I have bought Orvibo S20 (picture) smart socket. You can find them on Amazon, eBay and probably many other online shops. The socket comes with an app for Android and iOS that is used to control the socket. Unfortunately, the app is proprietary and also not available for normal computers. I wanted to have some free software solution. Also, the original app didn’t work too reliably, and of course you can’t fix it without having a code. Again, this shows why it is important to have free software…
After searching a bit I found some code on GitHub written for Ninja Blocks. It also came with some reverse engineering data (I will refer to this as the original reverse engineering later and will assume that you briefly looked at it). That file might look slightly scary initially if you are not used to that kind of stuff but actually everything is quite simple. It seems that the socket can be controlled by simply sending UDP packets over the network and listening for replies. You can even try to play a bit with netcat but of course it is not too convenient. So I decided to write my own program using Qt 5. It provides a lot of convenient functions in its QtNetwork module and also it would make it easy to write GUI if I ever decide to do so in the future. Also, I’m familiar with Qt because it is used by KDE Applications. Another reason for choosing Qt was it’s support for sockets and slots and I expected them to be useful.
As you can see in the reverse engineering file, there are commands to discover the socket, subscribe to it (which is required before doing anything else), power it on/off and read some tables (Socket Data contains information about the socket and Timing Data stores when to turn the socket on or off). They all follow similar pattern. You have to send
Magic Key+ message length + command id + rest of the message
where Magic Key is 68 64 (hexadecimals) and is used to distinguish these UDP packets from any other packets that are send over UDP port 10000. Every time you send a message the socket replies with another message confirming the action of the first message. Or the socket doesn’t reply. We are using UDP protocol for networking. So there is no guarantee that message is received and later I had to write some code to make sure packets are received. Hence, I implemented message queue and resend every command until I get a proper reply before sending another command. This finally made my program more reliable.
Writing Socket Data
I quickly managed to get some basic stuff working (for example powering it on and off) and soon I implemented most of the commands from the file with reversed engineered commands (reading Timing Table is still not completed but shouldn’t be too hard). Since I wanted to do more than that, I started Wireshark and analyzed a few more packets. I quickly learned how to write Socket Data Table too. Apparently, you send command very similar to what you receive when you request Socket Data but with different Command ID (74 6d instead of 72 74 in hexadecimals).
So to write Socket Data I send the following packet
Magic Key + message length + 74 6d + mac + mac padding + 00 00 00 00 + AA 00 BB + recordLength + record;
where
record = 01 00 /* record number = 1*/ + versionID + mac + mac padding + reversed mac + mac padding + remote password + socket name + icon + hardwareVersion + firmwareVersion + wifiFirmwareVersion + port + staticServerIP + port + domainServerName + localIP + localGatewayIP + localNetMask + dhcpNode + discoverable + timeZoneSet + timezone + countdownStatus + countdown + 00 (repeated twelve times) + 30 (repeated 30 times, note that hex 30 corresponds to 0 in ASCII);
countdownStatus is 00 ff when countdown is disabled and 01 00 when countdown is enabled.
AA 00 BB is actually table number and version flag. E.g. 04 00 01. 4 stands for table number (Socket Data is Table number 4) I don’t completely understand what is version flag, so if you know please tell me in the comments.
Then socket replies with:
Magic Key + message length + 74 6d + mac + mac padding + 01 00 00 00 00;
Now just send an already documented Socket Table packet (see: http://pastebin.com/LfUhsbcS) to update your variables.
Writing Timing Data
Writing Timing Data is exactly the same (even Command ID is still 74 6d) as writing Socket Data but you must specify 03 a a table number
Magic Key + message length + 74 6d + mac + mac padding + 00 00 00 00 + AA 00 BB + record1Length + record 1+ record2Length + record2 + record3Length + record3 + …;
record again contains the same data as what socket sends when you request timing data.
Initial pairing of the socket
The authors of the original Ninja Blocks orvibo-allone driver assume that socket was already paired using the proprietary Android/iOS application. Their original reverse engineering also contains no information how to do that. I expected that this might be a bit tricky to do because unpaired socket is not connected to the router and you have to somehow transmit your wifi configuration into the socket. I think there are at least two ways to pair that proprietary Android/iOS app implements. If you press the socket button for a few second it switches to a rapidly blinking red led mode. Then long press it again and it switches to rapidly blinking blue led and the socket creates an unencrypted wifi network (it was called WiWo-S20).
Then I created the wifi network with the same name on my laptop and tricked the proprietary app into believing that it is the socket’s wifi network. I was able to intercept the following message on UDP port 48899 (everything is in ASCII in the section, not in hex):
HF-A11ASSISTHREAD
So apparently, Orvibo S20 has HF-LPB100 Wifi chip inside. This chip can be controlled by the AT+ commands (you can find them online but I will write a brief summary here) and I was able to do initial socket configuration!
- Switch S20 to rapidly blinking blue led more. Connect your computer to WiWo-S20 network.
- Send “HF-A11ASSISTHREAD” on UDP port 48899 to the broadcast address (don’t include ” in the message).
- S20 will reply with “IP address,MAC Address,Hostname”. The socket always replies to the same port as the source port of your message.
- Acknowledge that you got the previous message by sending “+ok”.
- Send “AT+WSSSID=ssid\r” where you replace ssid with your WiFi network name. \r is the carriage return (CR) symbol.
- The socket will reply with “+ok\n\n” (\n in this case is carriage return + line feed) if everything is correct or “+ERR\n\n” if something is wrong.
- Send your Wifi security settings: “AT+WSKEY=WPA2PSK,AES,PASSWORD\r”. The socket will again reply with “+ok\n\n”.
- Switch HF-A11 chip to station mode by sending “AT+WMODE=STA\r”. Again, wait for “+ok\n\n”
- Reboot your socket with “AT+Z\r”.
- Connect your computer back to your router. Wait until the socket boots. Now you can find it using normal discovery packet on port 10000, then change socket name, timezone, etc. with Write Socket Data packet…
I did some investigation and it seems that we need to send a slightly modified Table Data and Socket Data packets immediately after pairing to set them to default values. More information will be published later.
Another way to pair the socket from the rapidly blinking red mode. It is slighly less reliable than this method but on the other hand does not require you to disconnect from your wireless. Actually, it doesn’t require your computer to have any wireless at all.
Unfortunately, it seems that either way WPA encryption key is transferred in an insecure way, i.e. the socket is not able to use any public key cryptography. Slightly safer way to do it manually is to first change your WPA key to something temporary and pair the socket. Then use AT+ commands to change WPA password to the real one and change your router’s WPA password back.
Also, note that this socket doesn’t support WPA Enterprise. So if you would like to use it at home then create two Wifi networks: WPA-PSK for the socket and WPA-EAP for everything else (OpenWrt can do this easily).
Code
I released all code under the GNU General Public License version 3, so the code is freely available to everybody. Git repository is available at:
https://git.stikonas.eu/andrius/s20 (feel free to create an account here and fork the code)
Windows binaries
I compiled windows binaries. There is also a very limited GUI that does not yet have all the features of console app but if you prefer GUI then it might be useful.
| Console | 64-bit | 32-bit |
| GUI | 64-bit | 32-bit |
Donations
If you find this work useful then tips are very welcome. You can send Bitcoin tips to bc1qe2dfqjwgse5v6cl6rhtk352ru90t0hnve45f2c.
