The best tools to make your project dreams come true

Login or Signup
USD

1/16/2017 | By Maker.io Staff

Amazon Dash Hack - Connecting to your IFTTT Account

If you followed my previous post you will be familiar with how the Amazon Dash works and what makes it work. For those of you that don’t know about the Amazon Dash, it is a wireless button that connects to your home WiFi and Amazon Prime account. When you press the button you can program it using your phone to order a particular branded product from Amazon without the hassle of logging online. Each button is branded and you will only be able to order products from that particular brand.

Inside the Amazon Dash button is an Atmel microcontroller combined with an Atmel WiFi chip and a Cypress Bluetooth chip for connectivity. After playing around with the Dash Button and looking at the board level components it has become paramount that Amazon does NOT want you to hack this thing and they have done a pretty good job at over engineering it to prevent you from doing so.

First of all, you will notice that there is no programming interface to the MCU with the exception of some JTAG solder pads, which have not been populated with a programming header.

Secondly, the MCU has been glued into place with an unknown substance around the soldered pins. This creates difficulty in probing the MCU pins with an oscilloscope or even soldering some wires directly to the MCU for programming.

Finally, even if you manage to get the glue off the MCU and reveal the pins and you can also solder a programming interface to it, there is a security bit on the Atmel SAMG MCU which allows the entire chip to be locked down from an external JTAG or other debug access. Not only this but the way in which the circuit has been designed it also prevents users from erasing this security bit (By setting the pin to high) by connecting the security bit pin to ground.

However, being the makers and hackers that we are, there is always a solution! When playing with the Amazon Dash button I decided to analyse the local network data to see what is actually happening when you press the Amazon Dash Button itself. To do this I used a program called WireShark, which has been around for many years and is very reliable for capturing incoming packets of data.

WireShark Wireless Data Capture

WireShark Wireless Data Capture

You can see from the figure that the Amazon Dash Button sends out a UDP Broadcast packet to every device on the local network to find the default gateway IP address. Basically it wants to connect to the internet and Amazon Services.

With this in mind all you need to do is run a script on any network device to monitor incoming UDP packets. You can then break down the packet data and filter it by the MAC address and look out for the same MAC address of the Amazon Dash button.

Setting Up Your Button

Once you have your Amazon Dash button you are ready to get started. You will need to use the Amazon shopping application on your Android or IoT device to set it up. The application makes you join the Amazon Dash buttons ad-hoc network whilst it’s in AP (access point) mode for WiFi setup. Join the network, and then enter your wireless routers password for you network. Once connected STOP, do not progress any further such as assigning a product to the Dash, otherwise when you press the Amazon Dash button you will also be ordered products from Amazon, which we do not want to do. Simply quit the Amazon Shopping app.

Finding the MAC Address on Your Button

All of the methods I have come across for hacking the Amazon Dash button all use the same method for triggering an event. They do this by looking for the MAC address of the Amazon Dash button on the wireless network. Unfortunately Amazon did not display the MAC address on the Dash button itself. There are a couple of ways in which you can find the MAC address on the Dash button.

The first method is most likely the easiest and does not require any other software to be installed. Hold down the Dash button for a few seconds until the LED is blue and then let go. This put the Dash button in configuration mode and creates an AP that you can connect to from your computer. On your computer scan for wireless access points and you should see one called “Amazon Configure me”, connect to it. Once connected open up your internet browser and go to the following URL address:

http://192.168.0.1

Here you should see listed the device MAC address.

Amazon Dash MAC address

Amazon Dash MAC address

The seconds method requires some network scanning software such as WireShark or LanScan to scan the network for devices. You will need to put the Dash button in AP mode and then scan for devices which should reveal the MAC address.

Setting up IFTTTs Maker Channel

IFTTT (If This Then That) is a free web-based service that allows users to create chains if simple conditional statements called “applets”, which are triggered based on changes to other web services such as Gmail, Facebook or Instagram.

Before we get started with the Python script we need to setup our trigger using IFTTTs Maker channel, which uses simple HTTP requests. The Maker channel is fairly new to the IFTTT platform and is probably one of the best in my opinion for triggering events, it allows you to send and also receive information using HTTP.

Go to IFTTT website, login and then activate the Maker channel. Once activated you will be given a key that you will use in your HTTP requests.

Click on the link “How to Trigger Events” and copy and paste the code shown in that page. Where “YOUR_KEY_ID” is, it will be replaced with you own unique key, which will be a random number of letters and numbers.

https://maker.ifttt.com/trigger/{event}/with/key/YOUR_KEY_ID

Within the URL you should see the curly brackets {event} which is a definable event. In this instance we will use the default event name “button_pressed” to make things easy. Go to “Create A Recipe” under “My Recipes” and start with the IF function as a Maker Channel. Select “Receive a web request” and for the event name type “button_pressed”. For “THAT”, you can select almost anything you wish here; for this example, I will be using IFTTT to send me an email whenever the Dash button is pressed.

Amazon Dash Script

The following script is courtesy of aaronbell.com with some minor changes. The script runs using Python and I have tested this script on Ubuntu and it also runs on the Raspberry Pi 3 Pixel OS without any issues.

import socket
import struct
import binascii
import time
import json
import urllib2

# Use your own IFTTT key
ifttt_key = 'xxxxxxxx'
# Set these up at https://ifttt.com/maker
ifttt_url_button = 'https://maker.ifttt.com/trigger/button_pressed/with/key/' + ifttt_key

# Replace this MAC addresses and nickname with your own
macs = {
    '50F5DA088C82' : 'vanish'
}

# Trigger a IFTTT URL. Body includes JSON with timestamp values.
def trigger_url(url):
    data = '{ "value1" : "' + time.strftime("%Y-%m-%d") + '", "value2" : "' + time.strftime("%H:%M") + '" }'
    req = urllib2.Request(url, data, {'Content-Type': 'application/json'})
    f = urllib2.urlopen(req)
    response = f.read()
    f.close()
    return response

def button_pressed():
    print 'triggering button event, response: ' + trigger_url(ifttt_url_button)

rawSocket = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.htons(0x0003))

while True:
    packet = rawSocket.recvfrom(2048)
    ethernet_header = packet[0][0:14]
    ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header)
    # skip non-ARP packets
    ethertype = ethernet_detailed[2]
    if ethertype != '\x08\x06':
        continue
    # read out data
    arp_header = packet[0][14:42]
    arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header)
    source_mac = binascii.hexlify(arp_detailed[5])
    source_ip = socket.inet_ntoa(arp_detailed[6])
    dest_ip = socket.inet_ntoa(arp_detailed[8])
    if source_mac in macs:
        #print "ARP from " + macs[source_mac] + " with IP " + source_ip
        if macs[source_mac] == 'vanish':
            button_pressed()
    else:
        print "Unknown MAC " + source_mac + " from IP " + source_ip         

You will need to change some variables (shown in bold) in the code to match that of your IFTTT account and your Amazon Dash button. You can run the script with the following command:

sudo python dash.py

And you should see the following output in the terminal window. When you press the amazon button it should trigger the event “button_pressed” in IFTTT and send you an email in doing so.

Python Script Output

Python Script Output

Summary

The Amazon Dash button is definitely a smart device that can be used in a number of applications. Combined with the IFTTT channel it allows you to control a number of smart devices such as Philips Hue lights, smart IoT power sockets or even order your favourite takeaway on a Saturday night.