RyanP_J
Posts: 1
Joined: Sun Feb 09, 2020 3:54 pm

TCP Smart Bulbs

Sun Feb 09, 2020 4:01 pm

Hi,

I dont know where to post this but I was wondering whether its possible to connect to smart plugs and bulbs and host and change the status on a web server located on the raspberry pi?


Thanks,


Ryan.

drgeoff
Posts: 10365
Joined: Wed Jan 25, 2012 6:39 pm

Re: TCP Smart Bulbs

Tue Feb 11, 2020 4:30 pm

Perhaps, but a definite answer would require much more information than you have provided.

User avatar
HermannSW
Posts: 2044
Joined: Fri Jul 22, 2016 9:09 pm
Location: Eberbach, Germany
Contact: Website Twitter YouTube

Re: TCP Smart Bulbs

Tue Feb 11, 2020 4:46 pm

RyanP_J wrote:
Sun Feb 09, 2020 4:01 pm
but I was wondering whether its possible to connect to smart plugs and bulbs and host and change the status on a web server located on the raspberry pi?
Typically smart plugs and bulbs need some server infrastructure.
Many use TUYA API which I tried to reverse engineer, but the Smartlife Android app talks encrypted to the devices.
Nevertheless node project tuyapi is able to read the status at least:
https://twitter.com/HermannSW/status/12 ... 0054726656

I was not able to get the needed key via ettercap MITM arp poisoning (that reveals productKey only).
So I just went the 1st method stated here today:
https://github.com/codetheweb/tuyapi/bl ... s/SETUP.md

I need this because of contract work for my sone, in order to control smart devices by a 4x4 keypad:
https://forum.arduino.cc/index.php?topi ... msg4471648
⇨https://stamm-wilbrandt.de/en/Raspberry_camera.html

https://github.com/Hermann-SW/Raspberry_v1_camera_global_external_shutter
https://stamm-wilbrandt.de/github_repo_i420toh264
https://github.com/Hermann-SW/fork-raspiraw
https://twitter.com/HermannSW

User avatar
B.Goode
Posts: 9627
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: TCP Smart Bulbs

Tue Feb 11, 2020 4:49 pm

RyanP_J wrote:
Sun Feb 09, 2020 4:01 pm
Hi,

I dont know where to post this but I was wondering whether its possible to connect to smart plugs and bulbs and host and change the status on a web server located on the raspberry pi?


Thanks,


Ryan.


I suggest searching more widely to see if it is possible to circumvent the vendors control software using any alternative computer platform. If it can be made to work at all it can probably be made to work under the Raspbian Operating System running on an RPi board.


At a quick glance it seems that some loopholes and possibilities that existed when the bulbs were first sold have since been closed by the manufacturer.



(Assuming you are referring to a branded product similar to https://www.tcpsmart.eu/2018/09/23/tcp- ... tructions/)

User avatar
HermannSW
Posts: 2044
Joined: Fri Jul 22, 2016 9:09 pm
Location: Eberbach, Germany
Contact: Website Twitter YouTube

Re: TCP Smart Bulbs

Wed Feb 12, 2020 12:22 pm

HermannSW wrote:
Tue Feb 11, 2020 4:46 pm
...
Typically smart plugs and bulbs need some server infrastructure.
Many use TUYA API which I tried to reverse engineer, but the Smartlife Android app talks encrypted to the devices.
...
My son has yeelink lights as well, not TUYA protocol, controlled by yeelight app:
https://play.google.com/store/apps/deta ... ght.cherry

Before looking into that I made a need for internet access test for TUYA.
Smartlife app is able to control the smart plug locally (via open port 6668, encrypted) even if I block internet access for smart plug as well as smartphone in my home router, even after removing smart plug from power and powering back in order to kill existing MQTT tunnels to the amazonws server.

Contrary to that, yeelight app cannot control the yeelink light in case one or both are blocked in Router for internet access.
I did a port scan and initially the yeelink light (192.168.178.149) has no open ports.
I did ettercap MITM arp poisoning again on my Pi and catured traffic between light and smartphone (192.168.178.179).
I was surprised to see no traffic at all while turning light off and on, or change the color of the light.
Then I forced yeelight app to close on smartphone, started capturing and started yeelight.
As you can see in Raspberry gimp screenshot of Wireshark, there are only few packets exchanged before any traffic goes over internet (after RST packet). The UDP packets open port 55443 on smart light that was not open before for a single TCP message from yeelight app to light.

