“It’s against my programming to impersonate a deity.” – C-3PO.
This post is part of a 3 part series, starting with part 1.
Now that I had determined the protocol used to communicate with the air conditioner, the remaining activity was to create a new web service to impersonate the ninja blocks one being used by the air conditioner controller.
I’ve roughly described the infrastructure changes needed to do that here. The solution was to use additional records on my local DNS server to redirect the traffic to an internal IP address, where I had a Microsoft IIS web server listening for traffic to the Actron usage URL and the Ninja Blocks data and command URLs. I was able to use ASP.NET 4.5 routing in order to route the requests to special handler classes. After that, it was a simple matter of the handler classes in the web application calling a WCF method from my home automation system to send status information to the home automation system, and to ask the home automation system if there were any queued commands that needed to be relayed to the air conditioner.
As an example, here is a snippet of the code from my UsageHandler.aspx file which deals with the Actron usage flow (as described in the previous post). The code adds some device specific HTTP headers to the response, sets the return content type, and then sends the appropriately formatted JSON response. After that, I capture the input data and send it to a syslog server.
protected void Page_Load(object sender, EventArgs e)
{
StreamReader srRequest;
string strData;
Response.AddHeader("Access-Control-Allow-Headers", "X-Requested-With");
Response.AddHeader("Access-Control-Allow-Origin", "*");
Response.ContentType = "application/json";
Response.Write("{\"status\":200,\"message\":\"Usage tracked\",\"value\":null}");
srRequest = new StreamReader(Request.InputStream);
strData = srRequest.ReadToEnd();
Utility.SendSyslog("UsageHandler() " + strData);
}
The overall project was a lot of fun, and ultimately very successful. My home automation system now has full control over the air conditioner. Whilst I’ve still got the ability to control it from the phone (using my interface), having the computer also able to control it opened it up to a whole new world of possibilities.
I am going to be contacting Actron to see if I can discuss any of these points. Interestingly enough, within a day of writing the first post I could see that my post was being read by Dialogix, a site used by companies to monitor what people are saying about their products. I can only assume that was on behalf of Actron and not a competitor.
The key suggestions for product improvement are:
- Either expose an API on the controller itself (preferably), or provide guidance on how to exploit the API of the cloud web service. Given Actron are using the Ninja Blocks web service which does have an API – it would be nice if they could inform people of that when they ring up and ask “how do I use an API to influence the air conditioner.” Simply saying “no, it can’t be done” when it clearly can be is not helpful. Whilst Actron don’t want to get into a position of providing support to people experimenting with an API outside of their control, they can still pass on information about the service for people to investigate themselves.
- Be aware of what data your organisation is collecting. I’m not sure if legally the excuse of “I didn’t know we were capturing that” works these days. Additionally, the damage to a company’s reputation when they are found to have been collecting information they shouldn’t have can be quite high.
- If you are sending information that should be protected, protect it with encryption. Whilst I understand that means additional development effort to ensure that the device can support something like SSL/TLS, it has become significantly cheaper these days to add that functionality to a custom built hardware device.
Just one further comment on that last point. Yes, it’s just an air conditioner. However. Now that I know that the air conditioner is not using HTTPS to talk to the cloud service, that means it’s also not validating the certificate (because there isn’t one). The certificate validation would allow for the air conditioner to confirm that the cloud web service sending it commands is the legitimate one. If someone were to attack this, they would basically be looking to compromise DNS and provide their own web service instead (as I did locally). Given there is no authentication between the air conditioner controller and the cloud web service, if someone were to impersonate the real cloud web service every single customer with an ActronConnect could have their air conditioner remotely controlled. Whilst I understand that’s not overly exciting, there’s a couple of points to remember.
The first point is that whilst the rogue cloud service is impersonating the real cloud service, the customer can not prevent their air conditioner being controlled from the rogue service without dropping their internet connection or turning the power off to the air conditioner. The rogue service could simply send out a constant message that says ‘run the air conditioner at its max temperature on heating’. If you couldn’t turn that off, it might be a bit annoying not to mention dangerous. The second point is that we’re going to see companies like Actron producing more and more internet enabled devices – see Internet of Things. If they continue to operate in this manner, we are going to have a lot of internet enabled devices that can be thoroughly compromised – we’ve already seen web sites popping up that expose people that haven’t secured their IP home cameras. Having someone take control over your air conditioner, alarm, front door (we’re starting to see locks become computer controlled as well) and internal camera is quite scary.
