Reverse engineered the WiFi pairing of my "Max Hauri MaxSMART 2.0" smart plug yesterday evening. Turns out it uses this great protocol called EasyLink. EasyLink is used to tell a device that isn't in a WiFi the WiFi credentials by sending some UDP packets on the WiFi. Sounds pretty neat, and must be very secure. The thing is, it can be secure, it'd support encryption of the credentials with a key shared by the sender and receiver. However Max Hauri didn't opt to do that.
Instead it will broadcast your SSID and WiFi password in a way that anyone who can see your WiFi can read. If they know that they should be listening. It essentially sends the bytes of data in the packet length. So per packet, a byte of data is sent. My implementation of this is at https://github.com/freaktechnik/mh-maxsmart2/blob/master/easylink.js - this doesn't support the encryption stuff. I honestly didn't expect much better from Max Hauri, since the devices also use a HTTP (no S!) cloud API and md5 hashed passwords.
EasyLink also has an evil twin, SmartLink, which sends two bytes per packet, stored in the target IP of the packet, another great way to leak your WiFi credentials.
chaos.social - because anarchy is much more fun with friends.
chaos.social is a small Mastodon instance for and by the Chaos community surrounding the Chaos Computer Club. We provide a small community space - Be excellent to each other, and have a look at what that means around here.
Follow @ordnung for low-traffic instance-related updates.
The primary instance languages are German and English.