extracting YOUR data from the withings smart body analyzer ws-50

The top of line Withings scale smart body analyzer was released in April 2013. However to this day, 8 months later, it is still impossible to extract the CO2 and temperature data through the API or download these as CSV file. Their customer support just keep tossing the issue under the carpet labeled "forwarded to engineering department", meanwhile they are just busy releasing other botched products.

So I had to figure out a way to get MY data, here is how you can get yours using just firefox:

.with Firefox, log in your account at http://healthmate.withings.com
.select Tools -> Web developer -> Network

Web dev network menu
.reload the page with F5 or the refresh button

web dev panel
.click "Method" in the network tab
.look at POST rows
.select the last POST row "measure"
.click "Params" in the bottom right panel
the bottom right panel now shows the parameters used
parameter meastype should read "12,35", it means the request grabs both sets of data labeled 12 = room temperature!! and 35 = CO2 concentration!!

These types are yet unaccessible and unreferenced in the API documentation, but we can get to them through the dashboard web interface, we just need to trick that interface to return everything, not just the last 24 hours:
.click on "Headers"
.click the "Resend" button below the Request URL
.in the Request Body change the startdate to a time before your device started logging, let's say 1360000000
.click "Send"
.click "Response"
.copy paste in an empty file the contents of the response: {"status":0,"body":{"series":["type":12,"data:[{"date.....

Congratulations, you finally have your full history of temperature and CO2 data! The format is json, I will assume that you know how to transform json to whatever format is more convenient for you to run your analysis otherwise look at json2csv or similar tools.


more advanced withings hacks:

spoofing withings servers http://www.prolixium.com/mynews?id=915


advanced firmware hacking of the WS-30 http://poppopret.org/2013/06/10/summercon-2013-hacking-the-withings-ws-30/

Average: 3.8 (5 votes)


<p>Nice work !</p>
<p>Very sad that Withings doesn't release the right info</p>

<p>I'm actually having trouble with the copying of all the response information - how did you get it to actually 'copy' into the copy buffer? I'm not able to get that context menu option to show.</p>

<p>I also had trouble figuring out how to actually 'copy' the data. Turns out you can do it by going back to the post listing in the network tab for measure 12,35 (the line that says '200 Post measure etc.) and right click on that line. In the context menu that show up, choose 'Copy Response'. You will now have all the JSON data on your clipboard.</p>

<p>ws-50 is very nice device, and co2 statistics would be really helpful!</p>

<p>For a more permanent option you can install a logging HTTP proxy, say&nbsp;http://honeyproxy.org/ or https://mitmproxy.org/, tweak your firewall rules to accept / forward traffic on port 80, then use the Withings app, on a phone / tablet to change the scales internet gateway IP to the box running the proxy. You'll have a copy of all traffic between the Scale and Withing logged in a file, with an optional a web interface to have a peak / tweak.&nbsp;</p>

Andy, many thanks for your suggestion.

I also implemented and demonstrated something similar to your approach in my "redpill" posts http://counterinception.com/tags/redpill . Basically this is a raspberry pi running mitmproxy and a wifi access point to channel all the home IoT.

In the not-so-distant future, I will publish another post where I demonstrate a "cloud" solution for harvesting all IoT/QS devices data.

<p>I'm wondering if you actually uses the spoofing server strategy with the WS-50? Every resources I found only speak about the WS-30, and I don't really want to buy a WS-50 if I can't spoof it afterward :/</p>

<p>yes you can.</p>
<p>if you configure WS-50 to sync through wifi it sends unencrypted http traffic.</p>
<p>if you sync through smartphone bluetooth, the phone sends encrypted https traffic to Withings servers.</p>
<p>From a privacy perspective you are better off using bluetooth sync otherwise anyone can intercept that data.</p>
<p>But really save your money and get a WS-30, the extra features in WS-50 are not worth it.</p>
<p>You would find out that CO2 goes up and stay high no matter how many plants you have unless you keep your windows open.</p>
<p>TL;DR: keep your bedroom window open and get a WS-30</p>

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.