SonoffLAN icon indicating copy to clipboard operation
SonoffLAN copied to clipboard
verified publisher icon AlexxIT

Block ewelink/sonoff servers

Open javifly opened this issue 1 year ago • 12 comments

Hi, I have several sonoff devices with the original firmoriginal which connects to the ewelink cloud to control them via cloud. This equipment also has local control.

Thanks to the integration GitHub - AlexxIT/SonoffLAN: Control Sonoff Devices with eWeLink (original) firmware over LAN and/or Cloud from Home Assistant 2 I can control them from HA directly without using your cloud.

I have tried to configure a rule in my firewall so that a sonoff equipment can not communicate with the internet but if you have local network and I can manage it from HA without any problem (with local control).

To avoid having to configure a rule in my firewall to remove the internet connection of each device I was wondering if anyone knows of a general rule that prevents my devices from sending data to ewelink servers.

I mean blocking a range of IPs from ewelink servers or blocking with my DNS some url from ewelink servers.

I have tried blocking domains like itead.cn but I have not managed to stop my devices from communicating with the ewelink cloud. Does anyone know the IP or URL of these servers?

I have tested that by blocking these sites:

coolkit.cc coolkit.cn ewelink.cc ewelink.cn

the ewelink application no longer works from my local network. But if I go on 4G the sonoff relays are still controllable, so they still send data to the ewelink servers. I can’t figure out what to block so that the relays don’t contact the ewelink servers.

javifly avatar Sep 26 '24 00:09 javifly

nobody knows how to do it?

javifly avatar Oct 03 '24 10:10 javifly

New developments.

I have tried to put in my network some DNS that do not exist 10.12.12.12.12 and 10.13.13.13 and all the devices in my network have stopped surfing web pages.

But the sonoff relays still connect to the ewelink cloud and are perfectly controllable from their cloud.

So I understand that they do not connect to the cloud by url but by IP.

javifly avatar Oct 04 '24 01:10 javifly

Few options:

Put them in their own VLAN. Block access to WAN. Broadcast mDNS across VLANs to ensure local control works.

Alternatively, create an IP group of all Sonoff devices and block that IP group to WAN.

The Sonoff devices probably have their own hard coded DNS. You can look into DNS redirection if you want to go this route.

fishermanG avatar Oct 05 '24 03:10 fishermanG

It is possible that they have an internal DNS set if, in that case they will not use the dhcp dns. And they will be calling their urls and resolving them with another dns.

javifly avatar Oct 05 '24 16:10 javifly

I have controlled my house with several ewelink relays and I would like to block the access to the ewelink servers of these equipments so that nobody from outside my house can give them orders. That is, they would only be controllable in local network with the ewelink app in local mode or with HA.

javifly avatar Oct 25 '24 09:10 javifly

maybe someone with opnsense and a computer using the ewelink app could check these connections? does anyone have it?

javifly avatar Oct 28 '24 00:10 javifly

I think I have it, make DNS query to: eu-disp.coolkit.cc eu-dispd.coolkit.cc eu-dispa.coolkit.cc

and if those DNS queries fail it uses a list of IPs it has set by code: 3.122.175.228 52.57.6.180 3.126.179.44 18.197.22.118 18.195.70.186 52.59.160.228

I will do some tests for several days and I will confirm! :-)

javifly avatar Nov 06 '24 02:11 javifly

any update on this?

prabodhprakash avatar Dec 30 '24 02:12 prabodhprakash

yes, here is the solution

ewelink sensors and relays look for the ewelink API under these urls: eu-disp.coolkit.cc eu-dispd.coolkit.cc eu-dispa.coolkit.cc

If these URLs cannot be resolved or the ewelink servers cannot be reached with them, the device will use certain Ips defined in the code to try to locate the servers: 3.122.175.228 52.57.6.180 3.126.179.44 18.197.22.118 18.195.70.186 52.59.160.228

If it does not reach the DNS resolution and fixed ips then the devices will be totally disconnected from the cloud and can only be controlled locally.

NOTE: This example is only for Europe, if we are in another geographical location other urls and servers are used: as-disp.coolkit.cc as-dispd.coolkit.cc as-dispa.coolkit.cc cn-disp.coolkit.cn cn-dispd.coolkit.cn cn-dispa.coolkit.vn us-disp.coolkit.cc us-dispd.coolkit.cc us-dispa.coolkit.cc And the fixed ips to block you can get them with https://mxtoolbox.com/ (remember to make several requests to the same url because they have server balancing and will return many ips for each url).

javifly avatar Dec 30 '24 04:12 javifly

Hello,

I tried to block them too, but when I do so, the Wifi led status always blink on the plug (S40) and didn't find a way to disable it. Do you know if we can spoof the response and make belive the plug is online by sending the same information as the real servers?

edit: it does use self-signed certificate. I will try to capture and analyse the requesets make with overriding the A response.

nioupola avatar Mar 18 '25 04:03 nioupola

If the LED bothers you and cannot be deactivated, put black insulating tape over it and it will no longer bother you.

javifly avatar Mar 18 '25 05:03 javifly

Guess it works too but we can maybe found better :)

nioupola avatar Mar 18 '25 05:03 nioupola