~ Mike
Hopefully Helpful Hints // Mike J McGuire 
Hi,
Is your code publicly available? Are you able to share a github repo?
Thanks.
Howdy, generally not I’m afraid.
Hi Mike, lot’s of great information here. I too would like to get a look at your code. Any chance of that?
Thanks for another informative web site. Where else may just I am getting that type of information written in such a perfect manner?
I have a project that I am just now operating on, and I
have been on the glance out for such info.
Hi Mike, I’m interested in your integration of the Actron unit with home automation. Would you be able to provide an integration for my unit (plugin) to the Fibaro system? If so how much would this cost?
Hi, I too fell for the wireless but it had an ethernet port, .. I too tried ( must admit my skillz are very poor ) to get something to use with my Fibaro system. I too must admit to being very annoyed with Actron and their very poor attempt at something that was quite expensive. I’d assumed also that I could intercept a few calls and then just bounce them through my HA system, I’ve pretty much given up now, I thought I’d wait and see if they come out with a V2 .. as it is I need to run the actron connect on a guest wifi to separate it from the lan or it wouldn’t connect, but even so it is so unresponsive it’s not worth using. Which HA do you use Mike ?
It seems only Mike has the answers to automating the Fibaro A/C. I’ve contacted nearly everybody in regard to this and no one can help. I would be more than happy to pay for a solution.
I require only local access control of the system.
Mike, since you did this a while ago, have you seen any change in this? What about Actron, did they reach out to you like you mentioned?
If you had to do it all again, would you have done it differently?
Howdy – no they haven’t – not a surprise though.
I would do it this way again – given the constraints of how the system works, I’ve no choice but to emulate the management server.
Cheers
Hi Mike, I am having a lot of trouble using and connecting to the Actron Wireless Control unit. Can you assist in any way Please ?
Howdy, what problem are you having? Is the phone unable to join the wifi network being exposed by the Actron?
Hi Mike,
Was there any particular formatting or encoding trick you found with returning commands to the air conditioner? I’ve set up a similar system using Python and Flask, and my web UI is able to harvest data from the AC and display it correctly, but sending commands to the unit is proving to be difficult. I’m running out of ideas (packet captures of the commands flow during normal cloud operation are almost identical to packet captures of the commands flow from my app) and would appreciate any insight you may have!
How are you trying to send commands back? Are you trying to push commands to it?
Huh, I got an email about “Frustrated”‘s comment below, but not your reply! Cheers for responding 🙂 I managed to get everything working (details below for anyone else who may find them helpful).
My system is pretty much a re-implementation of the one you’ve described here. I have my own DNS server running locally that redirects the air conditioner’s requests to Actron’s cloud to a Flask application running on my LAN. I keep a queue of commands stored in Redis, and whenever the air conditioner sends a GET request to the commands endpoint, my server pops the oldest command from the Redis queue, formats it and returns it.
The issue I was having is that I was formatting my returned commands as JSON, but the air conditioner wasn’t doing anything with them. To troubleshoot, I made my responses have the exact same appearance (order of keys and values, lack of spaces between anything) as the packets I had from my packet capture. I hadn’t done this originally because JSON isn’t supposed to care about order, and the spaces should have been legal. It still didn’t work, so I went back and realised that every response from the cloud service started with two characters, and these characters are actually the size of the command JSON in hexadecimal. Once I implemented that, the air conditioner started responding to my commands. It was a little unreliable at first, so I changed my code to send each command to the air conditioner twice, and now it works quite well.
I have just discovered flask and I am using it to control my pool heating system. Are you able to provide your solution on GitHub or similar? Are you using a Raspberry Pi out of interest as well?
Hi Gavin/Chris, I’m also looking to use a Raspberry with my Actron Connect to integrate with my HA system based on Indigo Domo.
Gavin, did you make any inroads with Python & Flask?
Chris, would you be willing to share your work? It would be great to not have to start from scratch.
P.S Awesome work Mark. Very informative.
Hi Gavin/Chris, I’m also looking to use a Raspberry with my Actron Connect to integrate with my HA system based on Indigo Domo.
Gavin, did you make any inroads with Python & Flask?
Chris, would you be willing to share your work? It would be great to not have to start from scratch.
P.S Awesome work Mike. Very informative.
This module and app really is terrible, shame cause the AC itself is brilliant. The webserver on the module is literally plain text json commands on port 80 called Aconnect. I’m having issues connecting to it from my phone once the module is connected to my SSID. The app goes through it’s process and says it’s encrypting and connected but when I reconnect back to my SSID it can’t find the air conditioner. Did you have this problem? I get “Server link needs activation” from the webpage.
