#!/usr/bin/python from datetime import datetime try: from Crypto.Cipher import AES except ImportError as e: import pyaes import time import random import socket import sys import threading import codecs def gendevice(devtype, host, mac): if devtype == 0: # SP1 return sp1(host=host, mac=mac) if devtype == 0x2711: # SP2 return sp2(host=host, mac=mac) if devtype == 0x2719 or devtype == 0x7919 or devtype == 0x271a or devtype == 0x791a: # Honeywell SP2 return sp2(host=host, mac=mac) if devtype == 0x2720: # SPMini return sp2(host=host, mac=mac) elif devtype == 0x753e: # SP3 return sp2(host=host, mac=mac) elif devtype == 0x947a or devtype == 0x9479: # SP3S return sp2(host=host, mac=mac) elif devtype == 0x2728: # SPMini2 return sp2(host=host, mac=mac) elif devtype == 0x2733 or devtype == 0x273e: # OEM branded SPMini return sp2(host=host, mac=mac) elif devtype >= 0x7530 and devtype <= 0x7918: # OEM branded SPMini2 return sp2(host=host, mac=mac) elif devtype == 0x2736: # SPMiniPlus return sp2(host=host, mac=mac) elif devtype == 0x2712: # RM2 return rm(host=host, mac=mac) elif devtype == 0x2737: # RM Mini return rm(host=host, mac=mac) elif devtype == 0x273d: # RM Pro Phicomm return rm(host=host, mac=mac) elif devtype == 0x2783: # RM2 Home Plus return rm(host=host, mac=mac) elif devtype == 0x277c: # RM2 Home Plus GDT return rm(host=host, mac=mac) elif devtype == 0x272a: # RM2 Pro Plus return rm(host=host, mac=mac) elif devtype == 0x2787: # RM2 Pro Plus2 return rm(host=host, mac=mac) elif devtype == 0x278b: # RM2 Pro Plus BL return rm(host=host, mac=mac) elif devtype == 0x278f: # RM Mini Shate return rm(host=host, mac=mac) elif devtype == 0x2714: # A1 return a1(host=host, mac=mac) elif devtype == 0x4EB5 or devtype == 0x4EF7: # MP1: 0x4eb5, honyar oem mp1: 0x4ef7 return mp1(host=host, mac=mac) elif devtype == 0x2722: # S1 (SmartOne Alarm Kit) return S1C(host=host, mac=mac) else: return device(host=host, mac=mac) def discover(timeout=None, local_ip_address=None): if local_ip_address is None: s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.connect(('8.8.8.8', 53)) # connecting to a UDP address doesn't send packets local_ip_address = s.getsockname()[0] address = local_ip_address.split('.') cs = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) cs.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) cs.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1) cs.bind((local_ip_address,0)) port = cs.getsockname()[1] starttime = time.time() devices = [] timezone = int(time.timezone/-3600) packet = bytearray(0x30) year = datetime.now().year if timezone < 0: packet[0x08] = 0xff + timezone - 1 packet[0x09] = 0xff packet[0x0a] = 0xff packet[0x0b] = 0xff else: packet[0x08] = timezone packet[0x09] = 0 packet[0x0a] = 0 packet[0x0b] = 0 packet[0x0c] = year & 0xff packet[0x0d] = year >> 8 packet[0x0e] = datetime.now().minute packet[0x0f] = datetime.now().hour subyear = str(year)[2:] packet[0x10] = int(subyear) packet[0x11] = datetime.now().isoweekday() packet[0x12] = datetime.now().day packet[0x13] = datetime.now().month packet[0x18] = int(address[0]) packet[0x19] = int(address[1]) packet[0x1a] = int(address[2]) packet[0x1b] = int(address[3]) packet[0x1c] = port & 0xff packet[0x1d] = port >> 8 packet[0x26] = 6 checksum = 0xbeaf for i in range(len(packet)): checksum += packet[i] checksum = checksum & 0xffff packet[0x20] = checksum & 0xff packet[0x21] = checksum >> 8 cs.sendto(packet, ('255.255.255.255', 80)) if timeout is None: response = cs.recvfrom(1024) responsepacket = bytearray(response[0]) host = response[1] mac = responsepacket[0x3a:0x40] devtype = responsepacket[0x34] | responsepacket[0x35] << 8 return gendevice(devtype, host, mac) else: while (time.time() - starttime) < timeout: cs.settimeout(timeout - (time.time() - starttime)) try: response = cs.recvfrom(1024) except socket.timeout: return devices responsepacket = bytearray(response[0]) host = response[1] devtype = responsepacket[0x34] | responsepacket[0x35] << 8 mac = responsepacket[0x3a:0x40] dev = gendevice(devtype, host, mac) devices.append(dev) return devices class device: def __init__(self, host, mac, timeout=10): self.host = host self.mac = mac self.timeout = timeout self.count = random.randrange(0xffff) self.key = bytearray([0x09, 0x76, 0x28, 0x34, 0x3f, 0xe9, 0x9e, 0x23, 0x76, 0x5c, 0x15, 0x13, 0xac, 0xcf, 0x8b, 0x02]) self.iv = bytearray([0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58]) self.id = bytearray([0, 0, 0, 0]) self.cs = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) self.cs.