-
Notifications
You must be signed in to change notification settings - Fork 4
Frequently Asked Questions
Before you can use this library (and the accompanying command line tool), you need a recent version (>= 4.0.0) of Node.js to be installed.
Communication between the iOS and Android apps and the Nefit/Bosch backend is based on the XMPP protocol.
The client (the app) authenticates itself to the backend and, after successful authentication, starts a chat stream where the client sends commands to the backend, to which the backend responds.
Even though XMPP is XML-based, the commands themselves look like HTTP-requests (with GET and PUT "requests" being sent by the client).
Once a command has been sent, the client has to wait for a response from the backend before it can send another command (this library will queue commands internally to prevent more than one command being "active" at all times).
Communications are encrypted using TLS. Additionally, message contents (<body> contents) are encrypted using AES-256.
Yes. The library is published under the MIT license, which means that you are free to use it, or pieces of it, in your own product—commercial, closed source or otherwise—without limitation other than that you need to include the provided copyright/permission notice in your product.
The client needs three pieces of information before it can authenticate itself with the backend: the Nefit Easy™ serial number, its unique access key, and a user-defined password.
If this information is exposed to third parties, those third parties can gain control over the thermostat and through it, the central heating system.
As with the official iOS and Android apps, this library depends on the user not exposing their credentials to third parties.
This library does not provide any safeguards regarding (incorrect) settings.
Dutch copyright law (Auteurswet) contains an exemption (article 45m) that allow reverse engineering if this is required to achieve interoperability between an independently developed software system (this library) and other (existing) computer systems (the Nefit/Bosch backend).
This library is based solely on reverse engineering the communications protocol that is used between the iOS and Android apps and the Nefit/Bosch backend. It's not based on any formal or informal documentation written or provided by Nefit/Bosch.
I believe that this library fully complies with the reverse engineering exemption.