Difference between revisions of "Nest Hacking"
From Exploitee.rs
Jump to navigationJump to search
| Line 27: | Line 27: | ||
* <data> | * <data> | ||
* 16-bit checksum | * 16-bit checksum | ||
Monitor: | |||
strace -ff -p $(pidof nlclient) -x -s9999 -e read,write 2>&1 | grep '(54' | |||
== Run BeagleBone/Debian programs == | == Run BeagleBone/Debian programs == | ||
ln -s . /lib/arm-linux-gnueabihf | ln -s . /lib/arm-linux-gnueabihf | ||
ln -s ld-2.11.1.so /lib/ld-linux-armhf.so.3 | ln -s ld-2.11.1.so /lib/ld-linux-armhf.so.3 | ||
Revision as of 10:07, 28 June 2014
Info
- /dev/event1 is the knob; /dev/event2 is the button
Nest software
/nestlabs/sbin/nlclient -config /nestlabs/etc/client.config -config /nestlabs/etc/Display/Display-2/client.config
Nest backplate interface
- Connected on /dev/ttyO2
Turn on W1: d5aa96 8200 0200 00 01 29a2 Turn off W1: d5aa96 8200 0200 00 00 08b2 Turn on Y1: d5aa96 8200 0200 01 01 1891 Turn off Y1: d5aa96 8200 0200 01 00 3981 Turn on G : d5aa96 8200 0200 02 01 4bc4 Turn off G : d5aa96 8200 0200 02 00 6ad4 Turn on OB: d5aa96 8200 0200 03 01 7af7 Turn off OB: d5aa96 8200 0200 03 00 5be7 Turn on W2: d5aa96 8200 0200 04 01 ed6e Turn off W2: d5aa96 8200 0200 04 00 cc7e Turn on Y2: d5aa96 8200 0200 07 01 be3b Turn off Y2: d5aa96 8200 0200 07 00 9f2b Turn on * : d5aa96 8200 0200 0b 01 d37e Turn off * : d5aa96 8200 0200 0b 00 f26e
- All communications with backplane begin with (d5)d5aa96 (d5 is doubled only for data FROM backplane)
- 16-bit command
- 16-bit data length
- 16-bit checksum
Monitor:
strace -ff -p $(pidof nlclient) -x -s9999 -e read,write 2>&1 | grep '(54'
Run BeagleBone/Debian programs
ln -s . /lib/arm-linux-gnueabihf ln -s ld-2.11.1.so /lib/ld-linux-armhf.so.3
