© Joe Howard, 2022
Intercepting HTTP Traffic to Access My Rise Garden Data
December 6, 2023
New Project

Introduction

I'm quite a fan of hydroponics, and have been growing plants hydroponically for years. I recently purchased a Rise Garden, which I absolutely love (though I don't use the app, nor the nutrients or seed pods...).

I'm also a fan of the HomeAssistant Project, and have spent a while setting up my home dashboard within a Proxmox cluster, alongside a few other services that lend themselves nicely to home automation and security.

The problem is, Rise Gardens does not expose a public API for me to interface with my device. Meaning, I can't have all that sweet sweet sensor data buried away in my HomeAssistant dashboard.

A screenshot of my Home Assistant dashboard


This post serves to document my first steps on this project, as well as demonstrate just how simple it can be to recover your own data from the services that you use.

The Tools

I thought a bit on how best to go about this, figured capturing mobile app traffic was the easiest way, then researched how to do it. I ruled out sniffing HTTPS traffic on my iPhone, as it seemed prohibitively challenging, and I would have to use my ancient macbook to do it. I then looked at running an Android Emulator with Magisk to gain root, then using Burp Suite to inspect the traffic, however that requires a professional Burp Suite license.

Then I stumbled across HTTPToolkit, which is a 100% open source client for debugging API calls and intercepting HTTPS traffic. The setup was extremely simple, with what amounts to essentially a 1-click install to have an actively running HTTP(S) interceptor running on my Windows desktop.

Next up was the Rise Gardens app, which I installed in the emulator via Google Play Store.

Discovering Endpoints

This part wound up being relatively simple with HTTPToolkit.

Auth (Grant Token)

A screenshot of the HTTP Toolkit application showing the intercepted OAuth Token URL HTTP Request and its request parameters

Here we can see the call against the OAuth provider API, along with the request body. Potentially sensitive details omitted. That's one endpoint down. Here's an example of the response body:

A screenshot of the OAuth Response Body

Device Status

Inspecting the Device Status API Request bodies, I can see that it's a simple bearer token authorization scheme. Here's an example of the response body from device status:

JSON Response from the Device Status API endpoint

Recreating Endpoints in Insomnium

The final step (for now) is to recreate the endpoints in my preferred API development client, Insomnium

Next Steps

Continued Data and Function Exploration

Next up is exploring the returned datapoints a bit more, from what I can tell we have a few different datapoints to evaluate:

  • at is the current air temperature
  • lamp_level is the current light level
  • current_water_volume_gallons is relatively self-explanatory

These 3 values should get me where I want to be as far as displaying data on my dashboard goes, but there's a few other functions that are dispatchable via the API that I'd like to explore, such as:

  • turning on/off the pump
  • adjusting the light level
  • updating schedules
  • turning the light on/off.

Refresh Tokens

I also need to figure out how to properly refresh the tokens I receive. While it's not really an issue just issuing new tokens for each session, I need to play around with the refresh token endpoint a bit to see what kind of payload it's expecting. The tokens have an expiry of 10 hours, and I'm not keen on waiting for that request to happen naturally on my emulated device.

Update: After reading into auth0's documentation whom I believe to be the auth provider, I suspect that this API has Refresh Token Rotation enabled. I will have to try again with a fresh access token.

Home Assistant Integration

Finally, I will be writing a HomeAssistant integration using the information I discover from this process, so that I can share the love with any other HA users who might be looking for a solution to pull data out of their Rise Garden.

Other Options?

MQTT

I see an mqtt_time variable there in the device status response which indicates this system is likely using MQTT for cloud communication. I am running my own MQTT broker on my network, and wonder if I can adjust my network DNS to reroute the garden's MQTT messages to my own broker.

Replace or flash the chip?

I haven't opened up the garden controller, but there's a significant chance that it is an ESP-based device, meaning the capability to flash or modify the firmware of the device. Alternatively, replacing the device entirely with an ESP-based chip running an open-source firmware like Hydromisc, which would then allow me to extend the functionality of the garden with peristaltic pumps and pH/EC/TDS probes.

Thanks for reading!
Joe Howard

Main page photo attributed to https://risegardens.com
Pretty code snippets provided by https://carbon.now.sh/ (they look way nicer than what my RTE supports!)