Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SP3 Night light #73

Closed
Dima73 opened this issue Mar 1, 2017 · 10 comments
Closed

SP3 Night light #73

Dima73 opened this issue Mar 1, 2017 · 10 comments

Comments

@Dima73
Copy link
Contributor

Dima73 commented Mar 1, 2017

Night light status on/off is this possible?
@mjg59
Copy link
Owner

mjg59 commented Apr 22, 2017

No idea, I'm afraid. If the app can do this then probably, if not then unclear.

@clach04
Copy link
Contributor

clach04 commented May 2, 2017
edited

The android app can do this. Any recommendations for doing packet capture/analysis or any other reverse engineering tips? Sniffing all traffic on the network isn't an option but I have a rooted phone but I'm not familiar with Android tools in this area.

I took a quick look at https://drive.google.com/file/d/0B65vYtefY0h2aE1LdWF5RG9sX00/view (from https://community.home-assistant.io/t/broadlink-sp3-spcc-contros/7102/6) and night light is not covered (light control mentioned there appears to be covered by the a1 device).

@mjg59
Copy link
Owner

mjg59 commented May 7, 2017

I just use tcpdump from http://www.androidtcpdump.com/ - you'll need to adb shell into the device to run it as root.

@clach04
Copy link
Contributor

clach04 commented May 8, 2017

Thanks @mjg59, got it on my device and running (had some weird issue with chmod not working so I gave up and just issue exec tcpdump to get it running). Any flags you recommend? I've not used tcpdump before, I had a quick scan of http://www.tcpdump.org/tcpdump_man.html

is:

tcpdump -A

enough, too much? I'd rather leverage your experience here than try random combos (I'm doing this on device without adb and using an screen keyboard).

@mjg59
Copy link
Owner

mjg59 commented May 8, 2017

tcpdump -i any -w /sdcard/tcpdump.out should do - that'll give a binary file that can be imported into Wireshark.

@clach04
Copy link
Contributor

clach04 commented May 11, 2017
edited

Thanks, that worked! I tweaked it a little to restrict to the device in question:

exec tcpdump -i any -w /sdcard/tcpdump.out  host  MY.SP3.IP.ADDRESS

And wireshark allows looking at the packets (although I've not worked out how to extract the packets out of there), export from the menu doesn't give the packet contents.

Sadly I've not had time to progress further :-( I think the first thing needed to do is take some of the broadlink Python code, and run those packets through in reverse so that they can be decrypted and then analysed (unless anyone has something like this knocking around already).

I did get a response from support@ibroadlink.com and they are NOT interested in documenting the protocol :-( So reverse engineering seems the only option.

@Floyd1256
Copy link

Any luck in your reverse engineering attempts my friend?

@clach04
Copy link
Contributor

clach04 commented Dec 13, 2017
edited

@Floyd1256 Sorry for delay, some how missed this. No. I wrote a quick and dirty decrypt for another remote module (that also uses AES, but in a different mode) and some of that code can be reused (I think), see codetheweb/tuyapi#5 for details.

@Floyd1256
Copy link

@clach04 no worries, will try to look into it, not actually sure if it's worth it for this particular feature. Thanks for the help !

@Nightreaver
Copy link
Contributor

Just for your information #158

@MayeulC MayeulC mentioned this issue Apr 30, 2018
Closed
@Dima73 Dima73 closed this as completed Aug 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@clach04 @mjg59 @Dima73 @Nightreaver @Floyd1256