Hi All
Hopefully this place looks like a helpful forum as I’m quite new to all this!
I’ve had a few devices all working separately /through their proprietary apps but we’re just finishing off a large house extension and this has added to the list.
I’d ideally like to be able to view/switch a number of different devices on one screen/head end but have no idea where to start.
The devices we have/will have shortly are as follows;
Zigbee Smart Sockets
Zigbee smart switches (for lights)
Heatmiser Neo Underfloor Heating (this runs from a Samsung ASHP but that part is automatic)
Samsung VRF air conditioning (currently using Smart Things App)
Hive (2xLTHW heating circuits in the existing house and Hot Water)
Ring (doorbell!)
Hik Vision PoE CCTV
We have lots of appliances (Neff N70) which we can control remotely but not too fussed about controlling those at the
Moment)
Any help/recommendations would be appreciated!
Thanks
Adrian
I have a legacy home automation set-up running on Windows XP. the computer and software have now died.
I have written a very nice Excel VBA program to replace the software and it can run on any modern Windows system.
My only remaining problem is to output the correct signal to a USB port to trigger the wireless switches.
Has anybody done a similar exercise. Please help.
Hi All,
Kind of new to Home Automation. Started off Using Amazon Echo units and added a Samsung SmartThings hub. I have mostly been using plug in modules for turning lights on and off. I live in a very rural area where the internet goes out a lot. I eventually want to change to to a non internet Hub so things will work without needing an internet connection. But I will post with those questions at a later date.
So, the task at hand is this: I have flood lights at each corner of my house. They are currently controlled by switches at the front and back doors. I would like to add Security Cameras to each corner also. I can easily find small Wifi switches to put into the electrical box where the flood lights are located, then I can terminate the leads together behind the Decora switch to have constant power. Then I can use the constant power up at the lights electrical box to power the security cameras. I would also like to have a wireless switch to take the place of the Decora switch to be able to turn the lights off and on.
I cannot seem to find a product like this. It seems I can find the small wired in switch boxes that will also come with external smart wall switches, but the wall switches are an external box that does not fit in or cover the existing Wall switch electrical box. I can also find Wireless Decora switches that come with a remote wired in small switch box , but they all seem to be RF and do not integrate with a Smart Hub.
I am hoping someone here knows of a product that matches what I am looking for. Any help would be appreciated.
Also any recommendations for Wireless Security cameras are welcome.
Thanks for any help.
Dear Forum,
I am just starting a smart home system. I've wanted to do this for 10 years at most and really would like to get a start. What I have are a couple of SONOFF wifi relays, some 433 (Hz/mHz) switches ( not wifi ) a couple of wifi lightbulbs, and I'd like to expand wifi thermostat, leak/water detectors, garage door openers and what ever else I can think of.
In the SONOFF items I have it's a particular app, the wifi bulbs are another app, and if I do a thermostat there might be another app. My wife is not a Luddite but she damn sure doesn't want to have to trouble shoot if/why a particular app breaks down.
So in what I do understand about smart home things is that I need/want a HUB. I spent 15 years doing some programming so I do have some computer ability, though I'd prefer to stay away from HAVING to line command operate the hub.
I would like a list of HUB's that people have found to be the best. Even better are links to let's say Amazon for that hub.
Regards from Noob Smart Home,
Barry
Hello lovely people. Long time and all that. Hope you're all doing OK.
Bit of a left field one here, looking for extra eyes more than an answer and you're the most logical bunch I know 🙂
Part of our HA system is a Logitech Elite hub and remote control.
This is programmed to control my Cyrus Stereo, our TV, and HDMI switch and our Virgin V6 box.
I've been away for a couple of days. Got back this evening to (eventually) work out that the V6 box appears to be not accepting any commands from the Logitech.
Everything has been rebooted.
Logitech uses IR to control
Cyrus: Fine
TV: Fine
HDMI: Fine
Remote control uses Bluetooth to control Hub.
All commands from the Remote to the hub are executed (one might assume correctly) as the activity LED responds, and if you're controlling (say) the Cyrus, all works fine.
iOS App can be used to control Hub over the WLAN:
All commands from the App re executed (one might assume correctly) as the activity LED responds, and if you're controlling (say) the Cyrus, all works fine.
Native remote (that uses as far as I know bluetooth) to control the V6 box works fine.
