This slideshow requires JavaScript.
In my eternal quest to control the flow of electrons with bits and bytes I stumbled across these little beauties at walmart.com for a very reasonable price, and according to the marketing pages these little mass manufactured voltage control modules even give you live energy usage stats, wunderbar!
The android app while effective leaved much to be desired. Doesn’t matter, I am a software engineer by trade and like a challenge. So I did what anyone would do in my situation and started recording network traffic in an attempt to reverse engineer the protocol.
The night is dark and full of terrors
These little snitches switches pack a nasty secret. When you register one on your wireless network it sends your wireless SSID and password in plain text to a server in china, and ask for your zip code during registration?
It’s too late for me, but ye be warned share not your wireless password for thou shalt aquire the heavist of burdens. Having to change your SSID and wireless password and reconnecting all your wireless devices, and invoke the mighty wrath of…. the minor inconvenience of re adding all your devices to a new wireless network
I cannot say that I was surprised by this discovery, disappointed, but not surprised.
Unsatisfied with these findings I decided to see what micro controller powered this polished little product, and was presently surprised for I stumbled on what looked like the current (at least of the time of this blog post) hackers oriental best friend, the (soon to be) venerable esp8266 micro controller.
At this point I was practically salivating, this is a very nice looking wireless outlet, and now I have the power to bend electrons without secreting state secrets? Needless to say I purchased many more that night for fear they would disappear.
Ok, now the hacking begins… Or so I thought, like always I decided I should probably poke around the old internets and see if I couldn’t give myself a leg up by polling the wisdom of my peers and rivals. After all, this the internet where anything can and probably already has been done.
Lo’ and behold for the bounty is rich
http://thegreatgeekery.blogspot.ca/2016/02/ecoplug-wifi-switch-hacking.html
http://forums.parallax.com/discussion/162862/wifi-controlled-outlets
Armed with this knowledge I warmed up the soldering iron and whipped up a programmer based on a esp8266-01 pinout so I could use a programmer I made a while back based on this no button flashing circuit.
Then cranked out a very simple yet semi-effective firmware replacement, basic on off and status functionality, I through in some of the usual esp8266 mix-ins like OTA firmware updates and SSID selection. This is in no means a production firmware, but more like something to get you started.
https://github.com/pborges/SimpleESP
So now I have a simple wireless controlled outlet. Great, I need an easy way to control it. Enter SmartThings Hub! Although I am not much of a fan of Java (and by extension groovy) I like that I am able to integrate almost whatever I want into my home automation. I whipped up a quick little ditty to extend SmartThings so it has dominion over these beasts. If you want to know how I did that leave it in the comments and I’ll make a post about it.
Ok, now I have hardware, and some meh software. Lets replicate these results en mass. Time to dust off another of the tools I don’t use nearly often enough, the CNC. and created this little pogo pin programmer out of sample vinyl tiles from Home Depot and a cheap esp8366 nodeMCU board from which I removed esp8266 module. This way I retain the no button esp flash capability of nodeMCU that is baked into the arduino esp8266 plugin.
To get these to flash properly I added this to the esp8266 boards.txt file,
I run linux so I’m not sure where it would be on a windows system but it’s located here on linux
~/.arduino15/packages/esp8266/hardware/esp8266/2.3.0-rc2/boards.txt
nodemcuv2.menu.FlashSize.1M64=1M (64K SPIFFS)
nodemcuv2.menu.FlashSize.1M64.build.flash_size=1M
nodemcuv2.menu.FlashSize.1M64.build.flash_ld=eagle.flash.1m64.ld
nodemcuv2.menu.FlashSize.1M64.build.spiffs_start=0xEB000
nodemcuv2.menu.FlashSize.1M64.build.spiffs_end=0xFB000
nodemcuv2.menu.FlashSize.1M64.build.spiffs_blocksize=4096
nodemcuv2.menu.FlashSize.1M64.upload.maximum_size=958448
And here is the programmer in action.
Now I need to write a better firmware, and figure out how to get those energy stats! There is a HLW8012 on board so I thought it would be easy but I guess there is a small 8 pin micro controller talking to the HLW8012 and converting its output to i2c but I have not been able to make much headway on it.
This is what I have determined by reverse engineering and research.
Wire.begin(12, 0); // these are the i2c pins
Wire.requestFrom(0, 16); // this will request 16 bytes of info
The data that comes back looks like 4 uint32’s, I am assuming there’s watt’s, amps, volts and power factor but I have not been able to grok much more then that.
Like this:
Like Loading...