IKEA TRÅDFRI: Basic Setup

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Summary

This documentation describes how to set up IKEA TRÅDFRI

Requirements

Description

Gateway opened up and plugged in

Step 1: Hardware Setup

  • Connect the TRÅDFRI to your router, using a straight network cable
  • Connect the micro usb power cable into the TRÅDFRI, and plug it in


Step 2: Home Smart App

In order to set up your TRÅDFRI, you are required to install the IKEA Home Smart App either for Android or iOS:

Follow the instructions within the app, to finish the process.


Ikea tradfri gateway plugin.png Ikea tradfri gateway codescan.png Ikea tradfri gateway finished.png


Used Hardware

Mandadory:

Optional:


Alternatives & Tests

As of today, there is no official alternative to a setup via mobile app, albeit ...

  • A simple nmap scan reveales a suspicious (unencrypted) open port 80, which requires authentication (status code 470, while no entity body is sent).
  • However listening into a live connection (Wireshark and an Android Emulator) reveals that actually a secure DTLS connection (port 5684) is used to set up the gateway.

Basic scan results:

Ikea tradfri gateway wiresharklog.png
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-14 02:35 Mitteleuropäische Sommerzeit
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
...
Initiating ARP Ping Scan at 02:35
Scanning 10.77.77.6 [1 port]
Completed ARP Ping Scan at 02:35, 0.19s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 02:35
Completed Parallel DNS resolution of 1 host. at 02:35, 11.04s elapsed
Initiating SYN Stealth Scan at 02:35
Scanning 10.77.77.6 [1000 ports]
Discovered open port 80/tcp on 10.77.77.6
Completed SYN Stealth Scan at 02:35, 0.81s elapsed (1000 total ports)
Initiating Service scan at 02:35
Scanning 1 service on 10.77.77.6
Completed Service scan at 02:36, 38.22s elapsed (1 service on 1 host)
...
Nmap scan report for 10.77.77.6
Host is up (0.00051s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
80/tcp open  http
| fingerprint-strings: 
|   DNSStatusRequestTCP, DNSVersionBindReqTCP, FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, Help, Kerberos, LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NCP, NotesRPC, RPCCheck, RTSPRequest, SIPOptions, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServer, TerminalServerCookie, X11Probe: 
|_    HTTP/1.1 470 Connection Authorization Required
|_http-title: Site doesn't have a title.
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port80-TCP:V=7.80%I=7%D=9/14%Time=5D7C35ED%P=i686-pc-windows-windows%r(
SF:GetRequest,32,"HTTP/1\.1\x20470\x20Connection\x20Authorization\x20Requi
SF:red\r\n\r\n")%r(HTTPOptions,32,"HTTP/1\.1\x20470\x20Connection\x20Autho
SF:rization\x20Required\r\n\r\n")%r(RTSPRequest,32,"HTTP/1\.1\x20470\x20Co
SF:nnection\x20Authorization\x20Required\r\n\r\n")%r(X11Probe,32,"HTTP/1\.
SF:1\x20470\x20Connection\x20Authorization\x20Required\r\n\r\n")%r(FourOhF
SF:ourRequest,32,"HTTP/1\.1\x20470\x20Connection\x20Authorization\x20Requi
SF:red\r\n\r\n")%r(GenericLines,32,"HTTP/1\.1\x20470\x20Connection\x20Auth
SF:orization\x20Required\r\n\r\n")%r(RPCCheck,32,"HTTP/1\.1\x20470\x20Conn
SF:ection\x20Authorization\x20Required\r\n\r\n")%r(DNSVersionBindReqTCP,32
SF:,"HTTP/1\.1\x20470\x20Connection\x20Authorization\x20Required\r\n\r\n")
SF:%r(DNSStatusRequestTCP,32,"HTTP/1\.1\x20470\x20Connection\x20Authorizat
SF:ion\x20Required\r\n\r\n")%r(Help,32,"HTTP/1\.1\x20470\x20Connection\x20
SF:Authorization\x20Required\r\n\r\n")%r(SSLSessionReq,32,"HTTP/1\.1\x2047
SF:0\x20Connection\x20Authorization\x20Required\r\n\r\n")%r(TerminalServer
SF:Cookie,32,"HTTP/1\.1\x20470\x20Connection\x20Authorization\x20Required\
SF:r\n\r\n")%r(TLSSessionReq,32,"HTTP/1\.1\x20470\x20Connection\x20Authori
SF:zation\x20Required\r\n\r\n")%r(Kerberos,32,"HTTP/1\.1\x20470\x20Connect
SF:ion\x20Authorization\x20Required\r\n\r\n")%r(SMBProgNeg,32,"HTTP/1\.1\x
SF:20470\x20Connection\x20Authorization\x20Required\r\n\r\n")%r(LPDString,
SF:32,"HTTP/1\.1\x20470\x20Connection\x20Authorization\x20Required\r\n\r\n
SF:")%r(LDAPSearchReq,32,"HTTP/1\.1\x20470\x20Connection\x20Authorization\
SF:x20Required\r\n\r\n")%r(LDAPBindReq,32,"HTTP/1\.1\x20470\x20Connection\
SF:x20Authorization\x20Required\r\n\r\n")%r(SIPOptions,32,"HTTP/1\.1\x2047
SF:0\x20Connection\x20Authorization\x20Required\r\n\r\n")%r(LANDesk-RC,32,
SF:"HTTP/1\.1\x20470\x20Connection\x20Authorization\x20Required\r\n\r\n")%
SF:r(TerminalServer,32,"HTTP/1\.1\x20470\x20Connection\x20Authorization\x2
SF:0Required\r\n\r\n")%r(NCP,32,"HTTP/1\.1\x20470\x20Connection\x20Authori
SF:zation\x20Required\r\n\r\n")%r(NotesRPC,32,"HTTP/1\.1\x20470\x20Connect
SF:ion\x20Authorization\x20Required\r\n\r\n");
MAC Address: 44:91:60:25:F5:CB (Murata Manufacturing)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.80%E=4%D=9/14%OT=80%CT=1%CU=39904%PV=Y%DS=1%DC=D%G=Y%M=449160%T
OS:M=5D7C362E%P=i686-pc-windows-windows)SEQ(CI=I%II=I%TS=U)ECN(R=N)T1(R=Y%D
OS:F=N%T=80%S=O%A=S+%F=AS%RD=0%Q=)T1(R=N)T2(R=N)T3(R=N)T4(R=Y%DF=N%T=80%W=0
OS:%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6
OS:(R=Y%DF=N%T=80%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=80%W=0%S=Z%A=S+%
OS:F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=FF%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G
OS:%RUD=G)IE(R=Y%DFI=N%T=80%CD=S)

Network Distance: 1 hop

TRACEROUTE
HOP RTT     ADDRESS
1   0.51 ms 10.77.77.6

NSE: Script Post-scanning.
Initiating NSE at 02:37
Completed NSE at 02:37, 0.00s elapsed
Initiating NSE at 02:37
Completed NSE at 02:37, 0.00s elapsed
Initiating NSE at 02:37
Completed NSE at 02:37, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 89.06 seconds
           Raw packets sent: 1215 (58.910KB) | Rcvd: 1089 (45.266KB)



References