-
-
Save hardillb/4ce9fc493b792806e39f7fae4b7c28a7 to your computer and use it in GitHub Desktop.
Basic MQTT bridge can be found here: | |
https://github.com/hardillb/TRADFRI2MQTT | |
Bridge adds a mDNS entry for a COAP sever: | |
Service Type: _coap._udp | |
Service Name: gw:b0-72-bf-25-bf-59 | |
Domain Name: local | |
Interface: wlan0 IPv4 | |
Address: gw\058b0-72-bf-25-bf-59.local/192.168.1.111:5684 | |
TXT version = 1.0.0008 | |
Wireshark trace shows evidence of DTSL setup for the matching port: | |
3 8.838970 192.168.1.58 192.168.1.111 DTLSv1.2 111 Client Hello | |
Internet Protocol Version 4, Src: 192.168.1.58 (192.168.1.58), Dst: 192.168.1.111 (192.168.1.111) | |
User Datagram Protocol, Src Port: 36237 (36237), Dst Port: coaps (5684) | |
nodejs node | |
https://github.com/neustar/node-coap-dtls | |
Stuggling to get this to connect. | |
Looks like CoAP can be self describing, which is nice... | |
https://bitsex.net/software/2017/coap-endpoints-on-ikea-tradfri/ | |
<//15001/reset>;ct=0, | |
<//15001>;ct=0;obs, | |
[65536,65537] | |
<//15001/65537>;ct=0;obs, | |
{"9001":"Living Room Light","3":{"0":"IKEA of Sweden","1":"TRADFRI bulb E27 opal 1000lm","2":"","3":"1.1.1.0-5.7.2.0","6":1},"9002":1491158817,"9020":1491327551,"9003":65537,"9054":1,"5750":2,"9019":1,"3311":[{"5850":1,"5851":5,"9003":0}]} | |
<//15001/65536>;ct=0;obs, | |
{"9001":"Living Room Dimmer","3":{"0":"IKEA of Sweden","1":"TRADFRI wireless dimmer","2":"","3":"1.1.1.1-5.7.2.0","6":3,"9":16},"9002":1491156042,"9020":1491331077,"9003":65536,"9054":0,"5750":0,"9019":1,"15009":[{"9003":0}]} | |
<//15004>;ct=0;obs, | |
<//15004/add>;ct=0, | |
<//15004/remove>;ct=0, | |
<//15004/138191>;ct=0;obs, | |
{"9001":"Living Room","9002":1491158740,"9003":138191,"5850":1,"5851":0,"9039":215546,"9018":{"15002":{"9003":[65536,65537]}}} | |
<//15005>;ct=0;obs, | |
<//15005/138191>;ct=0;obs, | |
[197802,215546,197100] | |
<//15005/138191/197802>;ct=0;obs, | |
{"9057":0,"9001":"EVERYDAY","9068":1,"9002":1491158740,"9003":197802,"15013":[{"5850":1,"5851":203,"9003":65537}]} | |
<//15005/138191/215546>;ct=0;obs, | |
{"9057":1,"9001":"RELAX","9068":1,"9002":1491158740,"9003":215546,"15013":[{"5850":1,"5851":25,"9003":65537}]} | |
<//15005/138191/197100>;ct=0;obs, | |
{"9057":2,"9001":"FOCUS","9068":1,"9002":1491158740,"9003":197100,"15013":[{"5850":1,"5851":254,"9003":65537}]} | |
<//status>;ct=0;obs, | |
{} | |
<//15006>;ct=0;obs, | |
[{"9002":1491247648,"9014":0,"9015":5001},{"9002":1491330758,"9014":0,"9015":1004}] | |
<//15011/15012>;ct=0;obs, | |
{"9023":"pool.ntp.org","9029":"1.1.0015","9059":1491333388,"9081":"7e1151520440017d","9060":"2017-04-04T19:16:28.004712Z","9062":0,"9061":0,"9054":0,"9055":0,"9079":0,"9066":5,"9069":1491246077,"9080":0,"9071":1,"9077":0,"9072":0,"9073":0,"9074":0,"9076":0,"9075":0,"9078":0} | |
<//15011/9030>;ct=0, | |
<//15011/9031>;ct=0, | |
<//15011/9033>;ct=0, | |
<//15011/9034>;ct=0, | |
<//15011/9063>;ct=0, | |
<//15010>;ct=0;obs | |
[] | |
java -jar cf-client-1.1.0-SNAPSHOT.jar -psk GET coaps://192.168.1.111//15001/65537 | |
{"9001":"Living Room Light","9002":1491158817,"5750":2,"9020":1491232251,"3":{"0":"IKEA of Sweden","1":"TRADFRI bulb E27 opal 1000lm","3":"1.1.1.0-5.7.2.0","2":"","6":1},"9054":0,"9003":65537,"9019":1,"3311":[{"5850":0,"5851":1,"9003":0}]} | |
java -jar cf-client-1.1.0-SNAPSHOT.jar -psk PUT coaps://192.168.1.111//15001/65537 '{"9001":"Living Room Light","9002":1491158817,"5750":2,"9020":1491232251,"3":{"0":"IKEA of Sweden","1":"TRADFRI bulb E27 opal 1000lm","3":"1.1.1.0-5.7.2.0","2":"","6":1},"9054":0,"9003":65537,"9019":1,"3311":[{"5850":1,"5851":1,"9003":0}]}' | |
Turned on the light |
FYI; some more related links about cracking Ikea Trådfri Gateway CoAP communication:
https://tools.ietf.org/html/rfc7252
https://bitsex.net/software/2017/coap-endpoints-on-ikea-tradfri/
https://bitsex.net/software/2017/ikea-tradfri-zigbee-lights/
https://community.home-assistant.io/t/ikea-tradfri-gateway-zigbee/14788/8
https://www.domoticz.com/forum/viewtopic.php?f=56&t=13882
http://www.domoticz.com/wiki/Talk:Ikea_Tradfri_Gateway
And slightly off-topic are these projects on hacking Ikea Trådfri end devices:
http://www.automatiserar.se/ikeas-tradlos-med-arduino/
https://github.com/Ispep/Hemautomation/tree/master/Arduino/ZigBeeLampan
https://www.heise.de/make/artikel/Ikea-Tradfri-Anleitung-fuer-ein-ESP8266-Lampen-Gateway-3598411.html
https://www.heise.de/make/artikel/Ikea-Tradfri-Das-steckt-im-Smart-Home-aus-dem-Moebelhaus-3597295.html
Just in case it might be easier to debug if have deeper control of end hardware devices.
