aleqx
commented
5 years ago The added problem is that other machines on my LAN are also rebroadcasting these packet, so blocking the smartplug's IP doesn't make a difference.
Closed aleqx closed 5 years ago
aleqx
commented
5 years ago The added problem is that other machines on my LAN are also rebroadcasting these packet, so blocking the smartplug's IP doesn't make a difference.
codetheweb
commented
5 years ago If your router / local machine is actually translating UDP packets to TCP packets and then sending them to random sockets that would be a very strange bug indeed....
I'm not a network expert, but AFAIK you're describing the intended behavior in your second comment. If a packet is sent to the network's broadcast address, the router (again, AFAIK) broadcasts the packet on all interfaces possible to all devices possible.
Any more details you can provide related to your first comment?
unparagoned
commented
5 years ago Are you sure you have no tuya apps running on your phone. Or have multiple instances of tuyapi running.
aleqx
commented
5 years ago Nothing is running on the phone (and the physical wifi network with the smartplugs is in another country than I am).
If a packet is sent to the network's broadcast address, the router (again, AFAIK) broadcasts the packet on all interfaces possible to all devices possible.
I wasn't talking about the router, but about other machines on the LAN. They are rebroadcasting too.
It turns out I was blocking the broadcast from 192.168.10.50, but using tcpdump is misleading, because tcpdump sits in front of iptables (i.e. tcpdump will always see everything coming in).
I still have no idea why would a local LAN machine send the json-rpc message on to internet hosts ... that's what I'm seeing in tcpdump, unless that's a tcpdump bug of some sort:
LAN router = 192.168.10.1
Smartplug ip = 192.168.10.50
Linux LAN machine A = 192.168.10.213
Linux LAN machine B = 192.168.10.101
Internet host X = 165.227.<snip>.<snip>
Machine A is connected to X on port 50483/tcp (it's an application that has nothing to do with Tuya).
6910 23:09:20.881130 IP 192.168.10.213.45912 > 165.227.<snip>.<snip>.50483: {"ip":"192.168.10.50","gwId":"002007782c3ae812a933","active":2,"ability":0,"mode":0,"encrypt":true,"productKey":"turAAs6wYyKbH2BH","version":"3.1"}Notice that A is sending the Tuya message on to the internet host on port 50483. Why and how in the world does a LAN machine send the Tuya json-rpc message on to an internet host?
Here it is sending it among themselves (I don't mind that):
6051 22:45:26.978403 IP 192.168.10.101.1006 > 192.168.10.213.514: {"ip":"192.168.10.50","gwId":"002007782c3ae812a933","active":2,"ability":0,"mode":0,"encrypt":true,"productKey":"turAAs6wYyKbH2BH","version":"3.1"}
...
...
6927 23:09:42.933164 IP 192.168.10.213.514 > 192.168.10.101.1007: {"ip":"192.168.10.50","gwId":"002007782c3ae812a933","active":2,"ability":0,"mode":0,"encrypt":true,"productKey":"turAAs6wYyKbH2BH","version":"3.1"}Sorry, but that's beyond my skillset to help with...
A few things that may be helpful in debugging this:
aleqx
commented
5 years ago What I posted above is tcpdump running on machine A (tcpdump -U -A -n -l not icmp and not arp and port not '(53 or 123 or 22 or 2049 or 1909)'), and you can see the tcpdump output, i.e. what tcpdump sees at interface level. You can clearly see the json-rpc messages from Tuya and that it is being sent to tan internet host. Machine A has nothing Tuya related installed on it, so it's definitely not encrypted in any fashion. ALL machines on this LAN are doing the same thing, believe it or not.
unparagoned
commented
5 years ago I ran tcpdump -U -A -n -l not icmp and not arp and port not '(53 or 123 or 22 or 2049 or 1909)'
And everything was from the devices, there were no rebroadcasts that I saw. Are you sure your computers/routers aren't set up to rebroadcast anything sent to> 255.255.255.255.6666: UDP, length 175
Try sudo echo -ne '\x41\x00\x55' > /dev/udp/192.168.10.255/6666 and see if that gets rebroadcast?
codetheweb
commented
5 years ago Closing this because of inactivity.
@aleqx if you're still seeing issues and you think I can help/provide more information, feel free to reopen this.
Not really this project's fault, but the broadscasts/multicasts from my Tuya-compatible wifi smartplug are (for some bizzare reason!) being rebroadcasted further to the internet on tcp connections I make to internet hosts, and some of those hosts reply back again rebroadcasting it, messing with the app that is supposed to receive different json-rpc messages ...
I tried to drop all IP traffic from the wifi smartplug device but they are still coming through
The tcpdump still shows the json-rpc packets coming from that IP, and then the host rebroadcasting them to all hosts it is connected to.
First time I'm seeing anything like it. Can a kind soul help, please?