-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resurection #2
Comments
@colinluthier I am happy to hear it. What are your plans? I could add you as a collaborator if that helps. |
Hey! I am willing to help either. However please note that I'm not a developer myself. But I have some coding experience. |
As far as I can see there are a few things one could do: Current Version / Testing / Maintenance
New Features:
|
I have a Pico C, PicoFerm and a PicoStill. I have captured various sessions using WireShark. The last time I turned on my Pico C, it did a firmware upgrade. The response to the request was in test/plain, but I don't know how it can be decode. I don't think it is base64 encoded. It starts with #155864.0,72168d866990f8a46228df7113cb82ce|f44e0320717a0120697a01206b7a01206f7a01206d7a01206f7a01200... Anyway, I am a software developer and I would be happy to help. |
Here's everything I've gathered so far on the Pico C / Picostill. Hope it helps! The Picostill was relatively easy to connect to. Once it's powered on it will emit an AP "Picostill_..." with a password of 12345678. Once connected go to 192.168.4.1 and enter in your network credentials and the Picostill with join your network. After that you can either enter in the Picostill IP address and be brought to the web UI and turn the pump/sensors on, or send GET requests to the following endpoints: /sensors : turns the sensors on The data updates every 2 seconds (confirmed by listening on the serial pins) once the /sensors route has been requested. The Pico itself is much more complicated. The DNS spoofing still works (thanks @hotzenklotz !). I read these routes from the serial pins and confirmed they were hitting the spoofed DNS. |
I installed today and tried to take it through a run through on OSX and Windows. In both cases, when I loaded the xml, it bit the dust. I can see that the xml uploaded, so it seems to fail at verification. Might be a changed in the export of the recipe on the Piocbrew site, as I grabbed the file today. |
I had the same experience firing this up today. It seems to throw a 500 when invoking the validate after upload (which is successful; the recipe ends up in the recipe folder) or any template page, like recipes.html. The results are the same in the heroku image.
|
@vfrdirk @fotoapparat Thanks for letting me now. Do you mind sharing your recipes to see what is going on? |
OBK Belgian Table_recipe_xml.xml.zip See attached: |
I used a recipe of my own, that recipe with a <PROGRAM></PROGRAM> tag set encapsulating the actual instruction set (as seen in the Wiki FAQ), a sample recipe I found in your pybeerxml repo, and a fake xml file I made consisting only of <FART>FARTFART</FART> and the results were exactly the same each and every time. No parsing error or anything like that, just instant 500 error. It has me thinking that maybe one of the dependency programs has changed in the intervening years and no longer responds to your code in the same way, but I'm an API and DevOps automation guy and not a Python/Software guy. EDIT: Never mind, I see the dependencies are pinned at the version originally working. |
I'll have a look at the system tomorrow and see what I needs updating / fixing. |
Thanks! You're the obvious expert here, but I've been fiddling with it as an exercise to learn more Python. A colleague suggested a logging module, so I added 'import logging' to server.py and was suddenly greeted with an exception error after uploading a (real) recipe file. Maybe this will help. I really appreciate you taking a look. --Dirk ERROR:main:Exception on /validate [GET] |
I looked into it. Looks like PicoBrew made some changes to the BeerXML files. Earlier versions had a
I also update the program to Python 3, updated all dependencies and fixed some bugs. The changes are still on separate branch: I also created a proper API documentation on Postman: I have only done API testing on my laptop yet. I am hoping to do a proper system test with my Zymatic machine over the weekend. (Perhaps see if there are any differences with a more up-to.date firmware) |
I've been looking at it since I saw the PR come through. I'm having a few problems with all the Python 3 stuff, since it's new to me. There were some bizarre errors that were popping up for me involving what appeared to be typos in some of the statements. I cleared those up and was able to get the server up on the py3 branch of code, but still getting 500 errors. I'm going to make a new issue and I'll paste the stacktrace. |
Many thanks for the work on the updated server! I made some edits to the Wiki pages to clean up some formatting, update a couple of missing bits of information and update for the Python 3 stuff. I think it's all accurate, but won't be offended if you revert. The Readme and the Wiki claim Python 3.6 and 3.7 are required, so I didn't change that since I'm not sure which is accurate. I'll see if there's an easier way to do the DNS spoofing. I use a Pi-Hole at home, and thought that would be a way to redirect a url, but that's not panning out the way I had hoped. |
