The Kankun smart plug is an inexpensive device that lets you switch an outlet on and off over wifi. The smart plug only works with an Android or IOS app that ships with the device, which limits its usefulness to turning things on and off from your phone.
In an attempt to make this device more useful, [LinuxGeek] probed the device with nmap and discovered that it runs OpenWRT. After trying various common default passwords he discovered the login was root/admin. While [LinuxGeek] hasn’t sniffed the protocol yet, others have hacked it a bit further. The plug apparently uses UDP packets to communicate with the Android app, but the packets are unfortunately encrypted.
Rather than hack at the protocol, they wrote code that toggles the GPIO pin from a CGI script and developed a small Windows application that hits the CGI script for simple control from a computer. There’s also a Google+ group where more information and a couple other hacks for these plugs are posted. For $20 (from AliExpress) and with a bit of hacking, this smart plug could be a great way to add wireless control to a home automation system.
Does it come in an “Americas” version?
I saw a few vendors on AliExpress selling a US plug version, but most of them were non-US plugs.
Many were defined for all countries. They are 90-230VAC rated
http://www.amazon.com/Peneric-Kankun-Socket-Control-Intelligent/dp/B00MXSDESM
I found one (several) on AliExpress that handles US plugs, but it is ‘plug agnostic’ as it also handles other plugs in the same device without changing any hardware/software. It seems to be tolerant of many voltage levels from 90 through 230 VAC or so.
“the packets are unfortunately encrypted”…yes let’s lament it when a manufacturer goes the extra step to make their product more secure (default passwords notwithstanding)
If strangers can’t control my device I don’t truly own it!
/s
It’s more likely that the encryption is there to protect their intellectual property rather than for our security.
It’s clear they were trying to “protect their intellectual property” when they chose “admin” as the root password.
No it’s more likely the encryption is there because they are ‘upto’ something.
Is it just SSL like how you can use https on most OpenWRT routers? If so, you could just use a proxy to do a man in the middle?
Yeah we all know that undocumented encryption is totally secure
More details – how to ssh in and control the plug – http://www.htlinux.com/kankun-kk-sp3-openwrt-webserver-and-commandline-hacks/
Maybe these manufacturers should just make these devices with a bootloader and a manual and let the community figure out what is the best software solution, this seems to be the inevitable result anyway.
Personally, I’d like manufacturers to publish the dev. docs, schematics, source code, etc. for products they EOL. Basically, “We’re done supporting this product, so have at it if you want to.” I’ve collected many little plugs/adapters, gadgets, and other doodads that could make great little dev. platforms if I know how to reprogram them.
Its 10 amps max and they advertise it to turn on water heaters, heaters and air conditioners?!?
Doubt it.
The problem with these companies is they use Chinese made relays, then take the rating off the relay cover.
We used to use about a 500k power relays a year, we tried some of the well known Chinese brands but always found the contact coating would break down fairly quickly, causing the contact point to ‘splash’ and then start to arc & weld.
A relay is a relay…. The real tech. is in the contact material layering and its processing.
Some recommended brand?
Remember 10A makes 2200W when using 220V!
Use the device to switch a contactor.
10A in 240-land is 2400W. Good for many small appliances.
Unfortunately kettles in the UK are generally 13A/ 240V (~3kW) so I can’t use this to boil the kettle in the morning :(
You can, just use it to control a contactor, which then is connector to your kettle. The contactor takes the load and plugs just does the switching.
Might be worth running their Android app through a decompiler. I did this once in preparation for reverse-engineering another brand of wifi power adapter and discovered that their “encryption” simply involved salting the packets with the IP address and tacking on a checksum. Half an hour later we had no further need of the mobile apps.
Can you help/advise how we can work it through our home WiFi router as if we stop connection mob. communication the KK-SP3 lose its
memory…..and don’t stop!!, it’s even danger, thanks.
Are these things safe inside? dodgy chinese hardware and mains power often doesn’t mix well.
I’m with Anon there.
Bad enough finding crappy wall warts with dodgy designs in the wild. How would this be any different?
I’m currently waiting on an order for one of these. I wanted to use it to be able to kill my 3D printer at the wall plug in the event of a failure via remote. Combining this with an old android phone for monitoring and printing times no longer matter.
Why not use a standard relay breakout and attach it to your printer’s microcontroller? You can then control with M80/M81 to turn the power on/off. Power your microcontroller via a non-switched USB so you can connect any time and fire up the high voltage side.
Run octoprint on a raspi off that non-switched USB power, and you can then connect to a webpage and turn the power on and off.
Reading through the specs, kinda seems like it’s 10 amp at 220 volt. I could be mistaken. I would never use this little guy for a heater anyhow
I would watch out…..
This thing is ‘proxied’ via a Chinese server, as such there is nothing to stop the firmware from being updated remotely thereby blowing a MASSIVE hole in your firewall.
Get several thousand of these things into service and you would have access to a significant amount of info.
ESP. if they were installed in businesses.
What business is going to risk their fire insurance by installing non-UL equipment?
What business really knows what their employees plug in to the wall?
nailed it right there. proxying anything like this through anyone’s server is a significant risk on multiple fronts. Multiply that by several orders of magnitude when that server is in China. Nothing good will come of such things.
Is there another cheap solution like this? I mean, a wifi gimcrack under $20 US (with US plug)?
http://www.walmart.com/ip/Generic-CT-065W-WorkChoice-1-Ol-Wi-Fi-Indoor-Switch-White/46721978
not wifi, but you could tie a half dozen of em to the GPIO pins on a rasp-pi with a wifi adapter https://www.sparkfun.com/products/11042
Beware cheap Chinese switchers! My house burnt down a few months ago and the fire inspector pinpointed it to one of these. I was using it with just one 4″ fluorescent lamp so it was certainly not overloaded.
That’s scary.
Note to self: Time to buy and install some of those arc-fault circuit breakers.
I’m so sorry to hear that, [leinad]. That sucks. Glad you made it out o.k. This is a warning to all of us!
Hello Check this out also! Its not 20$ but i think its good https://izy.meazon.com. Its based on zigbee and wifi
My device arrived, and the user/pass to ssh into it was: root/p9z34c other then that it seems to be a great little device.
not workin password
admin
1234
p9z34c
do this first:
telnet
passwd root
Guys, anyone tried the smartplug2? Does it come with openwrt as well?
on this community they are working on an andorid app: https://plus.google.com/communities/115308608951565782559
https://play.google.com/store/apps/details?id=com.blogspot.choplabalagun.widgetkkforsmartplug
It has homescreen widgets, and google now integration so you can setup voice commands.
Hi,
do you know if this is also possible for the xiaomi mi smart wifi plug?
Cheers
Michael
Has anyone tried getting any sort of access to Broadlink SP3 devices? It would be awesome if I could use Raspberry Pi to control Broadlink SP3 power outlet…