Getting started with IoT by hacking Amazon Dash

Being that it’s 2016, IoT(Internet of Things) is one of the most unavoidable buzzwords in technology. So, I thought I’d better get on board the future train and dip my feet into the utopia of our connected society, starting out by hacking an amazon dash button into a wifi doorbell.

This hack is as cheap and easy as it gets for an IoT project. It’s riff off of this baby-poop tracker┬áhack. Amazon’s Dash Buttons are a great little wifi connected button that costs only 5 Dollars. Amazon’s intention is to have you set these buttons around your household items, such as Gatorade or Tide, and when you are running low, you click it and Amazon ships out a refill of the product straight to your door.

The fact that these tiny wifi triggers are only 5 dollars (free, if you order the product) makes them prime for hacking and Automating IoT tasks.

First things first, we must disable it’s original purpose. This part is simple, follow the set-up instructions that come with the device and at the point where it asks you to assign a product to the button simply do nothing and exit. With no product assigned, nothing will be ordered.

Now, The way we are going to use this trigger will take advantage of the fact that these devices are low-power meaning they run off of a AA battery. This means that the buttons can’t be continually connected to the internet, instead it functions by turning on and connecting to the wifi on each press of the button then sending the order to amazon.

Since we’ve already disabled the amazon order functionality(by not even setting it up), All we need to do now is detect when it connects to the internet and use that event to trigger our task.

To do this we simply sniff the network packets with a python script looking for the dash button on the network and trigger some event of your choosing.

The optimal vector for this would of course be a raspberry pi home server. I, however, have opted to use my Asus Chromebook as my home linux server since I just hacked a $70 chromebook into a sleek portable linux machine and wanted to show it off. (also, all my pi boards are currently occupied).

The even more optimal solution to this would be running some code from amazon lambda and having the dash directly make calls to that, which can be done with the special non-restrictive Amazon IoT dash button but at 400% ($20) the price, I’m not interested.

So, fire up your favorite IDE or text editor and let’s dive into some code.

    import socket
    import binascii 
    import struct
    import requests

Our imports are going to stay basic, with the execption of requests which your free to swap out with urllib2 if your more comfortable with that. We will be using socket in order to sniff network packets and detect the dash button press, with struct being using to unpack the contents of packets and binascii to convert the mac adresses as well as requests to trigger our event via a GET request.

rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))

Here we open our computers socket to listen for packets from devices.

while True:
    packet = rawSocket.recvfrom(2048)
    ethernet_header = packet[0][0:14]
    ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header)

 ethertype = ethernet_detailed[2]
 if ethertype != '\x08\x06':
     continue
 arp_header = packet[0][14:42]
 arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header)
 source_mac = binascii.hexlify(arp_detailed[5])
 print(source_mac)

In this piece we are printing the MAC Adresses of our dash button. So, run the code, and press your dash button, then record the MAC address that prints on the screen.

while True:
    packet = rawSocket.recvfrom(2048)
    ethernet_header = packet[0][0:14]
    ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header)

 ethertype = ethernet_detailed[2]
 if ethertype != '\x08\x06':
     continue
 arp_header = packet[0][14:42]
 arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header)
 source_mac = binascii.hexlify(arp_detailed[5])

 if source_mac == '44650d294940':
     print "Gatorade Pressed"

Now, we write an if statement that checks the arp header for the mac address of the device that is trying to connect to the network. If the MAC address is that of our desired dash button, the if statement triggers our custom event. For now, we’ll have it print to the console that our “Dash Button has been pushed.”

So, at this point we are successfully triggering a custom event with our amazon dash button. The event just isn’t that useful or interesting.

There are many cool uses for a wifi button. DIY Life Alert? well, if your IoT hacking you probably won’t need such a device. Other cool uses include, habit tracking, Smart Device Control, Alerts etc.

Basically, the takeaway here is that any code you jam in that if statement will be run when you press the button.

An extremely helpful tool for automating is IFTTT, which has created a new maker channel, allowing you to call an event with a GET request. An event can range from an SMS notification, google sheets entry, to sending an email.

I decided to set up a wifi doorbell so that me an my roommates can get text notifications when the mailman delivers a package or when someones at the door.

Simply, navigate to www.IFTTT.com search for the channel “Maker” from there the instructions are rather simple. Name your event, set up the action you want preformed, in this case sending an SMS message.

Once you’ve set up the recipe, got to www.IFTTT.com/maker and click on the link how to trigger events, which should show you the neccessary URL needed to trigger the action. Copy This. and put it into a get request in the if statement. Like So.


if source_mac == '44650d294940':
    print "Gatorade Pressed"
    requests.get('https://maker.ifttt.com/trigger/Door_Bell/with/key/y_ourkeygoeshere')

Now. Whenever the Button is pushed, A text is sent to my phone. All thats left to do now is mount this on the front door.

Now, I live with roomates who wanted these notification as well and unfortunatley IFTTT only lets you verify one phone. My low-tech hack-around was to create seprate accounts with IFTTT verify their phone numbers seperatley and jam all the resulting URLS into the if statement.
There you have it! An introductory project for IoT hacking on Amazon’s Dash Button.

Bonus points if you do this project while listening to “Digital Dash by Drake & Future”