Hacking an IOT Lightbulb

12 October 2016

How I reverse engineered the protocol used by some cheap WiFi lightbulbs, and made by own client application.

View Chris-Johnston/PythonWifiBulb on GitHub

I was given an internet-connected RGB lightbulb around the time that I was working on the Internet Xmas Tree. These bulbs were much cheaper than some of their counterparts, but came with some significant downsides.

Unlike something like the Philips Hue, these can only be controlled with their “Magic Home” app. It does the job, but is pretty clunky.

Using Wireshark, I was able to capture packets sent from the Android app to the bulb. I used my laptop as a man-in-the-middle.

From these packets I was able to determine the data that was being transmitted. I used Python to create a simple client that would re-transmit the same data to the bulb. Initially this had some significant issues and couldn’t do anything more than change the color, but I was able to continue adding features to it.

Gif of FluxLed in use

Using this custom client, I was able to build an application to change the color temperature from this light, that could change depending on the time of day. This project can be found at Chris-Johnston/FluxLight

I also used this client with the Patio Lights project, to control 3 lightbulbs. (Only 2 are visible in this GIF.)

patio lights in use

Other Clients

A while after I created my own client for controlling these lights, I came across Danielhiversen/flux_led. This project is a more complete implementation of the same work I’ve done. Interesting that we chose a similar name, too.

I thought it was great that I could find this project that was developed independently, as I had to make many assumptions that I couldn’t verify when I was reverse engineering the protocol. I was glad to see that this project contained some of the same magic numbers that I had found myself.