Add missing word in README.

Broke builds on some systems.

.gitignore

@@ -1,3 +1,4 @@
 hs100
 *.o
 *.swp
+*~

Makefile

@@ -1,6 +1,11 @@
 target  ?= hs100
 objects := $(patsubst %.c,%.o,$(wildcard *.c))
-CFLAGS=-Wall -Werror -std=c99 -ggdb -Os
+
+LDFLAGS=-lm
+CFLAGS=-std=c99 -Os
+ifdef DEBUG
+CFLAGS+=-Wall -Werror -ggdb
+endif
 
 .PHONY: all
 all:	$(target)

README.md

@@ -1,18 +1,64 @@
 # hs100
 
-A small program for flipping TP-Link HS100/HS105/HS110 wi-fi smart plugs on
-and off.
+A tool for using TP-Link HS100/HS105/HS110 wi-fi smart plugs. You can turn
+them on and off, reboot them, and so on. You can even set them up without
+using TP-Link's app (see Initial Setup).
+
+Tested to work on Linux, OSX, IRIX, and Windows under WSL.
 
 Loosely based on [pyHS100](https://github.com/GadgetReactor/pyHS100) and
 [research from softScheck](https://www.softscheck.com/en/reverse-engineering-tp-link-hs110/).
 
-Tested to work on Linux, OSX, and IRIX.
-
 ## Usage
-```hs100 <ip of plug> <json command blob>```
 
-As a convenience, you can supply the words 'on' or 'off' in place of a json
-command blob.
+`hs100 <ip> <command>`
+
+Commands:
+- `associate <ssid> <key> <key_type>`: set wifi AP to connect to. get your
+key\_type by doing a scan
+- `factory-reset`: reset the plug to factory settings
+- `off`: turn the power off
+- `on`: turn the power on
+- `reboot`: reboot the plug
+- `scan`: scan for nearby wifi APs (probably only 2.4 GHz ones)
+- `set_server <url>`: set cloud server to \<url\> instead of TP-Link's
+- Alternatively, you can supply a JSON string to be sent directly to the
+device. Note that the JSON string must be quoted, like so:
+`hs100 <ip> '{"system":{"set_relay_state":{"state":1}}}'`
+
+## Initial Setup
+
+According to TP-Link, initial setup of the plugs is performed by installing
+their "Kasa" app on your smartphone (free account required), and using its
+setup tool. This sucks and I do not recommend it. Instead, follow these
+alternative instructions.
+
+You want to get the plug into the "blinking amber and blue" state, in which
+it will spin up its own AP and await commands. If you have a brand new plug,
+then it should do this automatically. Otherwise, hold down one of the buttons
+(depending on your model) for about 5 seconds, until its light blinks amber
+and blue.
+
+You should see a wifi AP called "TP-Link\_Smart Plug\_XXXX" or similar.
+Connect to this AP. You will be given an IP of 192.168.0.100, with the plug
+at 192.168.0.1.
+
+Issue the following commands to the plug:
+- Factory reset the plug to get rid of any settings from a previous owner:
+`hs100 192.168.0.1 factory-reset`. You will be disconnected from its wifi AP.
+Once the factory reset is done (usually a few seconds), reconnect to the
+plug's AP.
+- Disable cloud nonsense by setting a bogus server URL: `hs100 192.168.0.1 set_server localhost`
+- Scan for your wifi AP using `hs100 192.168.0.1 scan`. Find your AP in the
+list and note its `key_type`; you will need this to associate.
+- Associate with your AP using `hs100 192.168.0.1 associate <ssid> <password> <key_type>`
+. Your key\_type is a number that indicates the kind of wifi security that
+your AP is using. You can find it by doing a wifi scan (see previous step).
+
+If the light turns solid amber, then it was unable to associate-- factory
+reset the plug and try again. Otherwise, the light on your plug will change
+first to blinking blue, then to solid blue indicating that it has successfully
+connected to your AP.
 
