First up: this isn't criticism of the original post in the slightest, it's a wonderful journey through figuring out how a weird device that wants to be on your wifi works.
If you have a device that speaks to an Android app, you want https://github.com/niklashigi/apk-mitm - it'll strip pretty much every known certificate pinning implementation from an apk, and it'll also rewrite the manifest so it'll trust the user-installed certs without having to root your device to modify the system store. Uninstall the original app, sideload the output of apk-mitm, and then you can use mitmproxy on a stock device.
The other thing is that if a device is providing encrypted data to an app, and the app is displaying the decrypted data, then the app inherently either contains the decryption key somewhere or downloads it from somewhere. https://github.com/skylot/jadx will turn an apk into something that approximates Java, and digging through that will often let you figure out what the key is. But some vendors will decide that the appropriate way to handle this is to kick the cryptography out to native code, at which point you're into having to RE something in Ghidra. Depending on your mindset this is either incredibly tedious or incredibly fun, but it's generally possible.
The author was able to build on top of work that had been done by others, but if you're ever faced with a situation where nobody else has done that work, don't just give up. It's worth spending time trying to figure out how code running on a device you own works, and even if you don't succeed in the end you're probably going to learn a lot in the process.
I did something with my Bosch washing machine (not like the OP). My washing machine is at the other end of the house from my home office. Sometimes I would put a load of washing on, and despite setting an alarm, might forget (perhaps I am in an important meeting etc).
So I decided to solve it.
Using the Bosch API - I can tell both when a cycle is complete, and if the door is open. Currently I use their default version, but there is a local hosted option I'll be switching too now the proof of concept works.
So using Home Assistant I have a simple script that detects when a washing machine cycle is complete AND the door has NOT been opened. This implies my washing machine has wet clothes still in it.
So Home Assistant will alert my phone (and my wife only if she is home based upon presence detection) once every 15mins that there are wet clothes waiting in the washing machine.
My washing machine is a "dumb" machine from the '90s. The wash cycles run based on the position of a glorified timer knob: it doesn't have a computer or sensors to detect if it needs extra time aside from the water fill stages. Thanks to this consistency, I just set a 40 minute timer on my phone, and it's always done by then. Can't get much simpler than that. If I need reminders, there's always the alarm snooze function.
It's actually really, really easy to get the state of a "dumb" washing machine (or any other electric machine) into Home Assistant using a smart plug. You can use something really basic like "power draw for > n seconds followed by no power for > m seconds" to detect when a cycle is finished. You can get way fancier and look at power draw curves to determine what part of a cycle it's in, or which cycle, if you really want to. You can add a door sensor (recommend Samsung) if you want to know if the door's been opened.
Unfortunately it's much harder to do the same for an electric dryer, since there's no inexpensive or good smart plugs for 240V last I checked.
This is (largely) what I have for my "dumb" washer. What makes mine unique is the washer is in my apartment building's cellar, too far for Wifi. So I have a LoRa transmitter that routes the message to a LoRa receiver on my home network.
Unfortunately, as you noted, I haven't figured out how to handle the dryer as the load is too much for all the smart plugs I've found. I wish there was a clamp-style monitor on an extension cord, but it seems that is something which doesn't exist.
Thankfully, the dryer isn't as much of an issue since dry clothes can sit there until I remember to get them.
I know nothing about US 240V power circuits — what plugs do you use, could you get by with a Euro system?
I use Eve Energy smart plugs, which seems to be supported in Home Assistant through the matter integration. Local first, no bullshit remote account requirements, good quality, around 40€ / USD 45.
Keep that dumb washing machine from the 90s, I can almost guarantee you that a new washing machine is not meant to last as long. Maybe 6-7 years if you are lucky.
The article says that a washing machine used to last 20 years, and now only lasts 10 years. However, it also says that machine usage has doubled, from four to eight times a week. So, the new machine lasts the same number of cycles, but the number of cycles is reached much faster.
But the fast cycles of olden day cames at a price in terms of power draw and water usage, so it’s unfortunately similar to missing incandescent light bulbs.
