Using chat demo to talk to danfoss link

[fasmide]

Hi guys

Im trying to establish communication with my danfoss link device as you've kind enough provided danfoss prod configuration in https://github.com/trifork/secure-device-grid/blob/master/demo/mdg_config.c#L153 however activating this configuration (in mdg_unix_main.c and compiling the chat app, makes it unable to connect:

10:35 $ make
cc -o unix_main -Wall -I../../include -DMDG_DYNAMIC_LIBRARY ../mdg_unix_main.c ../mdg_chat_client.c -L. -lmdglib -lm -lpthread -lrt
echo Launching runix chat demo, dynamically linked:
Launching runix chat demo, dynamically linked:
LD_LIBRARY_PATH=.: ./unix_main
Welcome to TDG-lib chat demo.
Please provide e-mail using "/email [email protected]"
Type "/h" for list of commands. All commands start with "/"
Callback: mdguser_control_status state=connecting
Callback: mdguser_control_status state=failed
... continues to fail ... 

In trying to debug the matter I've tried to compile with -DDEBUG_TO_UDP - this however makes the demo app unable to compile:

10:36 $ make
cp -p ../../binaries/sandbox/ubuntu/libmdglib.so .
cc -o unix_main -Wall -I../../include -DMDG_DYNAMIC_LIBRARY -DDEBUG_TO_UDP ../mdg_unix_main.c ../mdg_chat_client.c -L. -lmdglib -lm -lpthread -lrt
/tmp/ccOMtjDx.o: In function `main':
mdg_unix_main.c:(.text+0xa27): undefined reference to `mdg_debug_log_target_ip'
mdg_unix_main.c:(.text+0xa2d): undefined reference to `mdg_debug_log_target_ip'
mdg_unix_main.c:(.text+0xa37): undefined reference to `mdg_debug_log_target_port'
mdg_unix_main.c:(.text+0xa41): undefined reference to `mdg_debug_log_target'
collect2: error: ld returned 1 exit status
Makefile:13: recipe for target 'unix_main' failed
make: *** [unix_main] Error 1

I've also tried to enable the debugging with the methods described in the docs (mdg_set_debug_target and mdg_enable_remote_logging) - this does however not seem to output any debug messages - and it does not seem to send any udp packets as well

Is there any way to debug this ? - is the danfoss configuration complete or is more needed to communicate with the danfoss mdg?

[mortengrouleff]

Sorry, but you are not going to be able to communicate with "Danfoss Link" using this code.
Danfoss Link uses another variant of secure device grid, which is not compatible with the client code here.

[donnib]

@fasmide did you find another solution to this ? I decompiled the Android APK file to figure out the protocol but have not dig into it enough. @mortengrouleff Any hints maybe ? ;)

[mortengrouleff]

@donnib You need to reach out to Danfoss if you want a solution.

[fasmide]

@donnib i did not, i also had a go at reverse engineering the app but the communication between the device and app is very complicated with that lua thing in the middle creating a tunnel in a tunnel (or whatever the thing does) - i did manage to enable some debugging in the app and rebuild it, reveling some pretty sane json objects being transmitted between the app and the controller so once a connection is established it should be straightforward.

I did find traces in the app of a "local mode" where the app is supposed to talk to the controller directly over lan but i dont think they never turned it on

The apk i unpacked had a compiled lua thing in it (cant remember the name of it, but it was compiled specifically for arm processors) but it also had the complete "secure-device-grid" source code in plain lua, allthough i think the lua code was an older version somehow left over by some automated build system - if the lua code is still there check it out as it has lots of hints as to how to communicate with secure-device-grid and how to make the connection to your controller

Edit: just checked, the latest apk does not have the lua source files, but you can download an older version from apkpure or similar

[toini]

@fasmide I'm looking into the traffic being transmitted by a Danfoss Devi Smart thermostat in order to communicate with the device myself. I've been able to reverse engineer it so that I know it also is using the Secure Device grid Platform for communication. However, my MITM attack on Android 6 with a mitmproxy failed since the libmdglib does not seem to respect the phone's proxy settings. I've now been analyzing the traffic with Frida, but am having a bit troubles reading the C structures being sent to the library.

