Roborock Routines and iOS Shortcuts

Sep 1, 2024 - 5:15 pm

I have the Roborock S7 MaxV, and it's fantastic. It automates vacuuming and mopping, keeping my allergies under control at the touch of a button. I have a number of routines that I use, and wanted to schedule some of them to run. This is built into the app, but only allows you to do this for set times and days. I instead wanted to automatically suggest a full clean when I left the house (max once/day) where I could approve/disapprove, but was blocked by the poor integration between the iOS app and the normal way to do this kind of customized triggering, Shortcuts.

The only Shortcut that the app exposes is something called "CommandIntent", which while opaque felt like it could be used to trigger a routine if you had the type, duid, and sceneId.

The type for triggering it is the helpfully named "NormalCommand". The duid is the Device ID, and can be obtained by clicking to the "Device" tab, "Enter" on your device, and then the triple dots in the top right to get to "Product Info". It's the DID field without the rr_ prefix, in this case 2OdiOejGb....

Unfortunately I couldn't find a good way in-app to find the scene IDs for the individual routines. Luckily Sashko Potapov just wrote up a writeup on how to do this in June. He used Charles Proxy, which needs a separate computer and a free trial, whereas I wanted a solution that could be done entirely on your phone. If you already have Charles set up then feel free to follow his instructions, but this is where my writeup will diverge to use an iOS app.

We'll instead be using WebProxyTool, a free iOS app. Follow the instructions from the app after you open it to install the VPN and trust the root certificate.

Then make sure "Record HTTPS Traffic" is checked at the top. By default HTTPS (or HTTP Secure) encrypts the data that is sent back and forth between servers so that your router/Internet Provider/nefarious parties can't see what's sent and what's returned. The app does two things to circumvent this: 1) creates a local VPN that runs on your device so all traffic gets routed through it, and 2) creates a local fully trusted root certificate, which allows the local VPN to have access to the encrypted HTTPS traffic, decrypt it, examine it, and then re-encrypt it for sending it back on to the other server. This is what's known as a Man-In-The-Middle attack or MITM attack if it's done surreptitiously by a bad actor, and "very useful" when done intentionally for instances like this.

With it recording traffic open the Roborock app, and scroll to the right of your routines to where it says "More". Clicking that will pull up a full list of your routines, and will send a request to the server with the information we need. By jumping back to the WebProxyTool app we can click into the "api-us.roborock.com" folder, and navigate to the https://api-us.roborock.com/user/scene/device/2OdiOejGb... URL, where the device ID matches the one we found earlier. Clicking "Response" will show all of your routines, with the "id" field (for me a six digit code starting 845***) being the "sceneId" we were looking for earlier.

From here we have all of the pieces! Go back to the Shortcuts app and use the Device ID and Scene ID we've extracted with the "Type" of "NormalCommand" to make as many of the routines as you want. Huge thanks to Sashko for his writeup, and hope my version was useful if you're less familiar with Charles.