- Create a manual scene in Mi Home for the device you'd like to control
- Use Http Toolkit to figure out the scene id.
- Install the app on PC and Android, follow the instructions - install CA certificate and connect
- Set to only intercept the Mi home app
- While snooping, start the scene in Mi home, then you can disconnect http toolkit
- Look for this request:
https://de.api.io.mi.com/app/scene/start - The request body should look like this (actual values replaced with *)
data=*&rc4_hash__=*&signature=*&_nonce=*&ssecurity=* - You will need the values for data, nonce and ssecurity. Run each one by https://www.urldecoder.org/.
- Download this python script: https://gist.github.com/socram8888/4b8949023c8e8153970764d20c935785
- Run it like this:
python rc4mi.py --decipher -s <ssecurity> -n <nonce> -m <data>Replace with your url-decoded values. - You should get a response like this:
CLEARTEXT: {"us_id":"1111111111","key":""} - Your scene id is in us_id
- When you have all scene id's you need, you may remove the certificates and VPN service the app installed in Android settings to regain security.
- Get an automation app which can launch custom android activity. I prefer Automate which is free. Tasker can do the job as well.
- Add an App start / launch activity block
- Package:
com.xiaomi.smarthome - Activity class:
com.xiaomi.smarthome.scene.activity.SmartHomeLauncherActivity - Action:
com.xiaomi.smarthome.scene.smarthomelauncher - Category:
android.intent.category.DEFAULT - Extras:
{"extra_str_scene_id": "*1", "extra_scene_account": "*2"}Replace *1 with your scene id retrieved earlier. Replace *2 with your account ID from Mi home.
- Package:
Credits: h3ku, socram8888 for the python script
Worth a try. Only reason why the title says non rooted Android 11 is because it's more involved to snoop https traffic and you have to use something like http toolkit. In your case it should be possible on device with "normal" apps.