I was able to buy the second socket which already resulted in improved multiple socket support. Thanks for the donations!
Bitcoin: bc1qe2dfqjwgse5v6cl6rhtk352ru90t0hnve45f2c
Bugs
Bugs are tracked in the Gitlab issue tracker.
See also
Go code by Grayda (basic support for S20 but also supports Orvibo AllOne devices)
PHP code by Fernano Silva (supports most features of S20). See also his technical data file.
340 comments on “Reverse engineering Orvibo S20 socket”
Comment navigation
Hello Andrius,
Thank you for this great teardown, I learned a lot from it.
Regarding controlling the socket over the internet, I read in comments that your app does not support that, and I am wondering if they are using a server to communicate with it when you are outside your local network.
what do you think?
Yes, they are using a server. And I guess that since using their server somewhat reduces privacy, nobody bothered to reverse engineer that part of the protocol yet…
I wanted to Post this information here:
For anyone having problems in Iphone IOS app getting your Orvibo to connect. There seems to be an issue with the Wiwo app and the way it handles it’s Wifi passwords.
1. With /Obvibo red lights flashing quickly/ Go into wiwo app
2. + to add device enter network password.
3. Start configiring .. No connection/ hit exit config. Don’t change anything. Important
4. Toggle show password then/ uncheck show password / Nothing else!
5. Hit Start configuring again. ( repeat this process until it connects)
I’ve tried 100’s of times trying to reprogram, I figured it out by accident with my 3 units.
Hello Andrius,
Just to let you know that with the arrival of summer time and Daylight Saving Time (DST), I had to update my web interface code, since I discovered that I was mishandling some Timezone and DST information. The updated code is now able to correctly handle DST information and all time zones (including East, West and “half time zones”). More detailed information on these issues, as well as some more reverse engineering and message data, which I believe that is new to us, was included in the TECHNICAL_DATA.txt file of my repository at https://github.com/fernadosilva/orvfms
Best regards,
Fernando
Hi Fernando,
Thanks for this! I kinda saw that DST is handled automatically, so in summer timezone is 0, in winter timezone is 1. But indeed we didn’t know that DST status is represented in byte 161. That half hour timezone handling is also new thing. I wonder if it can also represent 45 minute time zones (e.g. Nepal and a few others). Maybe 04 and 05 would work (but I’m just guessing now without checking).
Hmm, that pastebin is getting really outdated although still useful resource.
Good point, I missed 15min time zones (I was not aware of them…). The WiWo supports at least the Katmandu time zone, so possibly it is something like that (remains DST bits). I will update the info as soon as I confirm that.
Regds
It is easy to miss them. I once tried to look at those half hour time zones but only saw that integer byte in time zone and missed those changes in byte 161 changes that were labeled DHCP Mode. Well, now it makes much more sense because I always wondered why they need that DHCP=on or off. DHCP is always needed with those sockets, they can’t work without it.
Regarding the automatic update of the DST, I just noticed in my sockets, when summer time arrived in 2016, that the end section of table 4 reported (in plain ASCII code) the begin and end DST dates of 2015! In fact my sockets did not update DST automatically. I suspect that there is some connection between the lack of automatic DST change and this outdated information. It was this lack of automatic update that lead me to try to deal it with my code (and it works fine for me now).
I do not exclude that this faulty DST behaviour may also result of some unhappy side effect of my own code – several msg bytes are still unclear for me and I have seen that these sockets exchange with the WiWo and the vicenter.orvibo.com some further undocumented messages….
Reds
I think my code might be doing something wrong too. For some reason official Wiwo app does not see socket names anymore. However, I can still change the names of my sockets with my own app. Hmm, should check what your php app sees in my case.
Maybe it has something to do with table versions… My code basically ignores them now.
I am sure that there is some compatibility problems between my code and the WiWo. But, so far, not with the names. Part of the problem seems to be related with the WiWo own code, which seems to rely too much in locally stored data (in the smartphone, or maybe in the orvibo server), and seems to assume that there is no one else messing with the S20s. For example, weekly timing commands programmed with my code work fine, but only show in the WiWo after deleting the socket and searching for it again…
My new tests seem to suggest that the S20 socket do not support 15 minutes time zones (e.g., Kathmandu, GMT+5:45). While this timezone is in fact manually available in the WiWo, when it is selected (TZ=Kathmandu, DST off), byte 161 in table 4 appears as 03 and the socket seems in fact programmed as GMT+5:30 and not GMT+5:45. If there is anybody out there in one of these “15m” time zones who has a S20 and is able to get it properly synchronised, please drop me a note and I will try investigate further this issue :-).
I installed Orvibo wifi socket s20 via application WIWO on my smartphone. I successed two times to switch on and off a desk lamp but immediatelly a message pop up on the smartphone: timeout……
Since than whenever I plug in socket , there is no light in the button and I try to switch on/off via smartphone after procedure on phone I got a message : there is no device….
I tried many times to restore to factory settins keeping described procedure in Users Guide of WIWO application in my phone but without any success.
Would you be so kind and explain what to to in order to get wifi socket s20 reset and how to install it once again.
Regards
If there is no light in the button it is likely that socket is broken. Can you still return it to the shop?
If we have socket configured on static IP reservation, and if we could specify IP (instead of using broadcast discovery) on command line, then s20.exe could easily be run from anywhere with proper port forwarding.
Would that be possible to implement?
Hi Andrius, thank you very much for your effort.
I just bought two S20 and, with your help, was not difficult to make a small application in C ++ ( ranning in Windows Vista) and one in php, for my linux server. Very well !
Verily, the UDP protocol is not very reliable.
There is a way to use the TCP protocol?
You know anything?
Thanks.
The socket supports only UDP protocol, there is no way around it. UDP protocol can be just as reliable if you implement it correctly, i.e. you have to check yourself whether message was received (so basically emulate what TCP does automatically).
For every UDP message you send, the socket replies back. So if you don’t hear any reply you need to send UDP packet again. I do this in my program and then it is very reliable.
Yes, that’s the right way. A little attention on GLOBAL DISCOVERY command: my socket replies 10 times.
About the TCP protocol: if the socket supports only UDP, how can my WiWo app reach the socket from my remote iPhone ?
This, for me, is a mystery.
Kind regards
I know quite little about networking protocols but I thought UDP protocol is actually better for remote access.
I’ve heard that there are things like UDP hole punching. By the way, wiwo app uses some intermediate proxy server, so probably proxy server and the socket cooperate to punch a hole in routers firewall. I think this is much less reliable over TCP.
Exactly as you say.
To try, on my router I blocked incoming UDP traffic: in this configuration the remote iPhone no longer controls the sockets but still recognizes their status ( on/off ).
Thanks and kind regards
Hello!
I have a question: Is it possible to Control settings of an S20 from within LAN from your command line, when it is locked? in other words: can your command line interface find an S20 that is locked, and using the correct password send a message to it to change e.g. timer settings? Thank you.
regards
Tomasz
My program can’t find locked devices. But finding sockets IP shouldn’t be too hard, it’s in the router settings. Probably tools like nmap can help too if no access to router. Then instead of sending requests to broadcast IP, send it to the sockets ip. So required changes to my app would be minimal, maybe just 1 line.
