Project Description

Rinnai R16E32FBF is a tankless water heater with an internal recirculation pump. It is WiFi-enabled and has a companion app on Android/iOS platform. The app is capable to turn on/off the heater, adjust the temperature setting, turn on/off the pump, report the state of heater and provide statistics about gas consumption. However, there is no APIs for programmatic access.

There are two possible point to intercept the traffic. One is traffic between the heater and the manufacturer's server, another is between the app and the server. I plan to try to the 1st one as it does not affect the server.

Goal for this Hackweek

  1. Intercept and analyze the traffic between the heater and the server.
  2. Create a fake server to control the heater.


  1. OpenWrt for routing the traffic
  2. SSLstrip for traffic interception
  3. The user manual and app is available on the Manufacture's Website

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 23


  • 9 months ago: zzhou liked this project.
  • 9 months ago: nicholasyang originated this project.

  • Comments

    Be the first to comment!

    Similar Projects

    This project is one of its kind!