V6 box refuses to acknowledge any command other than from the native remote. Remote or app provoke absolutely zero response from the V6 box.
This is annoying, but damned if I can think of any logical reason. One might assume a firmware update on the V6 box, but given that the Hub simply emulates the native remote, that seems unlikely.
I'm struggling to think of where even to start troubleshooting this, so any random thoughts would be appreciated.
My initial approach is to buy another hub in case there's a different radio set that's failed in the hub...
TIA!
C
I currently have an HVAC system in the attic - for heating and A/C. 120v is supplied to the unit to run the gas heating. A/C uses 240v. I have an ecobee thermostat...which sometimes goes offline....not often. When it goes offline, I need to turn the 120v power to the HVAC system off and then back on (the ecobee gets its power from the HVAC system). That resets the ecobee and all is fine. I spend the summer away from this house and if the ecobee goes offine..I have no current method to reset the HVAC 120v power remotely. My idea is to replace the current 120v plug in the attic with a smart plug...then I can remotely turn the 120v power off and the ecobee will reset and come back online. I use Wyze and Lutron Casita in the house currently and was hoping I could find an in-wall smart plug from Wyze or Lutron. Obviously, I don't need diming, etc...just the ability to turn the plug power on/off. I've seen some options...but one problem I have is the attic can reach up to 135F in the summer...many of the smart plugs I've seen are not rated for that temperature. Might any of you have any thoughts on a smart plug I might want to look at? I don't want to invest in anything that would require a new hub - so either WiFi based or Casita HUB based. I need 120v and 15amp ratings. Thanks in advance.
I am trying to run a reaction that turns on lights if a sensor has not been tripped for 2 minutes. Basically, when a garage door is open, turn on inside lights if nothing has been sensed for 2 minutes. My question has to do with the expression/variable for "Last Seen". The variable never gets updated over time since the last seen event never changes.
Screenshot 2024-09-02 191632.png
In the screenshot above, the reaction checks for any garage door as well as the variable called "GarageLastEntry". The expression for this variable is displayed below:
Screenshot 2024-09-02 191651.png
The problem that I am experiencing is that the variable never changes over time. I understand that this is because the "last seen" variable does not change over time when there is no activity. In this screenshot, the value shows 0.029... This can also be seen as the current value in the original reaction screenshot above. After 10 minutes, this value should be 10. However, when a garage door is opened, the variable does not get updated and thus the rule does not become true since .029 is less than 2.
When I go to the variable and click on the > icon, the variable then gets updated as expected as seen below:
Screenshot 2024-09-02 191711.png
So the ultimate question is, how do I use a rule that can use a variable such as "last seen"? Do I need to create another variable or reaction that multiplies this by 1 every minute? From what I read in the manual, a variable is evaluated every time it is included in a reaction. But this is not what I am seeing.
I also want to ask another question related to this variable. It seems like Reactor continuously deletes this variable and I have to keep recreating it? I have never experienced this with MSR so wanted to ask if this is a common problem or if my definition is causing this.
Any info is appreciated!!!
BACKGROUND
I have been using 4 x Yale Contactless Connected Door Locks for several years (they use either a rfid tag or code to enter)
I have also been using 1 x Yale L1 Door Lock on the main front door and this connects via Yale Software
Yale contacted me to advise the L1 Lock software was being withdrawn and I needed to install a Yale Access Module into the existing lock and a Wi-Fi Bridge to link it with the newly released software
ALL of the above was working just fine.
RECENT
Yale emailed to advise I should add a Yale Access Module to each of the 4 other locks as this would link with the updated software via the Wi-Fi Bridge.
They offered a deal of just £4 each for these Modules so I got them.
THE PROBLEM
I found that only 2 of these modules would slot easily into the locks - two of them bent the pins and one of those snapped the female part in a lock (I do have a spare lock but thats not the point).
Anyway, I began to set-up the two fitted Modules with the Wi-Fi Bridge and I eventually found (thanks Google, NOT Yale) that I now need 1 x Wi-Fi Bridge PER LOCK (£50 each).
QUESTION
Does anyone know of a compatible Wi-Fi Bridge which works with Yale AND can handle multiple connections (ie 5 all 5 of my locks) ?
