eufy-security-client: [Bug]: Client will be broken soon

Client version

n.a.

Node version

n.a.

Operating System type

Other

Operating system version

n.a.

Describe the bug

Currently tracking the work of https://mobile.twitter.com/Paul_Reviews, he states requests from the web portal are now encrypted. I noticed on mysecurity.eufylife.com that indeed the responses of get_hub_list, get_devs_list and get_webrtc_configuration are now encrypted. I assume this can be easily solved because the decryption takes place on the web page itself.

Just a heads up as everyone (re-)starting the client will have troubles.

To reproduce

Logon to eufy webportal.

Screenshots & Logfiles

No response

Additional context

No response

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 31 (30 by maintainers)

Most upvoted comments

I have successfully carried out the decryption. Will publish it in the develop branch in a short time.

+6
bropat on Dec 12, 2022

@rubenbroman I got the decryption! Will try to make a PR with this decryption method today 😃

+2
martijnpoppen on Dec 11, 2022

I’m loving the reverse engineering going on here 😄 Great work, guys! So this means the RTSP streams are finally encrypted?

Also, funny how you, as a Dutch person, get a streaming URL from a USA server.

+1
Palmke on Dec 13, 2022

@martijnpoppen

Checkout this commit.

I still have to “convert” the other endpoints. In the meantime, you can find the concept of the new communication in the commit. I think it won’t be much different with the Web API 😉 Unfortunately I don’t have more time today, but I’m sure it will help you 😉

Note on the side: I think the change from Eufy is not bad (more safety is always good). I think this change was already planned for a while, because the server public key has already been available for a few months for the login of the Eufy app and was only rolled out faster due to the media “problem” 😉

+1
bropat on Dec 12, 2022

Next time i just wait until you fix it haha 👍🏼

+1
martijnpoppen on Dec 12, 2022

@bropat do you know if theres also a start_stream call in the APK? Or is this webAPI only?

Looks like some AES encrypted response. But it’s hard to find a decryption method for this.

FYI @Palmke

+1
martijnpoppen on Dec 9, 2022
Read more comments on GitHub
← eufy-security-client: [Bug]: bricked SoloCam S220 by setting video recording quality
eufy-security-client: [Bug]: guard mode changes crash the client →