-
-
Save hardillb/4ce9fc493b792806e39f7fae4b7c28a7 to your computer and use it in GitHub Desktop.
| Basic MQTT bridge can be found here: | |
| https://github.com/hardillb/TRADFRI2MQTT | |
| Bridge adds a mDNS entry for a COAP sever: | |
| Service Type: _coap._udp | |
| Service Name: gw:b0-72-bf-25-bf-59 | |
| Domain Name: local | |
| Interface: wlan0 IPv4 | |
| Address: gw\058b0-72-bf-25-bf-59.local/192.168.1.111:5684 | |
| TXT version = 1.0.0008 | |
| Wireshark trace shows evidence of DTSL setup for the matching port: | |
| 3 8.838970 192.168.1.58 192.168.1.111 DTLSv1.2 111 Client Hello | |
| Internet Protocol Version 4, Src: 192.168.1.58 (192.168.1.58), Dst: 192.168.1.111 (192.168.1.111) | |
| User Datagram Protocol, Src Port: 36237 (36237), Dst Port: coaps (5684) | |
| nodejs node | |
| https://github.com/neustar/node-coap-dtls | |
| Stuggling to get this to connect. | |
| Looks like CoAP can be self describing, which is nice... | |
| https://bitsex.net/software/2017/coap-endpoints-on-ikea-tradfri/ | |
| <//15001/reset>;ct=0, | |
| <//15001>;ct=0;obs, | |
| [65536,65537] | |
| <//15001/65537>;ct=0;obs, | |
| {"9001":"Living Room Light","3":{"0":"IKEA of Sweden","1":"TRADFRI bulb E27 opal 1000lm","2":"","3":"1.1.1.0-5.7.2.0","6":1},"9002":1491158817,"9020":1491327551,"9003":65537,"9054":1,"5750":2,"9019":1,"3311":[{"5850":1,"5851":5,"9003":0}]} | |
| <//15001/65536>;ct=0;obs, | |
| {"9001":"Living Room Dimmer","3":{"0":"IKEA of Sweden","1":"TRADFRI wireless dimmer","2":"","3":"1.1.1.1-5.7.2.0","6":3,"9":16},"9002":1491156042,"9020":1491331077,"9003":65536,"9054":0,"5750":0,"9019":1,"15009":[{"9003":0}]} | |
| <//15004>;ct=0;obs, | |
| <//15004/add>;ct=0, | |
| <//15004/remove>;ct=0, | |
| <//15004/138191>;ct=0;obs, | |
| {"9001":"Living Room","9002":1491158740,"9003":138191,"5850":1,"5851":0,"9039":215546,"9018":{"15002":{"9003":[65536,65537]}}} | |
| <//15005>;ct=0;obs, | |
| <//15005/138191>;ct=0;obs, | |
| [197802,215546,197100] | |
| <//15005/138191/197802>;ct=0;obs, | |
| {"9057":0,"9001":"EVERYDAY","9068":1,"9002":1491158740,"9003":197802,"15013":[{"5850":1,"5851":203,"9003":65537}]} | |
| <//15005/138191/215546>;ct=0;obs, | |
| {"9057":1,"9001":"RELAX","9068":1,"9002":1491158740,"9003":215546,"15013":[{"5850":1,"5851":25,"9003":65537}]} | |
| <//15005/138191/197100>;ct=0;obs, | |
| {"9057":2,"9001":"FOCUS","9068":1,"9002":1491158740,"9003":197100,"15013":[{"5850":1,"5851":254,"9003":65537}]} | |
| <//status>;ct=0;obs, | |
| {} | |
| <//15006>;ct=0;obs, | |
| [{"9002":1491247648,"9014":0,"9015":5001},{"9002":1491330758,"9014":0,"9015":1004}] | |
| <//15011/15012>;ct=0;obs, | |
| {"9023":"pool.ntp.org","9029":"1.1.0015","9059":1491333388,"9081":"7e1151520440017d","9060":"2017-04-04T19:16:28.004712Z","9062":0,"9061":0,"9054":0,"9055":0,"9079":0,"9066":5,"9069":1491246077,"9080":0,"9071":1,"9077":0,"9072":0,"9073":0,"9074":0,"9076":0,"9075":0,"9078":0} | |
| <//15011/9030>;ct=0, | |
| <//15011/9031>;ct=0, | |
| <//15011/9033>;ct=0, | |
| <//15011/9034>;ct=0, | |
| <//15011/9063>;ct=0, | |
| <//15010>;ct=0;obs | |
| [] | |
| java -jar cf-client-1.1.0-SNAPSHOT.jar -psk GET coaps://192.168.1.111//15001/65537 | |
| {"9001":"Living Room Light","9002":1491158817,"5750":2,"9020":1491232251,"3":{"0":"IKEA of Sweden","1":"TRADFRI bulb E27 opal 1000lm","3":"1.1.1.0-5.7.2.0","2":"","6":1},"9054":0,"9003":65537,"9019":1,"3311":[{"5850":0,"5851":1,"9003":0}]} | |
| java -jar cf-client-1.1.0-SNAPSHOT.jar -psk PUT coaps://192.168.1.111//15001/65537 '{"9001":"Living Room Light","9002":1491158817,"5750":2,"9020":1491232251,"3":{"0":"IKEA of Sweden","1":"TRADFRI bulb E27 opal 1000lm","3":"1.1.1.0-5.7.2.0","2":"","6":1},"9054":0,"9003":65537,"9019":1,"3311":[{"5850":1,"5851":1,"9003":0}]}' | |
| Turned on the light |
Sound as Ikea have choosen to base their implementation on OMA (Open Mobile Alliance) recommended standard of those three logical components; CoAP, and DTLS layers of the LWM2M (Lightweight M2M) protocol stack.
