I received a Belkin Wemo device today to play with.
Since I do not have an iOS device, and for some reason the Wemo ONLY works with iOS (wtf?), I’m trying to get it working without it.
So far I’ve connected my laptop to its wifi access point. It assigned me an IP of 10.22.22.2 and its IP is 10.22.22.1 No conventional ports such as 22/SSH, 23/Telnet or 80/HTTP worked.
Running nmap revealed very few ports to be opened:
nemik@a64:~$ nmap -sT 10.22.22.1 Starting Nmap 5.21 ( http://nmap.org ) at 2012-07-16 17:48 CDT Nmap scan report for 10.22.22.1 Host is up (0.029s latency). Not shown: 998 closed ports PORT STATE SERVICE 53/tcp open domain 49152/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 1.81 seconds
When running telnet on the opened port 49152, there were interesting things:
nemik@a64:~$ telnet 10.22.22.1 49152 Trying 10.22.22.1... Connected to 10.22.22.1. Escape character is '^]'. HTTP/0.0 400 Bad Request SERVER: Linux/2.6.21, UPnP/1.0, Portable SDK for UPnP devices/1.6.6 CONTENT-LENGTH: 50 CONTENT-TYPE: text/html <html><body><h1>404 Not Found</h1></body></html> Connection closed by foreign host.
Same for curl:
nemik@a64:~$ curl -i 10.22.22.1:49152
HTTP/1.1 404 Not Found
SERVER: Linux/2.6.21, UPnP/1.0, Portable SDK for UPnP devices/1.6.6
<html><body><h1>404 Not Found</h1></body></html>
Interesting that it runs Linux though! I’d like to open it up to see the type of chips used inside but I do not have the triangular screwdriver for Belkin’s weird security screws on the device. If/when I order some and get it opened, I’ll post pics.
The next step is to borrow an iOS device and see if I can sniff the traffic for initializing the device. If anyone has done something similar or has any tips, please let me know.