Hi all I have just installed a Polyaire AirTouch 2 based AC controller into my reverse cycle air conditioner. It has an IOS app and I can get to the web interface for management (no interface for controlling the unit itself).
I beleive the controller is based on a Hi Flying HF-A11 UART to WiFi module
manual here http://www.hi-flying.com/downloadsfront.do?method=picker&flag=all&id=2fdd6c8a-6cad-4b16-8e4a-929cb6fd3c28&fileId=72
I was hoping I could wireshark the packets and se if there are any http commands but I cant seem to work out how to do this bit either.
If anyone could help with either the wireshark sniffing or an answer on how to control via HTTP that would be awesome.
Ive run an NMap over the IP and here is the output - can anyone translate this?
| http-methods:
|_ Supported Methods: GET POST
|_http-server-header: Ralink HTTPD
|_http-title: 401 Unauthorized
|_rtsp-methods: ERROR: Script execution failed (use -d to debug)
8899/tcp open ospf-lite?
| fingerprint-strings:
| NCP:
| RoomE Room
| RoomGuest
| Group_5
| Group_6
| Group_7
| Group_8
| Group_9
| Group_A
| Group_B
| Group_C
| Group_D
| Group_E
| Group_F
| Group_G
| !1AQaq
| version
| 8349 8866
| version
| Daikin
| UNIT2
|_ 22191608V
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=7.40%I=7%D=1/12%Time=58771BFE%P=i686-pc-windows-windows%r(
SF:GetRequest,160,"HTTP/1\.0\x20401\x20Unauthorized\r\nServer:\x20Ralink\x
SF:20HTTPD\r\nDate:\x20Wed,\x2027\x20Jan\x202016\x2011:09:52\x20GMT\r\nWWW
SF:-Authenticate:\x20Basic\x20realm=\"A11\"\r\nPragma:\x20no-cache\r\nCach
SF:e-Control:\x20no-cache\r\nContent-Type:\x20text/html\r\nConnection:\x20
SF:close\r\n\r\n<HTML><HEAD><TITLE>401\x20Unauthorized</TITLE></HEAD>\n<BO
SF:DY\x20BGCOLOR=\"#cc9999\"><H4>401\x20Unauthorized</H4>\nAuthorization\x
SF:20required\.\n</BODY></HTML>\n")%r(HTTPOptions,14C,"HTTP/1\.0\x20501\x2
SF:0Not\x20Implemented\r\nServer:\x20Ralink\x20HTTPD\r\nDate:\x20Wed,\x202
SF:7\x20Jan\x202016\x2011:09:52\x20GMT\r\nPragma:\x20no-cache\r\nCache-Con
SF:trol:\x20no-cache\r\nContent-Type:\x20text/html\r\nConnection:\x20close
SF:\r\n\r\n<HTML><HEAD><TITLE>501\x20Not\x20Implemented</TITLE></HEAD>\n<B
SF:ODY\x20BGCOLOR=\"#cc9999\"><H4>501\x20Not\x20Implemented</H4>\nThat\x20
SF:method\x20is\x20not\x20implemented\.\n</BODY></HTML>\n")%r(RTSPRequest,
SF:14C,"RTSP/1\.0\x20501\x20Not\x20Implemented\r\nServer:\x20Ralink\x20HTT
SF:PD\r\nDate:\x20Wed,\x2027\x20Jan\x202016\x2011:09:52\x20GMT\r\nPragma:\
SF:x20no-cache\r\nCache-Control:\x20no-cache\r\nContent-Type:\x20text/html
SF:\r\nConnection:\x20close\r\n\r\n<HTML><HEAD><TITLE>501\x20Not\x20Implem
SF:ented</TITLE></HEAD>\n<BODY\x20BGCOLOR=\"#cc9999\"><H4>501\x20Not\x20Im
SF:plemented</H4>\nThat\x20method\x20is\x20not\x20implemented\.\n</BODY></
SF:HTML>\n")%r(FourOhFourRequest,160,"HTTP/1\.0\x20401\x20Unauthorized\r\n
SF:Server:\x20Ralink\x20HTTPD\r\nDate:\x20Wed,\x2027\x20Jan\x202016\x2011:
SF:09:58\x20GMT\r\nWWW-Authenticate:\x20Basic\x20realm=\"A11\"\r\nPragma:\
SF:x20no-cache\r\nCache-Control:\x20no-cache\r\nContent-Type:\x20text/html
SF:\r\nConnection:\x20close\r\n\r\n<HTML><HEAD><TITLE>401\x20Unauthorized<
SF:/TITLE></HEAD>\n<BODY\x20BGCOLOR=\"#cc9999\"><H4>401\x20Unauthorized</H
SF:4>\nAuthorization\x20required\.\n</BODY></HTML>\n")%r(GenericLines,135,
SF:"HTTP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20Ralink\x20HTTPD\r\nDa
SF:te:\x20Wed,\x2027\x20Jan\x202016\x2011:09:58\x20GMT\r\nPragma:\x20no-ca
SF:che\r\nCache-Control:\x20no-cache\r\nContent-Type:\x20text/html\r\nConn
SF:ection:\x20close\r\n\r\n<HTML><HEAD><TITLE>400\x20Bad\x20Request</TITLE
SF:></HEAD>\n<BODY\x20BGCOLOR=\"#cc9999\"><H4>400\x20Bad\x20Request</H4>\n
