I've reverse engineered the protocol between the app and the outlets. It's AES-256 encoded in ECB mode, and the key is {
0x66, 0x64, 0x73, 0x6c, 0x3b, 0x6d, 0x65, 0x77,
0x72, 0x6a, 0x6f, 0x70, 0x65, 0x34, 0x35, 0x36,
0x66, 0x64, 0x73, 0x34, 0x66, 0x62, 0x76, 0x66,
0x6e, 0x6a, 0x77, 0x61, 0x75, 0x67, 0x66, 0x6f
};

The plaintext is '%' separated, in the form of "lan_phone%<MAC>%<PASSWORD / 'nopassword'>%<ACTION>%brmode" to request an action, and then "lan_phone%<MAC>%<PASSWORD>%<REQUEST ID>%request" to confirm the action.

ACTION="open" to turn on, "close" to turn off.

Should be simple to write a program in any language without needing to know the plug's ssh password.

#API   #SDK   #Encryption  
Shared publiclyView activity