The month or so after the holidays have always been a great time to pick up some interesting gadgets on steep clearance, but with decorations and lights becoming increasingly complex over the last few years, the “Christmas Clearance” rack is an absolute must see for enterprising hackers. You might just luck out like [ModernHam] and find a couple packs of these dirt cheap wireless light controllers, which can fairly easily be hacked into the start of a home automation system with little more than the Raspberry Pi and a short length of wire.
In the video after the break, [ModernHam] walks the viewer through the start to finish process of commanding these cheap remote plugs. Starting with finding which frequencies the remotes use thanks to the FCC database and ending with using cron to schedule the transmission of control signals from the Pi, his video really is a wealth of information. Even if you don’t have this particular model of remote plug, or don’t necessarily want to setup a home automation system, there’s probably some element of this video that you could still adapt to your own projects.
The first step of the process is figuring out how the remote is communicating to the plugs. [ModernHam] noticed there was no frequency listed on the devices, but using their FCC IDs he was able to find the relevant information. In the United States, devices like these must have their FCC IDs visible (though they could be behind a battery door) by law, so the searchable database is an invaluable tool to do some basic reconnaissance on a poorly documented gadget.
An RTL-SDR receiver is then used to fine tune the information gleaned from the FCC filing. [ModernHam] found that the signals for all four of the remote plugs were being broadcast on the same frequency, which makes controlling them all the easier. Using the
rtl-sdr command, he was able to capture the various signals from the transmitter and save them to separate files. Then it’s just a matter of replaying the appropriate file to get the plugs to do your bidding.
Of course, the RTL-SDR can’t transmit so you’ll have to leave your dongle behind for this last step. Luckily all you need to transmit is the rpitx package created by [F5OEO], along with a supported Raspberry Pi and a small length of wire attached to the appropriate GPIO pin. This package contains the tool
sendiq which can be used to replay the raw captures made in the previous step. With some scripting, it’s fairly straightforward to automate these transmissions to control the remote plugs however you wish from the Pi.
The RTL-SDR Blog put together their own guide for “brute forcing” simple remote control devices like this as well, and we’ve even seen similar techniques used against automotive key fobs in the past. Amazing what a piece of wire and some clever code can pull off.
Continue reading “Automate Your Home From The Clearance Rack”
We’re all for buying broken stuff from eBay to save yourself a few bucks: buy it cheap, fix it, and reap the rewards of being a step ahead of the average consumer. Searching through the “For parts or not working” categories is nearly the official pastime here at the Hackaday Bunker. But buying an eBay find only to have it give up the ghost in a couple weeks? That hurts.
That’s precisely what happened to [idaresiwins] when he bought this beefy looking “Web Power Switch” on the Electronic Bay. After two weeks, the controller board blew and his “smart” power strip became very stupid indeed. But with the addition of a Raspberry Pi, he’s got it back up and running. Not only that, but given the extra horsepower this device now contains, it now doubles as a basic server for the home lab.
This conversion was helped by the fact that the original controller was on a separate board from the relays, and connected with a small ribbon cable. All [idaresiwins] had to do was figure out which wire in the cable went to each of the eight relays, and fire them off with the Pi’s GPIO pins. In an interesting detail, he opened up one of the ends of the ribbon cable and used it as a punch down block of sorts to easily hook the wires up to the Pi’s pins. We might suggest some hot glue to keep everything from moving around, but otherwise it’s a neat tip.
[idaresiwins] found some information online about making a web-based GPIO interface, which he adapted to control the outlets on the power strip. He then wrapped the Pi up in plastic to keep it from shorting out, and tucked it inside the case. Note that he was able to pull 5 VDC from the relay board and run it to the Pi over the ribbon cable, so he didn’t need to bother with hacking a USB adapter in there.
Controlling AC devices over the Interwebs is an extremely popular project, and we’ve even seen a DIY device that looks quite similar to this product. Most of them are now using the ESP8266, but with the Pi onboard this hack is more like a super-sized version of the PowerPwn.
Walk into any home improvement store, and you’ll find dozens of smart accessories, home automation equipment, and WiFi-connected ephemera. The Belkin WeMo Insight is one of these devices, giving anyone with $60 and a WiFi network the ability to switch lights and appliances on and off over a network. [John] picked up one of these WiFi plugs, but it didn’t work exactly as he would like. Instead of building a smart plug from scratch, [John] replaced the controller board for a WeMo Insight for his Hackaday Prize entry, making it far more useful and a replacement for devices like the Kill-a-Watt.
In its stock form, the WeMo can only be used though the smartphone app provided by Belkin or through a few third-party services like IFFT. All of these solutions have a limited API, and don’t provide advanced power metrics. To solve this problem, [John] replaced the smart controller board inside the Belkin WeMo with one of their own design.
By volume, most of the electronics inside the WeMo are a transformer, caps, and a relay; the smarts of this smart plug are just a daughterboard. By re-engineering this daughterboard with a new microcontroller, an ESP8266, and a microSD card connector, [John] can replicate the functionality of the WeMo while adding some new features. SD card datalogging for up to four years is now possible, a RTC now provides precise time stamps on all data collected, and a few simple calculations on the microcontroller enable power factor, line frequency, and total energy metering. With the ESP, all this data can be sent up to the cloud with a vastly improved API.
It’s a great project, and something that Belkin should seriously consider for their next revision of the WeMo. For anyone stuck with a stock WeMo, [John] has made all his design files and code available, allowing anyone to replicate this build
You can check out [John]’s Hackaday Prize entry video below.
Continue reading “Hackaday Prize Semifinalist: A Better Smart Plug”
The Kankun smart plug is an inexpensive device that lets you switch an outlet on and off over wifi. The smart plug only works with an Android or IOS app that ships with the device, which limits its usefulness to turning things on and off from your phone.
In an attempt to make this device more useful, [LinuxGeek] probed the device with nmap and discovered that it runs OpenWRT. After trying various common default passwords he discovered the login was root/admin. While [LinuxGeek] hasn’t sniffed the protocol yet, others have hacked it a bit further. The plug apparently uses UDP packets to communicate with the Android app, but the packets are unfortunately encrypted.
Rather than hack at the protocol, they wrote code that toggles the GPIO pin from a CGI script and developed a small Windows application that hits the CGI script for simple control from a computer. There’s also a Google+ group where more information and a couple other hacks for these plugs are posted. For $20 (from AliExpress) and with a bit of hacking, this smart plug could be a great way to add wireless control to a home automation system.
The D-Link DSP-W215 Smart Plug, a wireless home automation device for monitoring and controlling electrical outlets has just been hacked. Even though it isn’t readily available from Amazon or Best Buy yet, the firmware is already up on D-Link’s web site. The very well detailed write-up explains all the steps that led to this exploit creation.
First, the firmware was unpacked to examine the file system contents. It was found that the smart plug doesn’t have a normal web-based interface as users are expected to configure it using D-Link’s Android/iOS app. The apps however, appear to use the Home Network Administration Protocol (HNAP) to talk to the smart plug running a lighthttpd server. A look at the latter’s configuration file revealed the functions that could be called without any authentication. Another revealed that the firmware could accept an unlimited amount of POST request bytes which were copied in a fix length buffer without any performed checks. We’ll let our readers head to the original article to see where the author went from this point.