Hacking a Neato Robotics BotVac Connected
-
There's good news guys. I finally figured out how the HMAC signature is calculated and now i'm able to control the neato without the mobile application, which offers all kinds of new integration options.
What can be found in
com/neatorobotics/android/activities/robot/C0645j.javais just half of the truth and i was looking at this part for way to long, i'm not sure where this part is used. maybe this would be the part where one can communicate with the neato without making use of the cloudservice. who knows ;)The actual fun starts in
com/neatorobotics/android/p040c/p042b/C0898b.javathe code reveals that there are 3 ingredients making up the HMAC signature- the robot's serial number
- the current date (as also found in the Date header)
- the http body
Together with the robot's secret key we're now able to properly sign the requests.
I've packaged this in a small ruby library https://github.com/kangguru/botvac which is
quite basic and just covers just a little more than i needed for my usecase
but i'm happy to extend this over time.Especially the part to obtain the secret key for the robot just be done via
trafic capturing, which is not the most convinent thing i can think of :)I hope this already helps some people to build new things around their robot. I've mixed the
stuff with ifttt.com and now can plan the cleaning schedule via a google calendar, which
makes it really convinent to skip single days in a given schedule, which ist kinda painful to
solve with the mobile app.happy hacking
I also figured it out some time ago. You get the robot secret key and serial number when you log in to beehive.neatocloud.com and request https://beehive.neatocloud.com/dashboard
I've written a powershell module where I exposed the entire api (as implemented in the android and iphone app), complete with login. I've yet to upload it to github but I can send it to you if you're unsure about the beehive part. -
As for replacing the cloud server, I don't think it's possible without rooting the robot. The first thing it does when it's connected to the internet is to start an HTTPS Comet session (long polling). The robot will kill the connection immediately if you try to MiTM it with a selfsigned certificate and there is no way to install new certificates on the robot. If anyone has opened the robot I'd be interested in pictures of the motherboard, especially of any pads labeled JTAG.
-
I also figured it out some time ago. You get the robot secret key and serial number when you log in to beehive.neatocloud.com and request https://beehive.neatocloud.com/dashboard
I've written a powershell module where I exposed the entire api (as implemented in the android and iphone app), complete with login. I've yet to upload it to github but I can send it to you if you're unsure about the beehive part.Also nice job! Hope to see a link soon to github so we can experiment with this to.
Thanks for the work.
-
@Ubiquitous yea, i just was too lazy about the login stuff :) but i added the stuff over the weekend, to make it more "end"-user friendly.
-
There's good news guys. I finally figured out how the HMAC signature is calculated and now i'm able to control the neato without the mobile application, which offers all kinds of new integration options.
What can be found in
com/neatorobotics/android/activities/robot/C0645j.javais just half of the truth and i was looking at this part for way to long, i'm not sure where this part is used. maybe this would be the part where one can communicate with the neato without making use of the cloudservice. who knows ;)The actual fun starts in
com/neatorobotics/android/p040c/p042b/C0898b.javathe code reveals that there are 3 ingredients making up the HMAC signature- the robot's serial number
- the current date (as also found in the Date header)
- the http body
Together with the robot's secret key we're now able to properly sign the requests.
I've packaged this in a small ruby library https://github.com/kangguru/botvac which is
quite basic and just covers just a little more than i needed for my usecase
but i'm happy to extend this over time.Especially the part to obtain the secret key for the robot just be done via
trafic capturing, which is not the most convinent thing i can think of :)I hope this already helps some people to build new things around their robot. I've mixed the
stuff with ifttt.com and now can plan the cleaning schedule via a google calendar, which
makes it really convinent to skip single days in a given schedule, which ist kinda painful to
solve with the mobile app.happy hacking
@kangguru I have not done any ruby before and I'm stuck trying to use the gem. I think I've managed to install Ruby, devkit and Git (and added git.exe to path which is needed to be able to 'bundle install'). I don't see any errors, but I am unable to find any binary named botvac to run. I've run "gem env" and none of the variables seems strange.
Any suggestions? I'm on Windows 10 btw.
BR / M
-
FYI, a friend of mine has created a PHP library for the Neato cloud service -> https://github.com/tomrosenback/botvac
It is based on the work @kangguru has done.
- Tomas
-
FYI, a friend of mine has created a PHP library for the Neato cloud service -> https://github.com/tomrosenback/botvac
It is based on the work @kangguru has done.
