David Tabachnikov Opens Up a Proprietary Bluetooth Smart Light with a Little Reverse Engineering

Using the proprietary Android app, a Raspberry Pi, and Wireshark, Tabachnikov has made a locked-down "smart" light considerably smarter.

Gareth Halfacree
2 years agoHome Automation / Debugging / Internet of Things / Lights

Educator David Tabachnikov has demonstrated how an officially-unsupported Bluetooth Low Energy (BLE) device can be controlled via Python — by reverse engineering it using a Raspberry Pi.

"I'm on a quest to automate as much of my office and studio as possible," Tabachnikov explains of the reason he's been looking into reverse engineering. "I almost finished automating everything here except for that video light, which would be actually perfect to use for Zoom calls or interviews or even these YouTube videos, but unfortunately I have to change it manually every time — with the brightness, and turning it on and off — and I think this is time to actually change it."

Faced with a proprietary Bluetooth light, David Tabachnikov has taken matters into his own hands with a little reverse engineering. (📹: Hacking Modern Life)

The light in question is only controllable using the company's own smartphone application, which sends its commands over Bluetooth Low Energy. Tabachnikov's solution: reverse engineering the protocol so that any BLE-capable device can take the place of the proprietary application.

"The easiest way to reverse engineer the protocol of a device like that is to capture the communication between the mobile application the device has and the device itself," Tabachnikov explains.

"We will use the Android HCI snoop log, which is a log that Android keeps of all the communication between the Android device and Bluetooth devices, and a tool called Wireshark that will help us read that log and analyze it in order to understand how do the commands that the application sends to the light look like."

What follows is a tutorial on enabling the log within Android's Developer Options menu, trying out as many options within the proprietary applications as possible to increase the likelihood of being able to see patterns in the resulting data, transferring the log out as a "bug report," and then the packet analysis tool Wireshark for actually investigating the data.

By the end of the video, the light is controllable via Python — and the next installment will see it integrated into Home Assistant. (📷: Hacking Modern Life)

Finally, Tabachnikov works on replicating the protocol using a Python script running on a Raspberry Pi — taking advantage of the single-board computer's built-in Bluetooth support.

By the end of his video, Tabachnikov has control over the otherwise-stubborn light — and by the end of his next, which had not yet been published at the time of writing, promises to demonstrate how to integrate that control into a Home Assistant smart home setup.

The full video is now available on the Hacking Modern Life YouTube channel.

home automation
bluetooth low energy
python
debugging tools
smart home
Gareth Halfacree
Freelance journalist, technical author, hacker, tinkerer, erstwhile sysadmin. For hire: freelance@halfacree.co.uk.
Latest articles
Sponsored articles
Related articles
Latest articles
Read more
Related articles