Merge 8ab6b8ad82 into a8f9e9d65c

tplink-smarthome.lua

@@ -2,9 +2,7 @@
 -- For decrypting local network traffic between TP-Link 
 -- Smart Home Devices and the Kasa Smart Home App
 --
--- Install under:
+-- Install in the location listed in About Wireshark/Folders/Personal Plugins
--- (Windows)      %APPDATA%\Wireshark\plugins\
--- (Linux, Mac)   $HOME/.wireshark/plugins
 --
 -- by Lubomir Stroetmann
 -- Copyright 2016 softScheck GmbH 
@@ -24,65 +22,45 @@
 --
 
 -- Create TP-Link Smart Home protocol and its fields
-p_tplink = Proto ("TPLink-SmartHome","TP-Link Smart Home Protocol")
+hs1x0_proto_TCP = Proto ("TPLink-SmartHome-TCP", "TP-Link Smart Home Protocol (TCP")
+hs1x0_proto_UDP = Proto ("TPLink-SmartHome-UDP", "TP-Link Smart Home Protocol (UDP)")
 
--- Dissector function
+-- Decrypt string Autokey XOR to ByteArray
-function p_tplink.dissector (buf, pkt, root)
+function tpdecode(buf, start)
-  -- Validate packet length
+  local key = 171
-  if buf:len() == 0 then return end
+  local size = buf:len()-1
-  pkt.cols.protocol = p_tplink.name
+  local decoded = ""
+  for i=start,size do
+    local c = buf(i,1):uint()
+    decoded = decoded .. string.format("%x", bit.bxor(c,key))
+    key = c
+  end
+  return ByteArray.new(decoded)
+end
 
-  -- Decode data
+function hs1x0_proto_TCP.dissector (buf, pkt, root)
-        local ascii = ""
+  pkt.cols.protocol = "TPLink-SmartHome (TCP)"
-		local hex = ""
+  local subtree = root:add(hs1x0_proto_TCP, buf() ,"TPLink-SmartHome")
-		
+  local decoded = tpdecode(buf, 4)
-		-- Skip first 4 bytes (header)
+  subtree:add(decoded:raw())
-        start = 4
-        endPosition = buf:len() - 1
-		
-		-- Decryption key is -85 (256-85=171)
-		local key = 171
-
-		-- Decrypt Autokey XOR
-		-- Save results as ascii and hex
-        for index = start, endPosition do
-          local c = buf(index,1):uint()
-		  -- XOR first byte with key
-		  d = bit32.bxor(c,key)
-		  -- Use byte as next key
-		  key = c
-		 
-		  hex = hex .. string.format("%x", d)
-          -- Convert to printable characters
-          if d >= 0x20 and d <= 0x7E then
-            ascii = ascii .. string.format("%c", d)
-          else
-            -- Use dot for non-printable bytes
-            ascii = ascii .. "."
-          end
-        end
-
-  
-  -- Create subtree
-  subtree = root:add(p_tplink, buf(0))
-  
-  -- Add data to subtree
-  subtree:add(ascii)
-  -- Description of payload
   subtree:append_text(" (decrypted)")
-  
+  local tvb = ByteArray.tvb(decoded, "JSON TVB")
-  -- Call JSON Dissector with decrypted data
-  local b = ByteArray.new(hex)
-  local tvb = ByteArray.tvb(b, "JSON TVB")
   Dissector.get("json"):call(tvb, pkt, root)
- 
 end
 
--- Initialization routine
+function hs1x0_proto_UDP.dissector (buf, pkt, root)
-function p_tplink.init()
+  pkt.cols.protocol = "TPLink-SmartHome (UDP)"
+  local subtree = root:add(hs1x0_proto_UDP, buf() ,"TPLink-SmartHome")
+  local decoded = tpdecode(buf, 0)
+  subtree:add(decoded:raw())
+  subtree:append_text(" (decrypted)")
+  local tvb = ByteArray.tvb(decoded, "JSON TVB")
+  Dissector.get("json"):call(tvb, pkt, root)
 end
 
--- Register a chained dissector for port 9999
+tcp_table = DissectorTable.get ("tcp.port")
-local tcp_dissector_table = DissectorTable.get("tcp.port")
+udp_table = DissectorTable.get ("udp.port")
-dissector = tcp_dissector_table:get_dissector(9999)
+
-tcp_dissector_table:add(9999, p_tplink)
+-- register the protocol to port 9999
+tcp_table:add (9999, hs1x0_proto_TCP)
+udp_table:add (9999, hs1x0_proto_UDP)

tplink-smartplug.py

@@ -47,20 +47,30 @@ commands = {'info'     : '{"system":{"get_sysinfo":{}}}',
 			'reset'    : '{"system":{"reset":{"delay":1}}}'
 }
 
+light_commands = {
+	'on': '{"smartlife.iot.smartbulb.lightingservice":{"transition_light_state":{"on_off":1,"transition_period":0}}}',
+	'off': '{"smartlife.iot.smartbulb.lightingservice":{"transition_light_state":{"on_off":0,"transition_period":0}}}'
+}
+
 # Encryption and Decryption of TP-Link Smart Home Protocol
 # XOR Autokey Cipher with starting key = 171
-def encrypt(string):
+def encrypt(string, doHeader=True):
 	key = 171
-	result = "\0\0\0\0"
+	if doHeader:
+		result = "\0\0\0\0"
+	else:
+		result = ""
 	for i in string: 
 		a = key ^ ord(i)
 		key = a
 		result += chr(a)
 	return result
 
-def decrypt(string):
+def decrypt(string, doHeader=True):
 	key = 171 
 	result = ""
+	if doHeader:
+		string = string[4:]
 	for i in string: 
 		a = key ^ ord(i)
 		key = ord(i) 
@@ -70,6 +80,7 @@ def decrypt(string):
 # Parse commandline arguments
 parser = argparse.ArgumentParser(description="TP-Link Wi-Fi Smart Plug Client v" + str(version))
 parser.add_argument("-t", "--target", metavar="<ip>", required=True, help="Target IP Address", type=validIP)
+parser.add_argument("-l", "--lightbulb", dest="lightbulb", help="Enable lightbulb mode", action="store_true")
 group = parser.add_mutually_exclusive_group(required=True)
 group.add_argument("-c", "--command", metavar="<command>", help="Preset command to send. Choices are: "+", ".join(commands), choices=commands) 
 group.add_argument("-j", "--json", metavar="<JSON string>", help="Full JSON string of command to send")
@@ -81,19 +92,20 @@ port = 9999
 if args.command is None:
 	cmd = args.json
 else:
-	cmd = commands[args.command]
+	if args.lightbulb:
-
+		cmd = light_commands[args.command]
-
+	else:
+		cmd = commands[args.command]
 
 # Send command and receive reply 
 try:
-	sock_tcp = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+	sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM if args.lightbulb else socket.SOCK_STREAM)
-	sock_tcp.connect((ip, port))
+	sock.settimeout(1)
-	sock_tcp.send(encrypt(cmd))
+	sock.sendto(encrypt(cmd, not args.lightbulb), (ip, port))
-	data = sock_tcp.recv(2048)
+	data = decrypt(sock.recv(2048), not args.lightbulb)
-	sock_tcp.close()
+	sock.close()
 	
 	print "Sent:     ", cmd
-	print "Received: ", decrypt(data[4:])
+	print "Received: ", data
 except socket.error:
 	quit("Cound not connect to host " + ip + ":" + str(port))