Hello all! I've got a controlled mechanical ventilation system (system D) at home from Zehnder (ComfoAir Q600). I've even got their controller box (the LAN-C) so I can use smart home stuff with it. It works perfect on home assistant, even when blocking the controller on the router level from the outside world. Maintenance wise, they try to force a contract on you, but it is easy peasy to maintain and repair so I'm not having no maintenance contract.

Comes the issue of software and updates. Some updates come with features. Sometimes, they are even mandatory so addons can work on them (ex: small heat pump for the intake needs a recent version for setup). For this, you have to use their app on your phone/tablet. The whole idea is that the install goes trough your phone (with checksum check through the app) to the EEROM on the local network to prevent bricking of the unit. Updates bring usually nice settings, and are sometimes mandatory for some add-ons (ex: heatpump for pre-heating or pre-cooling needs a recent update to be set up).

Here comes the really annoying part that makes me grump a lot: to update, of even for some diagnose option, you need to access a special level. Not the beginner mode. Not the expert mode. Not the installer mode that is unlocked with a simple pin code available in the owner's manual. No sweet child, you need to be a registered installer with Zehnder to access to get updates and real diagnostics. Officially, it is to prevent bricking the controller with an update by an user. But it is possible to give access to a licensed installer so they can update remotely and run diagnostics. So an issue with your internet, and there is no more safeguard to protect you from bricking stuff. Really, it is just to force a maintenance visit (200€ to exchange filters and clean a bit the exchanger and the inside with some soapy water). I don't like to bend over while I'm getting fucked without my consent, so you guess while this pisses me off. I called once to get an update (some companies ask you a hefty sum for that), but instead of getting an account they just updated it once exceptionally.

There is tho in the official documents for Germany, a test code publicly accessible, that allows you to access diagnostics and updates. But the updates there are only for German units. Pretty sure it is the same unit for the whole damn continent, but hey, let's pretend the units are different.

Comes my question: how do I trick the system into believing their update is not for the germans, but for somewhere else? Or even better, to give me access for updates for other areas? I know part is server side (account), but I'm willing to bet they don't really care about securing access to the updates once you have authenticated yourself (with the german test code). Tried lucky patcher, but didn't get lucky.

Any idea what I could try (even Lucky Patcher wise)?

Big hugs and kisses

you are viewing a single comment's thread
view the rest of the comments

[–] FlyForABeeGuy@lemmy.dbzer0.com 7 points 2 days ago* (last edited 2 days ago)

[Update]

So used my old rooted tablet to tweak around a bit with the app. Through lucky patcher (when logged in with the test account) I noticed that the downloads are done trough the root user of android. After that I used MiXplorer to get the data files on my pc. Quickly found the structure of the files. Couldn't trick the system to access my local files, but I managed to trick the system into updating as if it were a german system.

So if someone else happens to look and stumble upon this, this is how I got it to work. It works only from a rooted android device for now:

Login with the german test account to access server downloads
Connect to the cloud delivery system and download the update that you want
Close the app, with a root file explorer (like MiXplorer + Shizuku) go into the root folder (use their FTP server with a root allowed user or whatever to transfer it more easily to the PC).
Go to /data/data/com.zehndergroup.comfocontrol/files/products/1/R1.12.0-DE -Open the meta.json file and change the german id of your unit to your unit. Ex: 471502013 to 471502023 for the UK id. Save it and send it back to where it came from. You could just update your unit, and it would keep the same serial number, same everything but would be under german ID. Easy for new updates but annoying to explain if you need to have a technician over and he is wondering why your unit has that ID. But then again, that is a minor detail and I'm not even sure the technician will be paid enough to care. Reverting to your national number should be the same process but with the update for your country.

What didn't work: *Open the config bin file of your unit (so again, for the Q600 : config_R1.12.0_471502013_v1.bin ) with a hex editor. Look for the unit number that needs to be replaced (so here 471502013 needs to become 471502023). I only needed to replace 1 number (a 1 into 2) , so 31 became 32 in the hex file. Replace the country code with your local one in hex (So DE into UK). Save it and send it back from where it came from. This provokes an error after the 3rd block. Probably a checksum that isn't cooperating in another file *Seperate API connection: the naming pattern o their website is obvious, but connection without their app is something else

Firmware updates for the ventilation units are in folder "1", maybe that will change in the future
The downloaded firmware update will be there under it's own folder (like R1.12.0) and sometimes there will be it's own ZIP
National ID for your unit is on Zehnder's website but also under "basic mode" > "unit status" > "Article unit"
The installers pin code changes from your countries to the German one, so it becomes 4210

PS: there are ati-bricking measures in place in the system. If an update fails, you can Erase the firmware and reupload it but you'll have to redo the post-install setup