Difference between revisions of "Nest Hacking"

From Exploitee.rs
Jump to navigationJump to search
Line 7: Line 7:
== Nest backplate interface ==
== Nest backplate interface ==
* Connected on /dev/ttyO2
* Connected on /dev/ttyO2
  Turn on  W1: d5aa968200 0200 00 01 29a2
  Turn on  W1: d5aa96 8200 0200 00 01 29a2
  Turn off W1: d5aa968200 0200 00 00 08b2
  Turn off W1: d5aa96 8200 0200 00 00 08b2
  Turn on  Y1: d5aa968200 0200 01 01 1891
  Turn on  Y1: d5aa96 8200 0200 01 01 1891
  Turn off Y1: d5aa968200 0200 01 00 3981
  Turn off Y1: d5aa96 8200 0200 01 00 3981
  Turn on  G : d5aa968200 0200 02 01 4bc4
  Turn on  G : d5aa96 8200 0200 02 01 4bc4
  Turn off G : d5aa968200 0200 02 00 6ad4
  Turn off G : d5aa96 8200 0200 02 00 6ad4
  Turn on  OB: d5aa968200 0200 03 01 7af7
  Turn on  OB: d5aa96 8200 0200 03 01 7af7
  Turn off OB: d5aa968200 0200 03 00 5be7
  Turn off OB: d5aa96 8200 0200 03 00 5be7
  Turn on  W2: d5aa968200 0200 04 01 ed6e
  Turn on  W2: d5aa96 8200 0200 04 01 ed6e
  Turn off W2: d5aa968200 0200 04 00 cc7e
  Turn off W2: d5aa96 8200 0200 04 00 cc7e
  Turn on  Y2: d5aa968200 0200 07 01 be3b
  Turn on  Y2: d5aa96 8200 0200 07 01 be3b
  Turn off Y2: d5aa968200 0200 07 00 9f2b
  Turn off Y2: d5aa96 8200 0200 07 00 9f2b
  Turn on  * : d5aa968200 0200 0b 01 d37e
  Turn on  * : d5aa96 8200 0200 0b 01 d37e
  Turn off * : d5aa968200 0200 0b 00 f26e
  Turn off * : d5aa96 8200 0200 0b 00 f26e
 
* All communications FROM backplane begin with d5d5aa96
* All communications TO backplane begin with d5aa96
 
* 16-bit command
* 16-bit data length
* <data>
* 16-bit checksum


== Run BeagleBone/Debian programs ==
== Run BeagleBone/Debian programs ==
  ln -s . /lib/arm-linux-gnueabihf
  ln -s . /lib/arm-linux-gnueabihf
  ln -s ld-2.11.1.so /lib/ld-linux-armhf.so.3
  ln -s ld-2.11.1.so /lib/ld-linux-armhf.so.3

Revision as of 17:37, 27 June 2014

Info

  • /dev/event1 is the knob; /dev/event2 is the button

Nest software

/nestlabs/sbin/nlclient -config /nestlabs/etc/client.config -config /nestlabs/etc/Display/Display-2/client.config

Nest backplate interface

  • Connected on /dev/ttyO2
Turn on  W1: d5aa96 8200 0200 00 01 29a2
Turn off W1: d5aa96 8200 0200 00 00 08b2
Turn on  Y1: d5aa96 8200 0200 01 01 1891
Turn off Y1: d5aa96 8200 0200 01 00 3981
Turn on  G : d5aa96 8200 0200 02 01 4bc4
Turn off G : d5aa96 8200 0200 02 00 6ad4
Turn on  OB: d5aa96 8200 0200 03 01 7af7
Turn off OB: d5aa96 8200 0200 03 00 5be7
Turn on  W2: d5aa96 8200 0200 04 01 ed6e
Turn off W2: d5aa96 8200 0200 04 00 cc7e
Turn on  Y2: d5aa96 8200 0200 07 01 be3b
Turn off Y2: d5aa96 8200 0200 07 00 9f2b
Turn on  * : d5aa96 8200 0200 0b 01 d37e
Turn off * : d5aa96 8200 0200 0b 00 f26e
  • All communications FROM backplane begin with d5d5aa96
  • All communications TO backplane begin with d5aa96
  • 16-bit command
  • 16-bit data length
  • 16-bit checksum

Run BeagleBone/Debian programs

ln -s . /lib/arm-linux-gnueabihf
ln -s ld-2.11.1.so /lib/ld-linux-armhf.so.3
Retrieved from "http://www.Exploitee.rs/index.php?title=Nest_Hacking&oldid=1939"