I am almost sure that password does not matter at all here but I haven’t checked. Password is to prevent random access via proxy server.
Worth noting that for PHP by Fernando Silva to work properly Maximum execution time in php.ini must be set to 30
Application is great, but I did not manage to get the initial pairing to happen (had to use iOS app). Nothing was happening once connected to its WiFi with blinking blue light.
But once paired, it is great.
Yeah, sometimes there are some problems with initial pairing. I’m not sure why. Sometimes it worked for me, sometimes it didn’t. But you only need to do it very rarely.
thanks to info found on this blog i developed a console w32 tool for both s20 and allone
https://sourceforge.net/projects/orvibo-allone-console/
https://sourceforge.net/projects/orvibo-s20-console/
hope you can find it useful
Hi OZ,
I can’t seem to get the s20 compiled exe to run on Win10 or Win7. The command screen appears for a split second before it closes.
Can’t spot anything in event viewer and have disabled AV.
I’m looking for something I can write a basic batch script for that will toggle S20’s – by passing parameters like: “s20 1.0.0.2.exe -name/ip/mac/whatever -action:toggle”
Thanks again,
TN
Hey Andrius! Today 2016-03-16 the s20 socket manager does not find the s20 anymore at all in my network. I am connected to the LAN network and it used to always work..
did they maybe do an update? can you try it? thanks!
Still works here, strange.
When I plug the plug out and in again (restart), your app finds him (while your app is open!). Afterwards your app doesnt find the plug anymore..
Are you sure no other app tries to claim the socket at the same time?
I have the socket in several orvibo apps.. but that used to always work so far, is it not possible to use the orvibo mobile app and your app at the same time?
I was able to track down the problem!! When I thought of recent changes, my virtualbox installation a few days ago came to my mind.. now it behaves the following: When I deactivate the Virtualbox virtual Ethernet-Adapter Network connection, your app works. Whenever this virtual ethernet-adapter is activated, your app fails. Can you maybe help me with another workaround than always shutting down this ethernet adapter when I want to start the watercooker in my kitchen for another tea?^^
screenshot: https://onedrive.live.com/redir?resid=260196A39D235D35!115921&authkey=!ANhrORii5sg468Y&v=3&ithint=photo%2cpng
Maybe it has something to do with your network broadcast addresses…
https://git.stikonas.eu/andrius/s20/src/master/server.cpp#L31
sets it to 255.255.255.255 but maybe your network has different one when you activate ethernet.
Do you know of an easy workaround other than always deactivating ethernet? thanks 🙂
As I’ve said in the previous comment, try to check what is the broadcast address in your networks.
I think my program had troubles with android wifi hotspots. For some reason 255.255.255.255 didn’t work there. Maybe something similar happens in virtualbox/windows host (or whatever configuration you use). If not this, than I don’t know what else can go wrong.
Hi Andrius,
many thanks for your good work. With your help I was able to integrate this plug into to openhab network I have at home.
Unfortunately I received a WARNING from my vendor that the Orvibo S20 is NOT SAFE TO USE. There is a warning at least for europe:
Link to EU rapex report
Although the plug works like a charm I will get rid of it.
Kind regards
Michael
Well, UK version seems ok. Although, UK plugs are bulky, they are actually cleverly protected, ground pin is longer and live plugs have partial insulation which protects against not fully inserted plugs. And yeah, EU version has no earthing. But UK versions seems to be fine, you can always buy UK version and two socket adaptors :), i.e. EU->UK — Orvibo S20 UK — UK->EU.
The Australian version from Arlec has an earth pin and the earth pin is longer then the live and neutral. Also both live and neutral coated with brown and blue plastic, then another layer of white around the base of the pin. So if the plug is only half inserted the exposed contacts will not be conductive.
I was able to track down the problem!! When I thought of recent changes, my virtualbox installation a few days ago came to my mind.. now it behaves the following: When I deactivate the Virtualbox virtual Ethernet-Adapter Network connection, your app works. Whenever this virtual ethernet-adapter is activated, your app fails. Can you maybe help me with another workaround than always shutting down this ethernet adapter when I want to start the watercooker in my kitchen for another tea?^^
screenshot: https://onedrive.live.com/redir?resid=260196A39D235D35!115921&authkey=!ANhrORii5sg468Y&v=3&ithint=photo%2cpng
Very dirty solution, but I now have a windows batch script deactivating all other network interfaces before running s20.exe and after closing s20.exe reactivates them again. To everyone interested: https://onedrive.live.com/redir?resid=260196A39D235D35!115922&authkey=!ACtfT-YOxy2Uzgw&ithint=file%2cbat
Maybe you will update s20.exe someday, then this won’t be needed anymore 🙂
I have been using the S20 now for a few weeks. I have been using the Arlec versions as sold by Bunnings Hardware in Australia. They have two models the older version: CPCN004868 a newer version CPCN004868/3 . I have found the older version works fine on both wifi and 3/4G while the newer /3 model crashes the app while trying to use it on 3/4G. The issue seems to related to the newer model only.
I have contacted Arlec and they have told me they will pass on the information to their engineers. Not sure how that will work as theirs is just a rebranded S20.
FYI I used both Arlink app and Wiwo app.. both with the same results.
This issue appears to be resolved now with the latest update of Wiwo app. The app as updated a few days ago. I purchased a new /3 version of the switch and the app does not crash any more when on the GSM network. The same switch does cause the older version of the app to crash.
Hi Andrius,
Is it possible to arrange it for CLI Win (command line interface)
Just as:
S20 /on
S20 /off
It will helps a lot.
BR,
Evgeny
It’s probably easier to use some standalone script (where you specify IP/MAC address manually) from my “See Also” section or there are some more examples down in the comments. You can try to use input/output redirection with my program too.
This may be a stupid question but would r be possible to integrate this with Android / Tasker? Maybe have this set up on my desktop which will act as a server and I can send wifi packets to the PC?
In principle it should be possible. E.g. you can run SSH on your computer, so that you can connect remotely to it and execute commands. I’m not sure about Tasker though. I would prefer some free and open source solution.
Actually orvfms (see link at the bottom of my post) might actually be easier. It is already written for the web, so you can just run a webserver, e.g. Apache or nginx on your computer and access socket via web.
Hello! I have a new version from Orvibo support!
WiWo_V03.02.045_remote_control_crash.apk
https://drive.google.com/file/d/0B8MrhhYNaQVEVXRKR1B5cl9kNjBoVS13WlppYWlaUEg1SnZN/view?usp=sharing
Hello! I have four s20. I tried to use your program on windows 7 32 bit (Computer connected to router via cable). But GUI version do not see sockets, and console version after entering command show error “s20-win32.exe has stopped working”. Can you help me – write please small manual , like “step by step”. May be problem exist because sockets was configured before with Wiwo app? Or need additional files for exe?
No, I haven’t tried in on Windows at all. In fact those .exe files are compiled on GNU/Linux too. But no additional files are required. Everything is compiled statically into that .exe file. That’s why it is so big (instead of being e.g. 150 KB).