@vfrdirk Thanks. Feel free to open a pull request with your changes, so that I can have a look at them. It is always good to have the Readme/wiki up-to-date. You need Python 3.6 or above. |
I'm willing to help here too. I'm a Zymatic owner. One question for @hotzenklotz -- the firmware version you list in the README is 1.18. My machine has 1.1.14 and as far as I can tell, that's the newest one available. Is there an undocumented firmware that I'm missing? |
Here is, sadly, a very good reason to reverse engineer the server: I own a Pico C, PicoStill and a PicoFerm. I am also a software developer and willing to help. |
Had anyone captured the Z protocol? Can you give me steps. I am better at writing software than this IT type stuff |
I am 100% on board with helping this succeed! I have a C, Still, and Ferm I would love to see still work after the doors close.. |
I do some captures with a Z in 2-3 weeks, but I won't have any grain, so I would just have to run it empty if that's ok. |
@shettich I think you should be fine as long as you don't run it dry - just make sure to put water in your keg as you would a normal recipe. I've done the same on a Zymatic, but with the addition of citric acid for descaling - and that was at Picobrew's instruction. |
I've installed Wireshark, but can't figure out how to filter out the picobrew communication. I have a Pico Pro and like to save the communication. Thanks. |
This is a little outside my area of expertise, so I could be doing something wrong, but I set up my laptop between the Z and the rest of the network so I could sniff everything going by. As far as I can tell, all communication between the Z and Picobrew is SSL encrypted, so I couldn't really see anything at all. |
Well, if true, that sucks. The next step would be to MiTM it and see if they fail to validate the server cert (if that's true, you could have the MiTM proxy record the session). If they do validate the cert, uh, it's either wait to see if they will release the API, or try to hack the firmware :( |
I haven't tried the MitM approach yet - if you've got a set up to do that, that'd be awesome. In the mean time, I was afraid we might have to go the latter route and that route doesn't look trivial either. I popped the cover off of my Z to see if there were any hidden easy-to-access USB connectors inside and it doesn't look like it. It looks like it's still an Arduino chip (esp32-wroom-32d), it's on a custom board. Unlike the USB connector on the Zymatic, there's no immediately obvious way to just plug in a cable and instantly access the Arduino. I did notice there is a jumper block with pins on the board labeled "TX", "RX", and "GND", so all hope may not be lost. |
I am willing to develop an instruction manual to help users setup their computers to work locally with their machines. I have both Mac and PC. Just need guidance from the experts here. Just let me know. |
mitmproxy appears to work for the Z - I'll probably try to capture some flows today. |
That's great news. Does that mean the Z isn't validating the SSL cert? Can you give me an idea of how to reproduce so I can assist in grabbing traffic? |
@bendavis It does not appear to validate the SSL cert. Reproducing should be pretty easy - I just installed mitmproxy on my MacbookPro. I connected the laptop my network via ethernet and used the internet sharing feature to create a wifi network, and then use packet filtering to direct all SSL traffic through mitmproxy. It's useful to use the mitmweb or mitmproxy tool to verify things are working, but you'll probably want to use mitmdump when you start doing actual captures. The documentation on the mitmproxy site is pretty good so that's probably the best place to start. One of my temperature sensors in the Z apparently stopped working correctly a week ago, so I'm not sure I can get any captures that require heating the water because the Z freaks out that the temperature difference of the heating element is 50 degrees lower than the temperatures recorded by the other sensors. No idea how I'll get this sensor replaced at this point. Another thing someone ought to capture is a firmware download. I discovered that if you press in the knob and turn on the Picobrew, it launches a service menu. One of the menus had a Factory Reset option. That option will trigger resetting the network settings and also a firmware download. We should definitely get these captures ASAP though, a colleague pointed me at an Auction where someone is liquidating everything in the Picobrew warehouse, so this doesn't give me confidence that whoever bought Picobrew intends to continue operating the services. |
Yes, I meant 1.1.8. Will correct that.