THANK YOU
Some of you may know that I took at shot at building an alternate geofencing solution for Vera. The core of it was system agnostic, using the OwnTracks application and AWS lambdas to track devices and keep a central data, then disseminate that to the Vera via a websocket-based plugin. It worked with other apps as well, including Tasker and GPSLogger, but of the dozen people that were testing it, most used OwnTracks.
A lot was learned in the process, not the least of which is that the success of any such solution is highly dependent on the phone and its settings. Phone manufacturers love to set things up for the longest battery life, of course, but that's usually very anti-geofencing behavior. In the case of at least one brand, it was unusable and the settings could not be modified. It was also cost-prohibitive to maintain on Amazon, as AWS grabs a dime here and a dollar there and before you know it, it added $100/month to my AWS bill, which my wife deducted from my Scotch budget. Unacceptable.
But it's quite reasonable to use OwnTracks to a local endpoint, and I could pretty easily replicate the functionality as a local application, or maybe even as an additional endpoint built into MSR's API (still separate port and process, but in the package).
So the question really is... would you do it, or would you be too concerned about the security risks associated (e.g., dynamic DNS and NAT mapping in the firewall necessary for the phone to contact the service when not on LAN)?
Hello forum instigators.
Not sure who host/runs the forum software but a couple of challenges:
The chat is not currently usable, as the scrolling is all not right and it's not possible to read chats or send chats reliably.
There are a lot of female members that should perhaps be on another forum; where they can advertise their skills more appropriately. Note: I agree it's a job, like any other.
Whoever you are - thank you for your invaluable work.
I run a B&B and am looking for a way to turn the lights off whenever a room is unoccupied for X amount of time. The guest should still be able to turn the lights on and off manually, but should not be able to disable the auto turn off feature if the room is unoccupied.
I guess I am looking for a light switch with a built in presence sensor? I guess a presence sensor would be better as if it is a motion sensor, the lights may go off unwanted if the guest fails to make sufficient movement e.g. if the guest is lying down watching a film.
Are there any products on the market that would work for my application?
Hello,
I am in search of a device capable of using Bluetooth to connect with a smartphone and serve as its primary sound source on demand. This device should function similarly to conventional Bluetooth headphones, which automatically become the phone's sound output upon activation. However, this device should differ in that it transmits the audio signal to an amplifier via a jack, SPDIF, or similar connection. Alternatively, it could be an integrated amplifier that directly sends the signal to passive speakers.
The control of this process should be manageable through an API such as MQTT, REST, MODBUS, or similar. Are you aware of any devices that operate in this manner?
The concept is as follows: upon entering the bathroom, I would press a wall-mounted switch. This switch would send a signal to the Bluetooth device, prompting it to connect to my smartphone and seamlessly continue playing the audiobook I am currently listening to. Instead of using the phone's speakers, it would seamlessly start playing through ceiling-mounted speakers.
Many thanks 🙂
Hi folks,
I currently have some cheap Zigbee hub and some Amazon Alexas running my smart home which mostly consists of Zigbee power strips and Zigbee battery powered switches.
It all worked OK originally, but now whenever I press a Zigbee switch the light in the corresponding plug switches on then immediately off again.
If I ask Alexa to turn the light on it works fine. Likewise if I switch it on from my phone.
Any ideas what the issue could be?
I've tried unplugging the hub a number of times but that doesn't seem to fix it.
I was thinking about getting a Homey Pro 2023 to speed things up (tmas the Zigbee hub seems to be really slow now as well, for some reason) but I'm not sure about that either.
Any suggestions greatly appreciated!
Looking for a recommendation:
Locksmith is trying to talk me into the Yale Assure Lock Touchscreen with Wi-Fi and Bluetooth - the original 1st generation because they said it's built better than the Assure Lock 2. Any thoughts on this? Which would you recommend?
I see Mul T Lock makes a cylinder (KW-KIDYRL) for Yale Smart Locks. Would this fit the 1st gen Assure Lock, as well as Assure Lock 2? Has anyone tried replacing the cylinder with this on either lock?
Other smart lock I was considering is the Schlage Encode Plus.
Thanks!
Hi. So when I had my house build I ran a bunch of stuff, one of which being two pairs of speaker wires to each bedroom and to 4 spots around my living room… Over the years I have used them here and there with different success.. But today they sit in my walls just unused.
