Hack the Amazon Dash button to control a SmartThings switch

I recently bought the $5 Amazon dash button. While the thought of pushing a button and having Kraft Mac & Cheese arrive at my doorstop two days later is intriguing, I’d rather hack the button.

The Dash has a wifi chip that communicates with the Amazon mobile app, but we can interrupt that final step and make it do whatever we want.

First, I’ll show the video and then provide instructions to replicate this at home.


Here’s how it works…

Step 1: Get the MAC address of the Dash button

Open up the Amazon shopping app, and configure the Dash button to work with your local network. Click Settings → Dash Devices → Manage devices. Add your SSID and network password, and watch the Dash button light up with a blue LED.

Now, once you get to the screen where you need to select which item to purchase, close the app. Don’t actually choose an item.

Your dash is now talking to your wifi network, but isn’t ordering any food.

Next, create a text file and name it listen.py. Paste this code in and save it (shoutout to Ted Benson):

from scapy.all import *

def arp_display(pkt):
  if pkt[ARP].op == 1: #who-has (request)
    if pkt[ARP].psrc == '0.0.0.0': # ARP Probe
      print "ARP Probe from: " + pkt[ARP].hwsrc

print sniff(prn=arp_display, filter="arp", store=0, count=10)

This script uses a Python library called Scapy which lets you intercept network packets and do whatever you want with them. Here’s an interactive tutorial.

It took me about 5 minutes to get Scapy to work with my operating system (OS X 10.11). Once you get it working, run the Python script: python listen.py.

Your terminal should output a MAC address. There are a few errors, but you can ignore them.

Now that we have the MAC address, let’s update our listen.py script:

from scapy.all import *

def arp_display(pkt):
  if pkt[ARP].op == 1: #who-has (request)
    if pkt[ARP].psrc == '0.0.0.0': # ARP Probe
      if pkt[ARP].hwsrc == 'a0:02:dc:ed:13:cc': # Mac & Cheese
        print "Pushed Mac & Cheese"
      else:
        print "ARP Probe from unknown device: " + pkt[ARP].hwsrc

print sniff(prn=arp_display, filter="arp", store=0, count=10)

Your MAC address will be different.

Step 2: Write a SmartApp that accepts HTTP requests to control switches

This is the easy part.

@Jim wrote an awesome SmartApp that creates endpoints and lets you control switches with PUT requests.

Here is the code: https://github.com/SmartThingsCommunity/Code/blob/master/smartapps/hackathon-demo/restful-switch.groovy

When creating the SmartApp, make sure to enable OAuth.

Install the SmartApp, select a switch to control, and take note of the API token and API Endpoint.

Step 3: Update Python script to make HTTP requests to SmartThings when the button is pushed

Now, all we have to do is make a PUT request to the SmartApp within the Python script and the light should toggle on and off.

Here’s the updated Python script:

from scapy.all import *
import requests

def toggle_st():
    url = 'YOUR_API_ENDPOINT'
    headers = {"Authorization": "Bearer YOUR_API_TOKEN"}
    data = '{"command":"toggle"}'
    r = requests.put(url, data=data, headers=headers)

def arp_display(pkt):
  if pkt[ARP].op == 1: #who-has (request)
    if pkt[ARP].psrc == '0.0.0.0': # ARP Probe
      if pkt[ARP].hwsrc == 'YOUR_MAC_ADDRESS': # Mac & Cheese
        print "Toggle the light"
        toggle_st()
      else:
        print "ARP Probe from unknown device: " + pkt[ARP].hwsrc

print sniff(prn=arp_display, filter="arp", store=0, count=10)

And that’s it. Now you can use a $5 button to control devices with SmartThings.

26 Likes

Now Amazon is going to get a surge in Dash button purchases from me.

3 Likes

You can only buy one per product and there are only 18.

1 Like

Odd? I was able to buy them in quantities of 2!

2 Likes

Same here. Two on their way for this weekend.

Now I just need to figure out how to re-label them so that they look good! (and my OCD doesn’t drive me nuts looking at them…)

If these work as well as I think they will, I’m going to need a Dash Button to order more Dash Buttons.

@mager, the look your dog gave you when the light turned on is the same one I get from my wife.

4 Likes

Very neat, this seems like a fun hack to play with. Now if we can somehow register hold and double tap events, I’m not sure I’d need flic when they come out anymore. :smile:

This is a fun hack, but for around $20 you get a rechargeable Aeon Minimote with 4 buttons (8 with “held”).

Z-Wave, natively supported, meshed…

And works out to $2.50/button.

3 Likes

@mager I had the same idea when I saw Ted’s post as well. I think it was pypcap I install in with the scapy in order to not have to hit enter on my Mac. Mine comes in today and am going to try and run it on my RPI and keep it running on there, same one used for my Alexa bridge. Also being I haven’t received my dash let and haven’t been able check this, but many sites say that after a button press the dash isn’t able to be hit for a time period because it’s still attempting to connect to Amazon (tries for 5 times). Can you confirm that and if so how long is the time period.

1 Like

It’s not the point of having 8 buttons in one spot. It’s the idea to have a button where ever. I can give one to my 9 month old and when he hits it, I can have it turn on his cartoons. Or in my car to hit when I get home because I now longer trust my iPhone presence to lock and unlock it (last night heard my door unlock while in bed, checked my activity in the app and it said iPhone is back, wife wasn’t happy about that and it’s not the first time)

I’m in the same boat as Tomforti. I have three Aeon Minimotes already, but I ordered a dash to play around with as these I can stick anywhere to create virtual switches (that can also be removed anytime I want as they aren’t actually embedded in the wall).

The biggest limitation I see to these is that there’s only a single action/toggle that can be assigned to them, whereas flic is a similar device but it can be used for three action/toggles.

A couple of thoughts…

The hack is clever, but I’m not sure it’s practical.

First, have you considered battery life? As replenishment buttons, I wouldn’t be surprised if Amazon planned on a battery life of about 100 pushes. Wi-Fi is a high-power protocol. If you’re using these as regular home automation buttons, I suspect they’re going to be like the Arlo cameras, and you’ll have a battery life of a couple of weeks. In contrast, flics are using Bluetooth low-energy, are intended for multiple pushes per day, and still have a battery life of several years (about 60,000 pushes, per spec).

Second, the hack requires running a 24 hour server to catch the button pushes. That could be a regular PC or Mac, and I know a lot of people are running those. Or a pi. I’m not. I use the laptop about twice a month, only for programs that can’t run on anything else, and it’s unplugged in between. Most of the time I use tablets. Energy cost for the tablet is considerably lower than for the laptop, usually given as around 4% of the laptop’s energy draw. ( that is, laptop uses 25 times as much energy. ) A raspberry pi uses less energy than a PC, but still about five times that of a tablet.

http://cleantechnica.com/2012/06/28/tablet-pcs-save-energy-ipads-cost-only-1-38-per-year-charge/

So there are some hidden dollar costs, as well as environmental costs, to choosing the Dash button over the flic.

There’s also the question of how many Wi-Fi connections your router will support. Netgear routers for example are typically limited to 32 devices per band. The theoretical limit for most home routers is 255 devices, but that’s usually terrible performance. 50 is a more practical limit. The more devices you add, the sooner you’ll run into some kind of issue on your Wi-Fi. With the Dash, it’s probably more of an issue for those who assign IP addresses rather than an operational issue, though. So it’s just something to keep in mind when you’re talking about adding a dozen new buttons.

But I suspect the bigger issue is going to be the battery life. If it dies in less than two months, I don’t see people being very happy with it. Even if it lasts six months, that’s a little iffy for a switch that could fail at any time.

Obviously, everyone will make their own choices, but just something to keep in mind before you install a bunch of these for mission-critical purposes.

FWIW

2 Likes

BTW, I solved the “teleporting” problem by adding transitional modes. If the mode is home and my phone or presence sensor suddenly says I’ve left and cone back, none of my arrival events, like unlocking the door, trigger, because I didn’t go through the transitional “I’m leaving” mode first. The transitional modes are not triggered by geopresence, but rather a physical state like a contact sensor on the door.

It’s more work to set up, but it fixes the drop off problem.

3 Likes

The issue is my hub thinks I left. I see this in my lock activity. I actually never looked at what my phone was doing until now and it’s crazy!

Yep, that’s exactly what happens to me, I’ve posted similar screenshots in the other presence topics.

Any Geopresence which depends on your device being connected to either the hub or your home network will think that you left if the device briefly loses that connection. Then when the device reconnects, which the phone or the smartthings presence sensor will do automatically, smartthings thinks you have arrived home. Even though your device may have been sitting in one place the whole time. That’s what I mean by “teleportation.” And that’s exactly the issue that I address with the occupancy approach in the topic I linked to in my previous post.

Since presence issue discussions would be off topic for this thread, why don’t we continue further discussion on the other topic. :sunglasses:

Cool thanks. I’ll have to look into it. Back to the topic, so being that I have a RPI already running in the house for Alexa it’s not a big deal to just have the Python scrip running on it as well. Now I’m not expecting a long battery life but looking at posts it looks like the dash just runs on a AA so that’s not a big deal to me to change. I just like having the idea that I have a cheap $5 button I can place where ever I want and by using a virtual switch and smart app I can have it do what ever combo I want or need it to do. No the flic is cool but it’s also 40 bucks. I can hook up 8 dashes for the same price of one flic. Plus I don’t feel BLE is reliable, at least with my experience with my trackR tags and my iPhone.

1 Like

Does your scapy timeout after 2 mins or so? Both on my Mac and RPI it is. Need something that stays online too listen for the ARPs

OK, the following teardown says the Dash lithium battery is spot welded in place, making it not possible to replace. They’re estimating close to 1000 uses of battery life. However, as was already mentioned in this thread, the device has a built-in repeater, so that it actually will make five attempts each time if it doesn’t connect to Amazon. I’m not sure whether the approach detailed in this project means you’ll only get 200 button presses of battery life or not. It’ll be somewhere in the range of 200 to 1000 anyway.

http://mpetroff.net/2015/05/amazon-dash-button-teardown/

So compare that to Flic’s spec’d 60,000 uses. Since the Flic at Amazon costs 7 times the Dash but lasts at least 60 times as long, the Flic has a much lower cost per use over time. And the flic’s battery is easily replaceable (,standard twist off compartment), preserving your investment in the device itself.

http://www.amazon.com/Flic-Wireless-Smart-Button-White/dp/B00ZAEOC5K

So as usual, it comes down to your use case. If you’re using it as a switch that you only operate maybe once or twice a week, it’s pretty similar to Amazon’s intended use pattern and you’ll probably get two years out of it. But then you have to replace the whole device.

If you’re using the Dash for a switch that you expect to use four times a day, battery life will likely only be a couple of months. And then again you’ll have to replace the whole device.

And if you give it to the baby to play with, it could be a few weeks.

Just sayin’…

3 Likes

Yea, just to be clear, this isn’t meant to be a practical use case. Just hacking the button :slight_smile:

4 Likes

As @mager pointed out this is just a fun hack. The button is 5 bucks. I am doing the interceptions on my router so the button actually thinks it’s getting a response and only sends the one message. @mager just beat me to posting about it. :smiling_imp:

If you have a hackable router like dd-wrt or PFsense there are methods of intercepting and executing a script without running another server.

5 Likes

I’m all in favor of fun hacks. :wink: :dizzy: :rocket:

Just seemed like there were a lot of people, here and elsewhere, saying, “I can really use this!” And then issues like battery life, reusability, and value over time come into play.

2 Likes