Reverse-engineering an encrypted IoT protocol

Next time you find yourself reverse engineering a weird protocol - use ImHex. You can literally define patterns (in a C++ &#x2F; Rust -like language) so that your binary file gets highlighted and processed.<p>I can&#x27;t recommend it enough - it&#x27;s perfect for the job and it&#x27;s free and Open Source.<p><a href="https:&#x2F;&#x2F;imhex.werwolv.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;imhex.werwolv.net&#x2F;</a>

&gt; Sniffing the traffic from the device showed that it was connecting out to tcp.goodwe-power.com:200001<p>Is 200001 the right port number? Very good read anyways.

While the reverse engineering was interesting to read about, I found the Batman Equation far more amusing! :)

He mentioned having a private, firewalled VLAN. Is there anywhere to get more info or example setups for the beginner homelabber? I&#x27;ve got Unifi gear, I poke around the interface. I realize I can make new VLANs, but what makes them isolated&#x2F;private?<p>Also I see his complaints about half assed security but I actually am kind of relieved. If the security was implemented well we wouldn&#x27;t be able to make our own man-in-the-middle prometheus exporters!

&gt; This exercise has reinforced my prejudice that IoT devices are horribly insecure.<p>Generally I agree with this assessment for home IoT devices, but I’m curious does this hold true for industrial or transportation? Can someone point me to blogs or studies on Chinese EV security?

Any kind soul want to teach me how<p>echo -e &#x27;admin\nadmin\nspi rd 0 2097152\n&#x27; | nc 192.168.18.17 23 | tee ~&#x2F;download&#x2F;hk1000.spi2.img<p>downloads the firmware?

So if I understand this correctly it is now possible to mess up other peoples graphs by just sending malicious packages to the server?

This reads similar to an intercom I am still in the process of trying to write a client for: <a href="https:&#x2F;&#x2F;grdw.nl&#x2F;2023&#x2F;01&#x2F;28&#x2F;my-intercom-part-1.html" rel="nofollow">https:&#x2F;&#x2F;grdw.nl&#x2F;2023&#x2F;01&#x2F;28&#x2F;my-intercom-part-1.html</a> . Seeing nmap, wireshark, poor security. It definitely feels the same.

You should check out Recessim: <a href="https:&#x2F;&#x2F;recessim.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;recessim.com&#x2F;</a><p>I think you would like the community.

+1 to having an IoT VLAN. Absolutely required to segregate the traffic.

How would one go about reversing and identifying a wireless protocol?

Awesome reading, well written and very clear. Thank your for your post.

Fantastic write up! Enjoyable read, and gave me some pointers.

This was a joy to read. Thank you for posting.

Well...<p>MY IoT devices don&#x27;t have garbage security.

This was very informative, thanks!

MIPS? Wow. Would not have expected that! I guess they went as low budget as possible.<p>That key tho. &#x2F;facepalm&#x2F; They REALLY don&#x27;t care about security. Seriously, at least get PSA level 1 FFS and use TLS. But I doubt a cheap-ass MIPS has the horsepower for a handshake.