From 8a2bbe5a83cc3cad17cc1dd6861699aeb3aae4ac Mon Sep 17 00:00:00 2001
From: Trammell Hudson <hudson@trmm.net>
Date: Tue, 1 Feb 2022 23:37:55 +0100
Subject: [PATCH] readme: alternate way to get the psk

---
 README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README.md b/README.md
index f37c241..e0850df 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,20 @@ repeating 4-byte XOR that is sent in the first part of each messages.
 The script could be augmented to decode those as well.
 The replies from the device are not masked so they can be read in the clear.
 
+## Retrieving home appliance configuration
+
+```
+frida-trace -o initHomeAppliance.log -f "com.bshg.homeconnect.android.release" -U -j '*!initHomeAppliance''
+```
+
+PSK can also be found in the last section of the config as base64url encoded.
+
+```
+echo 'Dsgf2MZJ-ti85_00M1QT1HP5LgH82CaASYlMGdcuzcs"' | tr '_\-"' '/+=' | base64 -d | xxd -g1
+```
+
+
+
 ## hcpy
 
 The `hcpy` tool can contact your device, and if the PSK is correct, it will