I have been planning to implement something similar with my countertop oven - however having no API or other connectivity, I was planning on simply plugging it via a smart plug, and using the power draw measurements to determine whether it's idle or not (that is, arm when power draw transitions to above idle, then alert once it drops back to idle).
I have a G-Shock 5600 watch that can alert me when my washing machine is finished. At the start of the cycle I take note of the total time it takes, I set that time on the timer of the watch and hit start. It will beep once the washing machine is finished. Been doing that for about 15 years now.
I occasionally do a washing load before bed that I know I might not wake up for to put into the dryer. Fortunately, my machine has an "extended tumble" cycle of sorts that will keep the clothes fresh all night at the expense of a bit more water, but while saving my bedtime routine. We end up with a lot of these nighttime loads because we're toasted all day watching kids and we prioritize laundry off-peak electricity hours. Love my Electrolux, but I imagine many brands have a comparable feature.
The equivalent on mine (a Bosch) is to wait to start anything at all until 1 cycle-time less than ten specified number of hours. Churning all night instead seems a peculiar design choice.
Does your machine not have a delayed start function? I’m standing in front of about 40 washing machines right now and they all appear to have this function.
Yeah I tried to use the builtin sensor on my LG one but it turns out, there's no 'door open' sensor per se, only the 'locked successfully' signal. So I had to add an external Zigbee reed switch door sensor..
Im hacking my fridge, its not software but a hardware hack, its an expensive motorhome fridge, runs on gas, 12vd, and 220v, it had an internal fire on the electronic controller, so it fried the cables and internals but the fridge is still more or less ok. the idea, is to rather than buying a new control board (250usd) which would need extensive work to refit as all plugs cables are shot, to replace this with a new system that i basically cobble together out of parts from an old gas boiler, so the gas boiler has all the parts on the motherboard to make the spark generator, for the gas burner, then all i need is the logic and safety, and i might be able to have it run on gas only with some different logic and control, it saves me a new fridge, and its a fun project to show my 9 year old boy about electronic engineering. I know its not a job for everyone as there is gas involved etc. but normally I get a lot of resistance on my similar hacks but when there finished the blowback normally dies down. It's a fun job, if anyone is interested in hearing how it will go, let me know and ill consider making a full post about it.
I have a magnetic Zigbee vibration sensor on my washer and dryer connected to Home Assistant. I hadn't thought of monitoring smart outlet current/voltage instead, that's a good idea too.
That's how I do it. I have a smart plug on the washer dryer and the power consumption gets sent via MQTT to Node-RED where some simple monitoring and trigger conditions update a dashboard and send an email to myself when the washing machine starts and when it stops. That's good enough for our needs.
The machine does have an app and Bluetooth, but I can't see the point of spending the time reverse engineering the protocol, and the app is never going to be activated on my phone because it wants access to camera, sound, phone and my contacts list.
> when your "three hour" (usually like 4-5 hours) load finishes
What kind of laundry cycles are we running here?
My machine finishes a normal "eco" cycle in <30 minutes. It also beeps really loudly when it's done. The combination of quick cycles and simple notification signal keeps me out of the weird tech solutions rabbit hole.
European washing machines take longer due to requirements around lower water and electricity usage. Plus, it looks like that device is a combined washer and dryer, and they take even longer.
My washer normally takes 104 minutes on the regular cycle, but if it decides I've overloaded it, it can take as long as 3 hours! And mine is just a washer.
At what point is it taking too long regardless of other factors? Laundry is uniquely hellish in that you have an entire pipeline of it that need to be processed. Getting barely 3 loads done per day seems comical to me. This might be acceptable in a dishwasher but not a laundry machine.
Many people in Europe don't even have a dryer, so they're often not doing more than one load a day. And really, unless you have a really large family, you probably don't have to do laundry every day anyway.
In Norway they also structure your electricity fees to discourage running multiple appliances at once. --For example, to keep my flat delivery rate as low as possible I have to keep my peak usage under 2KWh. That is, for each day of the month they take the hour when you used the most electricity and average the 3 top values. Yes, it's annoying to think about if I want to wash and dry at the same time, and whether or not I'm going to use the oven or something else while doing laundry.