Could you maybe share details on how you managed to read the JSON objects being transmitted?

[ChristianHC]

@toini The MDG library uses certificate pinning so you won't be able to MITM it. The traffic being sent is Protobuffed and you need a .proto map to decode it

[mortengrouleff]

@ChristianHC @toini The SDG library used in DeviSmart and the app is not the same as the MDG used in the Link system. One uses Nacl (https://nacl.cr.yp.to/), the other TLS. Yes, both use certificate pinning.

[toini]

@ChristianHC I've previously bypassed certificate pinning with a Frida hook (see e.g. https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/) but the same method does not seem to work with the MDG library. Do you know why is that? Anyhow, since that didn't work, I'm now trying to intercept the MDG API calls (e.g. mdg_place_call_remote(), mdg_send_to_peer(), mdg_receive_from_peer()) with Frida. I can successfully trace them, and I can e.g. read the protocol name ("dominion-1.0") but reading any sensible payload from the buffers does not work yet.

@mortengrouleff So Devi Smart uses Nacl to encrypt the messages being sent using MDG library? I don't find any traces of Nacl in the decompiled Devi Smart Java app or in the libmdglib-java.so that's in the APK.

[fasmide]

@fasmide I'm looking into the traffic being transmitted by a Danfoss Devi Smart thermostat in order to communicate with the device myself.

@toini I have never heard of these devices before so im not sure if my observations are relevant :)

Could you maybe share details on how you managed to read the JSON objects being transmitted?

@toini I pull'ed the apk off my phone and recompiled it with debug flags enabled, once this was done the app does a lot of debug logging - this can be seen with adb's logcat where it outputs the data transmitted between the app and the Danfoss link controller though the SDG(MDG?) (tunnel?)

[mortengrouleff]

@toini Perhaps I'm wrong then.

[toini]

@ChristianHC I did find mentions of protocol buffers in the apk, but those seem to only about io.tpa.tpalib which seems to be used to send UDP packages to app analytics service running at ccms-danfoss.hosted.trifork.com (the service there seems to be this one: http://theperfectapp.com).

Here's an example of such UDP packet:
.PKG=com.danfoss.devi.smartapp TAG=RESUME APP=A12214 NT=WIFI devicePeerId=18a30135e2fe0ddb24f7d3373d6e76ff39000219cdccefc17190fdb04dede25c deviceWifiSignal=-61 thermostatPeerId=faf93a8a434e9f8368cef1af6e2318cd3491c4dcb19357a374b44d88107a5f10 thermostatWifiSignal=-68 C=547 P=1805 D=1838 ERR=0

Those are easily readable. However, do you know if the MDG lib messages being sent to Secure Device Grid (those messages are the interesting part) are also being protobuffed?

[ChristianHC]

@toini In the TLS version of MDG (The one used in Danfoss Link), messages to and from the CC controller and application is protobuffed. I suggest you DM me.

[syska]

This is fun ...

securedevicegrid is owned by Trifork and Trifork actually either helped or actually created the app ... this means that they should know how it works ... but I guess they can't really tell since Danfoss is a closed #)¤&%&/#( company ... always makes me so sad ...

[Laro88]

Trifork made the whole design for Danfoss with end to end security in mind - not rest api access to anything - also meaning that “monitoring as a service” was impossible, so they got as deserved :-)
It is not the only Danfoss product that does not have any apis.
I heard that the next generation controller will have some sort of api, but the thermostats you have won’t work with it :-(

[syska]

@Laro88

At the moment I'm just looking at what's out there and actually works and what the options is ...

I need thermostats for the radiators but also floor heating ...

It's a complete jungle out there ...

People online only seem to complain when it's not working ... That goes for tado, Danfoss and All the others ... Not many have anything for floor heating.

I can live without an option to pair it it my Google home ...