SF:Can't\x20parse\x20request\.\n</BODY></HTML>\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8899-TCP:V=7.40%I=7%D=1/12%Time=58771C6D%P=i686-pc-windows-windows%
SF:r(NCP,18B,"\x91\xfa\x04\x08\x86\x1e\x17\x1e\x91\x1e\x96\0\x87\x1e\x8c\x
SF:1e\x92\0\x97\x1e\x87\x1e\x8c\x1e\x92\0\x97\x1e\x86\x1e\x88\0\x91\x1e\x9
SF:6\0\x87\x1e\x8c\x1e\x92\0\x97\x1e\x87\x1e\x8c\x1e\x92\0\x97\x1e\x86\x1e
SF:\x88\0\x91\x1e\x96\0\x87\x1e\x8c\x1e\x92\0\x97\x1e\x87\x1e\x8c\x1e\x92\
SF:0\x97\x1e\x86\x1e\x88\0\x91\x1e\x96\0\x87\x1e\x8c\x1e\x92\0\x97\x1e\x87
SF:\x1e\x8c\x1e\x92\0\x97\x1eH&N\x20RoomE\x20Room\0\0J&M\x20RoomGuest\0\0\
SF:0Group_5\0Group_6\0Group_7\0Group_8\0Group_9\0Group_A\0Group_B\0Group_C
SF:\0Group_D\0Group_E\0Group_F\0Group_G\0\x80\x81\x82\x03\x84\x85\x86\x87\
SF:x80\x81\x82\x83\x84\x85\x86\x87\x01\x11!1AQaq\x81\x91\xa1\xb1\xc1\xd1\x
SF:e1\xf1\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\x07\n\x08\n\n\n\n\n\n\n\n\n\n\
SF:n\n\x04\x02\x05\xbc\0\0\0\0version\0\x0008\x208349\x208466\xe5\x1aPoly
SF:aire\0\0\0\0\0\0\0\0\x14\x11\0\x0b\x10#\x86\x1e\x88\0\x86\x1e\x88\0\x81
SF:\0\0\0\x04\x001\0\x18\x19\x1aR\0\0\x08\0Daikin\0\0UNIT2\0\0\x0022191608
SF:V");
MAC Address: AC:CF:23:E0:3F:EE (Hi-flying electronics technology)
Device type: switch
Running: 3Com embedded, HP embedded
OS CPE: cpe:/h:3com:baseline_switch_2250-sfp_plus cpe:/h:hp:1905
OS details: 3Com Baseline Switch 2250-SFP Plus, HP 1905 switch
Uptime guess: 6.060 days (since Fri Jan 06 15:09:05 2017)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=152 (Good luck!)
IP ID Sequence Generation: Incremental
Can anyone perhaps advise where to start?
mecentric
(Mecentric)
September 27, 2017, 12:53pm
4
Hi Andrew. Did you get anywhere with this?
mecentric
(Mecentric)
September 27, 2017, 12:56pm
6
dam. yup. thinking of putting a job up on freelancer. I am happy to pay someone.
you in OZ? I have myself and another polyaire friend who can no longer control A/C via the phone app from the internet any more - LAN ok though
mecentric
(Mecentric)
September 27, 2017, 1:00pm
8
yup. qld. I had the same thing. log in to the ip address of your controller. user/pass is admin
go into the menu and select reboot. should work. another option, turn off your a/c at the switch board
this worked for mine
I actually had my unit replaced today because it was flakey all the time
aha I assumed it was their cloud service - going to try right now!
mecentric
(Mecentric)
September 27, 2017, 1:01pm
10
another problem I had was that the password on the app got all messed up.
when on the LAN, change your password via the app. wait a couple of minutes then try connecting again off LAN
yep reboot and password change worked!!!
mecentric
(Mecentric)
September 27, 2017, 1:17pm
13
nice. now if we could only get the http requests sorted
yeah I have seen similarish stuff on the forums but i really dont know where to start with what ive found out. I contacted the polyaire guys and they wouldnt (or didnt know how) to help
mecentric
(Mecentric)
September 27, 2017, 1:21pm
15
I don’t think they want to help as potential security risk to them
maybe - apparently their new controller has some sort of smart home capabilities but it cost enough for this one…
hi ever get anywhere on this one?
Imboredas
(Brendan Robinson)
July 11, 2018, 9:16am
19
Hi Andrew. It is a modem setting to open traffic, not Polyaire related. I have the airtouch2 also. I called Polyaire and they called me and recommended the setting change. Once done, it immediately worked over the internet. I have a Netgear d6300 so I can only say the setting applicable to that.
I got the control panel and app working see above it was more a question about getting it to work with OH
Thanks
Andrew