@everyone I am happy to add more contributors to the GitHub project. Let me know if you interested and want to help out. |
Does anyone have any contacts to employees of the Picobrew engineering team? Perhaps, the could leak some documentation/firmware etc. |
I have access to some of the firmware versions if needed
On Mon, 4 May 2020 at 19:12, Brett Lucey ***@***.***> wrote:
@bendavis <https://github.com/bendavis> It does not appear to validate
the SSL cert. Reproducing should be pretty easy - I just installed
mitmproxy on my MacbookPro. I connected the laptop my network via ethernet
and used the internet sharing feature to create a wifi network, and then
use packet filtering to direct all SSL traffic through mitmproxy. It's
useful to use the mitmweb or mitmproxy tool to verify things are working,
but you'll probably want to use mitmdump when you start doing actual
captures. The documentation on the mitmproxy site is pretty good so that's
probably the best place to start.
One of my temperature sensors in the Z apparently stopped working
correctly a week ago, so I'm not sure I can get any captures that require
heating the water because the Z freaks out that the temperature difference
of the heating element is 50 degrees lower than the temperatures recorded
by the other sensors. No idea how I'll get this sensor replaced at this
point.
Another thing someone ought to capture is a firmware download. I
discovered that if you press in the knob and turn on the Picobrew, it
launches a service menu. One of the menus had a Factory Reset option. That
option will trigger resetting the network settings and also a firmware
download.
We should definitely get these captures ASAP though, a colleague pointed
me at an Auction where someone is liquidating everything in the Picobrew
warehouse, so this doesn't give me confidence that whoever bought Picobrew
intends to continue operating the services.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALOAZ2J7UAZH4EKLRHTHAYTRP4AQPANCNFSM4LREVNOA>
.
--
- Colm McGoldrick
|
I am interested in helping out by testing the uploads to my Zymatic. |
@hotzenklotz I thought I read in a news article that all support staff got let go last week and I don't really know the state of the remaining staff. I'm not sure how much people will feel like being contacted right now. It seems as though the temperature sensor for the the heat element in the Pico S is interchangeable with the Z so I have a working Z again now. I'm going to try to capture some flows again today. @Blackjackbuyer Are you referring to the source or the binaries of the firmware? |
BIN’s.
I seen comments on twitter previously about success in reverse engineering
the Picobrew C. I was trying to DM the account to see if they could give us
any pointers.
On Mon, 4 May 2020 at 21:03, Brett Lucey ***@***.***> wrote:
@hotzenklotz <https://github.com/hotzenklotz> I thought I read in a news
article that all support staff got let go last week and I don't really know
the state of the remaining staff. I'm not sure how much people will feel
like being contacted right now.
It seems as though the temperature sensor for the the heat element in the
Pico S is interchangeable with the Z so I have a working Z again now. I'm
going to try to capture some flows again today.
@Blackjackbuyer <https://github.com/Blackjackbuyer> Are you referring to
the source or the binaries of the firmware?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALOAZ2PWZCDOAU2Z3NUMP2DRP4NRRANCNFSM4LREVNOA>
.
--
- Colm McGoldrick
|
I created a video to explain how to capture PicoBrew devices network traffic using Wireshark on a Mac. This method can be used for devices that use unencrypted network traffic like the Pico C: |
Thanks @blucey, I got a vm capturing a cleaning session right now on my Z using mitmproxy and arpspoof. @Blackjackbuyer which firmware bins do you have? For the Z? If so I'd love to disassemble those suckers. There's a private group of hackers/programmers/etc all trying to do this on FB https://www.facebook.com/groups/PicoBrewingTaskForce. Even some people trying to figure out a replacement part path. |
@hotzenklotz - Tom, I emailed you a few years ago about the Pico.. I pushed my repo to GitHub that gives live graphing/session history/manual recipe creating.. feel free to use any of that: |
Hi guys, FB was used as a tool to reach out. Everything is stored on shared spaces and available to all. Teams for hw, sw, recipes etc etc. Collaboration via Slack. Weekly meetings on Zoom. |
I'd like to. :) |
Hi Pete:
Thank you, I’ll look at this and get going.