Most importantly it just needs to work ... 😁

Also the very very very old Grundfos pumpe needs to be replaced ...

The more information about all the systems I find the more indoubt I get about what to buy ... But the facts that I need floor heating seems to be that Danfoss is the best even though it's a closed system 🤐

So if you have anything good information, do let me know ... 😀

[Laro88]

Danfoss has some trv’s that Can pair with something generic like a sumsung SmartThings contoller - I have both at home but i don’t have time to make the code/integration this year.
I think the very latest Danfoss floor heating controller can be controlled using an api, but I don’t know for sure.

[sestrifork]

In the near future Danfoss devices will have an API in order to build all kinds of integrations. I will let you know on this thread when it happens and invite you in.

[Laro88]

Awesome, roadmap please.
ECLs, Link and ventilation?

[syska]

In the near future Danfoss devices will have an API in order to build all kinds of integrations. I will let you know on this thread when it happens and invite you in.

Are you kidding me? For real?

This is like the best news today ... as I have actually ordered the Danfoss Link system ... just because ... well ... needed to take a decision on it. Lots of other small changes too ...

But this is AWESOME ... Please keep us updated ...

[Sonic-Amiga]

@toini Hi, if you are still reading this! I am also a DeviSmart owner; there is simply no decent alternative in my area, so i am also working on it. The app-level protocol seems to be binary. In the Java app there is a DemoClient class, which implements demo mode, and it is doing so by faking a server together with its protocol. It simply handcrafts packet contents inside, so it gives everything straight away.
Knowing this, however, does not remove the need for mdglib of course, in order to communicate with real devices.

[laviniug]

FYI I just got this working https://github.com/JonasPed/danfosslink2mqtt

It's very basic, reads all the temperatures by using bespoken.io to ask Alexa what they are. For me it gives a lot of incorrect values but it sometimes works. It's a convoluted approach but it might help get this integrated with my home assistant.

[Sonic-Amiga]

Ouch. :)
I remember some time ago i was discussing Star Wars with a colleague of mine, who is IP and patent guy, and i asked him: "don't you think it's ridiculous to have robots talking to each other in human language?" "Well, this could be done for variety of reasons, proprietary closed protocols for instance" - he said.
And science fiction is coming true again on this thread.

[laviniug]

It is indeed strange but it does work reliably if you ask the question correctly. If not, it tells you the temperature of places that have the same name as your rooms ... that was the reason for the inconsistency. Unfortunately the entire Alexa skill is not ideal, it's missing the away feature. Hopefully they'll improve it.

[Sonic-Amiga]

I've just made a breakthrough and successfully connected to Danfoss grid. The code required two modifications:

1. Use mdg_configuration_danfoss_prod
2. Remove the fake key from mdgstorage_load_license_key and just return 1 for "no key". DEVISmart app does the same.
   After this i got "connected" on Windows build.

So @mgrtrifork lied

[Hooch180]

In the near future Danfoss devices will have an API in order to build all kinds of integrations. I will let you know on this thread when it happens and invite you in.

Any news on that? I'm in the process of moving. And I'll get Danfoss system for new home only if I'll be able to add it to my home automation. Any API will be enough.

[ChristianHC]

@Hooch180 The only news is this article for now:
https://ing.dk/artikel/danfoss-skifter-teknologi-digitale-termostater-nye-gamle-enheder-kan-ikke-tale-sammen-232067#comment-955206

[syska]

@Hooch180 The only news is this article for now:
https://ing.dk/artikel/danfoss-skifter-teknologi-digitale-termostater-nye-gamle-enheder-kan-ikke-tale-sammen-232067#comment-955206

So closed protocol and system and now they just fucks us ...

Well ... If they just opens the old system I'm happen ...

[syska]

In the near future Danfoss devices will have an API in order to build all kinds of integrations. I will let you know on this thread when it happens and invite you in.

Any news on this?

[eddymhawejj]

In the near future Danfoss devices will have an API in order to build all kinds of integrations. I will let you know on this thread when it happens and invite you in.

