- Python 93.2%
- Shell 4.8%
- Dockerfile 2%
- README: replace Yoda with Docker container in diagram - docker-compose.yml: replace Unraid-specific volume path with generic example - deploy.sh: remove Yoda and SmartThings-Local specific paths |
||
|---|---|---|
| .env.example | ||
| .gitignore | ||
| deploy.sh | ||
| docker-compose.yml | ||
| Dockerfile | ||
| main.py | ||
| README.md | ||
| requirements.txt | ||
samsung-local-8888
Local MQTT bridge for Samsung appliances with the port 8888 HTTPS REST API.
Provides local control of Samsung appliances via their undocumented port 8888 local HTTPS API — no SmartThings cloud, no subscription required.
Tested hardware: Samsung DM9900M FlexDry dual-drum dryer only. The port 8888 API is present on other Samsung appliances (washers, dishwashers, ACs) from the same firmware generation, but this bridge has only been confirmed working against the DM9900M. Other appliances may require different endpoints or entity mappings.
Context: In 2026, Samsung announced SmartThings would move to a paid subscription model. This project provides a fully local alternative for older Samsung appliances that speak the port 8888 API.
Is your appliance compatible?
Check if port 8888 is open:
nmap -p 8888 <appliance-ip>
8888/tcp open→ older firmware, this bridge may work for you- Port 8888 closed, but UDP 49152–49160 show
open|filtered→ newer Tizen RT firmware — use SmartThings-Local instead (which also supports ARTIK051 fridge-freezers)
Firewall your appliance
Once you have a working bearer token, you can completely block the appliance from the internet. The local API continues to work with no cloud dependency whatsoever.
The token does not expire, does not phone home to renew, and does not require Samsung's servers to validate. Block the appliance at your router or firewall — the bridge talks to it directly on your LAN.
Appliance → (firewalled, no internet) ← Bridge (Docker container)
↓
Mosquitto
↓
Home Assistant
Samsung's app and SmartThings will show the appliance as offline. That's fine — you don't need them anymore.
⚠️ Important: Firewalling your appliance will remove it from Samsung's cloud entirely. The Samsung SmartThings app, Samsung Home app, and any Samsung-connected services will no longer be able to reach it. This is intentional — but make sure you're comfortable losing access to those official apps before proceeding. There is no middle ground: the appliance either reaches Samsung's cloud or it doesn't.
Getting the bearer token
The appliance uses a callback-based token mechanism. You need cert.pem from brayStorm/samsung-appliance-token.
Step 1 — Fix the listener for Python 3.12+
ssl.wrap_socket was removed in Python 3.12. In listener.py, replace the ssl.wrap_socket line with:
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ctx.set_ciphers('DEFAULT:@SECLEVEL=0')
ctx.load_cert_chain(certfile='cert.pem')
server.socket = ctx.wrap_socket(server.socket, server_side=True)
Step 2 — Start the listener
python3 listener.py
# Listening on localhost:8889
Step 3 — Request the token
Replace ZZ with your appliance IP and YY with your machine's IP:
curl -k -H "Content-Type: application/json" \
-H "DeviceToken: xxxxxxxxxxx" \
--cert cert.pem --insecure \
-X POST https://192.168.ZZ.ZZ:8888/devicetoken/request \
-H "Host: 192.168.YY.YY:8889" -v
Step 4 — Power cycle the appliance
Immediately after the curl returns 200 OK, power cycle the appliance. It will call back to your listener with:
Request payload: b'{"DeviceToken":"YOUR_TOKEN_HERE"}'
Save that token — it is permanent and works fully firewalled.
Note: Your firewall must allow the appliance (IoT VLAN) to reach your machine on port 8889 TCP during the token request only. After that, you can firewall it completely.
Step 5 — Verify
curl -m 8 -k \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_TOKEN_HERE" \
--cert cert.pem --insecure \
https://192.168.ZZ.ZZ:8888/devices/0/operation
You should get JSON back with the appliance state.
Installation
1. Clone and configure
git clone https://github.com/aminorjourney/samsung-local-8888
cd samsung-local-8888
cp .env.example .env
Edit .env with your appliance IP, bearer token, cert path, and MQTT broker details.