Unfortunately, I have no idea what is wrong. Sockets should work fine if paired with Wiwo app, so something else seems to cause problems. Maybe some firewall?
Hi there,
I just bought one of them S20 smart plugs for testing purposes. It went through configuration process and all was working ok, but only using wifi. But when I try to control it using my mobile 4G network, the android app instantly gives me an error and wants to restart. So I started turning mobile data on and off again and playing with the app. and I think I found some solution/workaround to make it work using mobile network, so here it is:
1-turn wifi and mobile data off,
2-open the app
3-turn the mobile data on
Now you can turn the socket on/off using 4G network. But If you close the app, you will have to do this trick again to make it work, otherwise the app will give you an error and will want to restart.
I hope this will help someone.
I managed to find out exactly the same way to make it work. But it doesn’t in some cases.
Hi andrius
I have just bought 5 socket S20 and installed them in a house I need to remote at distance.
It worked well once and now the App shows error. No way to connect devices at distance.
Could you give me an advice or another App which could be more secure than this one. I am not skilled enough to understand you on the technical aspect however I feel desperate because that stuff worked well at the beginning and than went wrong. Nobody from support is answering. So in case you have an idea or an advice I appreciate your skilled point of view.
Take care
It seems like their server is down, so remote control via Orvibo app is not possible now.
The only thing I can suggest is first connecting to some of your devices inside your network and then controlling it from inside the network. E.g. you can remotely connect to your Windows computer and run my program on it. Or you can connect to your GNU/Linux computer via SSH and run my program. PHP code by Fernando Silva would also work. Unfortunately all of this requires a bit of setting up, you’ll have to open the ports on your router, and run either remote desktop or SSH or web server on some computer at home. But don’t be scared of not being skilled enough. It is easier than you might expect. Even installing web server can be done easily if you follow good tutorial or youtube video.
By the way, try Lukas workaround above, maybe it will help you.
Dear Andrius
Impressive work you have done.
I dont understand much of it but enjoyed reading it anyway.
I am having problems with my S20. It controls the heating in my summerhouse.
It works now and then.
Some times i can control it several times a day. Sometimes i get “no device” several days in a row. When i get to the summerhouse wifi range, it suddenly works again.
The seller in Denmark dit not have an answer.
But at last he told me, that the Orvibo server is not very reliable. Thanks for that info 🙂
I have a live-camera at the summerhouse and a lamp connected to the socket. In that way i can monitor if the socket goes on and off.
But it does not help if there is no connection for the socket.
The camera works all the time.
Best Regards
Poul
Yeah, that’s why I try to control from inside local network. I first connect to a computer running at home and then run my program there. Something like raspberry pi computer might work for you too. Or it might even be possible to do from WiFi router itself (but that requires installing OpenWRT on the router, not all routers are supported)
A good day to you sir, I’ve bought a few of these a few months ago before finding out about this project, and I must say the reliability of this program over the official (and now possibly abandoned) app is remarkable.
The hardware is brilliant, but the app is garbage.
Do you have any plans of continuing this project and releasing a fully featured GUI version sometime in the future?
And as has been mentioned before, it’s no longer possible to control these though the internet. There seems to be some issue with the proxy server which causes the app to either constantly say OFFLINE or enter a crash-reboot cycle. And the only ways to get out of that cycle is to wither force close the app, or connect to the WiFI network with the S20s.
Perhaps something could be done in the future to entirely remove its dependence on the proxy servers?
In principle I would like to continue with the project. The only concern is whether I’ll have enough free time.
Well, my app is more reliable cause it actually checks whether commands are executed but it also adds a bit to the source code and makes it more complicated.
I’m not sure about proxy servers. Perhaps something can be done, perhaps can’t. Nobody have investigated enough. But there are some variables in the socket protocol that contain IP address of that proxy server, so maybe it can be replaced… Again, I don’t know.
Hello,
I bought one S20s to learn rust language (starting with alpha1 !) and control my router which hangs from time to time.
I made a nice wireshark dissector plugin to debug my program. I just want to share it with you.
You can find it here : https://github.com/starox/wireshark.orvibo
Best regards
Hello,
I recently bought an S20 power socket from Ali Express, installed it last week and everything worked like a charm. I use it to power up an IP camera when I’m not home (so the camera is not consuming power when I don’t need it). So if I want to check the camera-feed, I go to the WiWO app, make the power socket go on and go to the Ip-camera for the camera feed. Worked like it should, and I was happy.
Now since yesterday the external connection does no longer work. In range of my router at home no problems at all, the moment I switch to mobile data it no longer works. I tried resetting the power socket, re-connecting it etc. Sometimes short after resetting, It works again but next morning I’m out of the house, want to check the camera, no sigar.. The socket does not want to connect -_- So you can imagine, very frustrating.
Since you did quite some research on this, do you have any idea what is causing this? I don’t think it is the external cloud server since resetting the unit sometimes results it making it work again (for a short period of time).
i also tried your GUI tool yesterday connected to my own network, and that worked too. But I need something like that on my Iphone since that’s the thing I’m using when I’m not at home.
Any advice for me? Otherwise I’ll be claiming my money back from AliExpress since at this time, the unit is rather useless for my use..
Thanks in advance
I didn’t do much research outside router LAN… But people confirmed that opening UDP port 10000 in the router and forwarding it to the socket helped.
Well, I tried that without succes. I looked at the connected devices on my router and something showed up as “HF-LPB100”, being the chip inside the S20. So at that point I could read the MAC and IP adress of the device. I added a line to my router port forwarding settings with that IP opening up an UDP port from 10000 “to” 10000. No succes, i still could not connect to the socket when trying from outside of my home network.
And even IF that would work, you cannot set a static IP for the socket i think? So the first time the router is handing out fresh IP’s to the connected devices this method won’t work anymore..
Router shouldn’t be handling new IP’s every time unless you turn off your router for a long time. Even in that case you can increase DHCP lease time.
But I agree that their proxy server doesn’t work too well. That’s why I remotely connect to a computer running at home and then run my program there…
Wow what a great thread. You seem like a knowledgeable group. Given how hard it is to get any support from Orvibo i would really appreciate your thoughts on the following power cut issue?
My Orivbo WIWO s-20 plugs are all configured fine in my home (I can set timers, switch them on and off etc). But if I get a power outage they always then reset to the Off position and then ignore any subsequent timer events? Can you help as I want to use them as for security lighting ? cheers!
I’m not sure what exactly happens when there is power outage. I thought they reset to off state but they should still respond to timer events… I need to test first.
P.S. I noticed you had problems with registration, sorry for that. Not specifying full name might cause problems with anti-spam system.
OK Andrius thanks for the prompt reply, much appreciated!
Just knowing that “off” is the post powercut state is helpful. I had assumed it would be intelligent enough to recall its pre-powercut state. I guess it makes sense from a safety point of view.
I only did rudimentary timer testing and my results were intermittent, I wonder if perhaps I should have been allowing larger gaps between on / off events. I did dig out somewhere that the daylight saving tickbox on the timer screen is unreliable so I wasn’t using it (although I would not expect to be using in January).
One reason I bought the plugs was because they claim to provide a real-time on/off state feed back to the controlling App on my iPhone. However this didn’t seem to pan out in a power cut power resume to default off state situation?