What is the definition of near future 😅

[AlexanderBartash]

It looks like the new zigbee devices have been released https://www.danfoss.com/en/products/smart-heating/dhs/smart-heating/danfoss-ally/ But it seems that the old systems are not compatible.

Also this page says that old systems won't receive any new features from now on:

https://www.danfoss.com/en/products/smart-heating/dhs/smart-heating/danfoss-link/

For all future installations, Danfoss Ally™ is the smart heating solution we recommend. With Ally™, we move to the best-in-market IoT standard protocol Zigbee, and open up for other players in smart heating to integrate, thus creating even better solutions within the smart home category.
We continue to support the Link solution, but new development will for the above reasons take place on the Ally™ platform.

It is kind of annoying after you spend so much money on the heating system and they deprecate it after a few months.

[syska]

@AlexanderBartash

Yes, i really really really dislike Danfoss for doing this... Customer care is obviously not something they care about.

At least they could open source there stuff so we easier could integrate with it ...

Like just push an update with an API to the controller so we could connect with http ...

[AlexanderBartash]

I have reached out to Danfoss support and asked if they can open any API for Danfoss Link based on Z-Wave since they already have open API for Ally and now it does not make any sense to keep the API of the older system closed but 3 times they answered that no new development will be done for the old systems and the project has been closed. Only Danfoss Ally will be worked on. Which means I have spend 2k USD on a system which they can simply deprecate like this 6 months after the installation.

I suggest you guys do the same and annoy them to death.

[exKAjFASH]

Same here - I've spent $1800 and now started to replace to other, total cost of replacement ~$700, but control will be local, much faster and (I hope) more reliable, quite dissapointed

[AlexanderBartash]

@exKAjFASH Which system are you replacing it with? I have started to look for alternatives as well.

[exKAjFASH]

@AlexanderBartash yep - I have 4 Link FT and plan to replace with https://www.aliexpress.com/item/33025725594.html - I already ordered two, will flash them with Tasmota via this guide https://github.com/fashberg/WThermostatBeca. So they will cost ~$112 instead of $325 I've paid for 4 Link FTs.
Next are Moes TRVs https://www.aliexpress.com/item/4001065120528.html, I plan to order 1-2 for testing and then 10 items to replace Living Connect. They will cost ~$320 instead of $610 I've paid for 10 items.
To connect TRVs I have already two RPIs with CC2531 flashed usb sticks and zigbee2mqtt configured.
I have 4 Danfoss Link RS ($315) which I think are useless at all. Plan to use something from Xiaomi or similar.
And of course I have Link CC which has price tag $250. It will be replaced with 10" tablet on which I will put UI from Home Assistant. HA is installed on Intel NUC and working for more than 1 year and controls a lot of different staff. Using that tablet I plan to control heating and see overall status of temperatures inside and outside, etc.

[exKAjFASH]

Anyway I've planned to move to that as Danfoss system and my setup has next issues:

• Danfoss mobile application is very slow - it should work very fast on local connection, but it still goes to their cloud to retrieve data
• Danfoss mobile app and Link CC do not provide history of temperature so I have that Link RS's which are useless - they display current temperature but I'm unable to verify that my scheduler is correctly configured and TRVs set correct temperatures
• Link FT I'm able to increase temperature only via slow mobile app or Link CC which is quite annoying as I have to go from end of second floor to first floor and to kitchen to go thru not clear menu and set needed temperature and than go back to bathroom on second floor. I would like to have possibility to just click up/down on/off in bathroom and set it ( in HA I will be able to make it more smart - like turn off in 1h, or in 5 minutes when lights in bathroom are off, and so on - it is impossible scenarious in their Link CC or mobile app )
• Sometimes they lost connection between, I have 2 repeaters from Danfoss, but from testing 1 is more enough
• Scheduler is also quite annoying, I would like to have more smart scheduler - for ex when house is armed there should be quite low temperature, when my GPS coords are not far away from home - it should start heating, when I turn on AC then heating should be turned off in some areas, etc

[AlexanderBartash]

Thank you @exKAjFASH I agree, their mobile app looks like something created by a student. So much lost porential... I've told their support about it and even offered help but they simply did not care.

