Detailed explanation of reverse posture of Google Nest smart devices

Source: Internet
Author: User

Detailed explanation of reverse posture of Google Nest smart devices

Today, the concept of Iot is very popular, but the real innovation is not as much as you think. The so-called "smart" cameras, door locks, and lights are nothing new.However, some vendors in the IOT field are still amazing. For example, Nest Lab has become one of the most famous brands in the IOT field after its acquisition by Google.

?? Protonet regards having and being able to access personal data as one of its core values. Although we are very respectful of Google's technology, we are very skeptical that its smart home products can only be accessed through the cloud.

??

 

Google Nest camera

Only access through cloud

One of the major features of Nest's products is that they are all Web-only products. The only way to obtain Nest camera or thermostat data is through the Nests cloud. The Nest camera and Nest thermostat may run any service on any port, which we cannot know. This will bring about two problems:

Without a network, you cannot operate the camera or change the thermostat settings. All the data on the device will be continuously sent to Google, unless the device is disconnected from the network.

All configured controls can be accessed through Web browser applications or mobile apps. I chose to use the mobile app to learn how to obtain private data. Obviously, we need to build a VPN, create a fake SSL Certificate, and use the packet capture tool to monitor all HTTPS traffic.

 

 

Nest thermostat

Reverse Flow

1. Nest camera

The login process looks very direct. The application will send a JSON object to the server, including the email and plaintext password, and then receive a session cookie.

POST /session HTTP/1.1Content-Type: application/json;charset=UTF-8User-Agent: Nest/[redacted] (Android; Obsidian) [redacted]Host: home.nest.com/.../{"password":"foo", "email":"bar"}

The application then uses cookies to create a session with the dropcam server. The API provides several endpoints, such as capturing the list of cameras and their massive data, as follows:

{ "talkback_stream_host": "stream-delta.dropcam.com:443", "is_streaming_enabled": true, "last_connected_time": redacted, "direct_nexustalk_host": "redacted", "timezone": "redacted", "id": redacted, "live_stream_host": "redacted", "description": "",...

Click the link to view the complete code

With another endpoint, we can also get the information list for a period of time, that is, the time point at which the motion sensor is triggered, and the endpoint can cut the current image into jpeg. At the end of this article, we will have detailed Go code.

2. Nest thermostat

We now pin our hopes for integration with other Iot devices on the thermostat. After sending user, building, and device information to the server, we will receive a series of information about the thermostat, but there is no current temperature.

{  "alt_heat_delivery": "forced-air",  "alt_heat_source": "gas",  "alt_heat_x2_delivery": "forced-air",  "alt_heat_x2_source": "gas",  "auto_away_enable": true,  "auto_away_reset": false,  "auto_dehum_enabled": false,  "auto_dehum_state": false,  "aux_heat_delivery": "forced-air",  "aux_heat_source": "electric",...

Click to view all code

Go code for accessing Nest thermostat

The following is a sample of the complete Code. The Code functions include logon, download, screenshot, and thermostat information:

package main import (        "bytes"        "encoding/json"        "errors"        "fmt"        flags "github.com/jessevdk/go-flags"        "io"        "io/ioutil"        "net/http"        "os"...

View complete code

The Nest device is outstanding in hardware engineering, but building a wall around the user's own data is still a suspicious action at the software level. Since it is my personal data, it should allow me to access it easily through open APIs, and I should be able to access it without any tricks. Nest promised to introduce a new API in the news announcement, and its reference document already exists. However, this API is much more restrictive than the internal API in the Nest mobile app. We still hope Nest can make its products more open.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.