Talk:IKEA Tradfri Gateway

From Domoticz
Jump to navigation Jump to search

Hacking the Ikea Trådfri app to Gateway communication

Sound as Ikea have choosen to base their implementation on OMA (Open Mobile Alliance) and Eclipse recommended standard of those three logical components; CoAP, and DTLS layers of the LwM2M protocol stack.

http://openmobilealliance.org/data-models-for-the-internet-of-things/

https://connect2.io/open-mobile-alliance-lightweightm2m-oma-lwm2m/

https://iot.eclipse.org/standards/

https://eclipse.org/community/eclipse_newsletter/2014/february/article2.php


Someone have already 'hacked' the newly release Ikea Trådfri Gateway - Turns out it communicates using standard CoAP encrypted with DTLS. See these two links:

These guy above have figured out how to talk to Ikea Trådfri Gateway using standard CoAP to send and recieve commands to its end devices (encrypted with DTLS v1.2 - Datagram Transport Layer Security).

Ikea Trådfri Android application appears to be using multicast (224.0.0.1) to find the Ikea Trådfri Gateway, and then communicates using encrypted CoAP (coaps). Also, it does not look like the Trådfri Gateway attempts to talk to the Internet (as the device looks to have has no outgoing connections). The default Ikea Trådfri Android app is fairly basic, where it currently only let you create schedules for turning on and off, and you can control lights and create zones, and control zones.

Looks like Ikea might have conformed with OMA LightweightM2M (LwM2M) Object IDs and Resource Registry ID as unique identifiers

Examples:
5750 Application Type
5850 On/Off
5851 Dimmer
5706 Color

OMA LightweightM2M (LWM2M) standard: http://openmobilealliance.org/iot/ http://openmobilealliance.org/iot/lightweight-m2m-lwm2m/ http://www.openmobilealliance.org/wp/Overviews/lightweightm2m_overview.html http://www.openmobilealliance.org/wp/OMNA/LwM2M/LwM2MRegistry.html http://www.openmobilealliance.org/tech/profiles/ https://github.com/OpenMobileAlliance/OMA_LwM2M_for_Developers/wiki http://devtoolkit.openmobilealliance.org/OEditor/Legal?back=Default http://www.openmobilealliance.org/wp/comments.html https://github.com/OpenMobileAlliance/OMA_LwM2M_for_Developers/issues http://openmobilealliance.hs-sites.com/keep_updated

The Wakaama project covers the LWM2M Protocol, CoAP, and DTLS layers of the LwM2M protocol stack for all three logical components. Wakaama is not a library but files to be built with an application. The Eclipse Wakaama project provides a C portable framework for building LWM2M clients and/or servers. The source code of Wakaama is available from the project webpage. It is written in C and designed to be portable on POSIX compliant systems.

http://www.eclipse.org/wakaama/


The Eclipse Leshan project provides a Java implementation of LwM2M, allowing to build LwM2M servers and clients. The source code of Leshan is available from the project webpage.

http://www.eclipse.org/leshan/


Note! CoAP (Constrained Application Protocol) is the protocol which the OCF (Open Connectivity Foundation) is promoting to become the standard for IoT.

https://en.wikipedia.org/wiki/Constrained_Application_Protocol

FYI, some more developers in the Home Assistant community have started analyzing the traffic between the Ikea Trådfri app (on Android/iOS) and the Ikea Trådfri Gateway:

https://community.home-assistant.io/t/ikea-tradfri-gateway-zigbee/14788/8

So far they had determined that application looks to communicate over UDP with Ikea Trådfri Gateway encrypted using DTLS v1.2 (Datagram Transport Layer Security).

Ikea Trådfri end devices hardware hacked

Some germans hackers have described how-to pull apart the Ikea Trådfri remote in order to make it into a cheap ZigBee transmitter.

This method of modifing the remote could be used to make a cheap ZigBee transmitter for example Raspberry Pi or ESP8266.

Ikea Trådfri devices in the news