Findings through a tcpdump

[ghost]

This is supposed to be a loose list of findings to be amended at a later time.

As discussed in #49 I was seeing repeated calls for account/_/full when the settings (presets in this case) of my three devices differed. So I hooked one of the devices back to the Bose cloud to see what it would retrieve. Before doing so I changed the cloud addresses to http and hoped for the best.

• Requests to /v1/scmudc/{device} receive an answer of HTTP 302 Found. The Request-Body is basically spying on the user (station, song, preset, and the like), thus not really needed.
• Most of the other traffic is encrypted

Next I set up an old RPi as MitMProxy with a wifi AP. Reset one of the ST20 and paired it with the new wifi.

• Appending the cacert.pem to /etc/pki/tls/certs/ca-bundle.crt makes the device trust our proxy. Server response from account/_/full is in the next post. It does seem that account_full_xml also reflects this content (as well as docs/API_Spec.md, d'uh). Yet, I had to comment out recents_xml in the generator, otherwise I would get an HTTP 400 error.
• This HTTP 400 error is raised by a call to recents_xmland/or presets_xml with an error message "invalid source". Somewhere there still is an inconsistency in the data ...
• Renaming the speaker was possible, it also showed the new name in the app. After a reboot the device showed its old name in telnet, and the new one in the app (??). The mismatch probably occured, because my phone doesn't trust the MitMProxy cert and thus didn't upload the new name. Since the app will be gone by February anyway, this doesn't matter much imho,

[ghost]

This is the coarse structure of the answer to a request to full:

<account id="xxx">
 <accountStatus>CHANGE_PASSWORD</account_status>
 <devices>
  <device deviceid="{mac address}">
   <attachedProduct product_code="SoundTouch 20 sm2">
    <components />
    <productlabel>soundtouch_20_series3</productlabel>
    <serialnumber>069...</serialnumber>
   </attachedProduct>
   <createdOn>Timestamp</createdOn>
   <firmwareVersion>Firmware version</firmwareVersion>
   <ipaddress>local ip address</ipaddress>
   <name>bla</name>
   <presets>
    <preset buttonNumber="x">
     ... the usual content for a preset, including source
    </preset>
    ... the other presets
   </presets>
   <recents>
    <recent id="xxx">
     ... the usual content for a recent, I guess
    </recent>
    ... many other recents
   </recents>
   <serialNumber>Fxxxx</serialNumber>
   <updatedOn>Timestamp</updatedOn>
  </device>
 </devices>
 ... more devices
 <mode>global</mode>
 <preferredLanguage>de</preferredLanguage>
 <sources>
  <source id="xxx" type="Audio">
   ... the usual content for sources, I guess
  </source>
  ... all configured sources
 </sources>
</account>

[ghost]

After having commented out the call for recents, I receive this exact document. Now I'm curious, when the devices actually poll it, and when they replace their own Presets.xml with this data ...