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self.cs.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1) self.cs.bind(('',0)) self.type = "Unknown" self.lock = threading.Lock() if 'pyaes' in sys.modules: self.encrypt = self.encrypt_pyaes self.decrypt = self.decrypt_pyaes else: self.encrypt = self.encrypt_pycrypto self.decrypt = self.decrypt_pycrypto def encrypt_pyaes(self, payload): aes = pyaes.AESModeOfOperationCBC(self.key, iv = bytes(self.iv)) return "".join([aes.encrypt(bytes(payload[i:i+16])) for i in range(0, len(payload), 16)]) def decrypt_pyaes(self, payload): aes = pyaes.AESModeOfOperationCBC(self.key, iv = bytes(self.iv)) return "".join([aes.decrypt(bytes(payload[i:i+16])) for i in range(0, len(payload), 16)]) def encrypt_pycrypto(self, payload): aes = AES.new(bytes(self.key), AES.MODE_CBC, bytes(self.iv)) return aes.encrypt(bytes(payload)) def decrypt_pycrypto(self, payload): aes = AES.new(bytes(self.key), AES.MODE_CBC, bytes(self.iv)) return aes.decrypt(bytes(payload)) def auth(self): payload = bytearray(0x50) payload[0x04] = 0x31 payload[0x05] = 0x31 payload[0x06] = 0x31 payload[0x07] = 0x31 payload[0x08] = 0x31 payload[0x09] = 0x31 payload[0x0a] = 0x31 payload[0x0b] = 0x31 payload[0x0c] = 0x31 payload[0x0d] = 0x31 payload[0x0e] = 0x31 payload[0x0f] = 0x31 payload[0x10] = 0x31 payload[0x11] = 0x31 payload[0x12] = 0x31 payload[0x1e] = 0x01 payload[0x2d] = 0x01 payload[0x30] = ord('T') payload[0x31] = ord('e') payload[0x32] = ord('s') payload[0x33] = ord('t') payload[0x34] = ord(' ') payload[0x35] = ord(' ') payload[0x36] = ord('1') response = self.send_packet(0x65, payload) payload = self.decrypt(response[0x38:]) if not payload: return False key = payload[0x04:0x14] if len(key) % 16 != 0: return False self.id = payload[0x00:0x04] self.key = key return True def get_type(self): return self.type def send_packet(self, command, payload): self.count = (self.count + 1) & 0xffff packet = bytearray(0x38) packet[0x00] = 0x5a packet[0x01] = 0xa5 packet[0x02] = 0xaa packet[0x03] = 0x55 packet[0x04] = 0x5a packet[0x05] = 0xa5 packet[0x06] = 0xaa packet[0x07] = 0x55 packet[0x24] = 0x2a packet[0x25] = 0x27 packet[0x26] = command packet[0x28] = self.count & 0xff packet[0x29] = self.count >> 8 packet[0x2a] = self.mac[0] packet[0x2b] = self.mac[1] packet[0x2c] = self.mac[2] packet[0x2d] = self.mac[3] packet[0x2e] = self.mac[4] packet[0x2f] = self.mac[5] packet[0x30] = self.id[0] packet[0x31] = self.id[1] packet[0x32] = self.id[2] packet[0x33] = self.id[3] # pad the payload for AES encryption if len(payload)>0: numpad=(len(payload)//16+1)*16 payload=payload.ljust(numpad,b"\x00") checksum = 0xbeaf for i in range(len(payload)): checksum += payload[i] checksum = checksum & 0xffff payload = self.encrypt(payload) packet[0x34] = checksum & 0xff packet[0x35] = checksum >> 8 for i in range(len(payload)): packet.append(payload[i]) checksum = 0xbeaf for i in range(len(packet)): checksum += packet[i] checksum = checksum & 0xffff packet[0x20] = checksum & 0xff packet[0x21] = checksum >> 8 starttime = time.time() with self.lock: while True: try: self.cs.sendto(packet, self.host) self.cs.settimeout(1) response = self.cs.recvfrom(2048) break except socket.timeout: if (time.time() - starttime) > self.timeout: raise return bytearray(response[0]) class mp1(device): def __init__ (self, host, mac): device.