My experience trying to hack cheap smart lights

Alex Hong
5 min readDec 13, 2018

Warning: there is no success story here. Below details my failed journey of trying to get smart lights working in my apartment.

When I expressed interest in getting more smart things in my house, a coworker of mine mentioned he had a ton of RGB smart lights he didn’t need and offered to lend/donate them to me to experiment with. I happily accepted his generous offer. Seeing how normal Philips Hue RGB light bulb starts at $40 each, this seemed like a fantastic opportunity.

So many lights!

The light bulbs were labelled “Mi-Light”, and came with a box-shaped device that is the gateway to control them. After some searching online, I found that this was actually one of a couple options to control these lights, and acts as a Wi-Fi bridge between the protocol used to communicate with these lights and a router. The box required me to download a mobile app, and because I have an iOS device instead of Android, I head to the App Store. I am greeted with many different versions of the MiLight app, all with terrible UI made by the same developer. At this point, I was a little skeptical because shoddily designed apps does not usually make for a smooth and pleasant experience.

There were two modes available to connect the hub to a local network. One was called “Smart Link” and simply required you to enter the password of the network my phone was already connected to from the app. Seems simple enough, but when attempting to connect to either the 2.4GHz or 5GHz network failed. More accurately, it goes into connecting mode for 60 seconds and times out at the 30 second mark. The other was “AP Link” which required me to connect to an AP that the hub creates, and then specify the SSID and password. These also failed spectacularly on all 4 networks that I have setup (personal/guest + 2.4/5GHz). I was obviously frustrated at this point, and was willing to call this a failed experiment. I did some more research online and some people have noted their success by going to the IP address of the box itself, which is acting like a router (10.10.100.254). I totally thought this would work, but the page just simply refused to load. I even tried scanning the device with Fing, which unsurprisingly displayed no other connected devices and no open ports on the hub itself.

False advertising: very much opposite of “Easy to connect”

I was very disappointed at this point and I figured I could either just give up or try to buy another box from Amazon for like $30, since the box might just be broken. Being the lazy and frugal person that I am, I decided to give up for now.

It wasn’t until several weeks later that I discovered several Reddit posts on /r/HomeAutomation discussing how bad the tech surrounding these “smart” devices were and how someone reversed engineered the underlying protocol that the hub uses to communicate with the devices. Apparently the way it works is that the bridge communicates via a unidirectional 2.4GHz over UDP, specifying the devices were being targeted along with what color/temperature to change the lighting to. Once the protocol was reverse engineered, you could then use something like a NRF24L01 transceiver module connected to an ESP8266 to control these lights as detailed by /u/sidoh in this Github repo. I was very impressed by the hacker community at this point since this seemed to be the perfect solution to my problem (not wanting to buy another box).

Wemos D1 mini ESP8266 and NRF24L01 transceiver

I gathered the devices and some F-F wires and just followed the very clear readme on Github. After flashing the device with the firmware, I was able to connect the web server created by the ESP8266 without much hassle. Here was where the problem started. To connect to a lightbulb that has already been paired to a hub, you have to know the hub’s device ID, which was a hex string anywhere between 0x0000 and 0xFFFF. However, this ID wasn’t needed if I was trying to pair a new light bulb. I have no idea if my coworker had paired these lightbulbs or not, so I manually tried each light bulb. About 3/4ths of them were a non-white color, so I figured these have been paired already and are unusable. The remaining quarter was just the regular color of a lightbulb so I figured these have a chance to be new. However, even trying those lightbulbs, I could not get the pairing to succeed.

At this point I was really frustrated because there were three potential reasons why this wasn’t working:

  1. The lightbulbs had already been paired despite being in a seemingly neutral state and I’m out of luck entirely.
  2. I didn’t wire the NRF device to the ESP8266 correctly.
  3. The NRF device is just broken.

If the 1) is true, I would basically be screwed since I’m not even sure getting a second hub box would solve the issue. I think I connected the NRF module properly, as in I triple checked the wiring and made sure everything looked correct, which means I can probably rule out 2. I can’t really verify if 3) is true or not because I don’t have a second NRF transceiver to listen for messages being broadcasted by the first.

All in all, I was pretty bummed this didn’t work out but at least I learned a thing or two about the ecosystem of these cheap smart devices and ways to connect them. After blowing a good half a day on my previous attempts, it’ll probably be a while before I try to revisit this, but if I do I would try getting a newer version of the WiFi bridge/hub controller and perhaps trying out a second NRF transceiver to make sure that wasn’t the problem.

In the meantime, I’ll probably just shell out some money for those Philips Hue bulbs.

EDIT: I got the Mi-Light remote which is successful in controlling the existing lights! Unfortunately, it only works over 2.4G and has no network integrations at the moment.

--

--