badge How a simple hack turned $5 Amazon dash into multi purpose IOT device ~ Tech Siddhi










Tuesday, 18 August 2015

How a simple hack turned $5 Amazon dash into multi purpose IOT device

Tuesday, August 18, 2015  , , , , , , , ,  No comments

Amazon recently launched its $5 dash buttons which allows you to order your house hold goods with just a click. These buttons are physical hardware buttons which can be set up to order a particular SKU on Amazon with just a click. The device makes it easier to order household goods like detergents, paper towels, diapers, personal care items etc. One device can be set up to order only one SKU, but CloudStitch CTO Ted Benson had other plans in his mind. He just hacked this petty device and found a way that can make these devices do pretty much everything he wants.

Ted, has detailed in a post on medium.com how he hacked the device to track his child's poops. He mentioned that impressive way to do this would have been to rip open the device  and reprogram it, however being a lazy dad he chose the other option of sniffing his wifi network whenever a device requested for a connection and then record a data point when it hears some.

By this time if you haven't clicked on the link above to see the detailed post, here is a summary of actions how this hack was done.

  • First step is to configure your Amazon dash button as per the instructions provided except the last step where in you are asked to give the SKU of product you want to order. This will ensure that your device connects to your network and is ready to trigger some action when you push the button.
  • Run a small python code written below to sniff your wifi network, to get details when the dash button is connected to wifi. 
from scapy.all import *
def arp_display(pkt):
if pkt[ARP].op == 1: #who-has (request)
if pkt[ARP].psrc == '0.0.0.0': # ARP Probe
print "ARP Probe from: " + pkt[ARP].hwsrc
print sniff(prn=arp_display, filter="arp", store=0, count=10)
  • Note down the mac address of devices you connected as shown in below pic.
  • Now modify the above code with the MAC addresses got from the above step.

    from scapy.all import * def arp_display(pkt):
    if pkt[ARP].op == 1: #who-has (request)
    if pkt[ARP].psrc == '0.0.0.0': # ARP Probe
    if pkt[ARP].hwsrc == '74:75:48:5f:99:30': # Huggies
    print "Pushed Huggies"
    elif pkt[ARP].hwsrc == '10:ae:60:00:4d:f3': # Elements
    print "Pushed Elements"
    else:
    print "ARP Probe from unknown device: " + pkt[ARP].hwsrc
    print sniff(prn=arp_display, filter="arp", store=0, count=10)
  • Finally modify your python script's code to do whatever you want. Below is the working demo video uploaded by Ted on Youtube.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)