Alistair Francis Hacks a Husqvarna Automower 305 for Bluetooth-Driven Home Assistant Control

With no Wi-Fi or cellular connectivity, the Automower 305 is a hard beast to automate — unless you reverse engineer the Android app.

Software developer Alistair Francis has added a bit of external intelligence to the very-disconnected Husqvarna Automower 305, by reverse engineering its Bluetooth Low Energy (BLE) interface — to connect it to Home Assistant for integrated control.

"I recently purchased a Husqvarna Automower 305. It’s a robotic mower that can drive around the backyard cutting the grass," Francis explains. "Although some Automowers support a cloud connection, I specifically bought one that didn't include internet access.

"The 305 has no internet, Wi-Fi or cloud connection. This means the manufacturer can't enforce a subscription service, the device isn't exposed to internet wide cyber attacks, and it ended up being the cheapest option. The down side is that I can’t communicate with the device from my Home Assistant instance."

While the Husqvarna Automower 305 lacks dedicated wide-area network connectivity, it's not entirely without radios: the robo-mower includes Bluetooth Low Energy connectivity, designed for use with a companion smartphone app. "I thought I could reverse engineer the protocol," Francis says, "and support it in Home Assistant. That way I can use a ESPHome Bluetooth Proxy to control the mower via Home Assistant."

Using a Nordic nRF52840 dongle and a copy of Wireshark, Francis was able to sniff the packets sent between the mower and the app — but the traffic was encrypted. "Luckily legacy Bluetooth isn’t very secure," Francis notes. "I reset the pairings on the mower and phone and this time paired the two while Wireshark was running. Older Bluetooth protocols send the encryption key in plain text during pairing. So Wireshark could read the key and then automatically decrypt the traffic."

Sadly, the protocol appeared to be more complex than hoped — so Francis turned to decompiling the Android app, finding the Java code responsible for generating packets and sending them over Bluetooth Low Energy. With the protocol thusly decoded, Francis was able to write Python scripts for control of the mower — and for integration into Home Assistant, along with the rest of his home automation hardware.

The full write-up is available on Francis' blog, with the resulting Python scripts published to GitHub under the reciprocal GNU General Public License 3.

Gareth Halfacree
Freelance journalist, technical author, hacker, tinkerer, erstwhile sysadmin. For hire:
Latest articles
Sponsored articles
Related articles
Latest articles
Read more
Related articles