I converted all the cat6 or 5e (I don’t remember) over to basically eithernet jacks. The cable coaxial well it’s there but now unused. But I was thinking there has got to be some use for two pairs of speaker wires to each room. Can I make them usb plugs? Not sure so looking for ideas.
Thanks in advance for your thoughts on this.
Kevin
Hey guys...
We are replacing the heat pump and furnace this week and I will also need to replace my nest thermostat at the same time 'cause Nest is ending the cloud thing end of the month.
Anyway, I'm looking to use the
T6 Pro Z-Wave Programmable Thermostat | Smart Home | Honeywell HomeThat's what the heat pump installer recommend BUT, using Nest I was also using it to control the home humidifier using a single wire connected to nest... but no low voltage thermostat is able to do that, I checked all of them...
So I need some help on how I can do that, to connect the home humidifier using zwave also....
Hi
We are looking for a solution where we can detect presence of a «thing» (people , car , dog, cat, and more..
We need:
fast detections, 1-3 seconds in range from 0 to 20 m from «base» fysical «client» , chip , transmitter , unit. base , receiver placed at a door, gate, house, etc uniq Identifying wirelessThe client:
no need for pressing any thing (no buttons) battery , hoply 2-5 years battery time.Have someone done anything like this?
What technologi will be best?
Hey everyone, I'm currently working on developing a bed sensor that can detect when you're out of bed. It could be used to trigger other smart home gadgets, like lights or blinds, temperature etc.
The sensors are placed under the legs of your bed post. Should look and feel like "smart furniture pads" with size 2 inches in diameter and 1/4 inch thick.
Before we go any further, I'd love to get your thoughts on this - would a bed sensor like this be something you'd find useful? We're still in the early stages of development, so any feedback you have would be greatly appreciated. Thanks in advance!
smart möbeltass.JPG
@DesT, fenced code blocks display differently after the upgrade.
abc defThe above should display as abc and def on two separate lines. This works. But this fails:
verbose: true config: data: "auto"The above should display as three lines, verbose: true, config: and data: "auto", but this fails. In order to make it display properly, I now have to open the fenced code block with ```text (specify language, generic text). This displays without highlighting. The words yml and yaml (and the all-caps versions) don't seem to be recognized. I can also use js to get JavaScript highlighting, but this isn't great for YAML. Here's the same block with the language (text) specifier added (no other changes):
verbose: true config: data: "auto"Sure, we can start adding language specifiers to our new posts, but I suspect if we start digging around old posts, we're going to find a lot of broken display of the fenced code blocks (plain ``` at the start with no language specifier) in the thousands of old posts in these forums, upon which people still rely for answers and information.
Log file snippets also get similarly brutalized:
[###BUILDVERSION###]2023-04-26T19:41:51.683Z <ZWaveJSController:NOTICE> ZWaveJSController#zwavejs added file logger to zwavejs.log [###BUILDVERSION###]2023-04-26T19:41:51.747Z <ZWaveJSController:WARN> zwavejs_capabilities defines x_zwave_device_cfg, which is not consistent with the recommended naming [###BUILDVERSION###]2023-04-26T19:41:51.747Z <ZWaveJSController:WARN> zwavejs_capabilities defines x_zwave_mfg_spec, which is not consistent with the recommended naming [###BUILDVERSION###]2023-04-26T19:41:51.747Z <ZWaveJSController:WARN> zwavejs_capabilities defines x_zwave_device_ver, which is not consistent with the recommended naming [###BUILDVERSION###]2023-04-26T19:41:51.747Z <ZWaveJSController:WARN> zwavejs_capabilities defines x_zwave_values, which is not consistent with the recommended naming [###BUILDVERSION###]2023-04-26T19:41:51.837Z <ZWaveJSController:INFO> ZWaveJSController#zwavejs connecting to ws://192.168.0.10:3000 [###BUILDVERSION###]2023-04-26T19:41:51.874Z <ZWaveJSController:NOTICE> ZWaveJSController#zwavejs connected [###BUILDVERSION###]2023-04-26T19:41:51.874Z <ZWaveJSController:INFO> ZWaveJSController#zwavejs sending connection initialization [###BUILDVERSION###]2023-04-26T19:41:51.931Z <ZWaveJSController:INFO> ZWaveJSController#zwavejs greeting from server: [Object]{ "type": "version", "driverVersion": "10.16.0", "serverVersion": "1.28.0", "homeId": 3631280043, "minSchemaVersion": 0, "maxSchemaVersion": 28 } [###BUILDVERSION###]2023-04-26T19:41:51.932Z <ZWaveJSController:INFO> ZWaveJSController#zwavejs performing initial inventory [###BUILDVERSION###]2023-04-26T19:41:52.325Z <ZWaveJSController:INFO> ZWaveJSController#zwavejs manufacturer-specific data for 134 (AEON Labs) from package ver 22315.1 [###BUILDVERSION###]2023-04-26T19:41:52.328Z <ZWaveJSController:INFO> ZWaveJSController#zwavejs configuring node 1 endpoint 0 (entity "1-0") [###BUILDVERSION###]2023-04-26T19:41:52.339Z <ZWaveJSController:INFO> ZWaveJSController#zwavejs manufacturer-specific data for 543 (Elexa Consumer Products Inc.)I think this is going to be a problem. Is there a way in NodeBB to configure the default language for fenced code block markdown for the entire forum so that these display more as they did before the upgrade?