Sound as Ikea have choosen to base their implementation on OMA (Open Mobile Alliance) recommended standard of those three logical components; CoAP, and DTLS layers of the LWM2M (Lightweight M2M) protocol stack.
"Lightweight M2M (LWM2M) is a system standard in the Open Mobile Alliance. It includes DTLS, CoAP, Block, Observe, SenML and Resource Directory and weaves them into a device-server interface along with an Object structure."
http://openmobilealliance.org/data-models-for-the-internet-of-things/
https://connect2.io/open-mobile-alliance-lightweightm2m-oma-lwm2m/
https://iot.eclipse.org/standards/
https://eclipse.org/community/eclipse_newsletter/2014/february/article2.php
OMA LightweightM2M (LWM2M) standard:
http://openmobilealliance.org/iot/
http://openmobilealliance.org/iot/lightweight-m2m-lwm2m/
http://www.openmobilealliance.org/wp/Overviews/lightweightm2m_overview.html
http://www.openmobilealliance.org/wp/OMNA/LwM2M/LwM2MRegistry.html
http://www.openmobilealliance.org/tech/profiles/
https://github.com/OpenMobileAlliance/OMA_LwM2M_for_Developers/wiki
http://devtoolkit.openmobilealliance.org/OEditor/Legal?back=Default
http://www.openmobilealliance.org/wp/comments.html
https://github.com/OpenMobileAlliance/OMA_LwM2M_for_Developers/issues
http://openmobilealliance.hs-sites.com/keep_updated
The Wakaama project covers the LWM2M Protocol, CoAP, and DTLS layers of the LwM2M protocol stack for all three logical components. Wakaama is not a library but files to be built with an application. The Eclipse Wakaama project provides a C portable framework for building LWM2M clients and/or servers. The source code of Wakaama is available from the project webpage. It is written in C and designed to be portable on POSIX compliant systems.
http://www.eclipse.org/wakaama/
The Eclipse Leshan project provides a Java implementation of LwM2M, allowing to build LwM2M servers and clients. The source code of Leshan is available from the project webpage.
http://www.eclipse.org/leshan/
Another option from Eclipse is Californium CoAP client programmed in Java which also supports DTLS
https://eclipse.org/californium/
https://github.com/cetic/6lbr/wiki/Example-:-Dtls-Coap-Server
https://people.inf.ethz.ch/mkovatsc/resources/californium/cf-dtls-thesis.pdf
Yeah, I'm really looking for a working nodejs dtls/coap client but I've not found one that actually works yet.
It looks like native DTLS may be on it's way to NodeJS
nodejs/node#2398
Hi there
You mentioned wireshark - the traffic is really easy to decrypt just by entering the preshared key in Preferences -> Protocol -> DTLS -> preshared key (must be entered as hex)
Also, i think it is required with a somewhat new build of wireshark - im using wireshark 2.3.0~rc0 where it decrypts perfectly just by entering the preshared key from the box
Edit: i also think you need to have the entire conversation captured in wireshark at least from the start where the ssl/dtls handshaking takes place... :)
@fasmide my version of wireshark (on Ubuntu 14.04) is too old for DTSL decoding, I need to upgrade at some point, but I'm doing ok with out it.
FYI, looks like ha-bridge issue 570 have become a collective point for links and notes about progress around different integrations and implementations
Some of the new links to code implementations in different programming languages include:
https://github.com/stenehall/homebridge-ikea
https://gist.github.com/hvanderlaan/3d8e11869f86ba94d9d6df1c815af3aa
https://github.com/ggravlingen/home-assistant/blob/master/extraconfig/python_code/ikea.py
https://gist.github.com/r41d/65be2c7a111ac6c32f24d762ba38612c
r41d found an intersting class in the Android App, after decompliling with apktool, it is located in
com/ikea/tradfri/lighting/ipso/IPSOObjects.java.
Here's his upload: http://sprunge.us/CCQF
DTLS-CoAP wireshark dissector -> https://github.com/msangoi/dtls-coap-dissector
Some links
Domoticz page
http://www.domoticz.com/wiki/Ikea_Tradfri_Gateway
https://die-krueger.de/?p=458
ZigBee sender removed from the IKEA Trådfri control and connected to the GPIO of a Raspberry Pi 3 running OpenHAB2
Source: https://www.heise.de/make/artikel/Ikea-Tradfri-Anleitung-fuer-ein-ESP8266-Lampen-Gateway-3598411.html
https://community.openhab.org/t/ikea-announces-tradfri-smart-lights/22021