Didn’t have this problem, so I can’t offer any help I’m afraid. Pretty shoddy if it won’t even connect to your WiFi, might be worth contacting Actron’s support or trying for a replacement unit or something.
Is it possible to control the Actron device over the internet, as it is now, but with a third party app using LUA? Can you simply POST/PUT commands through the Ninja server? Any help would be appreciated.
I fixed it. Firewall was blocking access to actron ninja server web requests/domains/servers. It’s all working now on a separate SSID 🙂
@Adrian: I haven’t looked at the communications between the phone app / mobile site, so I’m afraid I don’t know how easy it would be to get the Ninja backend to accept commands sent from an app or site you build yourself. I’m not sure if the web interface uses https like the iOS app apparently does. If it doesn’t, you could try monitoring network traffic as you log in and send commands through it using Chrome’s developer tools or an equivalent. If you want to try to reverse engineer anything that’s using https then I guess the best way to approach that would be to set up something like mitmproxy and (temporarily!) install a certificate on your computer or phone so that you can examine everything that way.
Thanks Mike,
Got it working using Google Chrome to inspect – You can send HTTP requests through NINJA backend.
Hi Adrian, can you provide more details please (LUA code). I have the same setup and want to integrate with Fibaro.
guys, can you help to share the code here.. it would be very helpful to us like technical savvy but doesnt know about coding. ‘Me myself a network and system engineer and i just built my new home with vera zwave home automation.
You can see my code at the following forum.. happy to send my code if u PM me.
https://forum.fibaro.com/index.php?/topic/21650-rest-api/
Hi Adrian. I am trying to do something similar but through OpenHAB. I am completely out of my depth and was hoping to impose on some assistance.
Hi Adrian, im doing the same for my actron ultima 8 zone, want it hooked up to the fibaro HC2, can i get your code so i can start?
So, looks like Ninjablocks went bust a few years ago in 2015, and I see that actron.ninja.is just fell off the Internet due to ninja.is not being renewed. That means as of today no-ones ActronConnect app will work, and seems unlikely they can bring it back to life without a firmware update on the module unless they do something clever.
I had automation setup via the rest API, but looks like I’ll be converting to this method unless I can convince Actron to release the firmware. Thanks for writing it up.
Darren, was just reading your post and watching my router continually fail to resolve actron.ninja.is tonight.
At ~9pm it looks like someones worked some magic and this now resolves to 23.21.83.212.
App seems to be working again.
Mike – would be great to obtain this code or a little more info, hoping to set-up an internal webserver (RPi or similar) that me and wife can access instead of relying on Actron and their providers.
Brett, ah, excellent looks someone is still around at NinjaBlocks, domain looks like it was just renewed for another year.
I have been able to integrate the Actron into my home automation system using Openhab. I can send commands to the web server and almost completely control the air conditioner. The icing on the cake was being able to partially implement voice commands via Apple HomeKit. The next step is to remove reliance on the web server because as has been pointed out, that could be gone tomorrow, leaving us with a worthless module attached to the unit.
I would love to learn how to move the web server and host it locally. While I was able to learn from others work to implement the coding necessary to communicate with the air conditioner via the web server, there is precious little out there for this next step.
I am currently running Openhab on a raspberry Pi and think I could host a web server on it but I just don’t know how to work out what code to use or how to get it on there.
Just putting a little cry out for help to anyone who can give some guidance.
I haven’t done any work on this but you should be able to redirect the web request from your router to your own web server. You obviously know what to send but have you sniffed what the web server sends back? If you can find that out I would think it shouldn’t be too hard to emulate the server?
Hi Lucas, I am looking to do exactly the same, integrating the Action into home automation through home bridge running on raspberry pi and controlling it through siri. Can you please guide me on how to do this? I would be really appreciate if you could help.
Have you documented your steps on integrating with homekit? I’m on the fence of upgrading my system with the wireless module + zoning every bedroom so that I can control each room’s tempurature better via homekit + a temperature sensor like eve degree.
Ive managed to set mine up to use with google home (any android device really) using IFTTT webhooks to send the json commands to the actron servers. “ok google, turn the air on” / “turn on zone 3” sends the json command to the ninja blocks server and almost instantly turns my actron on/opens zones.
Not home automation as such but useful if your sitting on the lounge and want to ask google to ‘turn the air on’. Will also try extending the use of IFTTT alongside apilio to create some added ‘rules’… eg. if after 3pm and temperature is >X, then open the bedroom zones to cool that end of the house automatically to get ready for sleeping.
