IMHO the definitive posts to read are:
- V2 tear down https://mpetroff.net/2016/07/new-amazon-dash-button-teardown-jk29lp/
- V1 tear down https://mpetroff.net/2015/05/amazon-dash-button-teardown/
I have the V2 button, you can read the above posts for more detail on them. I was NOT able to get this connected to my network without a mobile device. Using a laptop did NOT work. Once the Dash was hooked up to the network, I was able to change the WiFi network the Dash connected to by using a laptop but provisioning a fresh Dash can not be done this way without more digging/effort. To change the Wifi network simply:
- Press and hold button for 4 secs (Amazon document 6 secs) until the led flashes blue
- Connect to the WiFi network the Dash is now serving on "Amazon ConfigureMe"
- Your device is almost certainly IP 192.168.0.100, the dash is on 192.168.0.1 and is running a webserver at http://192.168.0.1/
- Accessing the server will display the firmware version, DSN number (as printed on the box and on the back of the button) and more importantly the MAC address (sans ":") which is needed to identify the button
- You can change the Wifi network and WiFi password the Dash uses via curl:
If you read from the webserver with a json content type, e.g.:
curl -H "Content-Type: application/json" http://192.168.0.1/
Get something like this (note this has been formatted for readablility):
{
"amzn_devid":"DSN: printed on back of device and from QRCode",
"amzn_macid":"MAC_DIFFERENT_FROM_ABOVE_MAC",
"amzn_networks" : [
{"ssid":"SID_HERE","bssid":"BSSID_HERE","security":"WPA AES PSK","rssi":"-72"},
......
{"ssid":"SID_HERE","bssid":"BSSID_HERE","security":"WPA AES PSK","rssi":"-72"}
]
}
As you might expect, the Dash will fail to configure if the access point it is connected to does not have Internet access.
When entering the WiFi password there is the option for Amazon to store this information. Whilst I was experimenting with this, I went through this process a lot and I must have forgotten one time to set this correctly and now Amazon has my WiFi password (for a sand boxed access point).
Matthew Petroff doesn't go into detail in how to then make use of the buttons for custom purposes but there are lots of links on that. But Ted Benson got into details on detecting the DNS/ARP connection that the Dash makes when getting its IP address for each button press at:
https://medium.com/@edwardbenson/how-i-hacked-amazon-s-5-wifi-button-to-track-baby-data-794214b0bdd8#.6gummiay2
There is a more sophisticated approach where the Amazon web service itself is emulated https://mpetroff.net/2015/05/amazon-dash-button-teardown/#comment-246230 - from comments it is not clear if this works with V2 devices. This approach allows control over the LED to show some sort of state.
The V2 JK29LP has the same DHCP need as V1 (i.e. DHCP, not static address) so I explored the options there. The main options (and code samples in GitHub) I've seen are packet capture the ARP packet and then act on that, either using a framework or raw sockets
Raw socket access https://medium.com/@xtalker/hey-ted-i-got-this-working-on-my-raspi-without-all-the-scapy-overhead-thanks-to-http-e5704e4b16a9#.tdrzhe8xt - this only works under Linux (maybe Mac) and does not work under Windows, even when changing the type to IF_NET
Using a packet capture framework scapy under Linux as described by Ted Benson or under Winpcap under Windows https://medium.com/@gadberger/what-i-had-to-do-to-get-the-amazon-dash-hack-to-work-on-windows-fe06b272a788#.3xacxj5uj
Buried in the comments at https://mpetroff.net/2015/05/amazon-dash-button-teardown/#comment-251428 Mohnish Chaudhary suggests making use of the dhcp-script that dnsmasq has.
I tried raw socket arp reading under Windows and could not get this to work, the OS errors out.
I tried raw socket arp reading under Linux and this does work (I think I had one occasion when the button press was not picked up), this was using a machine on the same WiFi network
Like Mohnish, I'm thinking packet sniffing is a little overboard for me. I have a dd-wrt router that is working fine and it uses DNSMasq. In the web interface there is a "Additional DNSMasq Options" config option, I simply set that to:
dhcp-script=/tmp/myscript
Which simply gets appended to the config file (i.e. this is not being provided via the command line parameter of the same name).
And then knocked up a quick and dirty script to see if it works:
#!/bin/sh
# usage dnasmasq.... --dhcp-script=/tmp/myscript
# in dd-wrt (etc.) add line:
# dhcp-script=/tmp/myscript
logfile_name=/tmp/myscript.log
check_and_truncate()
{
touch ${logfile_name} # ensure file exists on first run
#file_size=`du -k ${logfile_name} | cut -f1`
#max_file_size=4 # Kb
file_size=`ls -al ${logfile_name} |awk '{print $5}'`
max_file_size=2048 # bytes
max_file_size=1024 # bytes
# Simple truncation/rotation
# NOTE this will break any `tail -f ...` usage
if [ ${file_size} -gt ${max_file_size} ];
then
mv ${logfile_name} ${logfile_name}_trunc
echo truncated `date` > ${logfile_name}
#tail -20 ${logfile_name}_trunc >> ${logfile_name}
grep -v '^truncated' ${logfile_name}_trunc | tail -20 >> ${logfile_name}
rm ${logfile_name}_trunc
fi
}
check_and_truncate
echo ------------------ >> ${logfile_name}
env | grep \^D >> ${logfile_name}
echo `date` $0 ${*} >> ${logfile_name}
This works and shows the MAC address. dd-wrt includes both nc (netcat) and wget so this could proxy somewhere else without needing to packet sniff. I've yet to hook this piece up.... I'm trying to avoid writing a custom server to to receive the payload (which is usually my goto answer) and see if it can be delivered directly to https://home-assistant.io/
Is it worth going through the time to set this up? Dunno. But I had a fun morning playing with this :-)
Continued http://somnambulistic-monkey.blogspot.com/2016/07/home-assistant-custom-events-and-amazon.html
This comment has been removed by a blog administrator.
ReplyDelete