根据小米智能家居设备流量分析及脚本控制一文复现
设备说明
- 飞利浦睿智球灯泡,购买链接
- 小米6手机,通过米家app控制灯泡
- 华为路由器,用于抓包
- macbookpro,本机
灯泡启动
当灯泡首次通电是会放出一个wifi
抓取流量
利用mac自带的网卡抓取802.11协议的数据包还是有点费劲的,参考:mac系统使用wireshark抓取无线网卡数据包以及常用过滤条件
sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport en0 sniff 7
sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s
然后开wireshark,并设置psk,然后打掉所有设备
udp重放
import socket
import time
sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
cmd = '21310060000000000330923a0000172d2b045ac30271b801215f7694d02743407686c558345b450a443a1f73467b8dcdb52808b854ea38656be486458766d892c1ca5b1322f9ad27e9974620b5576765c6d22f088a3c797e52c83e0d7ef40e1a'.decode('hex')
opencmd=''
for data1 in cmd:
opencmd+=chr(int('{:08b}'.format(ord(data1)),2))
sock.sendto(opencmd,("192.168.8.108",54321))
python-miio
brew install node
npm install -g miio
miio discover
➜ Desktop miio discover
INFO Discovering devices. Press Ctrl+C to stop.
Device ID: 53514810
Model info: philips.light.bulb
Address: 192.168.4.1
Token: 4b614854a651b6d3f162196a477f7856 via auto-token
Support: At least basic
from miio.philips_bulb import PhilipsBulb
import time
ip='192.168.8.108'
token='4b614854a651b6d3f162196a477f7856'
bulb = PhilipsBulb(ip,token)
while(1):
time.sleep(1)
bulb.on()
time.sleep(1)
bulb.off()