Homey Community Forum

XBox companion app ready for testing

Update: Using the OpenXbox project someone pointed me to the nodejs library they have developed. So I used that on on e a new version of this xbox app.

So what did I manage at this point:
Turn ON and OFF the console from Homey!!!
Flow trigger on running app change, meaning you can detect what APP/GAME is actually running on the console (now with appid, image and name tokens)!!
Send button commands (controller/media) to the console from workflow and device page.
Apps are translated to a proper name and artwork is downloaded and added to the now playing page (requires live id authentication).

Todo:
The Game name are returned in a not so nice name.
These are not part of the same store listings as the apps. Just need to find an endpoint for the games to make those work.

To authenticate the app you need to get a refreshtoken from the XBox live ID service.
You need to use a private/incognito browser mode and go to the URL:
https://login.live.com/oauth20_authorize.srf?client_id=0000000048093EE3&redirect_uri=https://login.live.com/oauth20_desktop.srf&response_type=token&display=touch&scope=service::user.auth.xboxlive.com::MBI_SSL&locale=en
After login the browser shows an white page. Its the URL you are interested in, in that URL the refreshtoken is available. Copy that token and open the app settings, paste the token in and press save.
Now the apps should show nice artwork.
The homey oauth2 flow is not working in this case since we do not have a proper app registration available, so I need to find a workaround to retrieve the URL from the settings page, but did not find any so far :frowning:

But the app brings a lot of XBox features so have fun finding use cases. And share them here :smiley:

Although I’m not sure what I would use it for, I find it interesting.
Perhaps work around the lack for CEC support and turn on my TV automatically :slight_smile:

I’ve tried the app as-is. I had a little trouble discovering my Xbox One X, even with manually entered IP. The Xbox Beta app that I use is able to discover my device even when going from Wi-Fi to wired, so perhaps it’s using a different method.

Anyway, after a couple of attempts by manual IP, it worked for me.

Regarding the encryption: I’m far from an expert, but as you probably know, it’s rather unforgiving. In the past I’ve messed up things like padding in ever so subtle ways that would stop things from working completely.

Perhaps it would be helpful to do a comparison in output from the C# code and your JavaScript code? That would mean you initialize with the same IV and such, then compare the final message to something you know to be correct. At least you might be able to narrow down the area of the code in which the problem may lie.

I can’t make any promises, but perhaps I’ll find some time to play with the C# implementation myself, see it working. That will probably increase my own understanding at this point, anyway.

Edit:
Several of the C# CLI commands don’t seem to be working for me either. PowerOff, LaunchTitle, etc. I either get a timeout, or no response at all.

Ok, thanks that is very interesting to hear.
Ill go check the python version myself and see if that does work. If not the documentation is probably out of date.

On the encryption; you are right it must be something like that. The problem lies that all implementations use 3rd party libraries for at least part of the encryption handling that are not available to node.js
So I found and tried a lot of different libraries that did something wright and ended up with one that seems to handle all right. But it is hard to confirm if they actually do it right or that I setup them up right. So many small variations in these elements :frowning:
I know the unprotected part of the message I can handle with trust, I used that for the discovery and to process the response that now allow me to process the byte stream into x509 certifacte and get all the right info from the response (console name, liveid, device id etc) so that must be done right now.
I know I can encrypt en validated that when decryption with my info I end up with the same message content as I started with to encrypt.
But since I have no way in validating what the console exactly does… :frowning:

I also have been thinking about comparing from a working implementation, but in the encryption part it quickly turns into the scramble using some process unique random keys so they would be incomparable, as designed :wink:

And you are right, I am also not yet clear what I want to do with it though, but a fun challenge non the less :smiley: I was thinking on a netflix light scene and a Plex light scene and a game scene. Stuff like that would be cool. But for me it just was troubling that most of my devices are now connected and managed by Homey and the king of the lot, my console collection, is ignored.

Tried to get the python working by installing a ubunto distro on my windows 10 device. Figured out how to update pyhton and pip and installed the xbox-smartglass-core module. Than figured out how to execute the tui. It made me authenticate first and presented me an empty screen (while my console was powered on) pressing the refresh kills the tui with an binding error on the udp listener.

So no real added info :frowning:

Check the update, I made a better version that is connecting so we can do power down and app detection now :slight_smile:

New update now in testing

Installed it, but I cannot add the refresh token, it does not save it?

Not sure what you mean with saving it. It used and than new ones are retrieved behind the scenes.
If you followed the instructions and used the authorize link succesfully you ended up in a blank screen with a URL that holds the token. Taking that token and storing putting it in the box should authorize the app.
The app is still beta so I do not clearly show that the app is authorized. Just test it out buy starting for example the Netflix app on your console. If the console device in homey is showing the netflix artwork than it was authorized properly. After that there is no need to ever reauthorize.
For the basic Xbox companion behaviour you do not need to do this step. Its only required to get the pretty running app info.

I really want to find a nicer way to get through this authorization process but have not found one. Best idea so far was to use a reverse proxy code to do this. But time…

1 Like

Small update to test with Nexus button fixed and updated to the new openxbox core package. It had a exception on protocol level cause the app the crash once in a while. They fixed that now, so hoping for some stability improvements here.