Things I Know about the WeMo boxes

I'm working on hacking my wemo. I'd like to determine how it talks back and forth over the network. What I know at this time is that when the mobile app is running both the mobile app and the wemo device are talking over UPnP

Belkin WeMo Switch

I had to turn off UPnP on my router to use the following tools. I determined the protocol was UPnP by jumping onto my DD-WRT router, installing tcpdump and capturing several packet dumps and examining them.

The best thing UPnP analysis tool I found was miranda. You can get it from the downloads page here: Miranda

Under the covers it uses python twisted and Coherence: Coherence

Read more about miranda: Miranda Article

Some particulars:

  • The LOCATION of the services file doesn't change, http://host/setup.xml
  • The PORT of the UPnP device does change, I've seen 49152-49154 so far

You'll see if you read the logs below that the host number changes, I had to keep restarting the program, rediscovering the device, and that changes the order in miranda.

I think with this I've got everything I need to start making requests

I had some issues with miranda printing out the whole device info that it gathered, I'm checking into that, but in the gist they are pulled out of python and pretty-printed:

I have two guesses at how things work with IFFT. I'll be exploring those soon and update the post.

Comments and Messages

I won't ever give out your email address. I don't publish comments but if you'd like to write to me then you could use this form.

Issac Kelly