The other area I was interested in which I think would simply be a App enhancement is being able to add a “random tolerance time range” for on/off events so my lights don’t come on at exactly the sametime everyday when I am away. Maybe this would have to be acheived via a PC or MAC application rather than a mobile application.
They really do seem like great plugs so hope I can succeed.
cheers.
Real on/off state feed back is indeed available. Whenever socket changes state it sends a message. My program does this. E.g. I send the command to turn the socket on but only display that socket is on after I receive confirmation. If it fails for some reason, I retry turning it on a few more times.
However, wiwo app is also supposed to work over internet (my program only works over LAN at the moment) and when their app fails to connect to the socket it still shows some state even though it doesn’t know the current state.
Yeah, I’m also a bit confused by those daylight time. If I remember correctly socket itself doesn’t really know about daylight saving time, it just used different timezone. I’m in UK, so now I set socket to timezone 0. I think in summer I had to use timezone 1 in my program.
Ok, I will try some more tests. For me the ability to then follow the next timer command after a powercut is pretty crucial to keeping the plugs. As you say, this should work in theory so it might be I need to reset and reconfigure. I have tried controlling via the internet yet, I did read that you have to register with Orvibo for this to work so I don’t know whether that’s because internet control requires some kind of special commands from their own servers..
So, here’s a downer. Having not touched my 3 x S20’s for a few days, only one of them is reachable via my iphone app. I had to turn the power on and off at the S-20 for it to then reconnect.
That’s a major shame because i am looking for a smart plug with Sonos like robustness when it comes to powercuts or router resets. There seem to be quite a few smart plugs put there but I wonder if any can provide proper robust connectivity? Any thoughts?
So strange… I still don’t see such problems here. I wonder if anybody else can test and see how their sockets respond to power cuts.
Hi!
Tell me please, how to switch on or switch off s-20 remotely over internet when internet provider provide dynamic IP to me?
Or maybe s-20 has internal feature like dyndns?
It’s very interesting for me because when i use android app “WIWO S-20” from google playmarket – it’s fine work in lan and first time over internet, but when external IP of my router is changed – it’s stop work correctly over internet but continuing work perfectly over lan. And when i somewhere away from my office or home – i can’t switch on or switch off home sockets over 3G internet.
Maybe you can add in your software additional feature – remote control over internet?
Maybe add connection over external IP or domain name with manual port input(something like 93.125.96.0:10000).
It’s very easy to make port forwarding(UDP 10000) on router.
It will be great to have this functional.
Sorry for my bad english, i’m from Belarus. If you can – please reply to me via e-mail. Thanx alot!
Thanks for this – the php code is running very well. I want to try to use IFTTT to control the switch with several triggers. For this to work I need to be able to have a website, run on my server at home, that when accessed will switch the light on or off. e.g.: http://xxx.xxx.xxx/switchon.html http://xxx.xxx.xxx/switchoff.html . Before I start investigating, does this sound like a possible end point – or should I give up 🙂
Yes, it is possible. In See also section code by Fernano Silva might be useful for you.
hi guys ,
I got my s20 and I see this project and it awesome, have any chance that the s20.exe run when I power on my pc and automatic turn the s20 on?
and when I do shut sown to the my pc the s20 power off to ?
I want to do it for my speaker that all time the pc is on-> the speaker on too.
thank you again !
Hi Andrius,
Today we get a orvibo S20 in the office and one of the first thought with it is to automatize it to turn off and on if something happens.
Looking to a possible API to get it working we finally find your project and it’s a great job.
We make a little C# class to connect to a orvibo, get the status and turn it on/off easily. I think it only works over a local LAN.
I try to post it here: http://pastebin.com/s2gUDcdQ
Hope it helps someone. 🙂
Thanks for sharing the code. Sorry, I’ve slightly edited your comment: pasted the code on pastebin. Otherwise it takes too much space. Also, pastebin has syntax highlighting.
Python module
https://github.com/happyleavesaoc/python-orvibo
Hi guys,
Can someone tell me where the Orvibo devices get there time from and how to update the time.
I have 4 Devices all set at +8 being Perth Australia and have noticed the following by running the s20-win32.exe
Time Zone: 08
Time: 07:30:00
However the correct time is 15:30:00
The time is correct on Computer and Router
Time is taken from some NTP server.
Most likely time reported by my program is incorrect. I think I didn’t add timezone shift to the time. Well, I am based in GMT, so that’s easy to miss…
I’ll try to fix this later but I think you can assume that the socket knows the right time. Thanks for reporting this issue.
Hello Andrius,
Just a short note to let you know that I have now a full functional web interface with support of all S20 functions (switch on and off, countdown timers, add, update and delete timers). It is available, as before, in https://github.com/fernadosilva/orvfms. But, maybe more interesting, in the process, I found a couple of tricks regarding the update of timers, how they work and how they can be programmed that are slightly different from what I expected and that may be useful to anyone else needing information about the S20s. More detailed information in the TECHNICAL_DATA.txt file of the git repo:
https://github.com/fernadosilva/orvfms/blob/master/TECHNICAL_DATA.txt.
Rgds and once more thank you for your great work.
— fernando
Thanks for info. Workarounds look familiar (except for padding and deleting weekly timers) but they are indeed very nicely documented in one place!
I actually had to use one more workaround: add some padding when writing to table 4 (e.g. see my code)
I.e. at the end of the message I add
00 (in hex, repeated twelve times) + 30 (repeated 30 times, note that hex 30 corresponds to 0 in ASCII);
I wonder why it worked for you without it.
I still have to finish implementing those weekly timers. But on the other hand, I already have some pairing support :).
Well, I really don’t know. In fact I tried first to send table 4 exactly as received, updating only timer fields with new data and replacing the message code with 74 6D. Since this did not work, I start looking at the WiWo packets for the same action. The only difference I found was on bytes 19, 27 and 28, that seemed deleted from the sent packet… So I did.
Anyway, some information is still lacking. I am always wondering what side effect may have some bytes in sent packets that we do not know yet the exact meaning…
By the way, one of the “Unknown” bytes in http://pastebin.com/LfUhsbcS is actually time on the socket. If you look at the discover message on the pastebin they have:
28 CA 6C – Time since manufacture? ((28:40) + (ca:202) * 255 + (6c:108) * 255 * 255 = 7074210seconds = 81.87743055555556days)
D7 – ??? Unknown ???
This is actually wrong. It has to be looked as a 4 byte value of seconds since 1900-01-01.
I don’t know if you are aware of that… But yeah, it would be interesting to know what other Unknown bytes are.
Great. I noticed the lack of time info and in fact I was looking for it. I also noticed the comment you mention. Time since the manufacture did not make any sense. But I had not realised it had an alternative interpretation. That it is great to check synchronization. I assumed they are using some NTP service, but it is easier to synchronise using a local device.
Tkx & rgds,
They are using some NTP service. Socket can obtain current time automatically during it’s pairing. However, it cannot obtain a timezone and immediately after pairing it is in timezone 7 (China).
I do not know if there is a way to manually send the time to the socket (so far only reading it is known).
Hi Andrius and all others,
thank you for the effort. Thank to this page I also bought S20 for my Home Automation DYI project. I am PERLish so I was interested for PERL solution.
