Sunday 10 April 2016

Hacking the Amazon Dash for the UK

 Intro

So you want to use the Amazon Dash button but live in the UK?First issue, is actually getting them. They are only available in the US and you require a US address. Once you've actually obtained one of them, the next bit is pretty easy...

Configuration- android

Well you have to setup the dash button through the amazon.com app....

The easiest thing to do is to press and hold the dash until it flashes blue. Once it is in this mode, it creates a access point called 'Amazon ConfigureMe'. I used the excellent tool iStumbler to find this:


Once connected to it (192.168.0.2), I used firefox to http://192.168.0.1

There I entered the SSID and password of my local wireless LAN network and bam. It gave me the success sceen.


This, unfortunately, did not work, because the amazon app has a cert which automagically activates the dash, and in part of that process requires you to have a US IP address. So I fired up openvpn and connected to an endpoint in the US then did the setup via the amazon app.

Each time the dash connects to my wireless LAN, it sends a gratuitous arp and then shuts down. Note that the configuration mac address ( 6c:0b:84:34:ce:ed )is different to the actual mac address it uses once setup.

Programming

I am using my current favourite language python, and we're going to use the scapy library.
Firstly, we need to install the library:
sudo pip install scapy
Then run this script to find out what the mac address is:
from scapy.all import *


def arp_display(pkt):
  if pkt[ARP].op == 1: #who-has (request)
    if pkt[ARP].psrc == '0.0.0.0': # ARP Probe
      print "ARP Probe from: " + pkt[ARP].hwsrc

print sniff(prn=arp_display, filter="arp", store=0, count=10)
 
So now that I know this I can plug this into a proper python program, which sends me an email when my 9month old baby poos.
from scapy.all import *
import smtplib
server = smtplib.SMTP('192.168.2.254', 25)


def arp_display(pkt):
  if pkt[ARP].op == 1: #who-has (request)
    if pkt[ARP].psrc == '0.0.0.0': # ARP Probe
      if pkt[ARP].hwsrc == 'a0:02:dc:88:94:ea': # digestive disadvantage
        print "Pushed Poo"
    msg = "Scarlett pooed" # The /n separates the message from the headers
    server.sendmail("dash@amz.org", "phil.spencer@gmail.com", msg)   
  
      elif pkt[ARP].hwsrc == '10:ae:60:b1:97:73': # Depends
        print "Pushed Depends button"
      else:
        print "ARP Probe from unknown device: " + pkt[ARP].hwsrc

while True:
  print sniff(prn=arp_display, filter="arp", store=0, count=10)
 
Next part I will show how to log this data into an Excel sheet for later analysis.


Posted by at No comments:
Subscribe to: Posts (Atom)