Thanks to Fibaro developers

[Neo Andersson 230]

Here i just want to say a big thank to all developers in Fibaro, that have listened our request for encrypting QA codes..

In new beta update we have this option, and i must say it is awesome..

Thanks a lot

[tinman 1,070]

yep, thanks a lot, even if it took 2yrs to get implemented.

[m.roszak 763]

I am glad that we were able to prepare this, I know it took some time - I know it was requested for long time now. 
From the bright side, it is very safe and soon will be available in GA version.

[SmartHomeEddy 1,005]

Curious how this will develop. Open source, helping each other on the one site and protecting source code to create commercial opportunities on the other side. 

 

To encrypt you need the beta version, to use an encrypted quickapp you need the beta version also?

[jakub.jezek 370]

@SmartHomeEddy, I think yes. It has different suffix. It is .fqax.

[tinman 1,070]

@SmartHomeEddy

 

yes, the suffix is different, the data within the .fqax file of course ecrypted

 

Please login or register to see this image.

/monthly_2022_09/image.png.b448e1cbff38c95e3c9e7b31b543df70.png" />

 

 

to get decrypted there is runtime in the firmware since 5.113, so minimum level 5.113.

 

The physical imported .fqax file is of course still encrypted

 

 

Such encrypted QuickApp does have only "preview", not "edit&preview" tab. QuickApp Variables (in variables tab) can be of cours still edited.

 

 

 

 

The encryption happens during export, so you can chose between open source, encrypted for everybody and encrypted and locked to specific HC serial

 

 

 

 

Encryption is not only good for business, as well to protect reverse engineered things hehe

 

[SmartHomeEddy 1,005]

33 minutes ago, tinman said:

Encryption is not only good for business, as well to protect reverse engineered things hehe

 

And Fibaro will have to check (download section and marketplace) the source code more to prevent malicious things, because the users cannot any more

[m.roszak 763]

And now it is possible to integrate something with non-public API - which was not possible before.

[petrkl12 228]

@m.roszak

I have auto-update procedure to update my distributed QA. Is there any possibility how to update encrypted QA from code (API)?

[m.roszak 763]

That is a great question, I am not sure how you implemented this but until it is working automatically from the code it should work
I will ask the devs but you can just try it in the meantime. 

[petrkl12 228]

I use these API:

Please login or register to see this code.

for encrypted QA devices these API should work only for own self.id and I shouldn't be able to read source code via these APIs for other encrypted devices

[m.roszak 763]

Yes, you can't.

 

It won't work - I did not think it thru after first question.

 

We talked about internally about QA updates - method to do so with 2 clicks.

 

Unfortunatelly it is not an easy and small task, it will take some time.

[jgab 2,641]

10 hours ago, m.roszak said:

Yes, you can't.

It won't work - I did not think it thru after first question.

We talked about internally about QA updates - method to do so with 2 clicks.

Unfortunatelly it is not an easy and small task, it will take some time.

Oh no,  not "clicks". Please provide API too, so we can do it programatically.

 

What one wants to do is to only update parts of the QA. Typically there can be configurations in the code (not just quickAppVariables) that needs to be kept between updates.

I tend to dedicate the 'main' file for user configurations and leave that untouched when updating. Alternatively the possibility to run some script at update to copy over code/data

that needs to be preserved.

[m.roszak 763]

This is something to be developed, as soon it will be ready docs will be also provided - don't worry

[petrkl12 228]

@m.roszak

perfect, thanks

I need to have APIs where I can do same manipulation with source code as before for encrypted QAs

Please login or register to see this code.

In meantime it will be very difficult for user to update encrypted QA… because standard upgrade process is “copy+paste” new source code to have same ids for QA and child devices.

 

[m.roszak 763]

Yeah, that is the limitation for encrypted ones for now.

[Momos 103]

On 9/7/2022 at 3:27 PM, SmartHomeEddy said:

 

And Fibaro will have to check (download section and marketplace) the source code more to prevent malicious things, because the users cannot any more

 

This ! 

[tinman 1,070]

On 9/7/2022 at 2:27 PM, SmartHomeEddy said:

 

And Fibaro will have to check (download section and marketplace) the source code more to prevent malicious things, because the users cannot any more

 

yes and no:

- when you download any kind of executable to any kind of your systems, are you checking the code? Decompiling it?
- using QAs with thousands of unformated code lines, with lots nested calls, are you checking what they "produce"?

- It was always easy to implement "update" button, to download new version, which could contain malicious code later (and at the time of releasing was clean)

- giving API access to users, was always somehow dangerus, lot of useful calls can be combined to disaster

- huge positive aspect of current implementation: encrypted QAs can't be updated from code, so when the code inside is clean, you can be sure it stay clean.
 

In principle, as always, do backup, do changes (or install unknown QA), check - and do restrore if you don't like it or somethign goes wrong.