search

Laransec / AIHydra

Exploit Writeup and POC for AI Hydra 26 (and probably 52) series lights
5 stars 1 forks source link

Curious to learn more about this. #1

Open SaskatchewanPython opened 1 year ago

SaskatchewanPython commented 1 year ago

Recently grabbed a set of 3 Hydra 52s and realized they don't connect to the app. but instead use the controller. Are you saying with this API connection that I could potentially create a webapp that can connect to my lights?

Have you built anything on top of this console app?

Best

Laransec commented 1 year ago

Hrmm. Hydra 52 HD or non HD?

I think the HDs might be the only one with the WiFi connectivity. I entirely spaced that some non HD might still be kicking around.

On Thu, Feb 23, 2023, 4:16 PM SaskatchewanPython @.***> wrote:

Recently grabbed a set of 3 Hydra 52s and realized they don't connect to the app. but instead use the controller. Are you saying with this API connection that I could potentially create a webapp that can connect to my lights?

Have you built anything on top of this console app?

Best

— Reply to this email directly, view it on GitHub https://github.com/Laransec/AIHydra/issues/1, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGA462GSMOBJLQQ2TAVVHT3WY7HR7ANCNFSM6AAAAAAVGEIP5Q . You are receiving this because you are subscribed to this thread.Message ID: @.***>

Laransec commented 1 year ago

Yeah for the non HD you need this bit.

https://www.theaquariumsolution.com/product/8111/225

There may be a similar vuln there but I don't have one to play with.

On Thu, Feb 23, 2023, 4:19 PM Jeremy @.***> wrote:

Hrmm. Hydra 52 HD or non HD?

I think the HDs might be the only one with the WiFi connectivity. I entirely spaced that some non HD might still be kicking around.

On Thu, Feb 23, 2023, 4:16 PM SaskatchewanPython @.***> wrote:

Recently grabbed a set of 3 Hydra 52s and realized they don't connect to the app. but instead use the controller. Are you saying with this API connection that I could potentially create a webapp that can connect to my lights?

Have you built anything on top of this console app?

Best

— Reply to this email directly, view it on GitHub https://github.com/Laransec/AIHydra/issues/1, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGA462GSMOBJLQQ2TAVVHT3WY7HR7ANCNFSM6AAAAAAVGEIP5Q . You are receiving this because you are subscribed to this thread.Message ID: @.***>

SaskatchewanPython commented 1 year ago

nonHD

But here's the thing. How do they connect to the wireless controller? All the boards have a wireless chip: https://industrycanada.co/9795A-30000003

This chip is embedded in both the main board on the led as well as the controller. So it has to have wifi?? It just really sucks that you cant connect the NONhd models to the ai app without a separate wifi module and the director both of which are discontinued.

On Thu, Feb 23, 2023 at 1:20 PM Laransec @.***> wrote:

Hrmm. Hydra 52 HD or non HD?

I think the HDs might be the only one with the WiFi connectivity. I entirely spaced that some non HD might still be kicking around.

On Thu, Feb 23, 2023, 4:16 PM SaskatchewanPython @.***> wrote:

Recently grabbed a set of 3 Hydra 52s and realized they don't connect to the app. but instead use the controller. Are you saying with this API connection that I could potentially create a webapp that can connect to my lights?

Have you built anything on top of this console app?

Best

— Reply to this email directly, view it on GitHub https://github.com/Laransec/AIHydra/issues/1, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AGA462GSMOBJLQQ2TAVVHT3WY7HR7ANCNFSM6AAAAAAVGEIP5Q

. You are receiving this because you are subscribed to this thread.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/Laransec/AIHydra/issues/1#issuecomment-1442447233, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASWCJEEWWFZAIVRZ7PQK36DWY7IBLANCNFSM6AAAAAAVGEIP5Q . You are receiving this because you authored the thread.Message ID: @.***>

SaskatchewanPython commented 1 year ago

It would be awesome to be able to create a locally hosted website that can control these things.

On Thu, Feb 23, 2023 at 1:22 PM Laransec @.***> wrote:

Yeah for the non HD you need this bit.

https://www.theaquariumsolution.com/product/8111/225

There may be a similar vuln there but I don't have one to play with.

On Thu, Feb 23, 2023, 4:19 PM Jeremy @.***> wrote:

Hrmm. Hydra 52 HD or non HD?

I think the HDs might be the only one with the WiFi connectivity. I entirely spaced that some non HD might still be kicking around.

On Thu, Feb 23, 2023, 4:16 PM SaskatchewanPython @.***> wrote:

Recently grabbed a set of 3 Hydra 52s and realized they don't connect to the app. but instead use the controller. Are you saying with this API connection that I could potentially create a webapp that can connect to my lights?

Have you built anything on top of this console app?

