mvt-project
SmartLife Iot packages
Hello folks, i was studying something apart of this in wireshark, when i realize my phone was sending packets of: smartlife.cam.ipcamera.cloud, this is the full value captured.
Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 192.168.0.2, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 52130, Dst Port: 9999
TP-Link Smart Home Protocol
Cmd: {"system":{"get_sysinfo":{}},"cnCloud":{"get_info":{}},"smartlife.iot.common.cloud":{"get_info":{}},"smartlife.cam.ipcamera.cloud":{"get_info":{}}}
JavaScript Object Notation
Object
Member: system
Member: cnCloud
Member: smartlife.iot.common.cloud
Object
Key: smartlife.iot.common.cloud
[Path: /smartlife.iot.common.cloud]
Member: smartlife.cam.ipcamera.cloud
Object
Member: get_info
Key: smartlife.cam.ipcamera.cloud
[Path: /smartlife.cam.ipcamera.cloud]
Since I dont have an IP camera on my house and that ip shows my phone correctly i found that maybe this can be an indicator. Im not sure, still investigating, any future issues I will post here.
Its a wifi protocol, that is targeting my phone, but funny that comes from the wifi router, from CLARO it is like its used to target smart devices, and Iot, but it keeps on targeting my phone camera.
@renozion to me this seems most likely normal. Depending on where you live vendors may be required to enable for polling of 'smart' protocols. It is not unusual for consumer routers to relay or send-out discovery messages.
In case of SmartLife this is must likely related to AVAST, should you have that on your network and/or mobile devices. Look there. The Smartlife protocol is used for fingerprinting and discovery and such.
https://www.avast.com/smartlife
see also https://developer.tuya.com/en/docs/iot/introduction-of-tuya
@renozion to me this seems most likely normal. Depending on where you live vendors may be required to enable for polling of 'smart' protocols. It is not unusual for consumer routers to relay or send-out discovery messages.
In case of SmartLife this is must likely related to AVAST, should you have that on your network and/or mobile devices. Look there. The Smartlife protocol is used for fingerprinting and discovery and such.
https://www.avast.com/smartlife
see also https://developer.tuya.com/en/docs/iot/introduction-of-tuya
Thanks for the reply, unfortunately there are no AVAST operating there on my devices. Im still not sure why this is there.
To understand, the source IP here is deviceX and this is sending broadcast traffic on the LAN to port 9999.
Using a search engine i noticed "The TP-Link Smart Plug Protocol uses port 9999 for communication with smart devices, including Wi-Fi light bulbs. This protocol is JSON-based and involves encrypting commands using an XOR algorithm with a key of 171"
If you want I can meet up somewhere online to help diagnose this in practice.
To understand, the source IP here is deviceX and this is sending broadcast traffic on the LAN to port 9999.
Using a search engine i noticed "The TP-Link Smart Plug Protocol uses port 9999 for communication with smart devices, including Wi-Fi light bulbs. This protocol is JSON-based and involves encrypting commands using an XOR algorithm with a key of 171"
If you want I can meet up somewhere online to help diagnose this in practice.
yes sir i would love to see why am i detecting this and why is it pointing to my phone ip.
Hi, this is beyond the scope of this indicator repository, closing this ticket