Cheers
Nice, any chance you could share details on how you did this with IFTTT? I had looked at doing the same but haven’t found the time to tackle it.
I’m guessing you had to hardcode your auth details into the webhook?
sorry, I tried but I think because my latest post contains code that it needs to be authorised by Mike. If you have another way I can share it let me know
Yeah sure –
Locate your key:
I used Chrome inspect tool. (crtl shft i) . In the top menu bar, go over to ‘Network’. Navigate your browser to https://actronair.com.au/aconnect/#/Control and then click on the power button to start your A/C. Have a look at what data flows through. Look at the last item and it should look something like this – (I removed my actual key details):
https://actron.ninja.is/rest/v0/device/ACONNECTXXXXX_your_info_XXXXXXXX?
IFTTT:
Create new applet, “if this” comes from a google assistant – setup what ever trigger sentence you want. The “then this” type in webhooks to bring up the webhooks service.
Webhooks setup:
URL: https://actron.ninja.is/rest/v0/device/ACONNECTXXXXX_your_info_XXXXXXXX?user_access_token=xxxxxxxxxxxxxxxxxxx_your token_xxxxxxxxxxxxxxxx
Method: PUT
Content type: application/JSON
Body: { “DA”:{“amOn”:true} }
“ok google….*your trigger sentence*” and the webhook should now communicate with the servers.
Above applet will only tell your unit to power up, whatever temp/zones you had previously will remain. Add/create a new applet changing the Body section of the webhook if you want to control more. eg.. { “DA”:[0,0,1,1,0,0,0,0] } will open zones 3 and 4 for my system.
Cheers
Can your code/info be shared on IFTTT? Post on a forum?
Just put it on https://pastebin.com/ and drop a link here?
Here you go, let me know how you guys go
https://pastebin.com/SCaiCj4Z
Hey GB, I’m trying and cant seem to get IFTTT to work with actron… is yours still behaving?
Does anyone have the code that mimics the cloud so you can take full control of the module and all the traffic is local?
I’ve posted here before. I have been able to control the unit via the cloud service but just cannot get it to work locally. On a Ubuntu machine I have tried to set up a redirection to a local IP running an nginx server via dnsmasq with a flask application serving up the JSON commands as was previously posted here. Unfortunately I just don’t have the coding knowledge to get it to work. Any help would be most appreciated if anyone is reading who got it to work
Hey Lucas, it’s been a while since I last touched my Actron project but I may be able to offer some tips. There are many layers that can have issues, but you can step through them methodically. For example, let’s start with DNS:
– Are you sure that dnsmasq is working correctly to direct the Actron unit to your Ubuntu machine? You can check this by looking at your NGINX access log to see if there are requests from the IP used by the Actron module.
– If you don’t see requests there, check into the dnsmasq logs to see if it’s serving the queries posted by your Actron (I’m just assuming dnsmasq can do this, my DNS is implemented via BIND. You may need to set a config option to enable it.
– If the logs show it’s responding to the Actron but returning the wrong IP, you have a config issue. You can test it by using a command like dig to query your dnsmasq server until it returns the correct response.
– If the logs show nothing from the Actron at all, you may need to attempt to packet capture via Wireshark or tcpdump, to see what the Actron is doing. Here’s an issue I ran into: You know how you generally set two DNS servers in your router / DHCP config? That’s so if one goes down the other will be queried. Sometimes the Raspberry Pi I was running all this on would go down, and the Actron would fail over to querying 8.8.8.8, because that’s the fallback for all devices on my WiFi. Once it failed over, it would keep using 8.8.8.8 for a fairly long time, so my DNS-based redirection was no longer being applied.
Let me know what issues you’re seeing, and I may be able to offer some help (no promises, of course).
Hi Chris
Thank you so much for the advice
I’ve checked the NGINX logs and I don’t see that dnsmasq is passing the actron requests, even though when I curl actron.ninja.is it is captured and my app replies with my json code. I couldn’t get dnsmasq to post logs whilst running as a service but ran it manually and kept an eye on the output – at no time could I see the IP address of the actron unit appearing anywhere at all.
I’ll do some more homework and see what I can turn up. Maybe another packet capture as you suggested. I might also try BIND – dnsmasq has been a headache
Do you have any other ideas?