Tom
Tom Schleis, MS, RPh
Schleis Professional Services
<mailto:[email protected]> [email protected]
From: Pete <[email protected]>
Sent: Monday, May 4, 2020 2:35 PM
To: hotzenklotz/picobrew-server <[email protected]>
Cc: TomKriek99 <[email protected]>; Comment <[email protected]>
Subject: Re: [hotzenklotz/picobrew-server] Resurection (#2)
@hotzenklotz <https://github.com/hotzenklotz> - Tom, I emailed you a few years ago about the Pico.. I pushed my repo to GitHub that gives live graphing/session history/manual recipe creating.. feel free to use any of that:
https://github.com/chiefwigms/picobrew_pico
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#2 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/APNYWODFW3CU4CFIXMR7HMDRP4YHLANCNFSM4LREVNOA> . <https://github.com/notifications/beacon/APNYWOEVFFM4ZJXPHXQ4LTLRP4YHLA5CNFSM4LREVNOKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEUWTLSI.gif>
|
Hi danyou:
I have some very basic questions to get me to where I can start helping; first writing a guide for non-programmers, then help with loading recipes from software programs. Are you using a PC or Mac? Could you tell me how you went about setting up the server and connecting? I downloaded Python and the hotzenklotz picobrew-server files, and then am stuck. Here are my questions:
1. Where do I enter the commands:
Pip install -r requirements
Sudo python server.py
Neither the command line or Python shell work.
2. I am assuming once this is done, I can go to the web browser and type in http://localhost:5000 and the upload page will display?
3. How did you set up your DNS spoofing? Did you connect your computer through an ad-hoc network and modify the host files, specify a new DNS server, or list a single domain and IP address? Which will be easiest for newcomers to learn? I will document this so these questions only need to be asked once. (I got a little further here with the Mac, following the procedure from hotzenklotz.)
4. I assume you are connecting your Zymatic via WiFi and not direct?
Sorry for all the questions, most of my programming was in Basic and database languages, so I’m out of my league here.
Thank you.
Tom
From: danyou <[email protected]>
Sent: Monday, May 4, 2020 12:15 PM
To: hotzenklotz/picobrew-server <[email protected]>
Cc: TomKriek99 <[email protected]>; Comment <[email protected]>
Subject: Re: [hotzenklotz/picobrew-server] Resurection (#2)
I am interested in helping out by testing the uploads to my Zymatic.
I was able to get the cleaning recipe to send to the Zymatic. I am just not able to send any of my PicoBrew recipes.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#2 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/APNYWOGCB55TY3WXVDW2DA3RP4H4BANCNFSM4LREVNOA> . <https://github.com/notifications/beacon/APNYWOGQIA5W2ZYPSO5KXMLRP4H4BA5CNFSM4LREVNOKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEUWC5IA.gif>
|
I asked to join a few hrs ago |
@robhercz I put in a request to join the Facebook Group yesterday. |
@TomKriek99 Hi Tom, For what it’s worth this is my setup. Open cmd as Administrator and from C:\PicoBrew\picobrew-server-master> Updated server.py last line to: I changed directly to port 80 as Zymatic will only connect via http port 80. I added the following to my host file: Not sure what the most straightforward way should be. I think a better option would be, to use a simple home router between the Zymatic and the windows PC. This would provide DHCP and not rely on the Zymatic being on. |
I opened a few new issues to discuss/focus on certain aspects in more detail: Feel free to continue the conversation in these threads if appropriate. |
Thinking a bit longer term. A possible way to revive the various devices for non-tech users would be to build: A) a cheap arduino based dongle with ethernet and bluetooth. It could run the server software, and accept commands from... B) a simple android/ios app to upload beerxml files to the dongle It would pretty much convert them from ethernet/wifi internet devices to local bluetooth devices. |
Danyou-thanks. I have the server up, will try the network tomorrow. |
When I run "Flask run --Port 80...…" I get a warning this is a development server....unable to find flask application, use Flask_app=flask.app:name. So unable to test upload for now. |
@TomKriek99 The startup instructions and installation have changed in the latest release to make it more streamlined. Here are the instructions again:
|
Here is a detailed set of installation instructions. I am not able to upload them, so however you wish to handle. Picobrew Zymatic Detailed Server Installation Instructions.pdf |
I am interested in resurrecting this project. Any input would be welcomed.
The text was updated successfully, but these errors were encountered: