Drayton Wiser Thermostat Binding

I tried to sniff the connection using a packet sniffer on my phone last night, but it looks like the app knows when it’s not being given the correct certificate and doesn’t log in at all.

Looks like I need to borrow a Mac to get to the bottom of it. My preferred solution would be to supply the username and password and get the secret back (this must be how the initial connection works) but setting the hub into its own mode is another solution

Would you use the Mac as a MITM proxy for the mobile app? I suspect it might still be a problem.

I had another thought, maybe pulling the Android app DB off the phone might be possible. That might have a copy of the secret.

Also pls follow back on twitter. I found something I’d rather not make public.

It sounds like a Man in the Middle attack without having to be in the middle, which intrigues me. Looking at the APK might be another solution but isn’t something I’ve done before. I might know a guy…

I was successfully able to get the hub to give me it’s secret! As i suspected when you’re in setup mode you can perform API calls unauthenticated. Through packet capture I found the end point which is… wait for it… /secret/. But you’ll get a 401 back if you’re not in setup mode. The steps are (based mainly on the guide’s step for connecting to a new wifi access point):

Log out of the app. Make sure you’re at the login screen
Tap Setup / Create Account (even though your system has already been set up).
Select the HubR type
Press the Setup button on the hub
This will start the WiserHeatXXX access point.
Connect to WiserHeatXXX with a real computer. You should get an IP in the range.
Perform a GET to the /secret/ endpoint at You might be able to use a browser, I didn’t try. If you prefer powershell like me…

Invoke-RestMethod -Method Get -UseBasicParsing -Uri

You’ll get the secret back as a string.
Now finish the setup…
Follow the on-screen instructions to connect your smartphone to WiserHeatXXX
Tap Skip when prompted to set up your heating system.
Follow the on-screen instructions to connect your Heat HubR to the
Internet by selecting your new Wi-Fi network.
Tap Skip when prompted to register an account.
You have now changed to a new Wi-Fi network. You will see the home
screen and can proceed to control your heating as normal

Next steps are to look at the API calls the app makes for each command.


Excellent work Chris! It’s a shame it needs to connect to the HeatHub AP as it means the binding can’t authenticate automatically, but it’s a great start!

I’m thinking of getting a wiser system, will it work with OH or is there still a lot of work to be done

The basics are there but there’s a long way to go and I’m struggling to find the time to work on it with Christmas coming up.

Now I understand the basics of how it works it probably only needs a few days of work to get something released.

But even as a stand alone system it’s a very good piece of kit!

Thanks, anything I can do to help (I know naff all about bindings lol)

can the firmware be hacked ?

Firmware on the boiler control? I’d rather not go down that route as it may cause the phone app to stop working.

I’ve uploaded the code again to GitHub here

It still needs work, but the readme should help you to get started.

I need to go through the code to separate out the difference between a room and room stat, but I’m currently having an issue with Maven to create the jar file. If anybody has an Eclipse environment setup they’re welcome to try to generate the .jar.

firmware on the radiator valves I meant, I didnt know if it was possible to hack it, like devices such as Sonoff’s

I’m hoping to get my hands on a radiator valve or two this week I hope, but looking through the config it looks like they are using zigbee so I’m not sure it would be as friendly as programming an ESP8266.

Hey, I’m hoping to get a hold of one of these thermostats in the new year (single channel only) with a few radiator valves, so I’m very interested in how this turns out (will be my first foray into any sort of home automation) and my even be able to help flesh out the binding.
I hope you don’t mind, but I’ve just opened a PR on your github repo to clean up the ReadMe file a little :slight_smile:

Cheers Andrew. I’m just reading the PR now.

Something I noticed last night (I’ve got a TRV in the mix now) is that I can set the temperature in the rooms, but it’s only pulling back details of the central thermostat. I think this is down to the difference between a room and device. I’ll have a look at it again at the weekend I hope.

I’ve made a small breakthrough this evening and can see and control the temperature in multiple rooms

However, I worry that every system is different so it may be tricky to implement so it is compatible with everybody’s setup.The JSON has changed since I added a new TRV so there is now a list of items where there used to be a single text line. Ideally I’d like to compare the JSON from a few setups to see if it has changed because of a firmware update or because the heating devices are different. @Chris_Evans Are you able to PM me your JSON response from /domain/data. You can redact anything such as serial numbers, etc.

I’ve also noticed that the TRVs don’t report on humidity. The only way to get humidity is from the RoomStat (the little white box) device rather than at a room level. This is a bit of a shame as it’s useful to have to triggering extractor fans in bathrooms.

I’ll finish on some good news. There is a QR code with a serial number printed inside each device. This matches the internal Serial Number stored in the JSON for each device and means it will be easy to add a device to the things file for battery level monitoring. I’ve come up with a (terrible) schema of how the system sits together.

Oh, and I found a WindowState value. IIRC the Honeywell system has a way of telling when a window has been opened due to a sudden drop in temperature. This could be similar.

Well I’ve now installed my 1 channel controller & 4 TRVs, so when I can find some free time, I’m going to attempt to set up an instance of openhab so I can start playing with this binding :slight_smile:

1 Like

I’ve got openhab running now, but I’m struggling to get this binding to work. The prebuilt jar looks like it requires me to create the .thing and .item files is that right?
I’ve also built it from source which seems to add some new entries to the things screen in the paperUI. I tried setting these up including the hub IP and SECRET, but it seems to fall over when trying to initialise and just results in a communication error in the log. Hopefully I’ll be able to attach a debugger to it later to work out what going on.

On a related note, it took me ages to work out how to get this to compile with eclipse, it looks like from the documentation the “official” procedure is to fork from openhab-addons and create a new skeleton (happy to be corrected on this).

You will need to create the .thing and .item files manually. I need to re-work it so that the lower level thing (thermostat/iTRV) inherits the IP address and secret from the hub which will be a parent-level thing, but for the moment you need one .thing per thermostat/iTRV with the IP Address of the hub and secret specified each time.

I found a hard-coded IP address in the communication java file here which means you won’t be able to set the temperature, but you should be able to read the temperature still.

I’ve had nothing but trouble getting the binding this far. I’m close to creating a Linux VM to use as a development box that I can reset to the last known working point.

Yeah, I noticed that, but as you say I should still be able to read the temps at least.

I might locally try and create the binding from scratch as a fork from openhab2-addons to see if that’s any easier to work with. I don’t really want to be trying to create a “competing” binding though.

1 Like