Flash/AIR Application about infinitude HOT 10 CLOSED

I used mitmproxy with the desktop Air application to do just that, actually. Other $lifeEvents have kept me from exploring further unfortunately. Interestingly enough the app that runs on the device itsself has the option for a proxy server, so if it will trust a self-signed proxy server key, messages may be able to be intercepted and changed, allowing local control.

*which is all incredibly convoluted. Direct access to the rs485 would be ideal.

from infinitude.

I was able to get the consumer key and secret from the flash file and just starting to explore if I can authenticate to the server and at least read status data. But to your point it would not be direct communication with the device.

Can we issue commands directly to the device over the network? It feels almost like the actual device just "phones home" on a regular basis instead of receiving "push" updates from the server...which may make it hard, if possible at all, to talk directly to the device on demand.

from infinitude.

Yeah I think it does just poll the central server for everything. It may use long-polling to simulate push.
As far as I can tell there are three ways to programmatically control the stat (and yes, could be delayed)

1. rs485 (or rs232 with rapaciously, ludicrously, ridiculously priced "SAM") (getting there -- see wiki)
2. locally run simulation of carrier's service - (now have working local server)
3. write client for carrier's service (meh, I think it's best to take them out of the loop)

I extracted the SWF for the app and didn't see the oAuth secret, any hints on the path for that? Option #3 above should be relatively straightforward with working oAuth.

from infinitude.

So you have to decompile the SWF file. Sothink SWF Decompiler is a good choice. The trial version worked for me. Just navigate to the SWF file and you can expand the directory tree within the SWF.

I found what i needed in MyInfinity.swf/Action/com/carrier/net/MyInfinitySession

I am new to oauth so trying to figure that all out. I used Fiddler to see the network traffic of the app and the URLs it hits to authenticate.

I think a good first step is trying to just read the status info...

from infinitude.

Any further progress? I don't know if you noticed, but the definitions for each webservice endpoint are embedded in the swf as well. I haven't had a chance to find a decompiler that outputs the oauth keys, so I only have the consumer not secret. I'm guessing that the OAuth bit might actually be the same for all 'stats since they authenticate with user/pass on top of that.

from infinitude.

No further progress. Both work and personal life picked up a bit recently. I can email you the details for oAuth if you want (really all the ruby code I have around this) if you think that would help you. I sniffed the traffic in Firebug and have what I need to get the status of each t-stat if I can figure out the oAuth part.

from infinitude.

Great, yeah stupid realLife has impeded my recent progress as well. But
sure, send me what you have and I'll check it out.

from infinitude.

I might be missing something but I don't see an email address for you.

from infinitude.

Looks like I didn't have a public email address set on my profile. Whoops, fixed. For the record, you don't either :)

from infinitude.

I know this issue is quite old, but I would also love to get my hands on this ruby code and the secret for an iOS app I am working on. 📱 Is there any chance you could forward those old emails?

from infinitude.