EDIT: Examples below of old posts with corrupt formatting now:
https://smarthome.community/topic/1101/dynamic-groups-controller-filter-expressions
https://smarthome.community/post/11362
This last old post is interesting, because the first block displays incorrectly, but the second block is OK. In playing around, there seem to be triggering character sequences, suggesting that the markdown processor is trying to "guess" the language but not getting it right, perhaps:
https://smarthome.community/post/11332
Lua - Code to encrypt / decrypt with AES 128 CBC
-
I can see on Vera, that it has openssl installed, is that an option ?
root@MiOS_ 12345678:~# openssl version OpenSSL 1.0.2l 25 May 2017
root@MiOS_ 12345678:~# openssl ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA
There seems a number of related posts online - where similar attempts have been made e.g. https://stackoverflow.com/questions/65918428/how-to-provide-string-iv-and-key-to-openssl-decrypt-command
Never having done anything like this before, looking for some support/guidance from anyone who understands all this cipher/encryption stuff much more than I
-
Absolutely OpenSSL is the way to go, rather than trying to implement the encryption in Lua. You can use
os.execute()
orio.popen()
to run the command and capture the output. You're probably looking at some variant of:openssl aes-128-cbc -e -a -K hex-key -iv hex-iv [-in xxx]
-
Thanks @toggledbits
I’ve been playing around with OpenSSL a little this morning, I’ve, not had much success so far., based on the source code, it looks like i need to encrypt the generated
payload
with the createdkey
andiv
using aes 128 cbc.. Does that sound right to you.. (Looking at OpenSSL guide, it seems pretty comprehensive and complex.- https://www.openssl.org/docs/man1.1.1/man1/openssl-enc.html )Here’s my code so far, any thoughts/suggestions welcome..
local name = "openssl" local version = "version" local data="1234" local key="\\S„ßÍ}/Ìa4!" local hmac_key="¹jz¹2¸F\r}òcžÎ„ 臧.ª˜¹=¤µæŸ" local iv=" {¬£áæ‚2žâ3ÐÞË€ú " local payload = "0000000000001234" --local buildsslcommand1 = name .." "..version --local buildsslcommand2 = "openssl aes-128-cbc -e -a -K hex-"..key.." -iv hex-"..iv.."[-in xxx]" --local buildsslcommand3 = "openssl enc -aes-128-cbc -iv "..iv.." -k "..key.." | hexdump -C" local buildsslcommand = "openssl enc -aes-128-cbc -nosalt -e -a -A "..payload.." -K "..key.." -iv "..iv print("Command to send = " ..buildsslcommand) local file = assert(io.popen(buildsslcommand, 'r')) local output = file:read('*all') file:close() print(string.len(output)) --> just count what's returned. print(output) -- > Prints the output of the command.
-
Practice on the command line and don't worry about the Lua until you know how the command works and what you need to give it.
Your key and IV have to be hex, so that's your first challenge. The command will want to read stdin if you don't specify
-in <file>
; you can't put the payload on the command line directly. Plus it contains binary data, so that's a non-starter. So at a minimum you're going to be writing the payload to a temporary file and encrypting that with-in
. OpenSSL can write the encrypted output to stdout (it will if you don't specify-out <file>
), which is good because you can read that directly when usingio.popen()
, so that part's going to be OK. -
Thanks @toggledbits ,
To make the key and iv hex, could I use binascii.lua (https://github.com/tst2005/binascii/blob/master/binascii.lua) ?