-
The PHP API Works great for me. I have two questions though.
- The [isCharging] value in the [details] array of the State JSON is always empty, even when it is clearly charging i.e. the [charge] value changes. Any Idea why?
- Whenever I call the pause cleaning, and then return to base, the robot will go back to its base, but it will not dock with it, is there any particular reason for this? and is there a way to have it return to the dock, and actually dock and charge with out just letting run through the entire cleaning cycle?
-
The PHP API Works great for me. I have two questions though.
- The [isCharging] value in the [details] array of the State JSON is always empty, even when it is clearly charging i.e. the [charge] value changes. Any Idea why?
- Whenever I call the pause cleaning, and then return to base, the robot will go back to its base, but it will not dock with it, is there any particular reason for this? and is there a way to have it return to the dock, and actually dock and charge with out just letting run through the entire cleaning cycle?
@Jonathan8301
You know, I've had that happen once or twice before I even found this page, but when I just tried it out, my botvac did dock properly.I just wish there were some way to get at the lower level sensor readings through this, I'd love to be able to see the 'map' that it builds when it cleans....
-
As for replacing the cloud server, I don't think it's possible without rooting the robot. The first thing it does when it's connected to the internet is to start an HTTPS Comet session (long polling). The robot will kill the connection immediately if you try to MiTM it with a selfsigned certificate and there is no way to install new certificates on the robot. If anyone has opened the robot I'd be interested in pictures of the motherboard, especially of any pads labeled JTAG.
@Ubiquitous
I have plans to open up my D80 the day that the warrantee is up, not sure if that will or won't help you any... -
Hmm it almost sounds like the Botvac could go for a firmware update, unfortunately it looks like Neato's post launch product support is severely lacking
-
Hmm it almost sounds like the Botvac could go for a firmware update, unfortunately it looks like Neato's post launch product support is severely lacking
@Jonathan8301
Funny thing is, before the connected was launched, I remember being able to find an API document and programming info for interfacing with the lower models...NOW, I can't so much as even find any page that contains a link to anything resembling an update file or api documentation... -
@RawLiquid So you are looking for this -> https://www.neatorobotics.com/resources/programmersmanual_20140305.pdf
Or something else?
- Tomas
-
@RawLiquid So you are looking for this -> https://www.neatorobotics.com/resources/programmersmanual_20140305.pdf
Or something else?
@korttoma actually, I already had that very document, and that is the one I was referring to. I might suggest keeping mentions of the exact url fairly low, It's likely an oversight that it's available still and if so, likely to be removed if they notice it. maybe use bitly to reference it instead...
I don't know what exactly changed within the company to cause such a drastic shift, but it's obvious that something changed.... -
Hello hackers!
Let me introduce myself, I am Roberto Ostinelli, Neato Robotics' Director of Cloud Services.I'm impressed with the work that you've put into integrating with our robots! Great job!
Given the interest we've seen on this and other forums, we've listened and have just released the Neato Developer Network, which might hopefully be of interest for some of you here.
You can become a developer with just your Neato account from here:
https://developers.neatorobotics.comYou will find official documentation and SDKs for JavaScript, iOS and Android (for now, we plan on expanding to other languages too!).
Simply put, as a developer you can create your own OAuth apps that interacts with Neato robots.A demo of what you can achieve with the JavaScript SDK can be seen here (just login with your Neato account when requested):
https://developers.neatorobotics.com/demo/sdk-jsPlease note that all of this is in Beta, we're a small team but are doing our best!
Cheers,
r. -
Thanks for finally acknowledging the fact that some people want to integrate their robotic vacuum cleaner with the rest of their smart home functionality.
Is your Neato Developer Network investment only targeting the new Neato Connected series and future versions or is there a communication module in the pipeline for older models like my Neato botvac 85?
- Tomas
-
Thanks for finally acknowledging the fact that some people want to integrate their robotic vacuum cleaner with the rest of their smart home functionality.
Is your Neato Developer Network investment only targeting the new Neato Connected series and future versions or is there a communication module in the pipeline for older models like my Neato botvac 85?
-
Welcome @roberto,
Thanks for making the Neato more hacker friendly. I'm sure it will boost your sales. The HA/DIY crowd and the early adopters buying robotic vacuum cleaners is coinciding.
