So, we just got through Amazon Prime Day. That means I got myself a handful of amazon dash buttons for $0.99 each. How could I resist, I could do some coding in a new toolchain and architecture I’m not familiar with… ok no. All I intended to do with these was to use the software-only hack that allows you to capture the button presses and pipe that through to my mqtt server. Amazon decided to thwart me just a bit.
As noted in this wonderful teardown there’s a new kid on the block for amazon dash buttons (JK29LP). The old one (JK76PL) had an stm32, the new one is an atmel. I would normally like this, but no one else has blazed a trail for me yet so I’ll fall back to being lazy. The new amazon dash buttons no longer broadcast the message that the original hack picks up, but I tweaked it and am back in business (although from the blink pattern you can tell what revision button you have). There’s a new program someone wrote to have a windows daemon that runs a program or script whenever a button is pushed, and it even works on the new buttons. But it only works on windows and I just won’t have that.
I based my work on the original code from a number of different places used for different purposes. My modification is using the dash button to send out a message on a given topic on a given mqtt server (in my case it’s localhost). I thought that if the windows program used the ip addresses that the router gave leases to then I could get the MAC addresses by checking the leases in my router. If I had only been smart enough to remove this line:
if pkt[ARP].psrc == ‘0.0.0.0’: # ARP Probe
I would have seen the buttons being pressed.
from scapy.all import *
import osdef arp_display(pkt):
if pkt[ARP].op == 1: #who-has (request)
if pkt[ARP].hwsrc == ‘f0:27:2d:ef:a8:a2′: # ARP Probe
print “ARP Probe from: snuggle 1 ” + pkt[ARP].psrc
os.system(“mosquitto_pub -h localhost -t displayTopic -m snuggle1”)
if pkt[ARP].hwsrc == ’74:75:48:6f:3b:b7′: # ARP Probe
print “ARP Probe from: snuggle 2 ” + pkt[ARP].psrc
os.system(“mosquitto_pub -h localhost -t displayTopic -m snuggle2”)
if pkt[ARP].hwsrc == ’44:65:0d:78:94:12′: # ARP Probe
print “ARP Probe from: glad 1 ” + pkt[ARP].psrc
os.system(“mosquitto_pub -h localhost -t displayTopic -m glad1”)
if pkt[ARP].hwsrc == ’44:65:0d:c6:e5:21’: # ARP Probe
print “ARP Probe from: glad 2 ” + pkt[ARP].psrc
os.system(“mosquitto_pub -h localhost -t displayTopic -m glad2”)
if pkt[ARP].hwsrc == ‘0c:47:c9:7c:55:20’: # ARP Probe
print “ARP Probe from: redbull 1 ” + pkt[ARP].psrc
os.system(“mosquitto_pub -h localhost -t displayTopic -m redbull1”)
if pkt[ARP].hwsrc == ‘0c:47:c9:ed:9c:46′: # ARP Probe
print “ARP Probe from: redbull 2 ” + pkt[ARP].psrc
os.system(“mosquitto_pub -h localhost -t displayTopic -m redbull2”)
if pkt[ARP].hwsrc == ’44:65:0d:4d:a6:0b’: # ARP Probe
print “ARP Probe from: burt’s bees ” + pkt[ARP].psrc
os.system(“mosquitto_pub -h localhost -t displayTopic -m bees1″)print sniff(prn=arp_display, filter=”arp”, store=0, count=0)
My code hardcodes the MAC addresses without checking for a 0.0.0.0 arp packet and prints out to the terminal and sends a mqtt command. I run all this on my mqtt server pi and have it autostart just like the screen script. Except not just like that because I want this one to run as root since I can’t do permissions worth a damn. That would be here, and I’m still working on it.
I know this isn’t original as I see references to people removing that line, but I see no reference to the new dash button and this rock solid implementation of the year old python code. That being said I also haven’t seen this tied to mqtt either, so that may be original. NOTE: this triggers a notification on the amazon shopping app everytime a button that does not order a product is pressed. This could be mitigated by blocking access to amazon’s servers for those buttons but I just sign out of the amazon shopping app (I could set them back up using a fake account, but it’s late). I also like the thought of finding out how to respond to the buttons so they blink green when amazon responds, but I’m not willing to dig into that right now.