—Converts a string of bytes to a hexadecimal string local function hexlify(s) local a = {} for i=1,#s do local c = s:sub(i,i) local byte = c:byte() a[#a+1] = ('%02X'):format(byte) end return table.concat(a) end
As for the OpenSSL command line structure, I’ve come across a number of different examples online - this one seems to relate to what you’re suggesting (I’d just need to change it to 128, rather than 256)
openssl enc -aes-256-cbc -nosalt -e -a -A -in input.dat -K '7c07f68ea8494b2f8b9fea297119350d78708afa69c1c76' -iv 'FEDCBA987654321' -out input-test.enc
QQ : You mentioned that I’m going to need to write the payload to a temp file and encrypt it with
-in
?How does
-in
do any encryption?In the OpenSSL manual it just says the following about -in and -out
-in filename The input filename, standard input by default. -out filename The output filename, standard output by default.
-
@parkerc said in Lua - Code to encrypt / decrypt with AES 128 CBC:
QQ : You mentioned that I’m going to need to write the payload to a temp file and encrypt it with -in?
You need to use
-in
on the encryption command to tell it to read from a file. You didn't have-in
in your previous example, you just put the payload on the command line, and that doesn't work.The hex conversion doesn't need two steps for the byte conversion and math for target array position:
-- Converts a string of bytes to a hexadecimal string local function hexlify(s) local a = {} for i=1,#s do a[i] = ('%02X'):format( s:byte( i ) ) end return table.concat(a) end
-
Ok, not sure how far I’ve progressed with this, but hopefully I’m getting somewhere ??
Here are the values created earlier..
local key= "\\S„ßÍ}/Ìa4!" local iv = "{¬£áæ‚2žâ3ÐÞË€ú" local payload = "0000000000001234"
I’ve put the payload value into a file..
local file = "etc/payload.txt" local outf = io.open(file, "w") outf:write(payload) outf:close()
Then created Hex values of the key and iv
local function hexlify(s) local a = {} for i=1,#s do a[i] = ('%02X'):format( s:byte( i ) ) end return table.concat(a) end print(hexlify(key)) print(hexlify(iv))
keyHEX = "5C53E2809EC39FC38D7D191E2FC38C1D61057F3421"
ivHEX = "7BC2ACC2A3C3A1C3A6E2809A32C5BEC3A233C390C39EC38BE282ACC3BA"Then I’ve taken those new hex values and accessed the command line of vera to run the following openssl command I created…
openssl enc -aes-128-cbc -nosalt -e -a -A -in etc/payload.txt -K '5C53E2809EC39FC38D7D191E2FC38C1D61057F3421' -iv '7BC2ACC2A3C3A1C3A6E2809A32C5BEC3A233C390C39EC38BE282ACC3BA' -out etc/payload2.txt
The above resulted in etc/payload2.txt being created, however it's empty and the command line returns the following messages.
hex string is too long
invalid hex iv valueOther than checking how the initial key and I’ve values are created again, is there anything else I need to look into/check ?
-
Those initial values for key and IV being binary data in strings could be a problem. Your editor may be wrecking them because it thinks they are Unicode, or they've already been wrecked along the way by other means. Both are supposed to be 16 bytes, and you've got 29 for IV and 21 for the key, so something has definitely gone wrong, and Unicode/UTF-8 encoding and decoding in the file handling is a prime suspect.
Fortunately, the IV doesn't really matter, I think. You could just use the first 16 bytes of the payload for testing. But it's supposed to be a 16-byte (128 bit) nonce, used only one time with the key (so if you encrypt something else with the same key, you should use a different IV). Maybe just generate 16 random bytes and call it good, but make sure to seed the random number generator, otherwise it generates the same 16 "random" numbers after every restart (that's a feature, actually, but you have to remember to seed in production to get away from it).