 ## Todo
 

comms.c

@@ -1,25 +1,28 @@
-#include <stddef.h>
+#include <arpa/inet.h>
 #include <inttypes.h>
 #include <stdbool.h>
-#include <string.h>
+#include <stddef.h>
 #include <stdlib.h>
-#include <arpa/inet.h>
+#include <string.h>
 #include <sys/socket.h>
 #include <unistd.h>
 #include "comms.h"
 
 bool hs100_encrypt(uint8_t *d, uint8_t *s, size_t len)
 {
-	if(d == NULL)
+	uint8_t key, temp;
+	size_t i;
+
+	if (d == NULL)
 		return false;
-	if(s == NULL)
+	if (s == NULL)
 		return false;
-	if(len == 0)
+	if (len == 0)
 		return false;
-	
-	uint8_t key = 0xab;
-	for(size_t i=0; i<len; i++) {
-		uint8_t temp = key ^ s[i];
+
+	key = 0xab;
+	for (i = 0; i < len; i++) {
+		temp = key ^ s[i];
 		key = temp;
 		d[i] = temp;
 	}
@@ -28,16 +31,19 @@ bool hs100_encrypt(uint8_t *d, uint8_t *s, size_t len)
 
 bool hs100_decrypt(uint8_t *d, uint8_t *s, size_t len)
 {
-	if(d == NULL)
+	uint8_t key, temp;
+	size_t i;
+
+	if (d == NULL)
 		return false;
-	if(s == NULL)
+	if (s == NULL)
 		return false;
-	if(len == 0)
+	if (len == 0)
 		return false;
-	
-	uint8_t key = 0xab;
-	for(size_t i=0; i<len; i++) {
-		uint8_t temp = key ^ s[i];
+
+	key = 0xab;
+	for (i = 0; i < len; i++) {
+		temp = key ^ s[i];
 		key = s[i];
 		d[i] = temp;
 	}
@@ -46,17 +52,23 @@ bool hs100_decrypt(uint8_t *d, uint8_t *s, size_t len)
 
 uint8_t *hs100_encode(size_t *outlen, char *srcmsg)
 {
-	if(srcmsg == NULL) return NULL;
+	size_t srcmsg_len;
+	uint8_t *d;
+	uint32_t temp;
 
-	size_t srcmsg_len = strlen(srcmsg);
+	if (srcmsg == NULL)
+		return NULL;
+
+	srcmsg_len = strlen(srcmsg);
 	*outlen = srcmsg_len + 4;
-	uint8_t *d = calloc(1, *outlen);
-	if(d == NULL) return NULL;
-	if(!hs100_encrypt(d+4, (uint8_t *)srcmsg, srcmsg_len)) {
+	d = calloc(1, *outlen);
+	if (d == NULL)
+		return NULL;
+	if (!hs100_encrypt(d + 4, (uint8_t *) srcmsg, srcmsg_len)) {
 		free(d);
 		return NULL;
 	}
-	uint32_t temp = htonl(srcmsg_len);
+	temp = htonl(srcmsg_len);
 	memcpy(d, &temp, 4);
 
 	return d;
@@ -64,16 +76,24 @@ uint8_t *hs100_encode(size_t *outlen, char *srcmsg)
 
 char *hs100_decode(uint8_t *s, size_t s_len)
 {
-	if(s == NULL) return NULL;
-	if(s_len <= 4) return NULL;
-	
 	uint32_t in_s_len;
+	char *outbuf;
+
+	if (s == NULL)
+		return NULL;
+	if (s_len <= 4)
+		return NULL;
+
 	memcpy(&in_s_len, s, 4);
 	in_s_len = ntohl(in_s_len);
+	if ((s_len - 4) < in_s_len) {
+		/* packet was cut short- adjust in_s_len */
+		in_s_len = s_len - 4;
+	}
 
-	char *outbuf = calloc(1,in_s_len+1);
+	outbuf = calloc(1, in_s_len + 1);
 
-	if(!hs100_decrypt((uint8_t*)outbuf, s+4, in_s_len)) {
+	if (!hs100_decrypt((uint8_t *) outbuf, s + 4, in_s_len)) {
 		free(outbuf);
 		return NULL;
 	}
@@ -84,35 +104,44 @@ char *hs100_decode(uint8_t *s, size_t s_len)
 char *hs100_send(char *servaddr, char *msg)
 {
 	size_t s_len;
-	uint8_t *s = hs100_encode(&s_len, msg);
-	if(s == NULL)
+	int sock;
+	uint8_t *s, *recvbuf;
+	struct sockaddr_in address;
+	uint32_t msglen;
+	size_t recvsize;
+	char *recvmsg;
+
+	s = hs100_encode(&s_len, msg);
+	if (s == NULL)
+		return NULL;
+
+	sock = socket(AF_INET, SOCK_STREAM, 0);
+	if (sock < 0)
 		return NULL;
 
