Wondering if it's possible to achieve the same without root

[shaul75]

Hi @Hypfer,
First of all thank you for sharing this amazing project!

Looking at the following diagram,

I'm wondering, do you think it would be theoretically possible to host Valetudo not on the robot itself, but on some VM/Docker, and use OPNsense/PFsense (or any other capable router/firewall) to reroute the robots DNS to an internal DNS which would point to the Valetudo VM?

That could be a powerful solution as it would work with any model, without any disassembly or voided warranty.

Edit:
One issue I can think of is the SSL certificates trust, the internal DNS would point to a private cloud which doesn't have the real signed certificates, I guess is only solvable by rooting and trusting the self-signed CA. If so, I answered myself that it's not possible without root :)

[Hypfer]

While redirecting DNS was a piece of the puzzle back in 2018 with the old 3.3.x miio_client, it was never enough to mock the miio cloud.

Miio cloud communication is secured with a shared secret provisioned at the factory that is to our knowledge entirely random and thus can only be acquired by accessing the internal storage of the robot. Doing so does require rooting the robot and thus if you're already rooting it, you might as well run Valetudo on it to get a self-contained package.

In the five years that passed since 2018 however, vendors and the ecosystem reacted to Dennis' publications and locked down the systems even further with measures such as certificate validation, hardcoded IPs instead of DNS names and more.
To work around those measures, we have to apply patches to the firmwares that go beyond just adding an sshd to it like we did in the very early days on the early roborock s5 firmwares.

Overall, this is a common idea that comes up every few weeks, however keep in mind that if things could be that simple, they'd likely be that way already. That's not always true of course, but it would at least be unlikely that all this infrastructure and tooling would've been built if there was a path of less resistance.

[shaul75]

While redirecting DNS was a piece of the puzzle back in 2018 with the old 3.3.x miio_client, it was never enough to mock the miio cloud.

Miio cloud communication is secured with a shared secret provisioned at the factory that is to our knowledge entirely random and thus can only be acquired by accessing the internal storage of the robot. Doing so does require rooting the robot and thus if you're already rooting it, you might as well run Valetudo on it to get a self-contained package.

In the five years that passed since 2018 however, vendors and the ecosystem reacted to Dennis' publications and locked down the systems even further with measures such as certificate validation, hardcoded IPs instead of DNS names and more. To work around those measures, we have to apply patches to the firmwares that go beyond just adding an sshd to it like we did in the very early days on the early roborock s5 firmwares.

Overall, this is a common idea that comes up every few weeks, however keep in mind that if things could be that simple, they'd likely be that way already. That's not always true of course, but it would at least be unlikely that all this infrastructure and tooling would've been built if there was a path of less resistance.

It is quite unfortunate that they are expending effort to lock down something that people could self-host. The logical conclusion is that for those vendors, having access to our data is more valuable than the cost of R&D and infrastructure. Hopefully, new standards like 'Matter' will have an impact on that to some degree.

Once again, Thank you 🙂