And really, probably the key doesn't matter either. You need both the key and IV to encrypt and decrypt, so it's not like you are dealing with a known key from another system like a remote API (unless they are doing this all wrong and using the same key and IV for every payload--that would be an... error). Pick 16 bytes and go to town!
patrick@drupal:/tmp$ echo "I am a secret message." > in.txt patrick@drupal:/tmp$ cat in.txt I am a secret message. # Encrypt patrick@drupal:/tmp$ openssl aes-128-cbc -e -a -in in.txt -K '9988227744aaff003388ffccee1188ff' -iv '112233445566778899aabbccddeeff00' -out out.txt patrick@drupal:/tmp$ cat out.txt MQi9QVm1/R3dvZncbX0nQeRqlf0+2oFcMuW/vp0FQ2Q= # Now decrypt patrick@drupal:/tmp$ openssl aes-128-cbc -d -a -in out.txt -K '9988227744aaff003388ffccee1188ff' -iv '112233445566778899aabbccddeeff00' I am a secret message.
-
Thanks @toggledbits
I think you’re right about the Lua/Luup editor wrecking the format of the values being generated, plus I’m perhaps not helping matters by working on various parts of the overall code separately ; so I have been copying things over.
FYI - You can see how the generated values are stored/presented differently (one image is via a print screen using LuaView and the other is writing them as new variables into Vera)
I’m going to try and do as much as I can using the Vera written values, as ultimately that’s where my target for where this code will need to eventually run..
-
OK, yeah, so big problem, you cannot store binary data in state variables. That is going to fail, 100%. State variables are character strings, and assumed to contain character data, and when they are stored, they are put through UTF-8 encoding and decoding. Your binary data is going to look like Unicode characters to the innards of Luup throwing this stuff around, and anything that isn't a valid codepoint is going to get changed to something else (and boom, data corrupted), while converting it to JSON to store on flash and back, etc.
Store everything in hex or base64.
-
What would I do without you
Ok, so I can still write to a device variable in Vera, I’d just need to encode it first , in either one of those two options. e.g like this if base64?
local function base64_encode(data) local b='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' return ((data:gsub('.', function(x) local r,b='',x:byte() for i=8,1,-1 do r=r..(b%2^i-b%2^(i-1)>0 and '1' or '0') end return r; end)..'0000'):gsub('%d%d%d?%d?%d?%d?', function(x) if (#x < 6) then return '' end local c=0 for i=1,6 do c=c+(x:sub(i,i)=='1' and 2^(6-i) or 0) end return b:sub(c+1,c+1) end)..({ '', '==', '=' })[#data%3+1]) end local key = string.char(unpack(key_vals)) - - local keyEnc = base64_encode(key) luup.variable_set("urn:nodecentral-net:serviceId:NodeCentral1","key",keyEnc, 1187)
-
It's easier than that in Luup...
local mime = require("mime") local encoded = mime.b64( "Hello world!" ); local decoded = mime.unb64( encoded ); luup.log( decoded, 2 )
-
Awesome, thanks - I often forget what’s already there in luup.. !
Also am I right in saying that i only need to enc/dec in hex or base64 if I’m planning to store (read/write) those values/variables, if I can keep them ‘active; and flowing within the code itself (in memory) then, I’m ok ?
-
Yes, in memory is fine. So for example, you may generate IV from random numbers byte by byte, put it through
b64
orhex
before storing it on a state variable. Foropenssl
, you'll be giving key and IV in hex, so that seems a sensible way to keep it. Once it's converted to hex, you'll never need to reverse that, since it can be stored in a state variable as hex, and can be handed directly toopenssl
as hex. -
This time round, I seem to have generated some new hex values this time, which I’ve used in a io.popen openssl command, feels a bit better, but sadly not quite yet right (yet).. FYI
openssl enc -aes-128-cbc -nosalt -e -a -A -in etc/payload.txt -K 'enNIQi9wNmYxd1RDUXMvNHJhdHNGZz09' -iv 'B6B1919A88C696AE87A692B1BBADCE9B' -out etc/payload2.txt non-hex digit invalid hex key value
-
Well the key you show is definitely not hex, because 16 bytes of hex should be 32 characters long with only 0-9, A-F. Looks like you have base64 for the key, not hex.
-
Progress at last ! well I’ve at least got the key and iv in the correct hex format for the OpenSSL aes cbc encryption command to work.🥳
Which leads me on to the next part, where the output of the above is referred to as the ciphertext;, of which I now need to do the following with..
ciphertext = MyopensslAEScbcCall() sig = encdec.hmacsha256(ciphertext, hmac_key, true) encrypted_payload = encdec.base64enc(ciphertext .. sig) return encrypted_payload
hmacsha256
seems to be next, and it might also be something I could do with OpenSSL too ? -> https://unix.stackexchange.com/questions/610039/how-to-do-hmacsha256-using-openssl-from-terminal ?I also found this too - https://github.com/jqqqi/Lua-HMAC-SHA256/blob/master/sha256.lua
@toggledbits any suggestions/recommendations on what to do with this next part ?
