{"id":26157191,"url":"https://github.com/dlenski/mysotherm","last_synced_at":"2025-04-14T08:53:46.739Z","repository":{"id":272318130,"uuid":"916181686","full_name":"dlenski/mysotherm","owner":"dlenski","description":"Inspect and manipulate Mysa smart thermostats","archived":false,"fork":false,"pushed_at":"2025-03-25T19:28:21.000Z","size":71,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-25T20:29:44.450Z","etag":null,"topics":["home-automation","iot","mysa","thermostat"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dlenski.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-13T15:57:42.000Z","updated_at":"2025-03-25T19:28:25.000Z","dependencies_parsed_at":"2025-01-13T17:28:36.029Z","dependency_job_id":"da7c6a34-0355-4b68-beaa-4683e94921df","html_url":"https://github.com/dlenski/mysotherm","commit_stats":null,"previous_names":["dlenski/mysotherm"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlenski%2Fmysotherm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlenski%2Fmysotherm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlenski%2Fmysotherm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlenski%2Fmysotherm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dlenski","download_url":"https://codeload.github.com/dlenski/mysotherm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248852109,"owners_count":21171839,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["home-automation","iot","mysa","thermostat"],"created_at":"2025-03-11T09:56:56.835Z","updated_at":"2025-04-14T08:53:46.732Z","avatar_url":"https://github.com/dlenski.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mysotherm\n\n[![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)\n\nInspect and manipulate Mysa smart thermostats.\n\n# Motivation\n\n[Mysa](https://getmysa.com) is a Canadian company that makes nice-looking smart thermostats.\nThey're subsidized and promoted by utility companies including [BC Hydro](https://bchydro.com).\n\nThey have free Android and iOS apps, and they apparently integrate with other home automation\nstuff that I know nothing about and have never used.\n\nMy concerns:\n\n- The app claims to have\n  [\"No fees (for real). All the features.\"](https://getmysa.com/pages/app-ca#:~:text=Free%20app.%20No%20fees%20(for%20real).%0AAll%20the%20features.)\n  but if you have their more inexpensive Mysa Lite device then you don't get in-app charting of temperature and energy usage\n  or multi-thermostat zone control, despite the fact that those appear to be _entirely software-based_ features.\n- The devices appear to be entirely \"cloud-dependent\": communication with the thermostats goes through\n  AWS cloud services and there is no known\n  [local network API](https://www.reddit.com/r/smarthome/comments/18z22f0/mysa_thermostat_lan_api/)\n- The first one I bought was a Mysa Lite which had [a stuck-open\n  relay](https://electronics.stackexchange.com/questions/736103/cleaning-a-stuck-open-relay-thats-mounted-on-a-pcb) (yes, really) and I was tearing\n  my hair out trying to figure out what was wrong with it.\n- And most importantly, I want to know how they work 🕵🏻‍♂️\n\n# Prior work\n\nBack in 2020, https://github.com/fdurand/mysa-thermostats showed how to authenticate\nto the Mysa cloud service (it's [AWS Cognito](https://aws.amazon.com/cognito)) and how to\nquery the thermostat readings (`https://app-prod.mysa.cloud/users/readingsForUser`).\nhttps://github.com/fdurand/mysa-thermostats/issues/1#issuecomment-750362234 also\ndemonstrated that _setting the thermostat_ is done via a separate API (MQTT over\nwebsocket to an AWS IoT server).\n\n# Current status\n\nThe API discovered in 2020 seems to have corresponded to Mysa's Android app 2.82, and\nno longer works (HTTP `500`) with 2024-2025 versions of the app.