Longer cycle does better job with microbes removal, especially with enzyme and activated oxygen bleach based detergents. In 30 min your machine just "rinses" the laundry to get a scent.
Again, Europe. Different from the US. European dryers generally don't heat above 45-60C, which isn't very effective at killing microbes. They do, however, use less electricity and are gentler on fabrics. Personally, though, I hang up my clothes and only use the dryer for sheets and towels.
My dryer takes three hours because it is ventless (aka worthless). A regular load of laundry takes 4.5 hours to wash and dry. It’s the worst appliance I have ever had the displeasure of operating. It has no redeeming qualities. Sometimes it doesn’t even dry the laundry.
Unless you are using a rooted Android, putting your own certificates on your phone is annoying. They need to be in the system certificate store which is, as far as I know, only possible with a Magisk module.
An easier way is to run an Android virtual device with an older Android version on your computer. You can then use some scripts to add the certificates and proxy the traffic to Burpsuite or mitmproxy. That way you also don't have to switch devices.
It would also be interesting to use APKLab or Jadx to look at the code of the app. Maybe you can find the key derivation algorithm. The app and the washing machine must somehow generate keys or have pre-shared secrets.
If I understand correctly, the app only works if both devices are in the same network? I like that
Hmm, I don't see any encryption. In the first screenshot 'cyberchef.avif' in the 'input window, the data is just unencrypted hex ASCII. I can fairly easily read the hex: even judging only from the first byte 7D, it is most probably JSON:
7D = {
0D0A = CRLF
09 = TAB
22 = "
73 = s
74 = t
61 = a
74 = t
75 = u
73 = s
4C = L
74 = a
....
So that is just the 'decoded' text. Where's the mentioned XOR encryption?
Also, the 'key' in the second screen shot is a nibble (=one hex character) out of alignment of the listed bytes. It also is not cut from the gap that is in the input text now, as suggested by the visual presentation: the 'key' is 'D0A097D0D0A7D' which is 13 hex digits, and again, a nibble out of byte alignment. It looks like a 0 must have preceeded to make it '0D0A09...' = CRLF TAB, and it total that's 'CRLF TAB { CRLF {'. But the gap was originally '24F70...', which, aligned to bytes, was '224F70...' = '"Op...'
So, the screen shots appear to be bogus or fake or edited.
The washing machine REALLY liked talking to... itself? I don't think whoever engineered their networking stack knew what a loopback interface was, because it was sending a lot of traffic from itself to its own IP address. I didn't think this was relevant, so I ignored it. It really liked sending traffic to 255.255.255.255 every second, for some reason. Again, ignored
Are those gratuitous ARPs? This is a common behaviour.
Respect, but this is kinda the hard way - I just plugged mine (dumb machine, not smart) in via an energy metering plug, and when energy use drops to less than 10W for more than 2 minutes, it’s done - very simple homeassistant automation. Convenient for me as the machine is 500m from the house.
It's tough times: their villa has a washing room in the servants block away from the house, but now they had to release everyone but the valet, housekeeping, masseur and hairdresser, so the washer role has been eliminated and now they need the notification for their valet to go pick it up.
One reason I can think of - in some places where houses are small (like in cities the UK) you might not have a garage on your property and might rent one nearby (they are often in little rows, e.g. [1]). So they might have that kind of situation and have the washing machine there if it's a very small house?
Correct. Have several houses on the land, and it made more sense to put the machine where it was both equidistant between them and where the washing line is.
I used Shelly plugs for for the washer and the dryer. Put little Go application on my server in the basement and get Telegram notifications + HTTP interface updates about the different states (running, finished, standby).
This is what I do - when the washer finishes, a light turns on in the kitchen letting us know. Then, when the dryer has drawn power for 10 seconds, the light turns back off, because that’s a good indication that someone dealt with the wet laundry. (Sometimes things get out of sync but not often!)
I do the same,works great. I liked it so much that im doing the same with my microwave, after removing the annoying beeper it had. Now i get a decent single short beep and can monitor how often I've used it.