-
I would stick with OpenSSL. You just need to assemble the correct bits (HMAC key and ciphertext) to send to the hash function, compute the hash, then append the hash to the ciphertext. The trick here will be that you currently have the AES encyption outputting its result base64-encoded... you can't append the signature to that. You need the ciphertext output in binary for that, so you need to remove the
-a
(and-A
) to let the output be binary. Then you can put that into the hash. And then you can take the (binary) hash output and append that to the binary ciphertext, and then you base64 encode the assembled result at the very end. The whole thing takes a few steps. I would recommend writing a shell script to do all the steps, and just have Lua run the shell script. You can then more easily develop and test the steps (because they are all in the shell script and runnable from the command line). -
Thanks @toggledbits - I struggle enough with Lua, so i admire your optimism in thinking I could create a shell script too
I must admit, I can’t help but feel like I’m making this more complicated that it needs to be, especially as there are working Lua and Python scripts already out there, which seem to be doing everything natively (although I do admit much of this thread is trying to plug holes in Vera )
With that said, the following might help you understand the bigger picture of what I’m trying to replicate, and maybe help me more, as I found some related posts, the first one which uses python e.g. https://github.com/florianholzapfel/panasonic-viera/issues/9 - and I’ve extracted the related HMAC part below.
… # Let's encrypt it with AES-CBC! We need to make sure we pad it to a multiple of 16 bytes beforehand aes = AES.new(key, AES.MODE_CBC, iv) ciphertext = aes.encrypt(pad(payload)) # Calculate the HMAC-SHA-256 signature of our encrypted payload sig = hmac.new(hmac_key, ciphertext, hashlib.sha256).digest() # Concatenate the HMAC signature to the encrypted payload and base64 encode it, and we're done! encrypted_payload = base64.b64encode(ciphertext + sig)
Plus there’s this pure Lua version called Haslib -> https://github.com/howmanysmall/Rewrites/blob/master/src/HashLib.lua - which looks like it might be promising to add to Vera as a module ?
USAGE: Input data should be a string Result (SHA digest) is returned in hexadecimal representation as a string of lowercase hex digits. Simplest usage example: local HashLib = require(script.HashLib) local your_hash = HashLib.sha256("your string")
Looking at the functions within the latter HashLib.lua file, it has one called
local function hmac(hash_func, key, message)
which makes me wonder could i use that and do the following.. ?local HashLib = require(script.HashLib) local mySig = HashLib.hmac(sha256, ciphertext, hmac_key)
-
Approach however you want, it's yours to choose, of course. I can just recommend (and you asked). My experience is that snatching random code snippets from Github can be hit or miss, and if it's a miss, it will take longer to find because of your implicit trust of "working" code by others. OpenSSL is widely-used and well-known. It is, for practical purposes, a reference standard. If you find "good code" on Github and it turns out it isn't, it will likely be a long time before you figure it out, because you'll trust it, even though you should not. And in this scenario, with so much computation, and in so many steps, it's all a black box and debugging any piece of it will be extremely challenging. You'll post here when it doesn't work and I and anyone else won't be able to help you, because we can verify it either. Using a known-good tool, even if you struggle to get to know it, will give you a more reliable result, because then you are only fighting with your handling of the inputs and outputs and getting the steps right and in the right order. You should use the best tools possible to minimize the number of variables in the equation. Once you know how it all works, you see it all hang together, and you've got some "sand in your pants" as they say, then you can start replacing with other things, if necessary.
The other issue is that no Lua implementation, of crypto in particular, which can be very complex and iterative, is going to be more efficient than the C/C++-based, optimized implementation of OpenSSL. That matters on the weak CPUs we are working with.
At a minimum, you should get your procedure working on the command line, with all the steps and a full cycle of encode and decode with a couple of different payloads. Once you have that, you have something (known inputs and known outputs/results) you can use to test Lua replacements, because you have known benchmarks to compare to. If you don't know what a particular input will produce on the output, you will never know if any piece of code you find is correct or not.