__init__(self, host, mac) self.type = "MP1" def set_power_mask(self, sid_mask, state): """Sets the power state of the smart power strip.""" packet = bytearray(16) packet[0x00] = 0x0d packet[0x02] = 0xa5 packet[0x03] = 0xa5 packet[0x04] = 0x5a packet[0x05] = 0x5a packet[0x06] = 0xb2 + ((sid_mask<<1) if state else sid_mask) packet[0x07] = 0xc0 packet[0x08] = 0x02 packet[0x0a] = 0x03 packet[0x0d] = sid_mask packet[0x0e] = sid_mask if state else 0 response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) def set_power(self, sid, state): """Sets the power state of the smart power strip.""" sid_mask = 0x01 << (sid - 1) return self.set_power_mask(sid_mask, state) def check_power_raw(self): """Returns the power state of the smart power strip in raw format.""" packet = bytearray(16) packet[0x00] = 0x0a packet[0x02] = 0xa5 packet[0x03] = 0xa5 packet[0x04] = 0x5a packet[0x05] = 0x5a packet[0x06] = 0xae packet[0x07] = 0xc0 packet[0x08] = 0x01 response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) if err == 0: payload = self.decrypt(bytes(response[0x38:])) if type(payload[0x4]) == int: state = payload[0x0e] else: state = ord(payload[0x0e]) return state def check_power(self): """Returns the power state of the smart power strip.""" state = self.check_power_raw() data = {} data['s1'] = bool(state & 0x01) data['s2'] = bool(state & 0x02) data['s3'] = bool(state & 0x04) data['s4'] = bool(state & 0x08) return data class sp1(device): def __init__ (self, host, mac): device.__init__(self, host, mac) self.type = "SP1" def set_power(self, state): packet = bytearray(4) packet[0] = state self.send_packet(0x66, packet) class sp2(device): def __init__ (self, host, mac): device.__init__(self, host, mac) self.type = "SP2" def set_power(self, state): """Sets the power state of the smart plug.""" packet = bytearray(16) packet[0] = 2 packet[4] = 1 if state else 0 self.send_packet(0x6a, packet) def check_power(self): """Returns the power state of the smart plug.""" packet = bytearray(16) packet[0] = 1 response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) if err == 0: payload = self.decrypt(bytes(response[0x38:])) if type(payload[0x4]) == int: state = bool(payload[0x4]) else: state = bool(ord(payload[0x4])) return state def get_energy(self): packet = bytearray([8, 0, 254, 1, 5, 1, 0, 0, 0, 45]) response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) if err == 0: payload = self.decrypt(bytes(response[0x38:])) energy = int(hex(ord(payload[7]) * 256 + ord(payload[6]))[2:]) + int(hex(ord(payload[5]))[2:])/100.0 return energy class a1(device): def __init__ (self, host, mac): device.__init__(self, host, mac) self.type = "A1" def check_sensors(self): packet = bytearray(16) packet[0] = 1 response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) if err == 0: data = {} payload = self.decrypt(bytes(response[0x38:])) if type(payload[0x4]) == int: data['temperature'] = (payload[0x4] * 10 + payload[0x5]) / 10.0 data['humidity'] = (payload[0x6] * 10 + payload[0x7]) / 10.0 light = payload[0x8] air_quality = payload[0x0a] noise = payload[0xc] else: data['temperature'] = (ord(payload[0x4]) * 10 + ord(payload[0x5])) / 10.0 data['humidity'] = (ord(payload[0x6]) * 10 + ord(payload[0x7])) / 10.0 light = ord(payload[0x8]) air_quality = ord(payload[0x0a]) noise = ord(payload[0xc]) if light == 0: data['light'] = 'dark' elif light == 1: data['light'] = 'dim' elif light == 2: data['light'] = 'normal' elif light == 3: data['light'] = 'bright' else: data['light'] = 'unknown' if air_quality == 0: data['air_quality'] = 'excellent' elif air_quality == 1: data['air_quality'] = 'good' elif air_quality == 2: data['air_quality'] = 'normal' elif air_quality == 3: data['air_quality'] = 'bad' else: data['air_quality'] = 'unknown' if noise == 0: data['noise'] = 'quiet' elif noise == 1: data['noise'] = 'normal' elif noise == 2: data['noise'] = 'noisy' else: data['noise'] = 'unknown' return data def check_sensors_raw(self): packet = bytearray(16) packet[0] = 1 response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) if err == 0: data = {} payload = self.decrypt(bytes(response[0x38:])) if type(payload[0x4]) == int: data['temperature'] = (payload[0x4] * 10 + payload[0x5]) / 10.0 data['humidity'] = (payload[0x6] * 10 + payload[0x7]) / 10.0 data['light'] = payload[0x8] data['air_quality'] = payload[0x0a] data['noise'] = payload[0xc] else: data['temperature'] = (ord(payload[0x4]) * 10 + ord(payload[0x5])) / 10.0 data['humidity'] = (ord(payload[0x6]) * 10 + ord(payload[0x7])) / 10.0 data['light'] = ord(payload[0x8]) data['air_quality'] = ord(payload[0x0a]) data['noise'] = ord(payload[0xc]) return data class rm(device): def __init__ (self, host, mac): device.