If you have a device that speaks to an Android app, you want https://github.com/niklashigi/apk-mitm - it'll strip pretty much every known certificate pinning implementation from an apk, and it'll also rewrite the manifest so it'll trust the user-installed certs without having to root your device to modify the system store. Uninstall the original app, sideload the output of apk-mitm, and then you can use mitmproxy on a stock device.
The other thing is that if a device is providing encrypted data to an app, and the app is displaying the decrypted data, then the app inherently either contains the decryption key somewhere or downloads it from somewhere. https://github.com/skylot/jadx will turn an apk into something that approximates Java, and digging through that will often let you figure out what the key is. But some vendors will decide that the appropriate way to handle this is to kick the cryptography out to native code, at which point you're into having to RE something in Ghidra. Depending on your mindset this is either incredibly tedious or incredibly fun, but it's generally possible.
The author was able to build on top of work that had been done by others, but if you're ever faced with a situation where nobody else has done that work, don't just give up. It's worth spending time trying to figure out how code running on a device you own works, and even if you don't succeed in the end you're probably going to learn a lot in the process.
And because its ad URLs are out of date or something, I see no ads. Which I don't feel bad about because again, all their development effort was in turning something working into something not working.
I'm a big fan of using web rendering for UI apps, but most devs are less interested in how to implement real security. Or add theatrical additions that just don't work with reality.
So I decided to solve it.
Using the Bosch API - I can tell both when a cycle is complete, and if the door is open. Currently I use their default version, but there is a local hosted option I'll be switching too now the proof of concept works.
So using Home Assistant I have a simple script that detects when a washing machine cycle is complete AND the door has NOT been opened. This implies my washing machine has wet clothes still in it.
So Home Assistant will alert my phone (and my wife only if she is home based upon presence detection) once every 15mins that there are wet clothes waiting in the washing machine.
Very simple - works perfectly.
Unfortunately it's much harder to do the same for an electric dryer, since there's no inexpensive or good smart plugs for 240V last I checked.
Often a button labelled ‘Ending in’.
Australian market.
It works with all brands regardless of API.
1. https://www.alamy.com/stock-photo-row-of-private-car-garages...
Smart plugs are cheap enough where it doesn't take a lot of convenience to justify it.
I used Shelly plugs for for the washer and the dryer. Put little Go application on my server in the basement and get Telegram notifications + HTTP interface updates about the different states (running, finished, standby).
This saved a lot of forgotten loads .
quote:
> The plan is, in future, since we can't hack something that doesn't have a brain, to instead attach a brain to it. The dishwasher is easy, we can just whack that on a smart plug and monitor when the power use surges and drops. The dryer is a bit more difficult, since they pull a LOT of power, and smart plugs typically either don't support that much power, or are incredibly expensive. So that's likely going to be some fancy vibration sensor-based thingy
The machine does have an app and Bluetooth, but I can't see the point of spending the time reverse engineering the protocol, and the app is never going to be activated on my phone because it wants access to camera, sound, phone and my contacts list.
Edit: It seems some integration work has been done for HA: https://github.com/home-assistant-HomeWhiz/home-assistant-Ho...
An easier way is to run an Android virtual device with an older Android version on your computer. You can then use some scripts to add the certificates and proxy the traffic to Burpsuite or mitmproxy. That way you also don't have to switch devices.
It would also be interesting to use APKLab or Jadx to look at the code of the app. Maybe you can find the key derivation algorithm. The app and the washing machine must somehow generate keys or have pre-shared secrets.
If I understand correctly, the app only works if both devices are in the same network? I like that
Are those gratuitous ARPs? This is a common behaviour.
What kind of laundry cycles are we running here?
My machine finishes a normal "eco" cycle in <30 minutes. It also beeps really loudly when it's done. The combination of quick cycles and simple notification signal keeps me out of the weird tech solutions rabbit hole.
European washing machines take longer due to requirements around lower water and electricity usage. Plus, it looks like that device is a combined washer and dryer, and they take even longer.
My washer normally takes 104 minutes on the regular cycle, but if it decides I've overloaded it, it can take as long as 3 hours! And mine is just a washer.
It probably also takes 4.5 hours to wash and dry, but I wouldn't know because it happens when I'm sleeping (which just happens to be the same time as the ultra-low time-of-day electricity rates where I live) . It's pretty great. Definitely recommend.
Specifically this element:
<a href="https://nexy.blog/2025/07/27/how-i-hacked-my-washing-machine..." class="hoverZoomLink"><img alt="CyberChef decrypting the washing machine's response" src="https://nexy.blog/0006-How-I-hacked-my-washing-machine/cyber...
Anybody interested in this write up? Might even include a "Office Space"-esque montage of the smart module destruction.
![https://nexy.blog/0006-How-I-hacked-my-washing-machine/cyber...](https://nexy.blog/0006-How-I-hacked-my-washing-machine/cyberchef-2-small.avif"></a>){kind=link}
7D = {
0D0A = CRLF
09 = TAB
22 = "
73 = s
74 = t
61 = a
74 = t
75 = u
73 = s
4C = L
74 = a
....
Also, the 'key' in the second screen shot is a nibble (=one hex character) out of alignment of the listed bytes. It also is not cut from the gap that is in the input text now, as suggested by the visual presentation: the 'key' is 'D0A097D0D0A7D' which is 13 hex digits, and again, a nibble out of byte alignment. It looks like a 0 must have preceeded to make it '0D0A09...' = CRLF TAB, and it total that's 'CRLF TAB { CRLF {'. But the gap was originally '24F70...', which, aligned to bytes, was '224F70...' = '"Op...'
So, the screen shots appear to be bogus or fake or edited.
Why? What's going on here?
It has access to nothing, only my script has access to it - I don't see a risk here. I still have the heebie jeebies knowing it's connected to anything at all, or even the fact that it can do that, but also spending a night hacking a washing machine was incredibly funny to me and totally worth it. Plus, got some useful notifications out of it.
Good enough for me, but everyone’s level of comfort is different.
Someone shared this pdf written by someone that had a nice overview that is transferable to any router.
I feel like that's true for every washing machine that has ever existed
Otherwise, you would need some MitM style attack?
Just plug the washing machine into a smartplug and alert when power draw drops to idle for more than X minutes.
I'm certain 99% of washing machines are powered by electricity, and if you live in 120V town and need 3 phase you can monitor power using the magnetic field on one of 3 conductors.
Here is one in the same vein: https://hackaday.com/2023/04/15/internet-of-washing-machines... => https://tratt.net/laurie/blog/2023/displaying_my_washing_mac...