Google Home Hack, hidden REST API

In my house I’ve two Google Home. A Google Home and a Google Home Mini, respectively the first in my living room on ground floor and the second in my corridor on first floor. Do you know that exists some REST API for developer? And there is a system with python to control volume and voice?

google home in my living room
google home in my living room
google home mini in my corridor
google home mini in my corridor


The hidden REST API on port 8008

First of all, discover your google home IP. My ip is…. and for block this IP I have add a “Address Reservation” in  my router

address reservation with mac address on google home
address reservation with mac address on google home


Now, I can go with my browser on these url that all start with

  • /setup/eureka_info   –> general information. Interesting things are VERSION and NAME, 
  • /setup/supported_timezones –> supported timezones
  • /setup/supported_locales –>supported languages
  • /setup/assistant/alarms –> very interesting… list of alarms and timers
  • /setup/configured_networks –> name of wifi configured
  • /setup/assistant/alarms/delete –> ONLY POST REQUEST. Se below for details

All responses is in ONLY-READING and JSON format. Obviosly you have to send a GET request for these url (except for the delete alarms)

The GET API/setup/eureka_info

This is a response

"bssid": "d4:6e:0e:57:44:e0",
"build_version": "139856",
"cast_build_revision": "1.36.139856",
"closed_caption": {},
"connected": true,
"ethernet_connected": false,
"has_update": false,
"hotspot_bssid": "FA:8F:CA:66:35:99",
"ip_address": "",
"locale": "it",
"location": {
"country_code": "IT",
"latitude": 255,
"longitude": 255
"mac_address": "30:FD:38:7F:6C:D2",
"name": "Corridoio",
"noise_level": -96,
"opt_in": {
"crash": false,
"opencast": false,
"stats": false
"public_key": "MIIBCgKCAQEA2ABTa2jRIrtZx9xuV2BKgNp4mD0Exn2XUYyxQCungDVZKqnUd3shwi3zEWn3eYoGzDUMjzFJ5jSlqrz1q+q05kdcTsTE8ABp0bBhJ5czIOT7AIGFb5tQw0NWfLQ7X3Hi6hyYZ5Sxpwt36EjWZsd28yTGNcd9I/X8n5LRgNbUz9scMhFe3y4AzIRN7Qs+glIZxi5f0S/JnU5D6xj7osPcto9ZLKrT+PwH+Iv9/f/JOoRTkT01xKw/zSHgCnW83q6hqpbAzmhWb7W7ybuN+drTd3QOP0xBbwfFtNn4QHYoWmmshHyllC3cfJ66BfLrabWa1GCyzBEb269NL60pi/f3LQIDAQAB",
"release_track": "stable-channel",
"setup_state": 60,
"setup_stats": {
"historically_succeeded": true,
"num_check_connectivity": 0,
"num_connect_wifi": 0,
"num_connected_wifi_not_saved": 0,
"num_initial_eureka_info": 0,
"num_obtain_ip": 0
"signal_level": -25,
"ssdp_udn": "2ecd5ddf-6ce0-1071-03c4-f5ec837ecf30",
"ssid": "ronco101",
"time_format": 2,
"timezone": "Europe/Rome",
"tos_accepted": true,
"uptime": 40965.069197,
"version": 9,
"wpa_configured": true,
"wpa_id": 0,
"wpa_state": 10

In my experience the only usefull information are the NAME (Corridoio), IP, Mac-Address, if is connected to the internet…

The GET API /setup/assistant/alarms

This is interesting. You can read alarms and timers on this Google Home. The response is like this

"alarm": [],
   "timer": [
      "fire_time": 1543159379000,
      "id": "timer/5c67c362-0000-27da-b98c-883d24fe42b4",
      "original_duration": 0,
      "status": 1

The POST API /setup/assistant/alarms/delete

This API is for DELETE a alarm or timer previously read trought the GET API see above. I use this API in CURL like this

curl -H "Content-Type: application/json" -d '{"ids":["timer/5c67c362-0000-27da-b98c-883d24fe42b4"]}'

In the DATA parameters you have to send a ids that is a list fo strings…. That’s works perfectly

Source of my discovery:

In the next post…

In the next post we can see another hacking…. with Python I can set volume on my google home programaticaly, and I can send VOICE to google home without human interaction



Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *

Fork me on GitHub