-	int sock = socket(AF_INET, SOCK_STREAM, 0);
-	if(sock < 0) return NULL;
-	
-	struct sockaddr_in address;
 	memset(&address, '0', sizeof(struct sockaddr_in));
 
 	address.sin_family = AF_INET;
 	address.sin_port = htons(9999);
 
-	if(inet_pton(AF_INET, servaddr, &address.sin_addr)<=0)
+	if (inet_pton(AF_INET, servaddr, &address.sin_addr) <= 0)
 		return NULL;
-	
-	if(connect(sock, (struct sockaddr *)&address,
+
+	if (connect(sock, (struct sockaddr *)&address,
 		sizeof(struct sockaddr_in)) < 0)
 		return NULL;
 
 	send(sock, s, s_len, 0);
-	uint8_t recvbuf[1024];
-	recv(sock, recvbuf, 1023, 0);
-	char *recvmsg = hs100_decode(recvbuf, 1023);
-	close(sock);
-	if(recvmsg == NULL) {
-		free(s);
+	free(s);
+	recvsize = recv(sock, &msglen, sizeof(msglen), MSG_PEEK);
+	if (recvsize != sizeof(msglen)) {
 		return NULL;
 	}
-
+	msglen = ntohl(msglen) + 4;
+	recvbuf = calloc(1, (size_t) msglen);
+	recvsize = recv(sock, recvbuf, msglen, MSG_WAITALL);
+	close(sock);
+	recvmsg = hs100_decode(recvbuf, msglen);
+	free(recvbuf);
 	return recvmsg;
 }

handlers.c

@@ -0,0 +1,65 @@
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "comms.h"
+
+char *handler_associate(int argc, char *argv[])
+{
+	const char *template =
+		"{\"netif\":{\"set_stainfo\":{\"ssid\":\"%s\",\"password\":"
+		"\"%s\",\"key_type\":%d}}}";
+	char *plug_addr = argv[1];
+	char *ssid = argv[3];
+	char *password = argv[4];
+	char *key_type = argv[5];
+	char *endptr, *msg, *response;
+	int key_type_num;
+	size_t len;
+
+	if (argc < 6) {
+		fprintf(stderr, "not enough arguments\n");
+		exit(1);
+	}
+	errno = 0;
+	key_type_num = (int)strtol(key_type, &endptr, 10);
+	if (errno || endptr == key_type) {
+		fprintf(stderr, "invalid key type: %s\n", key_type);
+		exit(1);
+	}
+
+	len = snprintf(NULL, 0, template, ssid, password,
+			key_type_num);
+	len++;	/* snprintf does not count the null terminator */
+
+	msg = calloc(1, len);
+	snprintf(msg, len, template, ssid, password, key_type_num);
+
+	response = hs100_send(plug_addr, msg);
+
+	return response;
+}
+
+char *handler_set_server(int argc, char *argv[])
+{
+	const char *template =
+		"{\"cnCloud\":{\"set_server_url\":{\"server\":\"%s\"}}}";
+	char *plug_addr = argv[1];
+	char *server = argv[3];
+	size_t len;
+	char *msg, *response;
+
+	if (argc < 4) {
+		fprintf(stderr, "not enough arguments\n");
+		exit(1);
+	}
+	len = snprintf(NULL, 0, template, server);
+	len++;	/* snprintf does not count the null terminator */
+
+	msg = calloc(1, len);
+	snprintf(msg, len, template, server);
+
+	response = hs100_send(plug_addr, msg);
+
+	return response;
+}

hs100.c

@@ -1,59 +1,118 @@
 #include <stdio.h>
-#include <inttypes.h>
 #include <stdlib.h>
 #include <string.h>
+#include "version.h"
 #include "comms.h"
 
-const char usage[] = 
-"usage: hs100 ip command-or-json\n"
-"where 'ip' is an IP address (ex. 192.168.1.1)\n"
-"and 'command' is one of the words 'on', 'off', or a blob of json\n";
+// handlers for more complicated commands
+extern char *handler_associate(int argc, char *argv[]);
+extern char *handler_set_server(int argc, char *argv[]);
 