Nex is a cybersecurity student in a house of similar people, they're gonna take every way :3
quote:
> The plan is, in future, since we can't hack something that doesn't have a brain, to instead attach a brain to it. The dishwasher is easy, we can just whack that on a smart plug and monitor when the power use surges and drops. The dryer is a bit more difficult, since they pull a LOT of power, and smart plugs typically either don't support that much power, or are incredibly expensive. So that's likely going to be some fancy vibration sensor-based thingy
Some washing machines (mine at least) have some "smart" features that adjust the wash time depending on some factors. Nothing more annoying than coming to the laundry after my phone alarm goes off, and seeing the timer on my washing machine go UP(!!!) from 0:01 to 0:02 ...
I'm surprised you let your washing machine into your network. I now get the appeal of just an alert the washing machine is done. But I could not for the life of me allow any of these kinds of devices onto my home network. Even in isolation...
Hey, blog author here. It only had access to the internet for a brief second, and even then it was on an entirely separate network because of how I just set up my openwrt router as a client to the main network. Our guest network is completely isolated, an explicit firewall rule had to be added so that my script could communicate with the washer while it's on this network. It has no access to anything but itself, and occasionally hears the screams of my script demanding it serves up data.
It has access to nothing, only my script has access to it - I don't see a risk here. I still have the heebie jeebies knowing it's connected to anything at all, or even the fact that it can do that, but also spending a night hacking a washing machine was incredibly funny to me and totally worth it. Plus, got some useful notifications out of it.
My dryer doesn't have a delay function accessable via the front panel, it's been "app gated", and the only way the app can talk to it is via WiFi, so if I ever need to set a delay, I have to use the app. All IoT devices are on their own VLAN though, and where possible firewalled off too. I can easily imagine more features being locked behind the app for future models.
How isolated are we talking? A device that only has access to the internet can still get botnetted and send malicious traffic from your IP. Or burn your data cap, or spy on you for the vendor.
LAN is being used in an under specified way. To my reading, a separate VLAN or standalone LAN for the washing machine wouldn’t be on “my (main/primary LAN is assumed here) local network” if I mean that “my local network” doesn’t have untrusted devices on it. I tend to read these kinds of comments with a bit of wiggle room because sometimes folks disagree about if VLANs are actually isolated enough to consider them separate local networks, as the same device may do routing and firewall or VLAN tagging, so there is isolation in principle, but bad actors can’t be expected to comply with network security policies.
I guess I can see how each of you could be right to their own reading.
But when you responded, am I bound by their context or yours? For clarity, I am responding to you both in a good faith steelman manner, so please respond in kind.
I thought the ambiguity remained, because different people have different opinions about network isolation, what it entails, how it may be implemented securely, and how different implementations have different implications regarding failure to maintain isolation in the event of a security breach that compromises networking equipment. Most folks aren’t running diodes at home. If your isolation relies upon configuration of reconfigurable equipment and/or VLANs, that isn’t isolated to readings that require or imply a highly secure computing environment.
For untrusted IoT devices I’ve found that sticking them on the IoT VLAN (so no device-to-device communication, and either no or extremely limited internet access; but I let my trusted clients punch through to IoT devices) has allowed me to retain all functionality whilst being confident they’re not up to anything I don’t want or expect.
This is my setup. I find this to be a reasonable balance for comfortable life. Except my printer, that gets no Internet so it cannot update to some crappy firmware that nags about supplies.
It's fairly simple to keep these devices isolated and if you have a decent firewall, you shouldn't have much to worry about. Keeping them in a separate, internet-only VLAN with peer to peer isolation is typically the standard protocol. That said, in a lot of cases, even keeping the isolated doesn't resolve any privacy concerns. Also, with some devices, you have to open up mDNS.
Many of these consumer IoT devices use either plaintext protocols or implement weak encryption with hardcoded keys in the firmware, making packet capture and analysis possible without traditional MitM techniques.
Our previous washing machine had a mechanical rotating switch, sort of like an egg timer, built into it. I seriously thought about just gluing a pair of metal bits onto it to make a physical connection when it was done, which would either do something clever like trigger a RasPi into sending me a text, or something stupid like physically triggering a doorbell chime.