The script posted by user “longin” I found here: https://github.com/franc-carter/bauhn-wifi/blob/master/bauhn.pl
It worked with my S20 only “sometimes”, so after some testing I discovered:
1. Most routers do not remeber DHCP leases after reboot. So static IP/MAC assignment in DHCP service should be second step after connecting to the WiFi network
2. The script worked with broadcast destination which for some reason caused less success with the reply, also it couldn’t work on routed network. I did not like it because I have two LANs, so I added the the IP parameter.
3. What is really interesting, if you successfully ping (ICMP ECHO) the S20 just before you try to communicate with UDP you have (99%?) chance you will be successful with further communication (status or commands).
4. Double-try of subscribe sequence (after successful ping) is also a good idea 🙂
5. If you do not communicate with S20 for longer time (for example an hour and your ARP cache does not contain its MAC), and then you try to ping it, it can take over 1 minute (!) it replies to the ARP request. I do not know why. So the soluton for this situation is:
a) static ARP record for S20 on the the computer with the script
b) if communicating from other LAN behind the router and the router does not allow to add static ARP records, periodic ping (1 ping / 1 minute) to the S20 should keep the dynamic ARP record on the router “alive”
I also added debugging outputs too (can be turned off). It pings the S20 first (with 2min limit), after success sends subscribe sequence, and after that the on/off command, if any. The usage is similar to the original script (added IP address) and output (with debug off) is the same including exitcodes. The source code of my tuned Perl script is here: http://pastebin.com/7wwe64m9 (tested on Windows and Linux). I hope my contribution helps someone 🙂
Brano
I wanted to add, that Net::Ping requires in Linux root privileges. If you want run s20.pl as regular user, either use sudo or set owner as root and set suid flag using following commands:
chown root s20.pl
chmod u+s s20.pl
Hello Brano,
Thank you for your detailed report. However, I never noticed arp timeouts or delay from the S20s in my network. Are you sure that it is an S20 problem?
Rgds,
— fernando
I also never noticed arp timeouts. I try to send udp packets until I get a reply from the socket (but no more than 5 times). This virtually guarantees that packet is sent.
The only time I noticed that I need more than 2 udp packets is when LAN network load is very high.
Hi Andrius and Brano,
I went with Brano’s solution, as I wanted to switch my S20s on-and-off from within my BASH script (in OpenSUSE) and Brano’s code worked as-is.
Thank you both for investigating this and for publishing your solutions. 🙂
i need to know the Orvibo S20 socket (EIRP) ( RF output power ) and (Frequency band)
please.
I don’t know about it’s RF output power. Orvibo S20 has HF-LPB100 Wifi chip, you can check it’s docs. Frequencies are standard WiFi frequencies: 2.41-2.48 GHz depending on the WiFi channel of your router.
Yes, I already confirmed that the time are the precise seconds from 1900. It is an awkward option, since I would expect them to use a more standard reference (the usual Unix time stamp). Congratulations for finding the reference time! I would possibly fail that one, since most converters support 32 bits and only allow to go back to -2^31s = Fri, 13 Dec 1901 20:45:54 GMT.
There should be some way of setting the TZ (this one, for sure) and possibly the local time. In fact, I left one of the sockets in the default TZ and it still reports the correct local time. On the other hand, I am located in GMT and therefore I am not sure if the time they report is the local or UTC. But I do know that the socket has someway of setting the TZ and that my own is wrong right now (on purpose). Before I spend some more time with Wireshark, did you find how to set the TZ?
Setting timezone is easy. You use the same Table 4 as countdowns. Timezone bytes are just before countdown:
timeZoneSet + timezone + countdownStatus + countdown
Set timeZoneSet to 00 and timezone to timezone in hex. I think negative numbers would go to ff, fe, etc…
It is already implemented in my program (except it does not display integers, it still displays timezone in hex…)
P.S. I’m also in GMT timezone, so I have the same problem as you…
Amazing work, thanks Andrius and Fernando 🙂
hi!
trying to have it works with a GWF-S171 smartplug on port udp 9957 but it won’t .
smartplugs seems the same.
This seems to be different socket. You can try to adapt my program, but probably it is easier to adapt some simple scripts first. See https://stackoverflow.com/questions/31827645/how-to-control-wifi-plug-gwf-s171using-raspberry-pi
thanks i already seen this! i’ll try !
regards
finally it’s more easy with GWF-S171 i found how to do => https://openclassrooms.com/forum/sujet/socket-udp-hexadecimal-77090
using the sequences from here https://stackoverflow.com/questions/31827645/how-to-control-wifi-plug-gwf-s171using-raspberry-pi
and it works like a charm
By the way, you might want to check if your socket does not trivially leak password. See these WiFi kettles that do this. If you set up a fake WiFi hotspot with the same SSID (and ideally the same MAC) but without WPA encryption you don’t want your socket to connect to it when this fake hotspot has better signal.
thanks i’ll try it
I tried to follow your link but it was in french… Could you provide more info on how you made your S171 work? It would be much, much appreciated!
Hi, does anyone know how to control an orvibo socket from multiple phones? I want my wife to be able to turn some of them on and off as needed if I am not around (not manually as some are hard to reach).
Thanks in advance
Paul
I would expect them to work with multiple phones just fine. In the worst case you might need to wait a few minutes before switching phones
Hey, I have problem pairing my phone, I can connect in ap mode and I can see it on my router but cannot pair it on smartphone, I tried using your application also but it crashes when I try to pair.
Can you try to be a bit more explicit about what happens. If you see it on your router it means the socket was successfully able to connect to the router, so it is already paired. Then socket’s LED should be either blue or red and shouldn’t blink. Is this the case?
P.S. Sorry, your message got caught up in spam filter. I only accidentally noticed it now.
Based on all information collected herein, I just published on https://github.com/fernadosilva/orvfms a set of php scripts that are able to detect, monitor and operate all S20 devices attached to the local network. The web interface automatically generates N buttons, one for each S20 device, each one coloured green or red according to the device state.
Once more, thank you Andrius for all great work and info.
Thanks. I added this to see also section at the end, so that it would be easier to find and would not be lost in the comments.
Thx for the great article.
Based on this, i created a php script to simply control a s20 via web.
So far scheduler is not implemented, but that might follow soon.
Code to be copied to webserver can be found here: http://pastebin.com/Jizwptqc
This works very well.
I have three S20 how do I have a script that will lookup all devices.
Thank you Steve
Hello Steve,
Please check my recent post. I just published on https://github.com/fernadosilva/orvfms a set of php scripts that are able to detect, monitor and operate all S20 devices attached to the local network. The web interface automatically generates N buttons, one for each S20 device, each one labeled with the name assigned to the corresponding S20.
Hello Andrius,
Thank you a lot for all the great information. I have three S20 since about one year ago. Unhappily, in the last few months the WiWo app only works over the local network. I believe that Orvibo had some sort of proxy at China (?) for solving NAT issues when you are in a remote network. I believe that this proxy ceased to work either due to security concerns or some other reason. This was a major drawback for me, since I was not able to remote control the plugs.
