Hello,
Potrebujem poradit. Kupil som si TC k beznu a k tomu externy wifi modul... Ta skatulka sa zapaja cez 3 vodice na PCB vo vnutri miesto povodneho ovladania/displaya. Je k tomu nejaka genericka cinska appka (PoolHeater) s pomocou ktorej som to asocioval na moju IoT wifi a z lokalnej siete vidim niektore parametre.
Standardne moja IoT siet nema routu do Internetu, ale na zaciatok a pre jedoduchost som chcel pouzit zabudovany cloud, kedze niektore udaje by som videl len po tom a navyse by som ho mohol ovladat aj mimo VPN... Lenze aj toto domrsili, kedze do toho ich cloudu sa to registruje cez 2 kody na nalepkach (asi nejake seriove cislo + nejaka kontrolna suma toho) a mna to posle do ( ! ) s hlaskou "wrong device info".
Uprimne sa mi to nechce reklamovat, skor mam zaujem interpretovat tie data u seba a na to som evidentne proivelky lamer, hence ziadam o helpu:
1) Skatulka ma staticku IP a otvorene su 2 TCP porty: 80 a 60.000
2) Na TCP/80 je nejaky HTTP server vyzadujuci http basic auth, ale k tejto hovadine nie je ziaden auth... A par kombinacii typu admin/admin som skusal.
$ telnet 192.168.1.254 80
Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 401 Unauthorized
Data:Thu,03 Jan 2013 10:00:00 GMT
Server: lw
Accept-Ranges: bytes
WWW-Authenticate: Basic realm="."
Content-Type:text/html
Connection:close
Connection closed by foreign host.
Cize ten webserver sa hlasi ako "lw", vo by mohol byt laser web...
2) TCP/60.000 prijme connection od hocikadial a zacne v periodikych intervaloch posielat nejake data, medzi stringmi ktore su na prvy pohlad jasne, su napriklad ESSID IoT siete, WPA heslo, nazov toho TC a inak pre mna nepochopoitelny bordel:
$ telnet 192.168.1.254 60000
Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.
�Z��/�
vS;��Z��/�
v! >�H�Z��/�
v�InternetHesloInternetHesloQ��Z��/�
vx|r�T�T�T@@���Z��/�
v888888HeatPump!��Z��/�
vBazen Javorova��Z��/�
va�Z��/�
vx|r�T�T�T@@���Z��/�
v�InternetHesloInternetHeslo���Z��/�
vBazen Javorova��Z��/�
v(x�Z��/�
vchu03
x�G�Z��/�
_chhud�z�Z��/�
vD6t��Z��/�
Chlpate Macky�8�Z��/� v
vchu03
x�G�Z��/�
vO�jX�Z��/�
vEF#
##xc�Z��/�
v�InternetHesloInternetHesloQ��Z��/�
vx|r�T�T�T@@���Z��/�
v888888HeatPump!��Z��/�
vBazen Javorova��Z��/�
va�Z��/�
vx|r�T�T�T@@���Z��/�
v�InternetHesloInternetHeslo� HTTP/1.1
Host: www.�Z��/�
vBazen Javorova��Z��/�
v(x�Z��/�
vchu03
x�G�Z��/�
v#gfeedccbbaaa``__^^^]\[[ZZZZYYYX%��Z��/�
vF�ZPPdx<�l�Z��/�
Chlpate Macky�8�Z��/� v
vchu03
x�G�Z��/�
v# >XXXXXXXXXXXXXXXXXXXXXXXXXXXXXYY�2�Z��/�
vH2-�Z��/�
v�InternetHesloInternetHesloQ��Z��/�
vx|r�T�T�T@@���Z��/�
v888888HeatPump!��Z��/�
vBazen Javorova��Z��/�
va�Z��/�
vx|r�T�T�T@@��^C^]
telnet> quit
Connection closed.
Jasne ze som uz pozeral TCP dump... Lenze ta appka sa mimo tej cloudovej sluzby tiez len napoji na TCP/60000 a interpretuje henten bordel.
Ta registracia zariadenia je napriklad tento request:
POST /Phnix.WaterHeater.WebService/SmartDeviceService.asmx HTTP/1.1
Host: www.phnixsmart.com
Content-Type: text/xml; charset=utf-8
Connection: keep-alive
Accept: */*
User-Agent: Pool%20Heater/2020010401 CFNetwork/1125.2 Darwin/19.4.0
Content-Length: 545
Accept-Language: en-us
Accept-Encoding: gzip, deflate
<?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body><RegistrationUserViaBarcode xmlns="http://www.phnix.cn/"><barcode>SERIOVECISLO</barcode><machineKindCode>177</machineKindCode><verifiedPw>HESLO</verifiedPw><modelSelectionCode>6</modelSelectionCode></RegistrationUserViaBarcode></soap:Body> </soap:Envelope>HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 09 May 2020 16:02:46 GMT
Content-Length: 463
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?".....ez..MQ-?.hw..Q./...X^|...=.>...8z.T.....2/.U..+...>...y......L.."k...>.W..].r7...~...k
........7......{...5....M.-..{kv.[.).O.....W.E..u....j..'..IV...Wy.....$.../.w.......`].h!.N...gYQ>..|....i...9:}...W.$..yJ...F..m....==.y|W~y|<m...u.....i.d.2.|7.T.<...h.h...{.....gZ.......b..h...a>.f.7.../.....s.U>........q.\......?.mn"..&LXj.M..n8.......f....
Nejake napady?
Udaje ktore by tam niekde mali byt: teplota vody na inlete, teplota vody na outlete, zoznam faultov (low water flow by tu prave mal byt), mode of operation, etc...
Kde zacat?