Hi Søren,
I have been through the exact same process as you trying to get into the Danfoss CC protocol.
As you found out, the communication is hosted by trifork and they use a proprietary version of this library: Trifork - Secure Device Grid (I can only post 2 links as a new user, so just search github)
I managed to decompile the android app and extract the certificates. The general library (which is LUA based) for both the CC Controller and the iOS and Android apps are in files/mdg-c.zip directories. Everything needed for generating certificates and pairings are in there. The API calls themselves are in the android source code.
The communication to and from the endpoint is based on googles protobuf library and sent over https which is why you cant MITM attack it. However the only thing needed is to decipher the protobuf models and use the endpoints from the app, then you can talk to the controller either directly or through the endpoint.
I’ve managed to succesfully connect to the Trifork endpoint via the following commands:
openssl s_client -tls1 -connect mdg-danfoss.hosted.trifork.com:443 -servername mdg-danfoss.hosted.trifork.com -showcerts -cert app_cert.pem -key app_key.pem -CAfile trusted-CAs.pem -state -debug
Furthermore you can scan the endpoint with Nmap to see which ssl version they accept:
nmap --script ssl-enum-ciphers 77.66.11.92
So what is needed is to write a short program that connects via the openssl commands above and communicates via protobuf to the API endpoint. However i have never worked with protobuf and as such have not have success with it yet.