Best

— Reply to this email directly, view it on GitHub https://github.com/Laransec/AIHydra/issues/1, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AGA462GSMOBJLQQ2TAVVHT3WY7HR7ANCNFSM6AAAAAAVGEIP5Q

. You are receiving this because you are subscribed to this thread.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/Laransec/AIHydra/issues/1#issuecomment-1442449908, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASWCJEC6UFJ4NUXTC4AMTITWY7IK7ANCNFSM6AAAAAAVGEIP5Q . You are receiving this because you authored the thread.Message ID: @.***>

SaskatchewanPython commented 1 year ago

This is another product that communicated to the Hydra NON HD models: https://www.neptunesystems.com/downloads/docs/AWM_manual.pdf Neptune AWM Module.

So I assume it worked like this and same as director.

Webbased or local app to connect to either Director or AWM module with nice GUI. Hydra NON HD was connected to local private wifi network hosted by AWM or director.

computer or app logs into director and modifies value. Value is then changed on LED Module.

Im know very little but I can write a basic webapp that connects to an API. So I'm curious how this could be engineered to maybe connect to pi that does the same as the director or the awm.

Any ideas?

On Thu, Feb 23, 2023 at 1:22 PM Laransec @.***> wrote:

Yeah for the non HD you need this bit.

https://www.theaquariumsolution.com/product/8111/225

There may be a similar vuln there but I don't have one to play with.

On Thu, Feb 23, 2023, 4:19 PM Jeremy @.***> wrote:

Hrmm. Hydra 52 HD or non HD?

I think the HDs might be the only one with the WiFi connectivity. I entirely spaced that some non HD might still be kicking around.

On Thu, Feb 23, 2023, 4:16 PM SaskatchewanPython @.***> wrote:

Recently grabbed a set of 3 Hydra 52s and realized they don't connect to the app. but instead use the controller. Are you saying with this API connection that I could potentially create a webapp that can connect to my lights?

Have you built anything on top of this console app?

Best

— Reply to this email directly, view it on GitHub https://github.com/Laransec/AIHydra/issues/1, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AGA462GSMOBJLQQ2TAVVHT3WY7HR7ANCNFSM6AAAAAAVGEIP5Q

. You are receiving this because you are subscribed to this thread.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/Laransec/AIHydra/issues/1#issuecomment-1442449908, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASWCJEC6UFJ4NUXTC4AMTITWY7IK7ANCNFSM6AAAAAAVGEIP5Q . You are receiving this because you authored the thread.Message ID: @.***>

Laransec commented 11 months ago

This is another product that communicated to the Hydra NON HD models: https://www.neptunesystems.com/downloads/docs/AWM_manual.pdf Neptune AWM Module. So I assume it worked like this and same as director. Webbased or local app to connect to either Director or AWM module with nice GUI. Hydra NON HD was connected to local private wifi network hosted by AWM or director. computer or app logs into director and modifies value. Value is then changed on LED Module. Im know very little but I can write a basic webapp that connects to an API. So I'm curious how this could be engineered to maybe connect to pi that does the same as the director or the awm. Any ideas? On Thu, Feb 23, 2023 at 1:22 PM Laransec @.> wrote: Yeah for the non HD you need this bit. https://www.theaquariumsolution.com/product/8111/225 There may be a similar vuln there but I don't have one to play with. On Thu, Feb 23, 2023, 4:19 PM Jeremy @.> wrote: > Hrmm. Hydra 52 HD or non HD? > > I think the HDs might be the only one with the WiFi connectivity. I > entirely spaced that some non HD might still be kicking around. > > On Thu, Feb 23, 2023, 4:16 PM SaskatchewanPython @.> > wrote: > >> Recently grabbed a set of 3 Hydra 52s and realized they don't connect to >> the app. but instead use the controller. >> Are you saying with this API connection that I could potentially create a >> webapp that can connect to my lights? >> >> Have you built anything on top of this console app? >> >> Best >> >> — >> Reply to this email directly, view it on GitHub >> <#1>, or unsubscribe >> < https://github.com/notifications/unsubscribe-auth/AGA462GSMOBJLQQ2TAVVHT3WY7HR7ANCNFSM6AAAAAAVGEIP5Q > >> . >> You are receiving this because you are subscribed to this thread.Message >> ID: @.> >> > — Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASWCJEC6UFJ4NUXTC4AMTITWY7IK7ANCNFSM6AAAAAAVGEIP5Q . You are receiving this because you authored the thread.Message ID: @.***>

Sorry- I haven't been in this account for a while. There is a decent chance you could reverse engineer the protocol between the wireless module and the lights...

It would just take some work.

If you know anyone with good wireless network pentest skills it might help to see if any probe requests are coming from the lights themselves looking for the module.