__init__(self, host, mac) self.type = "RM2" def check_data(self): packet = bytearray(16) packet[0] = 4 response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) if err == 0: payload = self.decrypt(bytes(response[0x38:])) return payload[0x04:] def send_data(self, data): packet = bytearray([0x02, 0x00, 0x00, 0x00]) packet += data self.send_packet(0x6a, packet) def enter_learning(self): packet = bytearray(16) packet[0] = 3 self.send_packet(0x6a, packet) def sweep_frequency(self): packet = bytearray(16) packet[0] = 0x19; self.send_packet(0x6a, packet) def check_frequency(self): packet = bytearray(16) packet[0] = 0x1a response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) if err == 0: payload = self.decrypt(bytes(response[0x38:])) if payload[0x04] == 1: return True return False def find_rf_packet(self): packet = bytearray(16) packet[0] = 0x1b response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) if err == 0: payload = self.decrypt(bytes(response[0x38:])) if payload[0x04] == 1: return True return False def check_temperature(self): packet = bytearray(16) packet[0] = 1 response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) if err == 0: payload = self.decrypt(bytes(response[0x38:])) if type(payload[0x4]) == int: temp = (payload[0x4] * 10 + payload[0x5]) / 10.0 else: temp = (ord(payload[0x4]) * 10 + ord(payload[0x5])) / 10.0 return temp # For legay compatibility - don't use this class rm2(rm): def __init__ (self): device.__init__(self, None, None) def discover(self): dev = discover() self.host = dev.host self.mac = dev.mac S1C_SENSORS_TYPES = { 0x31: 'Door Sensor', # 49 as hex 0x91: 'Key Fob', # 145 as hex, as serial on fob corpse 0x21: 'Motion Sensor' # 33 as hex } class S1C(device): """ Its VERY VERY VERY DIRTY IMPLEMENTATION of S1C """ def __init__(self, *a, **kw): device.__init__(self, *a, **kw) self.type = 'S1C' def get_sensors_status(self): packet = bytearray(16) packet[0] = 0x06 # 0x06 - get sensors info, 0x07 - probably add sensors response = self.send_packet(0x6a, packet) err = response[0x22] | (response[0x23] << 8) if err == 0: aes = AES.new(bytes(self.key), AES.MODE_CBC, bytes(self.iv)) payload = aes.decrypt(bytes(response[0x38:])) if payload: head = payload[:4] count = payload[0x4] #need to fix for python 2.x sensors = payload[0x6:] sensors_a = [bytearray(sensors[i * 83:(i + 1) * 83]) for i in range(len(sensors) // 83)] sens_res = [] for sens in sensors_a: status = ord(chr(sens[0])) _name = str(bytes(sens[4:26]).decode()) _order = ord(chr(sens[1])) _type = ord(chr(sens[3])) _serial = bytes(codecs.encode(sens[26:30],"hex")).decode() type_str = S1C_SENSORS_TYPES.get(_type, 'Unknown') r = { 'status': status, 'name': _name.strip('\x00'), 'type': type_str, 'order': _order, 'serial': _serial, } if r['serial'] != '00000000': sens_res.append(r) result = { 'count': count, 'sensors': sens_res } return result # Setup a new Broadlink device via AP Mode. Review the README to see how to enter AP Mode. # Only tested with Broadlink RM3 Mini (Blackbean) def setup(ssid, password, security_mode): # Security mode options are (0 - none, 1 = WEP, 2 = WPA1, 3 = WPA2, 4 = WPA1/2) payload = bytearray(0x88) payload[0x26] = 0x14 # This seems to always be set to 14 # Add the SSID to the payload ssid_start = 68 ssid_length = 0 for letter in ssid: payload[(ssid_start + ssid_length)] = ord(letter) ssid_length += 1 # Add the WiFi password to the payload pass_start = 100 pass_length = 0 for letter in password: payload[(pass_start + pass_length)] = ord(letter) pass_length += 1 payload[0x84] = ssid_length # Character length of SSID payload[0x85] = pass_length # Character length of password payload[0x86] = security_mode # Type of encryption (00 - none, 01 = WEP, 02 = WPA1, 03 = WPA2, 04 = WPA1/2) checksum = 0xbeaf for i in range(len(payload)): checksum += payload[i] checksum = checksum & 0xffff payload[0x20] = checksum & 0xff # Checksum 1 position payload[0x21] = checksum >> 8 # Checksum 2 position sock = socket.socket(socket.AF_INET, # Internet socket.SOCK_DGRAM) # UDP sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1) sock.sendto(payload, ('255.255.255.255', 80))