\n\nThe Cognito authentication is still the same, but the HTTP API for reading the devices\nhas been replaced with a bunch of new JSONful endpoints: `GET /devices/state`, `GET /users`\n\nIn January 2025, I figured out\n[how to authenticate to the MQTT-over-WebSockets endpoint used by the app](https://github.com/dlenski/mysotherm/commit/297df32303ba1db5edcdb21cac3db9a5c4bf5013);\nthe short summary is that Mysa is doing the AWS SigV4 \"URL presigning\" in an unusual\nand potentially insecure way.\n\nI've figured out what most of the MQTT messages sent between the app and the thermostats mean.\nSee [mysa_messages.md](./mysa_messages.md) for some semi-structured notes.\n\n## Inspecting Mysa thermostat devices\n\nCheck out this repository, and then use [`poetry install`](https://python-poetry.org) to install\nthe required Python dependencies. Then you can inspect much of the interesting data stored\nfor your thermostats with the login credentials that you use for the Mysa app:\n\n```\npoetry run mysotherm -u me@whatever.com -p PASSWORD\n```\n\nIt should be pretty easy to add setpoint-adjusting and schedule-creating features\nto the CLI as well; I just haven't gotten around to it.\n\n(I only own Mysa Baseboard V1 and V2 Lite devices. Would be very interested to learn\nif other devices have other kinds of data.)\n\n## \"Magically upgrade\" your Mysa V2 Lite thermostats\n\nThe Mysa V2 Lite is the most inexpensive and compact thermostat device that Mysa sells.\nUnlike the Mysa V1 which uses a triac to control baseboard heater current, the V2 devices\nuse a simple relay; the Mysa V2 Lite also lacks a _current sensor_.\n\nHowever, many of the restrictions of the device appear to be purely software-based.\nWith Mysa V2 Lite, you don't get:\n\n- In-app charting of temperature or energy usage (even without a current sensor, it\n  should still be possible to get a pretty good estimate of energy usage simply by\n  asking the user to input the heater's peak power or current).\n- Multi-thermostat zone control, which appears _entirely software-based_.\n- Humidity sensor output: to my surprise, the Mysa V2 Lite appears to contain a\n  perfectly functional humidity sensor even though it's not advertised as such.\n\nUsing the `liten-up` tool, you can \"magically upgrade\" your Mysa V2 Lite thermostat:\nthis script tricks the app into thinking your device is a Mysa V1 thermostat, and\nthen translates the slightly-incompatible setpoint messages into the correct\nformat for this device.\n\nRun with:\n```\npoetry run liten-up -u me@whatever.com -p PASSWORD\n```\n\nWhile running, the official Mysa smartphone apps will show humidity sensor,\nzone control, and usage statistics for your Mysa V2 Lite devices.\n\nWhen you interrupt the program, it will attempt to \"restore\" the Mysa V2 Lite\nthermostats to their original state. (And you can `poetry run liten-up --reset`\nto do this by itself.)\n\n# Future?\n\nIn order to get energy usage statistics out of the Mysa V2 Lite devices, it'll\nprobably be necessary to learn more about how the thermostats communicate with\nthe cloud servers. They appear to connect to Amazon IoT gateway servers using\n[MQTT-over-TLS with TLS client certificate authentication on port 8883](https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html#:~:text=amzn%2Dmqtt%2Dca-,MQTT,N/A,-MQTT).\n\nIn order to de-cloud-itate these devices, and prevent them from the inevitable\nfuture bitrot/bricking, it'll likely be necessary to overcome their\n[certificate pinning](https://docs.mitmproxy.org/stable/concepts-certificates/#certificate-pinning).\n\n# Credits\n\n- https://github.com/fdurand/mysa-thermostats for figuring out much of the auth\n  details back in 2022.\n- Me, for figuring out the MQTT-over-WebSockets auth\n- https://github.com/mitmproxy/mitmproxy and https://github.com/nikitastupin/mitmproxy-mqtt-script\n  for making it easy to MITM the traffic to/from the devices\n\n# License\n\nGPLv3 or later\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdlenski%2Fmysotherm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdlenski%2Fmysotherm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdlenski%2Fmysotherm/lists"}