"Lightweight M2M (LWM2M) is a system standard in the Open Mobile Alliance. It includes DTLS, CoAP, Block, Observe, SenML and Resource Directory and weaves them into a device-server interface along with an Object structure."
http://openmobilealliance.org/data-models-for-the-internet-of-things/
https://connect2.io/open-mobile-alliance-lightweightm2m-oma-lwm2m/
https://iot.eclipse.org/standards/
https://eclipse.org/community/eclipse_newsletter/2014/february/article2.php
OMA LightweightM2M (LWM2M) standard:
http://openmobilealliance.org/iot/
http://openmobilealliance.org/iot/lightweight-m2m-lwm2m/
http://www.openmobilealliance.org/wp/Overviews/lightweightm2m_overview.html
http://www.openmobilealliance.org/wp/OMNA/LwM2M/LwM2MRegistry.html
http://www.openmobilealliance.org/tech/profiles/
https://github.com/OpenMobileAlliance/OMA_LwM2M_for_Developers/wiki
http://devtoolkit.openmobilealliance.org/OEditor/Legal?back=Default
http://www.openmobilealliance.org/wp/comments.html
https://github.com/OpenMobileAlliance/OMA_LwM2M_for_Developers/issues
http://openmobilealliance.hs-sites.com/keep_updated
The Wakaama project covers the LWM2M Protocol, CoAP, and DTLS layers of the LwM2M protocol stack for all three logical components. Wakaama is not a library but files to be built with an application. The Eclipse Wakaama project provides a C portable framework for building LWM2M clients and/or servers. The source code of Wakaama is available from the project webpage. It is written in C and designed to be portable on POSIX compliant systems.
http://www.eclipse.org/wakaama/
The Eclipse Leshan project provides a Java implementation of LwM2M, allowing to build LwM2M servers and clients. The source code of Leshan is available from the project webpage.
http://www.eclipse.org/leshan/
Another option from Eclipse is Californium CoAP client programmed in Java which also supports DTLS
https://eclipse.org/californium/
https://github.com/cetic/6lbr/wiki/Example-:-Dtls-Coap-Server
https://people.inf.ethz.ch/mkovatsc/resources/californium/cf-dtls-thesis.pdf
Yeah, I'm really looking for a working nodejs dtls/coap client but I've not found one that actually works yet.
It looks like native DTLS may be on it's way to NodeJS
nodejs/node#2398
Hi there
You mentioned wireshark - the traffic is really easy to decrypt just by entering the preshared key in Preferences -> Protocol -> DTLS -> preshared key (must be entered as hex)
Also, i think it is required with a somewhat new build of wireshark - im using wireshark 2.3.0~rc0 where it decrypts perfectly just by entering the preshared key from the box
Edit: i also think you need to have the entire conversation captured in wireshark at least from the start where the ssl/dtls handshaking takes place... :)
@fasmide my version of wireshark (on Ubuntu 14.04) is too old for DTSL decoding, I need to upgrade at some point, but I'm doing ok with out it.
FYI, looks like ha-bridge issue 570 have become a collective point for links and notes about progress around different integrations and implementations
Some of the new links to code implementations in different programming languages include:
https://github.com/stenehall/homebridge-ikea
https://gist.github.com/hvanderlaan/3d8e11869f86ba94d9d6df1c815af3aa
https://github.com/ggravlingen/home-assistant/blob/master/extraconfig/python_code/ikea.py
https://gist.github.com/r41d/65be2c7a111ac6c32f24d762ba38612c
r41d found an intersting class in the Android App, after decompliling with apktool, it is located in
com/ikea/tradfri/lighting/ipso/IPSOObjects.java.
Here's his upload: http://sprunge.us/CCQF
DTLS-CoAP wireshark dissector -> https://github.com/msangoi/dtls-coap-dissector
FYI; some more related links about cracking Ikea Trådfri Gateway CoAP communication:
https://tools.ietf.org/html/rfc7252
https://bitsex.net/software/2017/coap-endpoints-on-ikea-tradfri/
https://bitsex.net/software/2017/ikea-tradfri-zigbee-lights/
https://community.home-assistant.io/t/ikea-tradfri-gateway-zigbee/14788/8
https://www.domoticz.com/forum/viewtopic.php?f=56&t=13882
http://www.domoticz.com/wiki/Talk:Ikea_Tradfri_Gateway
bwssytems/ha-bridge#570
And slightly off-topic are these projects on hacking Ikea Trådfri end devices:
http://www.automatiserar.se/ikeas-tradlos-med-arduino/
https://github.com/Ispep/Hemautomation/tree/master/Arduino/ZigBeeLampan
https://www.heise.de/make/artikel/Ikea-Tradfri-Anleitung-fuer-ein-ESP8266-Lampen-Gateway-3598411.html
https://www.heise.de/make/artikel/Ikea-Tradfri-Das-steckt-im-Smart-Home-aus-dem-Moebelhaus-3597295.html
Just in case it might be easier to debug if have deeper control of end hardware devices.