Thanks to your site and all great info I was able to develop first a command line tool in python to check the status and operate my S20s, and after that a small php script that calls the python command line. I installed the php script on an HTTP server running on my raspberry pi at home. It works great and flawlessly, both in remote and local. I must say that in fact works much better than the WiWo, since it is fast, it provides always the correct plug status (mysteriously, the WiWo often fails on this) and there are no time-out issues that often happened in remote networks, I suspect due to a quite slow proxy triangulation.
For sake of simplicity, I did not implement the timer control. I will use the WiWo app to program the timers, since I do not foresee any reason to change the timers remotely. I will use the WiWo interface, which works great in this regard.
Once more, thanks for all the detailed technical info and pointers.
Rgds,
— fernando
I just tried the Wiwo Android program with my Wi-Fi turned off and it works well over my 4G data connection.
Any chance for you to try my newest program to see if socket sorting by name works? I only have one socket, so I can’t test myself.
Your Git repository is not working anymore?
Thanks for notifying me. Everything should be working now.
Hi, it’s down with error “502 Bad gateway” at the moment.
Thanks.
Argh, probably gitea process crashed again… Thanks for notifying. Fixed.
Hi there
I have some issue to control S20 from wiwo out of my LAN, that’s why im here:)
Both sockets are pair with AP and can be controlled via wiwo in lan environment
I tried run python script from your comments:
import socket
import time
mac = ‘accf2356739c’
rmac = ‘001EC948A1E8’
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
s.connect((‘192.168.10.20’, 10000)) # (IP, Port) is a single variable passed to connect function
s.send(bytes.fromhex(‘6864001e636C’ + mac + ‘202020202020’ + rmac + ‘202020202020’)) # to subscribe
time.sleep(1)
s.send(bytes.fromhex(‘686400176463’ + mac + ‘2020202020200000000001’)) # to switch ‘on’
time.sleep(5) # sleep for 5 seconds
s.send(bytes.fromhex(‘686400176463’ + mac + ‘2020202020200000000000’)) # to switch ‘off’
but it doesnt work i dont have any errors is well. Just to clarify
mac = ‘accf2356739c’ s20 mac
rmac = ‘001EC948A1E8’ pc from I push test.py
s.connect((‘192.168.10.20’, 10000) ip address of s20
On other website I found perl script with option only to change mac address, but still doesn’t work
#!/usr/bin/perl -w
#
# Based on
# http://forums.ninjablocks.com/index.php?
# p=/discussion/2931/aldi-remote-controlled-power-points-5-july-2014/p1
# and
# http://pastebin.ca/2818088
use strict;
use IO::Socket;
use IO::Select;
use Data::Dumper;
my $port = 10000;
my $fbk_preamble = pack(‘C*’, (0x68,0x64,0x00,0x1e,0x63,0x6c));
my $ctl_preamble = pack(‘C*’, (0x68,0x64,0x00,0x17,0x64,0x63));
my $ctl_on = pack(‘C*’, (0x00,0x00,0x00,0x00,0x01));
my $ctl_off = pack(‘C*’, (0x00,0x00,0x00,0x00,0x00));
my $twenties = pack(‘C*’, (0x20,0x20,0x20,0x20,0x20,0x20));
my $onoff = pack(‘C*’, (0x68,0x64,0x00,0x17,0x73,0x66));
my $subscribed = pack(‘C*’, (0x68,0x64,0x00,0x18,0x63,0x6c));
sub findBauhn($)
{
my ($mac) = @_;
my $bauhn;
my $reversed_mac = scalar(reverse($mac));
my $subscribe = $fbk_preamble.$mac.$twenties.$reversed_mac.$twenties;
my $socket = IO::Socket::INET->new(Proto=>’udp’, LocalPort=>$port, Broadcast=>1) ||
die “Could not create listen socket: $!\n”;
$socket->autoflush();
my $select = IO::Select->new($socket) ||
die “Could not create Select: $!\n”;
my $to_addr = sockaddr_in($port, INADDR_BROADCAST);
$socket->send($subscribe, 0, $to_addr) ||
die “Send error: $!\n”;
my $n = 0;
while($n can_read(0.5);
foreach my $fh (@ready) {
my $packet;
my $from = $socket->recv($packet,1024) || die “recv: $!”;
if ((substr($packet,0,6) eq $subscribed) && (substr($packet,6,6) eq $mac)) {
my ($port, $iaddr) = sockaddr_in($from);
$bauhn->{mac} = $mac;
$bauhn->{saddr} = $from;
$bauhn->{socket} = $socket;
$bauhn->{on} = (substr($packet,-1,1) eq chr(1));
return $bauhn;
}
}
$n++;
}
close($socket);
return undef;
}
sub controlBauhn($$)
{
my ($bauhn,$action) = @_;
my $mac = $bauhn->{mac};
if ($action eq “on”) {
$action = $ctl_preamble.$mac.$twenties.$ctl_on;
}
if ($action eq “off”) {
$action = $ctl_preamble.$mac.$twenties.$ctl_off;
}
my $select = IO::Select->new($bauhn->{socket}) ||
die “Could not create Select: $!\n”;
my $n = 0;
while($n {socket}->send($action, 0, $bauhn->{saddr}) ||
die “Send error: $!\n”;
my @ready = $select->can_read(0.5);
foreach my $fh (@ready) {
my $packet;
my $from = $bauhn->{socket}->recv($packet,1024) ||
die “recv: $!”;
my @data = unpack(“C*”, $packet);
my @packet_mac = @data[6..11];
if (($onoff eq substr($packet,0,6)) && ($mac eq substr($packet,6,6))) {
return 1;
}
}
$n++;
}
return 0;
}
($#ARGV == 1) || die “Usage: $0 AC:CF:23:56:73:9C \n”;
my @mac = split(‘:’, $ARGV[0]);
($#mac == 5) || die “Usage: $0 AC:CF:23:56:73:9C \n”;
@mac = map { hex(“0x”.$_) } split(‘:’, $ARGV[0]);
my $mac = pack(‘C*’, @mac);
my $bauhn = findBauhn($mac);
defined($bauhn) || die “Could not find Bauhn with mac of $ARGV[0]\n”;
if ($ARGV[1] eq “status”) {
print $bauhn->{on} ? “on\n” : “off\n”;
exit(0);
}
($ARGV[1] ne “on” && $ARGV[1] ne “off”) && die “Usage: $0 AC:CF:23:56:73:9C \n”;
for(my $n=0; $n<3; $n++) {
controlBauhn($bauhn, $ARGV[1]) && exit(0);
}
die "Could not change Bauhn to $ARGV[1]\n";
Can you please give me idea what need to be change or can you point me to
other working alternatives. Many many thanks.
mac = ‘accf2356739c’ s20 mac
rmac = ‘001EC948A1E8’ pc from I push test.py
rmac is definitely wrong in the first script. It is not reverse of the mac. reverse should be 9c735623cfac
excellent is working now:) Can you tell me how did you calculate rmac for this mac, please.
My other socket has mac ac:cf:23:4b:0f:f6. Many thanks
Well, you just write it in reverse order, first byte ac goes to the end, then the second byte is before it, etc…
ac:cf:23:4b:0f:f6 -> f6:0f:4b:23:cf:ac
This is a really important project. It provides an affordable route into home automation. Would love to have this as an OpenWrt package someday.
