Issac KellyThings I Know about the WeMo boxes
I'm working on hacking my wemo. I'd like to determine how it talks back and forth over the network. What I know at this time is that when the mobile app is running both the mobile app and the wemo device are talking over UPnP
I had to turn off UPnP on my router to use the following tools. I determined the protocol was UPnP by jumping onto my DD-WRT router, installing tcpdump and capturing several packet dumps and examining them.
The best thing UPnP analysis tool I found was miranda. You can get it from the downloads page here: Miranda
Under the covers it uses python twisted and Coherence: Coherence
Read more about miranda: Miranda Article
Some particulars:
- The LOCATION of the services file doesn't change, http://host/setup.xml
- The PORT of the UPnP device does change, I've seen 49152-49154 so far
You'll see if you read the logs below that the host number changes, I had to keep restarting the program, rediscovering the device, and that changes the order in miranda.
I think with this I've got everything I need to start making requests
I had some issues with miranda printing out the whole device info that it gathered, I'm checking into that, but in the gist they are pulled out of python and pretty-printed:
I have two guesses at how things work with IFFT. I'll be exploring those soon and update the post.
30th July 2012