Skip to content
/ eliger Public

Server and Telegram bot for the eTIGER Secual Box v2

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rubenvandeven/eliger

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
bin
bin
 
 
eliger
eliger
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
eliger-config.example.json
eliger-config.example.json
 
 
requirements.txt
requirements.txt
 
 
supervisor.conf
supervisor.conf
 
 

Repository files navigation

eLIGER - Automate the eTIGER alarm

Stop the eTIGER Secual Box v2 from phoning home & control it trough Telegram (or integrate it with your home automation)

Possible works for other devices from eTIGER, MaxSmart (SG2?) or Chuango as well.

Why?

I own an eTIGER Secual Box v2. Out of dissatisfaction with the app I started exploring the possibility to create my own app.

It turned out the app sends passwords unencrypted & the box itself communicates trough an unencrypted TCP stream with a max818 server in China. Sublime security... 🤦

Nevertheless, this made it easy to hijack the Secual Box's connection and setup a private server using MITM.

Telegram Commands

See telegrambot.py for all commands.

  • /on: Enable alarm
  • /off: Disable alarm.
  • /home: Set alarm to home mode.
  • /status: Inquery whether alarm is on/off.
  • /siren [on|off]: enable or disable the sound of the siren. Usefull when triggering the alarm for testing.
  • /custom: Send anything you want over the TCP stream to the Secual Box. Primarily used to set variables that do not have their own command (which are most)
  • /grant: Grant another chat control over the alarm. Note that this person can also issue grants.
  • /start/help/settings: Commands implemented for Telegram's sake.

The three commands to set the alarm status (on/off/home) can quickly be sent trough the custom keyboard that is sent on /start.

Start the server

Setup your computer as WiFi hotspot (I use a rpi with hostapd ) and use iptables to redirect traffic. Since we use a bridged interface, physdev module is needed to capture the traffic:

sudo iptables -t nat -A PREROUTING -m physdev --physdev-in wlan0 -p tcp --dport 8400 -j REDIRECT --to-port 8000

Copy the eliger-config.example.json to eliger-config.json and edit for your needs.

  • The telegram.token is the token of your telegram bot.
  • The valid_chat_ids is an array of telegram chat_ids that is allowed to control the alarm. setting one 'superuser' in the config should be good enough, as other chats can be confirmed by this person. Probably the easiest way to resolve these is to start the server using python3 bin/eliger_server: then use your telegram to chat with the bot. The chat_id should be outputted to the terminal.

To have some failsafe, run eLiger trough supervisord:

sudo ln -s /home/pi/eliger/supervisor.conf /etc/supervisor/conf.d/etiger.conf
sudo supervisorctl reread
sudo supervisorctl update

UPDATE 2022

Max818.com is down, which is used by the box to resolve some ip (the traffic to which we then capture). So we now need to spoof also this domain. I do this using dnsmasq (eg. following this). And setting max818.com in my /etc/hosts to my server's ip . This means we need to access the ESWIFI-XXX (for some reason using the same pw as the hostapd). Then, log in to 10.10.100.254 (user: admin, pw: admin). And manually set DNS in "STA settings". [Later note: this seems to be ignored, instead a static ip for DNS is used]

My current setup (probably some redundancy after tryouts)

# Generated by iptables-save v1.6.0 on Sun Feb 13 13:20:54 2022
*nat
:PREROUTING ACCEPT [6:3734]
:INPUT ACCEPT [37:1628]
:OUTPUT ACCEPT [4:210]
:POSTROUTING ACCEPT [10:3944]
-A PREROUTING -p tcp -m physdev --physdev-in wlan0 -m tcp --dport 8400 -j REDIRECT --to-ports 8000
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 8400 -j REDIRECT --to-ports 8000
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 8400 -j REDIRECT --to-ports 8000
-A PREROUTING ! -s 192.168.178.25/32 ! -d 192.168.178.25/32 -i br0 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.178.25
-A PREROUTING ! -s 192.168.178.25/32 ! -d 192.168.178.25/32 -i br0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.178.25
-A PREROUTING ! -s 192.168.178.25/32 ! -d 192.168.178.25/32 -p tcp -m physdev --physdev-in wlan0 -m tcp --dport 53 -j DNAT --to-destination 192.168.178.25
-A PREROUTING ! -s 192.168.178.25/32 ! -d 192.168.178.25/32 -p udp -m physdev --physdev-in wlan0 -m udp --dport 53 -j DNAT --to-destination 192.168.178.25
-A PREROUTING ! -s 192.168.178.25/32 ! -d 192.168.178.25/32 -i wlan0 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.178.25
-A PREROUTING ! -s 192.168.178.25/32 ! -d 192.168.178.25/32 -i wlan0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.178.25
-A PREROUTING -i wlan0 -p udp -m udp --dport 53 -j REDIRECT --to-ports 1234
COMMIT
# Completed on Sun Feb 13 13:20:54 2022
# Generated by iptables-save v1.6.0 on Sun Feb 13 13:20:54 2022
*filter
:INPUT ACCEPT [94672:46551166]
:FORWARD ACCEPT [339898:84102511]
:OUTPUT ACCEPT [31784:8637577]
COMMIT
# Completed on Sun Feb 13 13:20:54 2022

saved using iptables-save > /etc/iptables/rules.v4

TODO

  • Integrate with home-assistant
    • automatically disable when I get home.
    • send a reminder to enable alarm when everybody leaves the house
    • do whatever you want.
  • Create commands to implement other settings (phone numbers/alarm duration/zones/etc.)
    • This means figuring out all the parameters sent by the Box trough its initial json.
  • Track who changes the status

About

Server and Telegram bot for the eTIGER Secual Box v2

Topics

home-automation telegram-bot mitm home-alarm

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages