Content Table 1. Introduction 2. The Firmware 3. The Android Application 4. The Problems 5. Conclusion 6. Appendix 6.1. Excursion Dalvik 6.2 Control script 1. Introduction The HS-110 is a Smart Plug meaning it is capable of being controlled with commands via a network. TP-Link released a mobile application called "Kasa for Mobile" for Android and iOS devices to control the Smart Plug. The possibilities range from simple tasks like turning the Plug on and off to advanced options like planing schedules and timers. The HS-110 additionally has the possibility to measure and store data regarding power consumption. These are screenshots of the app home screen, the main control and the settings for a plug: app control screen plug control screen plug settings The device itself is pretty straightforward with only two buttons. The one at the top is the reset button and the other one in the front is the power button and status led: plug from the front plug from the top plug from the back To open it we remove the hidden screw under the information sheet and then break it open using a little bit of force: [open1] [open2] Now we remove the top part of the board and the two screws on the second part to get rid of the plastic hull: [open3] [open4] [open5] We can now see the Atheros AR9331 (Hornet) on the right board in the middle picture above. It is a System-on-a-Chip (SOC) which has a MIPS 24K processor and is a full featured IEEE 802.11n 1x1 AP/Router. It also has a 32 MiB RAM (Zentel A3S56D40GTP-50l) on the opposite side of the same board. The other board hosts the electronics for the actual plug. But the interesting question is: What this SOC is actually running so let's move on to the next section. 2. The Firmware The Smart Plug runs on a 64-bit Linux (2.6.31). The Firmware is available at the Website of TP-Link. Our version is 1.0.7. There is also an unofficial unstable API on GitHub. For a first analysis of the Firmware we used binwalk . It is important to also install sasquatch for this since unsquashfs appears to have issues with TP-Link firmware. You can just install the necessary tools for the installation of sasquatch via apt sudo apt-get install build-essential liblzma-dev liblzo2-dev zlib1g-dev or the corresponding packages if you don't use apt. After that just clone the sasquatch git repository and run the build script. At the end we have to install binwalk by cloning it's git repository and running the setup.py script via sudo python setup.py install or sudo python3 setup.py install if you are using python3.x. For the dependencies we can run deps.sh, at least when we are using apt. Otherwise you have to install them by yourself. A list is available at github . Now we are ready to run binwalk at the firmware with following command: root@kali:~/Desktop/test# binwalk hs110v1_us_1.0.7_Build_151016_Rel.24186.bin DECIMAL HEXADECIMAL DESCRIPTION
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment