the image.
Index of Automagic useful thread List of my other useful posts (and others')
Xiaomi Redmi Note 5 (whyred), AOSP Extended v6.7 build 20200310 Official, Android Pie 9.0, Rooted.

Post Reply