Please share later how it goes with TRVs.

[Jogge]

Related discussion on another community:

https://community.openhab.org/t/danfoss-living-connect-new-proprietary-z-wave-binding/34263

Thought this link could be useful for some of you :)

[Laro88]

I have dropped Link and switched to Ally as there were so many problems with Link (thermostat lost connection, no connection establishment when remote, no pairing to mesh wifi etc..
It set me back 500€ for a controller, 7 thermostats and some new TRVS. The upside is that the new app near instant connectivity, and a much nicer interface - same style but a lot of improvements.
Haven't looked into any api of Ally, but I do hope to find a bit of time in the holidays.

[AlexanderBartash]

@Laro88 Nice. Were you able to find any documents about their new "open API"? Knowing Danfoss I am just curious if the new API is anything useful or just a marketing without anything really useful behind it. I thought of upgrading as well but on the other hand I have already invested 2k USD and if I invest more I think it will never pay off itself because after a few years they can deprecate Ally the same way and it might be simply cheaper to pay for the heating rather then give Danfoss money every few years.

[Sonic-Amiga]

There is a leaflet at https://assets.danfoss.com/documents/DOC360157534609/DOC360157534609.pdf . Doesn't explain a whole lot, but apparently it's some web gateway.
Yes, the biggest problem of Danfoss hardware is that it's fully tied to their proprietary cloud with no way around. All the networking parameters are hardcoded in device's firmware, and should they shut down support for a product in their cloud, it would essentially become a brick. Unless you reverse engineer the hardware and write your own firmware from scratch, which might or might not be viable.
Also, when Internet access is down for whatever reason, your state-of-the-art smarthome loses those devices, despite they are in the same room.
To tell the truth i am using DeviSmart only because there was no viable alternative to buy off the shelf, at least back then. There is a russian locally-made alternative called Teploluxe, but HW quality and reliability is utter crap. :( And i haven't checked Electrolux, the third player on our market.
I tried to reach some of you by email... Please check out my repositories, you'll find interesting things there, and we may continue talking there if you want.
LinkCC is indeed quite an old product; a lot has been remade since then,

[AlexanderBartash]

Thank you @Sonic-Amiga It looks like their API is BS. It is not working :) Is this false marketing?

[Stefan71a]

Hi all,

I just follow up in this thread since I'm sitting on a now obsolete Danfoss link unit that I would like to integrate with.

I just realize that you all have focused to go via the protocol via the units, but what would happen if you connect via the standard gateways that are available for the Link - DLG/ECL 110. Then you probably have a standard serial communication protocol to work with that already communicate with the CC unit.

[Sonic-Amiga]

I went via the Wifi protocol because my hardware is DeviSmart, it's a single all-in-one floor thermostat, it just uses wifi.
I know that in Icon (and looks like in Link too) there's an internal serial bus, which most likely can be interfaced directly, but i don't own any of that hardware. A separate reverse engineering effort is necessary to make use of that.
To tell the truth i completely don't like being forcibly tied to someone's proprietary cloud, but i guess i simply don't have any other option.

[Laro88]

@AlexanderBartash
The developer.danfoss.com has Ally APIs up and running, and it works like a charm. Small hickups here and there.

[fasmide]

@sestrifork

In the near future Danfoss devices will have an API in order to build all kinds of integrations. I will let you know on this thread when it happens and invite you in.

What happened in this regard?

[Stefan71a]

@sestrifork

In the near future Danfoss devices will have an API in order to build all kinds of integrations. I will let you know on this thread when it happens and invite you in.

I assume this is only for new Ally product family and not for the older Dandoss link.

[Laro88]

There are some hardwares that has apis such as ECLs, however the link cc will most likely unsupported @fasmide