Can confirm this is super easy. It has the additional advantage of monitoring power usage and it allows you to cut power if the leak sensor under it goes off
I would go for the "monitor a number" before "sound recognition", unless you're talking about just using an amplifier to bring the chime into the entire house.
I'd dump cut the mic and wire it to some input before actually trying to check for the sound. But it's probably inconvenient to get to and monitoring overall power draw would be easy.
If you like these kind of posts, maybe you should go to https://hackaday.com/ it is all articles like this every day, though usually more on the hardware side.
If you have a device that speaks to an Android app, you want https://github.com/niklashigi/apk-mitm - it'll strip pretty much every known certificate pinning implementation from an apk, and it'll also rewrite the manifest so it'll trust the user-installed certs without having to root your device to modify the system store. Uninstall the original app, sideload the output of apk-mitm, and then you can use mitmproxy on a stock device.
The other thing is that if a device is providing encrypted data to an app, and the app is displaying the decrypted data, then the app inherently either contains the decryption key somewhere or downloads it from somewhere. https://github.com/skylot/jadx will turn an apk into something that approximates Java, and digging through that will often let you figure out what the key is. But some vendors will decide that the appropriate way to handle this is to kick the cryptography out to native code, at which point you're into having to RE something in Ghidra. Depending on your mindset this is either incredibly tedious or incredibly fun, but it's generally possible.
The author was able to build on top of work that had been done by others, but if you're ever faced with a situation where nobody else has done that work, don't just give up. It's worth spending time trying to figure out how code running on a device you own works, and even if you don't succeed in the end you're probably going to learn a lot in the process.
So I decided to solve it.
Using the Bosch API - I can tell both when a cycle is complete, and if the door is open. Currently I use their default version, but there is a local hosted option I'll be switching too now the proof of concept works.
So using Home Assistant I have a simple script that detects when a washing machine cycle is complete AND the door has NOT been opened. This implies my washing machine has wet clothes still in it.
So Home Assistant will alert my phone (and my wife only if she is home based upon presence detection) once every 15mins that there are wet clothes waiting in the washing machine.
Very simple - works perfectly.
Unfortunately it's much harder to do the same for an electric dryer, since there's no inexpensive or good smart plugs for 240V last I checked.
Unfortunately, as you noted, I haven't figured out how to handle the dryer as the load is too much for all the smart plugs I've found. I wish there was a clamp-style monitor on an extension cord, but it seems that is something which doesn't exist.
Thankfully, the dryer isn't as much of an issue since dry clothes can sit there until I remember to get them.
I use Eve Energy smart plugs, which seems to be supported in Home Assistant through the matter integration. Local first, no bullshit remote account requirements, good quality, around 40€ / USD 45.
https://www.evehome.com/en/eve-energy
None of this is cross-compatible.
https://www.forskning.no/forbruk-ntnu-partner/er-vaskemaskin... (in Norwegian) quotes research from the Norwegian University of Science and Technology.
The article says that a washing machine used to last 20 years, and now only lasts 10 years. However, it also says that machine usage has doubled, from four to eight times a week. So, the new machine lasts the same number of cycles, but the number of cycles is reached much faster.
It works with all brands regardless of API.
Often a button labelled ‘Ending in’.
Australian market.
The machine does have an app and Bluetooth, but I can't see the point of spending the time reverse engineering the protocol, and the app is never going to be activated on my phone because it wants access to camera, sound, phone and my contacts list.
Edit: It seems some integration work has been done for HA: https://github.com/home-assistant-HomeWhiz/home-assistant-Ho...
What kind of laundry cycles are we running here?
My machine finishes a normal "eco" cycle in <30 minutes. It also beeps really loudly when it's done. The combination of quick cycles and simple notification signal keeps me out of the weird tech solutions rabbit hole.
European washing machines take longer due to requirements around lower water and electricity usage. Plus, it looks like that device is a combined washer and dryer, and they take even longer.
My washer normally takes 104 minutes on the regular cycle, but if it decides I've overloaded it, it can take as long as 3 hours! And mine is just a washer.
