New introduced payload and result encryption

[TA2k]

Only as an information the new tuya app introduced an encryption for payload and result.
Every request is encrypted with a different key (e.g. OTM0ZTA4ZDBmZGM3ODg0NQ==) and algorithm AES/GCM/NoPadding
The same key is used from the server to encrypt the result.

At the start of the app the app receives daily app secrets. This is encrypted with a static AES key.
{ "lineAppSecret":"", "daily_app_secret_android":"e79fcuyfp9384h98m5ysyjrnt3n949gq", "single_half_fish_eye_appsecret":"", "oppo_app_key":"7jfld5WBbxs8okO8Go008k8os", "mi_app_key":"5201740956699", "simAppSecret":"33490A16A4F330645AC3D5E93E58C1A2", "wbAppSecret":"7447cd7e1640df89fd7fa96e2284dba4", "youzan_client_secret":"", "googleAppSecret":"9411361456-jf9b3ntbq591geui2v6vneh6bnptnbhg.apps.googleusercontent.com", "qqMusicAppPubilcKey":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrp4sMcJjY9hb2J3sHWlwIEBrJlw2Cimv+rZAQmR8V3EI+0PUK14pL8OcG7CY79li30IHwYGWwUapADKA01nKgNeq7+rSciMYZv6ByVq+ocxKY8az78HwIppwxKWpQ+ziqYavvfE5+iHIzAc8RvGj9lL6xx1zhoPkdaA0agAyuMQIDAQAB", "vivo_app_secret":"424fabb9-9aa9-4c1b-bc02-07b73eecbcde", "oppo_app_secret":"578CFbaB864A671117F2d09D27DC9b25", "simAppKey":"300012044602", "single_half_fish_eye_appkey_android":"ZX2E2dJlpS/J0FCUDHjRPkAACOqoM1NUnKU7B0dyRlLqCtRxKXi8O9JG5rNeOc5wlQyh62OdlLbue1MwRa8Jfw==", "speech_recognition_secret_key_xunfei":"58b66248", "wxAppKey":"wx90d34ffcd1b02f8e", "xg_access_key":"ASBE5P34Z95N", "xg_secret_key":"d3d506625faf5bce3e4dee10cb247252", "speech_recognition_secret_key_google":"", "single_half_fish_eye_appsecret_enterprise":"", "qqAppSecret":"PtuSHVFkATBULecy", "wxAppSecret":"af87ac9961130297bed2ba8436be5b7e", "phone_number_one_click_login_appsecret":"", "single_half_fish_eye_appkey":"", "twAppSecret":"", "oppo_master_secret":"4d8665cc501369C3AdBb12C1203b0946", "single_half_fish_eye_appkey_enterprise":"", "lineNotifyClientSecret":"", "umeng_key":"557ad12c67e58e79ee003311", "fbAppSecret":"", "qqAppKey":"1104955102", "googleAppKey":"9411361456-jf9b3ntbq591geui2v6vneh6bnptnbhg.apps.googleusercontent.com", "twAppKey":"", "fbAppKey":"", "meizu_app_key":"1af86b89cf1f402793d917fa8e637d02", "qqMusicLocalPrivateKey":"MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAKTcvYmAry0tj1ht6SyUJ57Cb06EnDv47lREzEleqqymrwYYYLi7TX7NJvzhfzozxya2ezg93OtFhorzVzPzb6CUdtMjXqyUIkJX79MiEcm5h8ogU2+MRy27lCTzO7l9kLyKUHLK1sAfWzAXBeffTjHYXGaSCrERRY9VuUjlChT/AgMBAAECgYBEjnrPFFFEcz654jLl09JKBcbtmt2xXsoVBusA07obw9Disv59s339beh5nngexutZIOdKswcMW0QgwiKQOvo+3LBtfGWKahYtEDpqIkbMGkOaMN3GK4LbBZUC7fDq+NQFxScJAqIQITCmkliM6kTKZJ19UOqkas1qQA18XKCtaQJBANNFNrjRD5DpllQAEZBHOAP7m4EZmOB47wUwoONVAUZPieoLZDSJYKvOlAKoptFMPVloNiiT3Ts8FWHOv12J/wUCQQDHxDj1vGAxhCWg9AIKK0yqqdBwULh/I7YIkmJqSVx0GJ8s3Q95JO1FfsQWGdW1O5i1ZkOSIPylgKj9qN9/R9szAkEAz4SbxJutM4UNoQLUPaiGz/qzevKepFaFSM7EKagUcXCtIdQAoE4UQ43M+nOYL9s4I3rmP6NF2eohgonmlEV41QJBAI1QsR6dEMtWeSwAEUVSVhzQniQl5i4CfC5aJ4aauO1j0Y5yHxUK21JzF5Gu2vAm5aNFYX2JGlCV0HYItXobweMCQQDOY2FBxsweAjNRTr9CW+7BnByB6yXnmUZ+NQzI0ccbxIZUy/2BPMjk6HEEkgSx7CB1iyUFkGWLWFpgcxdEmOTU", "daily_app_key_android":"uwwwxsrk735fmva99jyq", "phone_number_one_click_login_appkey":"", "wbAppKey":"2491980946", "lineAppKey":"", "umeng_secret":"4ab855aafc363a59da66a55148108ea7" }

[pergolafabio]

so what does it mean, we cant use the login method anymore with secret2 and certsign?

[TA2k]

At the moment you can. but maybe it will deactivate in the future

[pergolafabio]

do you have a sample script somewhere? i always get SING VALIDATE FAILED or username/password mismatch

[pergolafabio]

ah, i know why, seems i had an @ in my password, it doenst like

when i now launch a test script, i get "APP NEED UPGRADE"

[pergolafabio]

I tested this one below

const apiKeys = require('./keys.json');
const Cloud = require('@tuyapi/cloud');
const is = require('is');
const api = new Cloud({key: apiKeys.key, secret: apiKeys.secret,secret2: apiKeys.secret2, certSign: apiKeys.certSign, apiEtVersion: '0.0.1', region: 'EU'});
const apiResult = api.login({email: '[email protected]', password: 'xxx'});

with keys:

{
  "key": "3fjrekuxank9eaej3gcx",
  "secret": "aq7xvqcyqcnegvew793pqjmhv77rneqc",
  "secret2": "vay9g59g9g99qf3rtqptmc3emhkanwkx",
  "certSign": "93:21:9F:C2:73:E2:20:0F:4A:DE:E5:F7:19:1D:C6:56:BA:2A:2D:7B:2F:F5:D2:4C:D5:5C:4B:61:55:00:1E:40" 
}

[pergolafabio]

i receive :

/home/debian/node_modules/@tuyapi/cloud/index.js:247
      throw new TuyaCloudRequestError({code: data.errorCode, message: data.errorMsg});
            ^

TuyaCloudRequestError: Please update the app.
    at TuyaCloud.request (/home/debian/node_modules/@tuyapi/cloud/index.js:247:13)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async TuyaCloud.login (/home/debian/node_modules/@tuyapi/cloud/index.js:305:23) {
  code: 'APP_NEED_UPGRADE'
}

Node.js v19.2.0