Hi Chris
What was your observation of the frequency of the GET requests? I have noticed that they are coming through only every minute or two, rather than around every 2 seconds as Mike has stated and the commands bank up in the queue. This makes the system less responsive than via the cloud service.
Lucas,
Afraid I don’t really recall a specific frequency, but I do remember seeing it change – sometimes it polled frequently, other times not so much. I think Mike himself observed this as well, he mentioned “a weird version of slow/long polling” back in his Part 2 blog post.
someone should seriously write a Home Assistant component for this …
In the works…
Home Assistant add-on is currently being tested!
That’s very exciting and thanks for revisiting the Actron project Mike
Will the add-on serve to replace or utilise the cloud service?
Hi Mike
A home assistant add-on for Actron Connect would be amazing! Thanks for working on this.
Craig
Here you go chaps. It replaces the cloud service (you can switch back though if you uninstall the add-on).
https://blog.mikejmcguire.com/2018/12/19/actronconnect-and-home-assistant/
That’s really great Mike. I run OpenHAB so I will see how I can use what you have done to improve my code (in python).
I found my router didn’t have the option of changing the dns entries directly (maybe it is too budget) so I had to use DNSmasq which was a real pain to set up. The actron seems to ignore the redirection and when it does pay attention to it, it doesn’t last long. I wonder if other people might have a similar problem.
Finally when I did get everything working, there seemed to be a ridiculously long time (up to a minute or more) in between GET commands, which kind of defeated the purpose. I’m wondered whether this was due to the http headers not being correctly set and I might use your code to revisit this
I think it’s really exciting that people are still interested in this years after your original blog post and hopefully this gives me another push to revisit my project
Finally finally, is the other fan speed commands missing from the code in github?
Thanks again for your work on this
Howdy, usually when there is a long time between GET commands, the ActronConnect module is unhappy with something. Sometimes a reboot helps, or there may actually be a problem with the web server responding to the module. I’ve seen that during development, normally when the module wasn’t getting answers to the GET promptly and consistently.
Fan speed is definitely in there. The Service.MQTTProcessor() function handles it.
Hallelujah! Thanks for making the addon. Now I can buy the ActronConnect module.
Maybe in the future this can be integrated with Hass.io natively.
Thanks again!
Done 🙂
Thanks Mike – it looks like you’ve implemented a huge amount of functionality in HA. I’m keen to test this out. I’ve got Home Assistant running on a RPi under Raspbian Lite. Do you know if your add-on can be installed in a Home Assistant virtual environment install? I can’t find any info on doing this in their docs. I had Hass.io installed on the RPi previously but changed to python virtual environment so I could install other services on the RPi. It looks like rerouting DNS on my router should be straightforward. Thanks again, Craig
Howdy, you can use hass.io on both a linux VM or a raspberry pi. It’s discussed on the hass.io installation page – it has instructions for a standard linux install. That’s what I’m using. If you weren’t using hass.io, you’d be able to strip the code out of the add-on and run it manually as a dotnet application or docker container.
Hi Mike, is it possible to just change the “enabled” status of only one zone, instead to sending all 8 everytime, like:
“DA”:{“enabledZones”:[1,0,0,0,0,0,0,0] }}
I am just working simple from IFTTT with Alexa & Webhooks, at present.
Cheers!!
Howdy – I don’t believe so. It is a pain though as you have to read the current value first before changing it so that you send the right value.
Hey Mike, the last couple of versions of the Actron Connect-Home Assistant add-on are fantastic. It is so fast and reliable compared to the Actron Connect version. The status changes when clicking buttons or using Siri to control it through HomeKit are updated instantly now too. Many thanks for all your work on this project! Craig
Thanks Craig, glad to hear.
Hi guys, first I should say, I have no experience in coding. Not really. But I’ve looked around got my unit working pretty well through IFTTT. (I had some issues getting it working on HA, and IFTTT was pretty flawless).
I can turn it on and off, set temp, change modes etc. All good.
The only thing I haven’t figured out is zone control. I know the format, but my issue is, I need to first check what is already on/off, and then only update the zone that I ask.
What would be ideal is: “Turn on Zone 1″ sends a command that says [1,%,%,%,%,%,%,%,” (where, the % means just leave as is) but I don’t think that’s possible. Any pointers?
Appreciate the effort you’ve put in Mike too, great resources!
Well, that was rude of me, the question was literally asked a few weeks ago and somehow I skipped over it.
I guess my follow up, then, is any pointers in the “read” command, but using webhooks?
I figure I could then write that into a spreadsheet, and the rest is simple excel work!
Cheers,
Dino