You know, my whole life is madcap projects (today is running half a km of fibre down the inside of a live water main) so I’ll update you when I have a mobile laundromat.
1. https://www.alamy.com/stock-photo-row-of-private-car-garages...
Smart plugs are cheap enough where it doesn't take a lot of convenience to justify it.
quote:
> The plan is, in future, since we can't hack something that doesn't have a brain, to instead attach a brain to it. The dishwasher is easy, we can just whack that on a smart plug and monitor when the power use surges and drops. The dryer is a bit more difficult, since they pull a LOT of power, and smart plugs typically either don't support that much power, or are incredibly expensive. So that's likely going to be some fancy vibration sensor-based thingy
I used Shelly plugs for for the washer and the dryer. Put little Go application on my server in the basement and get Telegram notifications + HTTP interface updates about the different states (running, finished, standby).
This saved a lot of forgotten loads .
Just plug the washing machine into a smartplug and alert when power draw drops to idle for more than X minutes.
I'm certain 99% of washing machines are powered by electricity, and if you live in 120V town and need 3 phase you can monitor power using the magnetic field on one of 3 conductors.
An easier way is to run an Android virtual device with an older Android version on your computer. You can then use some scripts to add the certificates and proxy the traffic to Burpsuite or mitmproxy. That way you also don't have to switch devices.
It would also be interesting to use APKLab or Jadx to look at the code of the app. Maybe you can find the key derivation algorithm. The app and the washing machine must somehow generate keys or have pre-shared secrets.
If I understand correctly, the app only works if both devices are in the same network? I like that
So I decided to solve it.
Using the Bosch API - I can tell both when a cycle is complete, and if the door is open. Currently I use their default version, but there is a local hosted option I'll be switching too now the proof of concept works.
So using Home Assistant I have a simple script that detects when a washing machine cycle is complete AND the door has NOT been opened. This implies my washing machine has wet clothes still in it.
So Home Assistant will alert my phone (and my wife only if she is home based upon presence detection) once every 15mins that there are wet clothes waiting in the washing machine.
Very simple - works perfectly.
Often a button labelled ‘Ending in’.
Australian market.
https://www.forskning.no/forbruk-ntnu-partner/er-vaskemaskin... (in Norwegian) quotes research from the Norwegian University of Science and Technology.
The article says that a washing machine used to last 20 years, and now only lasts 10 years. However, it also says that machine usage has doubled, from four to eight times a week. So, the new machine lasts the same number of cycles, but the number of cycles is reached much faster.
My 1990's Whirlpool lasted for 25 years before a barrel support rusted out. It had a mechanical timer and did a good job cleaning my clothes. Now I have this awful HE LG thing that I ALWAYS use the bedding mode otherwise it just mashes the shit out of everything destroying my clothes. HE feels like a conspiracy by big clothing to sell you more clothes, destroying the environment while fooling you into thinking you're saving it by conserving water.
Unfortunately it's much harder to do the same for an electric dryer, since there's no inexpensive or good smart plugs for 240V last I checked.
I use Eve Energy smart plugs, which seems to be supported in Home Assistant through the matter integration. Local first, no bullshit remote account requirements, good quality, around 40€ / USD 45.
None of this is cross-compatible.
Correct. Its called split phase, a 240V transformer is center tapped and that tap is grounded to create the neutral. Either end of the transformer to neutral is 120v and end to end is 240V.
> EU 400V (380V) is 3 hots, neutral and ground.
Three phase 230/400: 400V is line (hot) to line with 230V line to neutral. More for industrial use but I hear some homes can have this service for whatever reason.
> None of this is cross-compatible.
Not really. A 230/400 volt system also supplies 230v single phase. A 230 volt European device will work fine on 240V split phase unless it has a motor which will run faster on 60 Hz which could overload it. Though I have a machine with a three phase 380 volt 50 Hz motor running happily on 230/400 60 Hz from an autotransformer supplied by 120/208 60 Hz. Just runs 20% faster.
> Three phase 230/400: 400V is line (hot) to line with 230V line to neutral. More for industrial use but I hear some homes can have this service for whatever reason.
It varies from country to country in Europe. In the UK you'll almost never find 3-phase in a home, in Sweden even apartments usually have 3-phase supply. In my Swedish apartment the only thing connected to more than one phase is the induction hob.
Unfortunately, as you noted, I haven't figured out how to handle the dryer as the load is too much for all the smart plugs I've found. I wish there was a clamp-style monitor on an extension cord, but it seems that is something which doesn't exist.
Thankfully, the dryer isn't as much of an issue since dry clothes can sit there until I remember to get them.
Also at least in my experience the dryer takes longer to run than the washer, so if I've just rotated a previous load and started both at the same time I'm always waiting on the dryer to be able to do the next one.
My understanding is that detecting an electrical current through a power cord typically doesn't work when measuring all the wires together, because the current in the live wire is canceled out by the return current in the neutral wire. This is why clamp-style meters are usually put at the electrical panel, where individual wires are accessible. Since I live in an apartment, that isn't an option for me.
https://electronics.stackexchange.com/questions/634852/exter...
It's also possible that your machine lets off some elecromagnetic noise you can detect directly.
The other thing you could try is put some sort of a microphone / vibration on it, then train a small NN on the waveform to distinguish between the washer and dryer.
Extra credit for discerning washer vs dryer, recognizing "done" buzzer/bell, etc. Might be useful if your dryer has a "wrinkle guard" feature; buzz and then keep tumbling on low heat.
For the washer, you could probably also discern portion of the cycle (fill, agitate, spin, drain).
It works with all brands regardless of API.
Here is one in the same vein: https://hackaday.com/2023/04/15/internet-of-washing-machines... => https://tratt.net/laurie/blog/2023/displaying_my_washing_mac...
