IoT, computer technology and other things
Not hobby, real stuff

Proudly made by myself
Welcome, my name is Giovanni, a 35 years old italian engineer that would like share his experience in IoT, electronic, raspberry, arduino, electrotechnic, and others things. In this blog i will try to realize a different approch to these stuff. It’s not a hobby or a toys…. I will try to explain my practical, pragmatical and REAL approch for building REAL, SAFE, and RELIABLE utilities.
all posts

Google Home Hack, hidden REST API

In my house I’ve two Google Home. A Google Home and a Google Home Mini, respectively the first in my living room on ground floor and the second in my corridor on first floor. Do you know that exists some REST API for developer? And there is a system with python to control volume and voice?

The hidden REST API on port 8008

First of all, discover your google home IP. My ip is…. and for block this IP I have add a “Address Reservation” in  my router

Now, I can go with my browser on these url that all start with

  • /setup/eureka_info   –> general information. Interesting things are VERSION and NAME, 
  • /setup/supported_timezones –> supported timezones
  • /setup/supported_locales –>supported languages
  • /setup/assistant/alarms –> very interesting… list of alarms and timers
  • /setup/configured_networks –> name of wifi configured
  • /setup/assistant/alarms/delete –> ONLY POST REQUEST. Se below for details

All responses is in ONLY-READING and JSON format. Obviosly you have to send a GET request for these url (except for the delete alarms)

The GET API/setup/eureka_info

This is a response

\"bssid\": \"d4:6e:0e:57:44:e0\",
\"build_version\": \"139856\",
\"cast_build_revision\": \"1.36.139856\",
\"closed_caption\": {},
\"connected\": true,
\"ethernet_connected\": false,
\"has_update\": false,
\"hotspot_bssid\": \"FA:8F:CA:66:35:99\",
\"ip_address\": \"\",
\"locale\": \"it\",
\"location\": {
\"country_code\": \"IT\",
\"latitude\": 255,
\"longitude\": 255
\"mac_address\": \"30:FD:38:7F:6C:D2\",
\"name\": \"Corridoio\",
\"noise_level\": -96,
\"opt_in\": {
\"crash\": false,
\"opencast\": false,
\"stats\": false
\"public_key\": \"MIIBCgKCAQEA2ABTa2jRIrtZx9xuV2BKgNp4mD0Exn2XUYyxQCungDVZKqnUd3shwi3zEWn3eYoGzDUMjzFJ5jSlqrz1q+q05kdcTsTE8ABp0bBhJ5czIOT7AIGFb5tQw0NWfLQ7X3Hi6hyYZ5Sxpwt36EjWZsd28yTGNcd9I/X8n5LRgNbUz9scMhFe3y4AzIRN7Qs+glIZxi5f0S/JnU5D6xj7osPcto9ZLKrT+PwH+Iv9/f/JOoRTkT01xKw/zSHgCnW83q6hqpbAzmhWb7W7ybuN+drTd3QOP0xBbwfFtNn4QHYoWmmshHyllC3cfJ66BfLrabWa1GCyzBEb269NL60pi/f3LQIDAQAB\",
\"release_track\": \"stable-channel\",
\"setup_state\": 60,
\"setup_stats\": {
\"historically_succeeded\": true,
\"num_check_connectivity\": 0,
\"num_connect_wifi\": 0,
\"num_connected_wifi_not_saved\": 0,
\"num_initial_eureka_info\": 0,
\"num_obtain_ip\": 0
\"signal_level\": -25,
\"ssdp_udn\": \"2ecd5ddf-6ce0-1071-03c4-f5ec837ecf30\",
\"ssid\": \"ronco101\",
\"time_format\": 2,
\"timezone\": \"Europe/Rome\",
\"tos_accepted\": true,
\"uptime\": 40965.069197,
\"version\": 9,
\"wpa_configured\": true,
\"wpa_id\": 0,
\"wpa_state\": 10

In my experience the only usefull information are the NAME (Corridoio), IP, Mac-Address, if is connected to the internet…

The GET API /setup/assistant/alarms

This is interesting. You can read alarms and timers on this Google Home. The response is like this

\"alarm\": [],
   \"timer\": [
      \"fire_time\": 1543159379000,
      \"id\": \"timer/5c67c362-0000-27da-b98c-883d24fe42b4\",
      \"original_duration\": 0,
      \"status\": 1

The POST API /setup/assistant/alarms/delete

This API is for DELETE a alarm or timer previously read trought the GET API see above. I use this API in CURL like this

curl -H \"Content-Type: application/json\" -d \'{\"ids\":[\"timer/5c67c362-0000-27da-b98c-883d24fe42b4\"]}\'

In the DATA parameters you have to send a ids that is a list fo strings…. That’s works perfectly

Source of my discovery:\" title="\" target="_blank">\" target=\"_blank\" rel=\"noopener\" style=\"box-sizing: border-box; border: 0px; font-variant: inherit; font-stretch: inherit; line-height: inherit; font-family: inherit; font-style: inherit; font-weight: inherit; outline: 0px; vertical-align: baseline; color: rgb(38, 38, 38);\">

In the next post…

In the next post we can see another hacking…. with Python I can set volume on my google home programaticaly, and I can send VOICE to google home without human interaction