2. Copy the cert
Copy cert.pem from brayStorm/samsung-appliance-token to your appdata directory:
mkdir -p /mnt/user/appdata/samsung-local-8888
cp /path/to/cert.pem /mnt/user/appdata/samsung-local-8888/samsung_dryer_cert.pem
3. Deploy
docker compose up -d --build
docker compose logs -f
Confirmed entities — Samsung DM9900M FlexDry
Both drums (device 0 = front, device 1 = top mini drum)
| Entity | Type | Notes |
|---|---|---|
| State | sensor | Ready / Run / Cooling / Finish |
| Progress | sensor | None / Drying / Cooling / Finish |
| Progress % | sensor | 0–100% |
| Remaining time | sensor | HH:MM:SS |
| Energy total | sensor | kWh, total_increasing — Energy Dashboard ready |
| Power | sensor | Instantaneous watts (inferred from energy delta) |
| Kids lock | sensor | |
| Diagnosis | sensor | diagnostic |
| Remote control | binary_sensor | diagnostic |
| Reachable | binary_sensor | diagnostic |
| Status | sensor | Online / Sleeping — last seen… |
| Start | button | Requires Smart Control enabled on panel |
| Stop | button |
Front drum only (device 0)
| Entity | Type | Notes |
|---|---|---|
| Dry level | sensor + select | None / Damp / Less / Normal / More / Very |
| Dry time | sensor + select | 00:00 / 00:20 / 00:30 / 00:40 / 00:50 / 01:00 |
| Dry temperature | sensor + select | None / ExtraLow / Low / MediumLow / Medium / High |
| Wrinkle prevent | switch |
Undocumented write API — findings (DM9900M)
The port 8888 API was previously considered read-only. This project discovered full write capability on the DM9900M:
| Endpoint | Method | Body | Effect |
|---|---|---|---|
/devices/0/operation |
PUT | {"Operation":{"state":"Run"}} |
Start front drum |
/devices/0/operation |
PUT | {"Operation":{"state":"Ready"}} |
Stop front drum |
/devices/0/washer |
PUT | {"Washer":{"wrinklePrevent":"On"}} |
Toggle wrinkle prevent |
/devices/0/washer |
PUT | {"Washer":{"dryLevel":"More"}} |
Set dry level |
/devices/0/washer |
PUT | {"Washer":{"dryTime":"00:30:00"}} |
Set dry time |
/devices/0/washer |
PUT | {"Washer":{"waterTemperature":"Low"}} |
Set dry temperature |
/devices/1/operation |
PUT | {"Operation":{"state":"Run"}} |
Start mini drum |
state: Stopreturns "Control fail" — usestate: Readyto stop.
Remote start requires Smart Control to be enabled on the dryer's physical panel. This resets on power cycle and cannot be forced via the API.
Both drums are addressable as independent devices (
/devices/0and/devices/1) on the same IP and port.
Known limitations
- Tested on DM9900M only. Other port 8888 appliances may have different resource paths, endpoints, or write semantics.
- Smart Control resets on power cycle. Remote start requires enabling it physically each session.
- Dryer sleeps when idle. Port 8888 becomes unreachable when the appliance is in standby. The bridge handles this gracefully with last-known-state caching.
- Token callback requires temporary firewall opening. Only needed once during initial setup.
- SHA-1 cert chain. Samsung's
cert.pemuses SHA-1 which OpenSSL 3.x rejects by default. The Dockerfile patches/etc/ssl/openssl.cnfto allow it.
Credits
- @brayStorm — samsung-appliance-token: token acquisition mechanism and
cert.pem - @cicciovo — homebridge-samsung-airconditioner: AC14K_M cert chain research
- @QuiteYellow — SmartThings-Local: inspired the MQTT bridge architecture; use this for newer Tizen RT firmware
Related
For newer Samsung appliances (Tizen RT 3.x firmware, UDP port 49154/49155), see SmartThings-Local, which now includes support for ARTIK051 fridge-freezers.
License
MIT