-struct cmd_alias_s {
-	char *alias;
+struct cmd_s {
 	char *command;
+	char *help;
+	char *json;
+	char *(*handler) (int argc, char *argv[]);
 	int end;
 };
-struct cmd_alias_s cmd_aliases[] = {
+struct cmd_s cmds[] = {
 	{
-		.alias = "off",
-		.command = "{\"system\":{\"set_relay_state\":{\"state\":0}}}",
+		.command = "associate",
+		.help = "associate <ssid> <key> <key_type>\n"
+			"\t\t\tset wifi AP to connect to",
+		.handler = handler_associate,
 	},
 	{
-		.alias = "on",
-		.command = "{\"system\":{\"set_relay_state\":{\"state\":1}}}",
+		.command = "factory-reset",
+		.help = "factory-reset\treset the plug to factory settings",
+		.json = "{\"system\":{\"reset\":{\"delay\":0}}}",
+	},
+	{
+		.command = "info",
+		.help = "info\t\tget device info",
+		.json = "{\"system\":{\"get_sysinfo\":{}}}",
+	},
+	{
+		.command = "off",
+		.help = "off\t\tturn the plug on",
+		.json = "{\"system\":{\"set_relay_state\":{\"state\":0}}}",
+	},
+	{
+		.command = "on",
+		.help = "on\t\tturn the plug off",
+		.json = "{\"system\":{\"set_relay_state\":{\"state\":1}}}",
+	},
+	{
+		.command = "reboot",
+		.help = "reboot\t\treboot the plug",
+		.json = "{\"system\":{\"reboot\":{\"delay\":0}}}",
+	},
+	{
+		.command = "scan",
+		.help = "scan\t\tscan for nearby wifi APs (probably only 2.4"
+			" GHz ones)",
+		.json = "{\"netif\":{\"get_scaninfo\":{\"refresh\":1}}}",
+	},
+	{
+		.command = "set_server",
+		.help = "set_server <url>\n"
+			"\t\t\tset cloud server to <url> instead of tplink's",
+		.handler = handler_set_server,
 	},
 	{
 		.end = 1,
 	},
 };
 
-char *get_cmd(char *needle)
+struct cmd_s *get_cmd_from_name(char *needle)
 {
 	int cmds_index = 0;
-	while(!cmd_aliases[cmds_index].end)
-	{
-		if(!strcmp(cmd_aliases[cmds_index].alias, needle))
-			return cmd_aliases[cmds_index].command;
+	while (!cmds[cmds_index].end) {
+		if (!strcmp(cmds[cmds_index].command, needle))
+			return &cmds[cmds_index];
 		cmds_index++;
 	}
-	return needle;
+	return NULL;
+}
+
+void print_usage()
+{
+	fprintf(stderr, "hs100 version " VERSION_STRING
+			", Copyright (C) 2018-2019 Jason Benaim.\n"
+			"A tool for using certain wifi smart plugs.\n\n"
+			"usage: hs100 <ip> <command>\n\n"
+			"Commands:\n"
+	);
+	int cmds_index = 0;
+	while (!cmds[cmds_index].end) {
+		fprintf(stderr, "\t%s\n\n", cmds[cmds_index].help);
+		cmds_index++;
+	}
+	fprintf(stderr, "Report bugs to https://github.com/jkbenaim/hs100\n");
 }
 
 int main(int argc, char *argv[])
 {
-	if(argc != 3) {
-		fprintf(stderr, "%s", usage);
+	if (argc < 3) {
+		print_usage();
 		return 1;
 	}
 	char *plug_addr = argv[1];
-	char *cmd = argv[2];
+	char *cmd_string = argv[2];
+	char *response = NULL;
 
-	cmd = get_cmd(cmd);
-	
-	char *response = hs100_send(plug_addr, cmd);
-	
-	if(response == NULL) {
+	struct cmd_s *cmd = get_cmd_from_name(cmd_string);
+	if (cmd != NULL) {
+		if (cmd->handler != NULL)
+			response = cmd->handler(argc, argv);
+		else if (cmd->json != NULL)
+			response = hs100_send(plug_addr, cmd->json);
+	} else {
+		// command not recognized, so send it to the plug raw
+		response = hs100_send(plug_addr, cmd_string);
+	}
+
+	if (response == NULL) {
 		fprintf(stderr, "failed to send command\n");
 		return 1;
 	}

version.h

@@ -0,0 +1,7 @@
+#ifndef __VERSION_H__
+#define __VERSION_H__
+
+#define VERSION_STRING "1.1"
+#define VERSION_NUMBER (101)
+
+#endif