Otherwise, you would need some MitM style attack?
Anybody interested in this write up? Might even include a "Office Space"-esque montage of the smart module destruction.
Are those gratuitous ARPs? This is a common behaviour.
The machine does have an app and Bluetooth, but I can't see the point of spending the time reverse engineering the protocol, and the app is never going to be activated on my phone because it wants access to camera, sound, phone and my contacts list.
Edit: It seems some integration work has been done for HA: https://github.com/home-assistant-HomeWhiz/home-assistant-Ho...
What kind of laundry cycles are we running here?
My machine finishes a normal "eco" cycle in <30 minutes. It also beeps really loudly when it's done. The combination of quick cycles and simple notification signal keeps me out of the weird tech solutions rabbit hole.
European washing machines take longer due to requirements around lower water and electricity usage. Plus, it looks like that device is a combined washer and dryer, and they take even longer.
My washer normally takes 104 minutes on the regular cycle, but if it decides I've overloaded it, it can take as long as 3 hours! And mine is just a washer.
In Norway they also structure your electricity fees to discourage running multiple appliances at once. --For example, to keep my flat delivery rate as low as possible I have to keep my peak usage under 2KWh. That is, for each day of the month they take the hour when you used the most electricity and average the 3 top values. Yes, it's annoying to think about if I want to wash and dry at the same time, and whether or not I'm going to use the oven or something else while doing laundry.
For anyone else in the market avoid Blomberg. Specifically never buy https://www.blombergappliances.com/products/24-ventless-heat....
It probably also takes 4.5 hours to wash and dry, but I wouldn't know because it happens when I'm sleeping (which just happens to be the same time as the ultra-low time-of-day electricity rates where I live) . It's pretty great. Definitely recommend.
7D = {
0D0A = CRLF
09 = TAB
22 = "
73 = s
74 = t
61 = a
74 = t
75 = u
73 = s
4C = L
74 = a
....
Also, the 'key' in the second screen shot is a nibble (=one hex character) out of alignment of the listed bytes. It also is not cut from the gap that is in the input text now, as suggested by the visual presentation: the 'key' is 'D0A097D0D0A7D' which is 13 hex digits, and again, a nibble out of byte alignment. It looks like a 0 must have preceeded to make it '0D0A09...' = CRLF TAB, and it total that's 'CRLF TAB { CRLF {'. But the gap was originally '24F70...', which, aligned to bytes, was '224F70...' = '"Op...'
So, the screen shots appear to be bogus or fake or edited.
Why? What's going on here?
If you have a device that speaks to an Android app, you want https://github.com/niklashigi/apk-mitm - it'll strip pretty much every known certificate pinning implementation from an apk, and it'll also rewrite the manifest so it'll trust the user-installed certs without having to root your device to modify the system store. Uninstall the original app, sideload the output of apk-mitm, and then you can use mitmproxy on a stock device.
The other thing is that if a device is providing encrypted data to an app, and the app is displaying the decrypted data, then the app inherently either contains the decryption key somewhere or downloads it from somewhere. https://github.com/skylot/jadx will turn an apk into something that approximates Java, and digging through that will often let you figure out what the key is. But some vendors will decide that the appropriate way to handle this is to kick the cryptography out to native code, at which point you're into having to RE something in Ghidra. Depending on your mindset this is either incredibly tedious or incredibly fun, but it's generally possible.
The author was able to build on top of work that had been done by others, but if you're ever faced with a situation where nobody else has done that work, don't just give up. It's worth spending time trying to figure out how code running on a device you own works, and even if you don't succeed in the end you're probably going to learn a lot in the process.
And because its ad URLs are out of date or something, I see no ads. Which I don't feel bad about because again, all their development effort was in turning something working into something not working.
I'm a big fan of using web rendering for UI apps, but most devs are less interested in how to implement real security. Or add theatrical additions that just don't work with reality.
Specifically this element:
<a href="https://nexy.blog/2025/07/27/how-i-hacked-my-washing-machine..." class="hoverZoomLink"><img alt="CyberChef decrypting the washing machine's response" src="https://nexy.blog/0006-How-I-hacked-my-washing-machine/cyber...
I feel like that's true for every washing machine that has ever existed
bblou•6mo ago
stavros•6mo ago
yjftsjthsd-h•6mo ago
stavros•6mo ago
aspenmayer•6mo ago
I guess I can see how each of you could be right to their own reading.
stavros•6mo ago
aspenmayer•6mo ago
They said it here:
https://news.ycombinator.com/item?id=44704593
But when you responded, am I bound by their context or yours? For clarity, I am responding to you both in a good faith steelman manner, so please respond in kind.
I thought the ambiguity remained, because different people have different opinions about network isolation, what it entails, how it may be implemented securely, and how different implementations have different implications regarding failure to maintain isolation in the event of a security breach that compromises networking equipment. Most folks aren’t running diodes at home. If your isolation relies upon configuration of reconfigurable equipment and/or VLANs, that isn’t isolated to readings that require or imply a highly secure computing environment.
https://en.wikipedia.org/wiki/Unidirectional_network
wrboyce•6mo ago
ahoef•6mo ago
neoden•6mo ago
doubleg72•6mo ago
EspadaV9•6mo ago
j45•6mo ago
Someone shared this pdf written by someone that had a nice overview that is transferable to any router.
https://github.com/mjp66/Ubiquiti
timedout_uk•6mo ago
It has access to nothing, only my script has access to it - I don't see a risk here. I still have the heebie jeebies knowing it's connected to anything at all, or even the fact that it can do that, but also spending a night hacking a washing machine was incredibly funny to me and totally worth it. Plus, got some useful notifications out of it.
sgarland•6mo ago
Good enough for me, but everyone’s level of comfort is different.
KolibriFly•6mo ago