Sonoff EWeLink via Homebridge/Node

🚧 Developers
1

This step by step guide will show you how to obtain the authentication token used by the Sonoff EWeLink app, which can then be used with a single pole Sonoff module to control it via HomeKit by way of Homebridge which uses Node.js

The purpose of this post is to help developers understand this method for controlling Sonoff modules, which does not require a firmware modification to the device. The goal is to use this as a starting point for development of a stand-alone Node module and Hubitat driver to allow control of the iFan02 and other Sonoff modules by simply following these steps to obtain the SSL cert from the ITEAD EWelink app, rather than forcing a flash of the device firmware. iFan02 in particular seems to be difficult and somewhat dangerous to flash, since it must be connect to mains power during the procedure.

If you're a talented developer, a tinkerer or keen on helping in anyway possible, please consider contributing to this effort. I'm not a developer myself, but I have two iFan02 modules and I'm willing to test or provide whatever information I can in order to help with such a project.

Here's the github repo for the homebridge-ewelink plug-in for a description of what this does and does not do.

Obtaining the EWeLink authentication token

In order for the existing Homebridge plugin or a stand-alone Node module to communicate with the EWeLink web socket, it is necessary to obtain the authentication token from the EWeLink app. The method described below is done via iOS because the existing plugin is for Homebridge, which is all about HomeKit for iOS. It's probably possible for Android to be used in development of a stand-alone Node.js module, but I have no knowledge of how to install a certificate in Android so the EWeLink app will trust the proxy for the "Charles" application to capture the authentication token. Therefor the instructions below refer only to the method of capture via iOS.

  1. Install the EWeLink app on your iOS (or possibly Android) device

  1. Ensure your Sonoff devices are registered and working with the native app. Keep the app logged into your account.

  2. Download and install Charles - Web Proxy Debugging Application on your computer.

  3. Start Charles. The application will run in trial mode for 30 days, with timed delays and a 30 minute timeout as an added and unnecessary annoyance.

  4. From the Proxy menu, choose SSL Proxy Settings...

  • 14%20PM

  1. Enter the following two locations into the SSL Proxy Settings

    a) us-ota.coolkit.cc or eu-ota.coolkit.cc if you are located in Europe. Use 8080 for the port number, but for now, after adding the location, you must then uncheck the box next to it so it remains disabled for now.

    b) Your computer's IP address. Use 8888 for the port number

EXAMPLE

  • 17%20PM

Note: I have no knowledge of how to accomplish these next steps on an Android device or if it's even possible.

  1. Tap Settings > WiFi and tap the "i" to the right of the WiFi network that both your phone and computer are connected to.

  2. Scroll to the bottom and tap Configure Proxy

  3. Tap Manual and enter your computer's IP for the Server and 8888 for the port number.

  1. Tap Save

  2. On your iOS device, open a browser and enter https://chls.pro/ssl in the address bar, but first ensure Charles is still running on your computer and is in the foreground. Demo mode times out after 30 minutes.

  3. You will be prompted to allow the website to open Settings. Tap Allow

  1. Install Profile will open. Tap Install and enter your phone's passcode when prompted
  1. A warning message will be shown. Tap Install again
  1. Tap Install again
  1. Tap Done
  1. Tap General > About and then scroll to the bottom and tap Certificate Trust Settings
  1. Enable full trust for the root certificate you just installed.

  1. If the EWeLink application is running, be sure to exit it.

  2. On your computer, again go to the Proxy menu, choose SSL Proxy Settings... and check to box to enable us-ota.coolkit.cc:8080 or eu-ota.coolkit.cc:8080 respective of your geographic location and the click OK

  • 25%20PM

  1. Launch the EWeLink application on your iOS device and on you computer, you should see https://us-ota.coolkit.cc:8080 or https://eu-ota.coolkit.cc:8080 respectively, appear in the column on the left of the Charles application.
    Note: If this is the first time you have used the application, you may be presented with a dialogue box asking you to allow the incoming data.

  2. Click on either https://us-ota.coolkit.cc:8080 or https://eu-ota.coolkit.cc:8080 (depending on your location)

  3. Expand the otaother directory and then click on app (cn.itead.ota.queryinfo)

  • 39%20PM
  1. Select Contents at the top of the preview window and scroll down until you see Authorization

  1. The alpha numeric value that follows the word Bearer is the authentication token used to securely communicate with the web socket.

    EXAMPLE
    f2bd4270af3e233a5bbc9873v32et2994c968771

  2. The correct web socket value for use with the node module is us-pconnect3.coolkit.cc for the United States and Canada, and is eu-pconnect3.coolkit.cc for Europe

  3. Disable full trust for the Charles Proxy root certificate, but leave the Profile installed in case you need to repeat the process. The authentication token will always need to be captured again if you log out of the EweLink app.

2

Hi, nice and helpful post, I have some light switches (dimmers) with 2 and 3 gang and some sonoff basics that I want to connect to HE but I don't want to loose the remote connection with the ewelink and don't want to make a mess with the tasmota install, did you connect your sonoff stuff to the HE without the tasmota?? How did you do that? Did you find some kind of problems? Please helpme

3

:joy: you’re the only person that’s cared about this in a year after posting! I only have two iFan02 controllers, but I decided not to use them In my fans due to their poor build quality. They instead became controller updates for my Halloween props :grimacing:

The above post explains how to control them with HomeKit, without flashing the modules. At the time that did not work too reliably, so I ended up using Google Assistant Relay with eWelink to trigger them, and that was simple (Once you have Google Assistant Relay set up and working). However, now that HomeKit works so well with HE using @dan.t ‘s Homebridge MakerAPI version, It would be worth trying again. I will probably do that this Halloween.

4

Ohh cool, I don't have homekit, I only have some Amazon echo 3 and one Google home mini and use Android but I can try to test it... I read in the home assistant forum that they made some yam code etc to connect directly using only the ewelink credentials (user/password)... Will be greate if somebody can do something like that

5

So then your best bet without flashing will be Google Assistant Relay. That needs a separate computer or Raspberry Pi to run the Node.js server. A fair bit of setup, but once you have it running, it’s simple to use any worry free. A very useful tool to have in your kit.

Do keep in mind that eWelink is said by many to report back to several servers in China. Some care, some don’t. Unlike flashing where you have a direct connection. Using eWelink and Google Assistant Relay, you have a cloud connection only to the device that you are triggering from HE. This also means, there is no feedback in HE that whether or not the switch is on.

With the HomeKit method you would know the state of the switch, as along as the virtual switch you create in HE and link to the Sonoff device with a HomeKit automation, stays in sync with it. I do use HomeKit automations daily with Xiaomi contact sensors and a Xiaomi Aqara HomeKit hub, so I can attest that with @dan.t ‘s Homebridge MakerAPI app, this does work very well and virtual switches do stay in sync with devices in Homebridge. I have had zero problems with that method and it’s very fast responding too.