From a 12/2018 Chaos Computer Club talk I know that TUYA devices were not safe at that time, because most stuff was tranported in clear allowing MITM extraction of key needed to control the smart device. Now traffic is encrypted, but it is most likely that WLAN password transferred from SmartLife app to smart plug on initial confguration does not only get stored on the plug, but is sent to MQTT server as well ...

My son will move to student dorm soon and take all smart plugs, lights and Alexa with him. At that point I will change WLAN password in my router because it is most likely known to several IOT providers already.
wireshark.ettercap_149_179.png
wireshark.ettercap_149_179.png
wireshark.ettercap_149_179.png (124.34 KiB) Viewed 484 times
⇨https://stamm-wilbrandt.de/en/Raspberry_camera.html

https://github.com/Hermann-SW/Raspberry_v1_camera_global_external_shutter
https://stamm-wilbrandt.de/github_repo_i420toh264
https://github.com/Hermann-SW/fork-raspiraw
https://twitter.com/HermannSW

User avatar
HermannSW
Posts: 2044
Joined: Fri Jul 22, 2016 9:09 pm
Location: Eberbach, Germany
Contact: Website Twitter YouTube

Re: TCP Smart Bulbs

Fri Feb 14, 2020 7:00 pm

1st method worked fine, I did apply for "Cloud API Authorization" and that was granted:
https://github.com/codetheweb/tuyapi/bl ... s/SETUP.md

I tried to use tuya-cli per the instructions, and at least the keys seem to be fine because registering against resetted plug really starts, with Braille character snake rotating on the left:

Code: Select all

$ tuya-cli link --api-key xxx --api-secret yyy --schema zzz --ssid aaa --password bbb
⠙ Registering devices(s)...
Unfortunately the registration times out for now, will try more:

Code: Select all

Error: Timed out waiting for devices to connect.
    at TuyaLinkWizard.linkDevice (/usr/lib/node_modules/@tuyapi/cli/node_modules/@tuyapi/link/index.js:117:17)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:94:5)
    at async link (/usr/lib/node_modules/@tuyapi/cli/lib/link.js:45:19)
$
One more correction to what I stated before, the device knew that it had no internet access anymore, and I had to unblock internet access of the plug before starting tuya-cli.


P.S:
How does registering of smart plug work, before the plug gets the Wifi credentials?
The smartphone passes the password via a Morse protocol called SmartConfig to the plug.
Then the plug connects to Wifi, and triggers registering at the MQTT server.
(German language talk, slide English text):
https://www.youtube.com/watch?v=urnNfS6 ... .be&t=1290
⇨https://stamm-wilbrandt.de/en/Raspberry_camera.html

https://github.com/Hermann-SW/Raspberry_v1_camera_global_external_shutter
https://stamm-wilbrandt.de/github_repo_i420toh264
https://github.com/Hermann-SW/fork-raspiraw
https://twitter.com/HermannSW

Shea
Posts: 113
Joined: Fri Nov 25, 2011 7:16 pm
Location: Markham, Canada

Re: TCP Smart Bulbs

Wed Feb 26, 2020 8:17 pm

Let me share some of my Tuya device mods experience which works for me.
I used a WRT router with tcpdump running during the smart life app with Tuya device registration to get the the key.
Once that is done, I block the Tuya device going out to the internet.
I then use node-red to manage the Tuya device from there on.

PhatFil
Posts: 1632
Joined: Thu Apr 13, 2017 3:55 pm
Location: Oxford UK

Re: TCP Smart Bulbs

Wed Feb 26, 2020 10:09 pm

imho Tasmota is the best option for smart plug/device control https://tasmota.github.io/docs/#/Home
compatible h/w is listed in the wiki docs

User avatar
neilgl
Posts: 1686
Joined: Sun Jan 26, 2014 8:36 pm
Location: Near Aston Martin factory

Re: TCP Smart Bulbs

Wed Feb 26, 2020 10:23 pm

+1 for Tasmota, and openhab2 has some bindings for standard unmodified devices e.g Tradfri bulbs (IKEA), Philips Hue etc.

Return to “Automation, sensing and robotics”