OpenWrt would be nice but unfortunately Qt is a bit too heavy for that. Some automated scripts with xxd and netcat (see some examples in other comments) might be better for OpenWrt.
Dear Andrius,
thanks for your information about socket s20. I have new one. I have tested Android configuration, everything works. But Im in the same situation like a reader named “Heinrich said on 2015-09-06 at 06:36:”.
My new socket must work in my remote private network including Wifi (access remotely using VPN).
Please, be patient, how can I to do exactly to do it. Please. I dont understand your blog – Im not programmer.
Ask me again if I didn’t fully answer, I’m not completely sure what is your networking setup… By the way, are you using Windows? I’ll assume for now that you do. If not please tell, I can adjust my instructions a bit.
At the moment my program does not work with remote networks in a way Android app does (it’s not even reverse engineered or documented yet). So my app works only on the same network as the socket. If you can connect to that private network with VPN, I guess it will work automatically, just download my compiled executable (at the bottom of this blog post). Launch my app. If it’s on the same network as the socket, it should find a socket and my program will show some info about the socket. Try typing on or off then to change the state of the socket.
P.S. I’m also not a professional programmer. I do theoretical physics as you can see from my website if you browse a little…
Hi there,
first of all thx a lot for your description. It helped me a lot.
This is my code in linux. Could you help me how I can get the powerstatus of the Orvibo?
echo '6864001e636cXXXXXXXXXXXX202020202020F8A36523CFAC202020202020' | xxd -r -p | nc -n -4u -w1 192.168.1.155 10000echo '686400176463XXXXXXXXXXXX20202020202000000000'"$STATUS" | xxd -r -p | nc -n -4u -w1 192.168.1.155 10000
echo "request" | nc -u 192.168.1.155 10000 -q10 >> response.txt
thx in advice
greets Karsten
You need to run another nc in the listening mode. That’s why it gets a bit tricky and I decided to use C++ for my program. To listen on port 10000 you can use
nc6 -l -u -p 10000then use xxd to convert it back to hex and check whether the last byte of response is
0x00or0x01.You can get current power status of the Orvibo from the replies to both subscribe packet and power on/power off status. But unfortunately, doing it with nc might be nontrivial since you need to run two nc instances at the same time one that listens and one that sends messages.
One thing to note is that Orvibo often sends a few replies to your power on/off request (and the first one often happens before power was toggled), so you need to parse the last one.
Thanks for your reply.
I got it working another way in the meanwhile…
echo '6864001e636c'"${mac[$i]}"'202020202020'"${macrev[$i]}"'202020202020' | xxd -r -p | nc -u -w2 -p10000 ${iptemp} 10000 | xxd -p | cut -c47-49 >> response.txt
The important parameter here is “-p10000”. After I added this parameter I got answer from Orvibo and my response.txt isn’t empty anymore.
I will now build a menu and post the code here when I’m finished if anyone is interested
greets Karsten
Oh, so netcat can both listen and send commands at the same time. Well, I almost don’t know any netcat myself…
Thanks to all,
I also bought this device and tried Engerinee revese to build app for linux, but i have a little knowledge about programming, and I found you and I’m really grateful.
I tried the code you mention up and really get the device status but I can not turn on or turn off the device, I tried this codec:
echo ‘686400176463MY_ORVIBO_MAC20202020202000000000’ | xxd -r -p | nc -u -w2 -p10000 MY_ORVIVO_IP_ADDRESS 10000
But I do not know why it does not work.
I appreciate your help.
Thanks
You need to send subscribe command first. See the first Karsten post above. His first command is subscribe and the second is on/off (depending on whether $STATUS is 00 or 01)
Thanks for all the efforts, I’ve tried the software an apart from a couple of crashes it seems to work OK.
I’m running some SW called Node Red on my raspberry Pi and it would be brilliant to be able to control these sockets using a Node Red node ..I will read through your post a few more times to see if I can get a better understanding.
If you manage to get it working on Node Red let us know here. It might be useful for others too.
Still struggling, I think I’ve figured out what to send I just can’t get the message format correct.
This is great work. Thanks for doing it.
I’m trying to replicate your work in Python which I’m learning for fun. I’m having trouble getting the sockets to respond to any of my packets. I can send and receive using “ncat” in Linux but I’m not getting anything from the S20. Maybe I’m encoding them incorrectly in the UDP command.
My UDP discovery message looks like this, formatted in byte format to work with pythons sock.sendto type requirements.
686400067161
Any suggestions welcome.
Did you use fromhex function? I think you are sending it as ascii instead.
There are some python examples in older comments and also here.
Thanks. Learned a lot. Still not working for me but iIthink my problem is something on my network stopping the udp packets getting from lan to wlan.
It’s working now. My code looks awful but it’s functional. Thanks!
Hi there, which portforwading does it use
Designation : Server
Protocol UDP –< right ??
from Port ?? to Port ??
an Computer <– Hardware (Socket S20) <— 192.168.xxx.xx
to Port ??
You any Idea, please let me know
From UDP port 10000 to port 10000 on socket IP.
Unfortunately I am not a programmer, just a user. All i want to do is switch my S20 device on and off with my windows pc. Can anybody tell me the parameters I have to write after the s20.exe ?
Well, program’s menu should be more or less self documented. Just start s20.exe and type on or off there.
Is there any way to pass s20.exe parameters directly? Basically all I am trying to do is use Windows taskscheduler to run s20.exe at two separate times, once to power it on, and one to power it off.
I created the below VBscript:
set WshShell = WScript.CreateObject(“WScript.Shell”)
WshShell.Run “C:\automation\s20.exe”
WScript.Sleep 100
WshShell.AppActivate “s20.exe”
WScript.Sleep 2000
WshShell.SendKeys “p”
WScript.Sleep 100
WshShell.SendKeys “~”
WScript.Sleep 100
WshShell.SendKeys “q”
WScript.Sleep 100
WshShell.SendKeys “~”
wscript.quit
It works perfectly if I run it manually. However, the sendkeys command cannot be automated. So when run from taskscheduler it just opens the program and sits there.
Is there no way to run something like “c:\s20.exe -p” to change the power state?
I just bought an S20 having seen your excellent work and the opportunity to remote control.
I’m just setting up a new computer at the moment, so I don’t yet have a working toolset for editing and compiling, so I just tested it out using a Windows PC but found that I couldn’t pair with an SSID containing a space character. It looks like the
std::cin >> ssid;breaks on any whitespace. Maybe the inputs for ssid and password should be changed to usestd::getline(cin, ssid);instead?I’m aware of this issue. Unfortunately, I had some problems with std::getline, as for some reason it broke the input when I tried it. I don’t know exact cause but I already tried it.
The other method of pairing should work (when red led is rapidly blinking) as it doesn’t require entering SSID manually.
Hi Guys,
I am interested in this device.
I have noticed that it “officially”, only runs on a smart phone.
My intention is to connect it to a wireless network in my home (no smartphone).
I want to control the device using a windows application or an internet browser.
Before I begin and start spending time attempting this – is this possible?
Thanks
Abu
Yes, it is possible. Read the blog post for more details.
Thank you very much for the work, runs perfectly.
Comment navigation