In Norway they also structure your electricity fees to discourage running multiple appliances at once. --For example, to keep my flat delivery rate as low as possible I have to keep my peak usage under 2KWh. That is, for each day of the month they take the hour when you used the most electricity and average the 3 top values. Yes, it's annoying to think about if I want to wash and dry at the same time, and whether or not I'm going to use the oven or something else while doing laundry.
https://pubmed.ncbi.nlm.nih.gov/25207988/
An easier way is to run an Android virtual device with an older Android version on your computer. You can then use some scripts to add the certificates and proxy the traffic to Burpsuite or mitmproxy. That way you also don't have to switch devices.
It would also be interesting to use APKLab or Jadx to look at the code of the app. Maybe you can find the key derivation algorithm. The app and the washing machine must somehow generate keys or have pre-shared secrets.
If I understand correctly, the app only works if both devices are in the same network? I like that
Specifically this element:
<a href="https://nexy.blog/2025/07/27/how-i-hacked-my-washing-machine..." class="hoverZoomLink"><img alt="CyberChef decrypting the washing machine's response" src="https://nexy.blog/0006-How-I-hacked-my-washing-machine/cyber...
Also, the 'key' in the second screen shot is a nibble (=one hex character) out of alignment of the listed bytes. It also is not cut from the gap that is in the input text now, as suggested by the visual presentation: the 'key' is 'D0A097D0D0A7D' which is 13 hex digits, and again, a nibble out of byte alignment. It looks like a 0 must have preceeded to make it '0D0A09...' = CRLF TAB, and it total that's 'CRLF TAB { CRLF {'. But the gap was originally '24F70...', which, aligned to bytes, was '224F70...' = '"Op...'
So, the screen shots appear to be bogus or fake or edited.
Why? What's going on here?
Are those gratuitous ARPs? This is a common behaviour.
1. https://www.alamy.com/stock-photo-row-of-private-car-garages...
I used Shelly plugs for for the washer and the dryer. Put little Go application on my server in the basement and get Telegram notifications + HTTP interface updates about the different states (running, finished, standby).
This saved a lot of forgotten loads .
quote:
> The plan is, in future, since we can't hack something that doesn't have a brain, to instead attach a brain to it. The dishwasher is easy, we can just whack that on a smart plug and monitor when the power use surges and drops. The dryer is a bit more difficult, since they pull a LOT of power, and smart plugs typically either don't support that much power, or are incredibly expensive. So that's likely going to be some fancy vibration sensor-based thingy
Smart plugs are cheap enough where it doesn't take a lot of convenience to justify it.
It has access to nothing, only my script has access to it - I don't see a risk here. I still have the heebie jeebies knowing it's connected to anything at all, or even the fact that it can do that, but also spending a night hacking a washing machine was incredibly funny to me and totally worth it. Plus, got some useful notifications out of it.
Good enough for me, but everyone’s level of comfort is different.
I guess I can see how each of you could be right to their own reading.
They said it here:
https://news.ycombinator.com/item?id=44704593
But when you responded, am I bound by their context or yours? For clarity, I am responding to you both in a good faith steelman manner, so please respond in kind.
I thought the ambiguity remained, because different people have different opinions about network isolation, what it entails, how it may be implemented securely, and how different implementations have different implications regarding failure to maintain isolation in the event of a security breach that compromises networking equipment. Most folks aren’t running diodes at home. If your isolation relies upon configuration of reconfigurable equipment and/or VLANs, that isn’t isolated to readings that require or imply a highly secure computing environment.
https://en.wikipedia.org/wiki/Unidirectional_network
Someone shared this pdf written by someone that had a nice overview that is transferable to any router.
https://github.com/mjp66/Ubiquiti
Otherwise, you would need some MitM style attack?
Just plug the washing machine into a smartplug and alert when power draw drops to idle for more than X minutes.
Anybody interested in this write up? Might even include a "Office Space"-esque montage of the smart module destruction.
Here is one in the same vein: https://hackaday.com/2023/04/15/internet-of-washing-machines... => https://tratt.net/laurie/blog/2023/displaying_my_washing_mac...