-
|
Hello, I'm trying to retrieve token from login endpoint but I get "Account or password mismatch"
Should I ask Mammotion an API access or anything else ? As mentionned in the WiKi I send plain text username and password. Should those be encrypted ? Would be happy to contribute to the project. Thank you. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Yeah that won't work, also no Mammotion will not grant you API access. Two things here, a token from mammotions servers will grant you access to your data stored on mammotion servers, not Luba or MQTT. If you want to help, familarise yourself with frida, because the securtity behaviour for alibaba's servers is not straightforward. I need to update the documentation but have been very busy with a large release at work. In simple terms a unique key is generated from the android keystore, which is submitted to aliyun (read alibaba) servers, which returns a new token of some sort, which is then used to generate a security key which signs the requests sent. This part is the unknown and will be difficult to work out unless your very clever. I do not class myself as a security expert, but have made some inroads here, I need a bit more time to dig around. |
Beta Was this translation helpful? Give feedback.
-
|
I've updated the documentation for the mammotion login for getting a token which includes code samples from the app for the AES encryption. Would love a PR updating the login code to do the AES encryption portion. also plaintext does work too, just re-tested see LubaHTTP.login |
Beta Was this translation helpful? Give feedback.
I've updated the documentation for the mammotion login for getting a token which includes code samples from the app for the AES encryption.
Would love a PR updating the login code to do the AES encryption portion.
also plaintext does work too, just re-tested see LubaHTTP.login