
Adventures in Reverse Engineering Smart Bulb Firmware - nikital
https://medium.com/@urish/inside-the-bulb-adventures-in-reverse-engineering-smart-bulb-firmware-1b81ce2694a6
======
fsdfdsdffdfdfd
dfsfdsf

------
fsdfdsdffdfdfd
bxcb

------
mrlambchop
My first pass at this would be to put something like Charles between the wifi
AP and the internet and taken a look at what was going on. After understanding
the protocol, then would it be a lot easier to look for an OTA FW exploit or
mitm attacks around the string manipulation functions used to communicate to
the outside.

~~~
urishaked
The guy tried that before I join the project, but at some point the specific
bulb stopped communicating with the cloud, and we decided to embark on the
firmware extraction adventure. Also, it seems like they use SSL with public be
pinning, and I am not sure if this could be intercepted by Charles. Though, he
gets another bulb soon, we can definitely try this again :)

------
api
Traceroute to cloud.yeelight.com seems to go to China.

Your light bulbs are talking to a cloud service in China.

[https://www.cnet.com/news/can-wi-fi-let-you-see-people-
throu...](https://www.cnet.com/news/can-wi-fi-let-you-see-people-through-
walls/)

Nope.

