Fuck Arlo

Author: jwalter1-quest

arlo.py

@@ -252,6 +252,11 @@ def LoginMFA(self, username, password, google_credential_file):
             code = search.group(0)
             break
 
+        """
+        code = input("Enter MFA code:\n")
+        print("CODE", factor_auth_code)
+        """
+
         # Complete auth
         finish_auth_body = self.request.post(
             f'https://{self.AUTH_URL}/api/finishAuth',
@@ -264,7 +269,12 @@ def LoginMFA(self, username, password, google_credential_file):
         )
 
         # Update Authorization code with new code
-        self.request.session.headers.update({'Authorization': base64.b64encode(finish_auth_body['data']['token'].encode('utf-8'))})
+        headers = {
+            'Auth-Version': '2',
+            'Authorization': finish_auth_body['data']['token'].encode('utf-8'),
+            'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_1_2 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Mobile/15B202 NETGEAR/v1 (iOS Vuezone)',
+        }
+        self.request.session.headers.update(headers)
         self.BASE_URL = 'myapi.arlo.com'
 
     def Logout(self):
@@ -974,6 +984,26 @@ def GetSession(self):
         """
         return self.request.get(f'https://{self.BASE_URL}/hmsweb/users/session')
 
+    def GetSessionV2(self):
+        """
+        Returns something like the following:
+        {
+          "userId": "XXX-XXXXXXX",
+          "email": "[email protected]",
+          "token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+          "paymentId": "XXXXXXXX",
+          "accountStatus": "registered",
+          "serialNumber": "XXXXXXXXXXXXXX",
+          "countryCode": "US",
+          "tocUpdate": false,
+          "policyUpdate": false,
+          "validEmail": true,
+          "arlo": true,
+          "dateCreated": 1463975008658
+        }
+        """
+        return self.request.get(f'https://{self.BASE_URL}/hmsweb/users/session/v2')
+
     def GetFriends(self):
         return self.request.get(f'https://{self.BASE_URL}/hmsweb/users/friends')
 

request.py

@@ -31,16 +31,19 @@ def __init__(self):
     def _request(self, url, method='GET', params={}, headers={}, stream=False, raw=False):
 
         ## uncomment for debug logging
-        # import logging
-        # import http.client
-        # http.client.HTTPConnection.debuglevel = 1
-        # logging.basicConfig()
-        # logging.getLogger().setLevel(logging.DEBUG)
-        # req_log = logging.getLogger('requests.packages.urllib3')
-        # req_log.setLevel(logging.DEBUG)
-        # req_log.propagate = True
+        """
+        import logging
+        import http.client
+        http.client.HTTPConnection.debuglevel = 1
+        logging.basicConfig()
+        logging.getLogger().setLevel(logging.DEBUG)
+        req_log = logging.getLogger('requests.packages.urllib3')
+        req_log.setLevel(logging.DEBUG)
+        req_log.propagate = True
+        """
 
         if method == 'GET':
+            #print('COOKIES: ', self.session.cookies.get_dict())
             r = self.session.get(url, params=params, headers=headers, stream=stream)
             r.raise_for_status()
             if stream is True: