I received a Belkin Wemo device today to play with.

Since I do not have an iOS device, and for some reason the Wemo ONLY works with iOS (wtf?), I’m trying to get it working without it.

So far I’ve connected my laptop to its wifi access point. It assigned me an IP of 10.22.22.2 and its IP is 10.22.22.1 No conventional ports such as 22/SSH, 23/Telnet or 80/HTTP worked.

Running nmap revealed very few ports to be opened:

    nemik@a64:~$ nmap -sT 10.22.22.1
    
    Starting Nmap 5.21 ( http://nmap.org ) at 2012-07-16 17:48 CDT
    Nmap scan report for 10.22.22.1
    Host is up (0.029s latency).
    Not shown: 998 closed ports
    PORT      STATE SERVICE
    53/tcp    open  domain
    49152/tcp open  unknown
    
    Nmap done: 1 IP address (1 host up) scanned in 1.81 seconds

When running telnet on the opened port 49152, there were interesting things:

    
    nemik@a64:~$ telnet 10.22.22.1 49152
    Trying 10.22.22.1...
    Connected to 10.22.22.1.
    Escape character is '^]'.
    HTTP/0.0 400 Bad Request
    SERVER: Linux/2.6.21, UPnP/1.0, Portable SDK for UPnP devices/1.6.6
    CONTENT-LENGTH: 50
    CONTENT-TYPE: text/html
    <html><body><h1>404 Not Found</h1></body></html>
    Connection closed by foreign host.

Same for curl:

nemik@a64:~$ curl -i 10.22.22.1:49152 HTTP/1.1 404 Not Found SERVER: Linux/2.6.21, UPnP/1.0, Portable SDK for UPnP devices/1.6.6 CONNECTION: close CONTENT-LENGTH: 48 CONTENT-TYPE: text/html <html><body><h1>404 Not Found</h1></body></html>

Interesting that it runs Linux though! I’d like to open it up to see the type of chips used inside but I do not have the triangular screwdriver for Belkin’s weird security screws on the device. If/when I order some and get it opened, I’ll post pics.

The next step is to borrow an iOS device and see if I can sniff the traffic for initializing the device. If anyone has done something similar or has any tips, please let me know.