search

adapt0 / smartplug

Alternative firmware for Etekcity's "Voltson Wi-Fi Smart Plug Mini Outlet" (ESW01-USA)
MIT License
31 stars 6 forks source link

Local Control? #5

Open M5864 opened 4 years ago

M5864 commented 4 years ago

Chris, first off, great work on this project!

I have a simple question and hoping you have an answer since you've basically got down to the bare-bones of this device.

Do you know if it's possible to control the device directly (not using a VeSync account) from the network it's joined to?

It has to be possible because this is what I've done and tested so far (ESW01-US):

  1. Install the VeSync app on an old cellphone
  2. When the app starts it asks you to sign-in to VeSync or Create an Account.
  3. I chose Create account, but on the top right of the next screen there's a convenient "Skip" option
  4. Next screen was setting up the device on the network.
  5. Once set up on the network, the app can turn it on and off, etc.

So, after extensive googling all I found was other python apps that leverage the VeSync server to issue commands (hence you need a VeSync account). That's not what I want. I'd prefer to lock down the device, not have to use the VeSync app at all, but still issue on/off (not interested in power monitoring or schedules atm) commands directly to the device as-is.

In your investigation did you find a default username / password the app uses to talk to the device? There must be one as the app works fine w/o an account.

I did a quick nmap scan of the TCP ports on the device and everything is closed:

sudo nmap -sT -p- 10.100.1.195

Starting Nmap 6.47 ( http://nmap.org ) at 2019-12-06 11:22 PST Nmap scan report for 10.100.1.195 Host is up (0.0097s latency). All 65535 scanned ports on 10.100.1.195 are closed

UDP port scanning is still running...

Maybe if all else fails creating a basic firmware for direct control via a simple API would work?

Thanks in advance and keep up the good work.

Marc

adapt0 commented 4 years ago

From what I understand; the plug needs to communicate with a server, then you talk to that server to control the plug.

Skipping the registration still has the plug communicate with their server. You can confirm this by disconnecting your phone from your network, and seeing if you can still control the plug (i.e., over LTE). Skipping registration just means that you can't login to your anonymous account on another phone to control the same stuff.

Once you create a named account, devices are associated with that account, then accessible by other phones using that same account. But again, from what I've seen; the plug only communicates with a server. You don't interact with plugs directly over the network beyond initial setup.

So couple of options:

  1. host your own server and play DNS games - https://github.com/itsnotlupus/vesync-wsproxy
  2. change the firmware

I went with option 2 😄