This is a very, very beta interface for Bosch-Siemens Home Connect devices through their local network connection. Unlike most IoT devices that have a reputation for very bad security, BSG seem to have done a decent job of designing their system, especially since they allow a no-cloud local control configuration. The protocols seem sound, use well tested cryptographic libraries (TLS PSK with modern ciphres) or well understood primitives (AES-CBC with HMAC), and should prevent most any random attacker on your network from being able to take over your appliances to mine cryptocurrency.
WARNING: This tool not ready for prime time and is still beta!
pip3 -r requirements.txt
Install the Python dependencies; the sslpsk one is a little weird
and we might need to revisit it later.
hc-login $USERNAME $PASSWORD > config.json
The hc-login script perfoms the OAuth process to login to your
Home Connect account with your usename and password. It
receives a bearer token that can then be used to retrieves
a list of all the connected devices, their authentication
and encryption keys, and XML files that describe all of the
features and options.
This only needs to be done once or when you add new devices; the resulting configuration JSON file should be sufficient to connect to the devices on your local network, assuming that your mDNS or DNS server resolves the names correctly.
hc2mqtt config.json
This tool will establish websockets to the local devices and transform their messages into MQTT JSON messages. The exact format is likely to change; it is currently a thin translation layer over the XML retrieved from cloud servers during the initial configuration.
The dishwasher has a local HTTPS port open, although attempting to connect to
the HTTPS port with curl results in a cryptic protocol error
due to the non-standard cipher selection, ECDHE-PSK-CHACHA20-POLY1305.
PSK also requires that both sides agree on a symetric key,
so a special hacked version of sslpsk is used to establish the
connection and then hand control to the Python websock-client
library.
Example message published to homeconnect/dishwasher:
The clothes washer has a local HTTP port that also responds to websocket
traffic, although the contents of the frames are AES-CBC encrypted with a key
derived from HMAC(PSK,"ENC") and authenticated with SHA256-HMAC using another
key derived from HMAC(PSK,"MAC"). The encrypted messages are send as
binary data over the websocket (type 0x82).
Example message published to homeconnect/washer:
{
'BackendConnected': False,
'CustomerEnergyManagerPaired': False,
'CustomerServiceConnectionAllowed': False,
'DoorState': 'Open',
'FlexStart': 'Disabled',
'LocalControlActive': False,
'OperationState': 'Ready',
'RemoteControlActive': True,
'RemoteControlStartAllowed': False,
'WiFiSignalStrength': -50,
'LoadInformation': 0,
'AquaStopOccured': 'Off',
'CustomerServiceRequest': 'Off',
'LowWaterPressure': 'Off',
'ProgramFinished': 'Off',
'SoftwareUpdateAvailable': 'Off',
'WaterLevelTooHigh': 'Off',
'DoorNotLockable': 'Off',
'DoorNotUnlockable': 'Off',
'DoorOpen': 'Off',
'FatalErrorOccured': 'Off',
'FoamDetection': 'Off',
'DrumCleanReminder': 'Off',
'PumpError': 'Off',
'ReleaseRinseHoldPending': 'Off',
'EnergyForecast': 20,
'EstimatedTotalProgramTime': 13680,
'FinishInRelative': 13680,
'FlexFinishInRelative': 0,
'ProgramProgress': 0,
'RemainingProgramTime': 13680,
'RemainingProgramTimeIsEstimated': True,
'WaterForecast': 40,
'LoadRecommendation': 10000,
'ProcessPhase': 4,
'ReferToProgram': 0,
'LessIroning': False,
'Prewash': False,
'RinseHold': False,
'RinsePlus': 0,
'SilentWash': False,
'Soak': False,
'SpeedPerfect': False,
'SpinSpeed': 160,
'Stains': 0,
'Temperature': 254,
'WaterPlus': False,
'AllowBackendConnection': False,
'AllowEnergyManagement': False,
'AllowFlexStart': False,
'ChildLock': False,
'Language': 'En',
'PowerState': 'On',
'EndSignalVolume': 'Medium',
'KeySignalVolume': 'Loud',
'EnableDrumCleanReminder': True,
'ActiveProgram': 0,
'SelectedProgram': 28718
}
Example message published to homeconnect/coffeemaker:
Whereas the reading of de status is very beta, this is very very alpha. There is some basic error handling, but don't expect that everything will work.
In your config file you can find items that contain readWrite or writeOnly, some of them contain values so you know what to provide, ie:
"539": {
"name": "BSH.Common.Setting.PowerState",
"access": "readWrite",
"available": "true",
"refCID": "03",
"refDID": "80",
"values": {
"2": "On",
"3": "Standby"
}
},With this information you can build the JSON object you can send over mqtt to change the power state
Topic: homeconnect/[devicename]/set, ie homeconnect/coffeemaker/set
Payload:
{"uid":539,"value":2}As for now, the results will be displayed by the script only, there is no response to an mqtt topic.
There are properties that do not require predefined values, debugging is required to see what is needed. Here are some of those values found through debugging:
Set the time:
{"uid":520,"value":"2023-07-07T15:01:21"}Synchronize with time server, false is disabled
{"uid":547,"value":false}Moved to README-frida.md
For integration with Home Assistant, the following MQTT sensor can be used to create a read only sensor
- unique_id: "coffee_machine"
name: "Coffee Machine"
state_topic: "homeconnect/coffeemaker/state"
value_template: "{{ value_json.PowerState }}"
json_attributes_topic: "homeconnect/coffeemaker/state"
json_attributes_template: "{{ value_json | tojson }}"- Sometimes when the device is off, there is the error
ERROR [ip] [Errno 113] No route to host - There is a lot more information available, like the status of a program that is currently active. This needs to be integrated if possible. For now only the values that relate to the
config.jsonare published