What is TP-Link Smart Plug?
The TP-Link Smart Plug (HS100 or HS110) is a cheap home device that allows you to remotely control the power state of your devices.
This company provides two applications to control the smart plug, for Android and IOS, but not for Windows. That's the reason I made my own library.
Important note: It works only with Wi-Fi at 2.4 GHz.
For more information, visit TP-Link Smart Plug HS110.
Introduction
In this article, I want to show how to control this device, using the Microsoft .NET Framework and WPF.
After the device configuration to connect it to our network (I won't explain how because it isn't necessary for this article), we will be able to connect to the smart plug using the port 9999 and the TCP/IP protocol (also using UDP, but I only use this one to discover all connected devices)
The commands used to communicate are simply encrypted JSON commands.
Encrypt and Decrypt Command Messages
The first byte of the plaintext is XORed with the key (0xAB), and later, the key is set to the plaintext byte. During the next iteration, the next plaintext byte is XORed with the previous plaintext byte. The decryption is the same, with the keystream made out of cyphertext bytes.
Note: In TCP communications, the first 4 bytes of the raw json message must be 0x00, and for decrypt the received message, we should discard the first 4 bytes.
Encryption Method
internal static byte[] EncryptMessage(byte[] pMessage, ProtocolType pProtocolType)
{
List<byte> mBuffer = new List<byte>();
int key = 0xAB;
if ((pMessage != null) && (pMessage.Length > 0))
{
if (pProtocolType == ProtocolType.TCP)
{
mBuffer.Add(0x00);
mBuffer.Add(0x00);
mBuffer.Add(0x00);
mBuffer.Add(0x00);
}
for (int i = 0; i < pMessage.Length; i++)
{
byte b = (byte)(key ^ pMessage[i]);
key = b;
mBuffer.Add(b);
}
}
return mBuffer.ToArray();
}
Decryption Method
internal static byte[] DecryptMessage(byte[] pMessage, ProtocolType pProtocolType)
{
List<byte> mBuffer = new List<byte>();
int key = 0xAB;
byte header = (pProtocolType == ProtocolType.UDP) ? (byte)0x00 : (byte)0x04;
if ((pMessage != null) && (pMessage.Length > 0))
{
for (int i = header; i < pMessage.Length; i++)
{
byte b = (byte)(key ^ pMessage[i]);
key = pMessage[i];
mBuffer.Add(b);
}
}
return mBuffer.ToArray();
}
Inside the Library
The library that I made, at this moment, only supports the following functions:
- Recover the smart plug info (States, Hardware ID, Software ID, ...)
- Can switch the led state (On/Off)
- Can switch the relay state (On/Off)
- Can search the devices in our network
- Can manage the count down (Turn On/Off the device after X time, delete current count down, ...)
- Reboot and Reset the device
- Set device alias
- Setup new devices (you should connect to your smart plug in access point mode)
- Discover all connected devices (using TCP scanner or UDP broadcast)
This library uses a third party library "Newtonsoft Json
", and it's linked to the project using Nuget.
Class diagram explanation:
- ORANGE: Device info and single actions to change something in the device (no answer required)
- BLUE: Actions to get the device time
- GREEN: Count down information and actions
- PURPLE: Available Wireless access points
The class HS1XX
is the main entry point. We should declare an instance to start the device management.
Using the Code
To use the library, we just need to declare a new instance of the class HS1XX
:
HS1XX mHS1XXManager =
new HS1XX(IPAddress.Parse("192.168.1.32"), 10000, 0, 0);
Note: I recommend using a big timeout for connection, and set to 0 the timeout to receive and send commands. The reason is because sometimes, the device takes a long time to perform the actions.
After that, we can use this instance to send actions and receive the device information.
Example:
HS1XX mHS1XXManager = new HS1XX(IPAddress.Parse("192.168.1.32"), 10000, 0, 0);
DeviceInfo dev_info = mHS1XXManager.GetDeviceInfo();
MessageBox.Show(dev_info.Alias);
Comments
- This is a non official library and non official application, you can execute under your responsibilities.
- The TP-Link firmware is under GPL license, so you can download it from the official web.
- Before writing this article, I asked to TP-Link support if any problem exists about writing an article where I will show how to make a custom app. (They said, that there isn't any problem, because firmware is under GPL).
History
- 27/12/2017
- Added new functionality to discover all HS1XX devices using UDP broadcast
- 15/08/2017
- Improved the function to get all HS1XX devices (now is faster)
- Added new exceptions
- Added the functionality to setup new devices
- Added class to allow to get the device info using the
ThreadPool
- 05/02/2017