Finding your Edimax SP-2101W devices from your PC

1 Reply

Finding the devices in your LAN is easy – but undocumented. Your android app will just send out a broadcast UDP packet to port 20560, which will be answered by every edimax device that receives it. Anyway, the following program can be used to enumerate your devices:

#include <sys/socket.h>
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <signal.h>

#pragma pack(1)
struct reply {
    unsigned char macaddr[6];
    char     manufacturer[12];
    int      unknown;        // 0x 01 a1 fe 5e
    char     model[14];
    char     version[8];
    char     displayname[128];
    short     port;            // 0x10 27 == 10000 little endian
    unsigned char     ipaddr[4];
    long     unknown2;
    unsigned char     dstaddr[4];
};

int alarmed=0;
void gotalarm(int signo) {
    exit(0);
}

int main(int argc, char**argv)
{
    int sockfd, n, len;
    int enable=1;
    struct sockaddr_in servaddr;
    struct reply reply;

    sockfd=socket(AF_INET,SOCK_DGRAM,0);
    setsockopt(sockfd, SOL_SOCKET, SO_BROADCAST, &enable, sizeof enable);

    bzero(&servaddr,sizeof(servaddr));
    servaddr.sin_family = AF_INET;
    servaddr.sin_addr.s_addr=inet_addr("255.255.255.255");
    servaddr.sin_port=htons(20560);

    sendto(sockfd, "\xff\xff\xff\xff\xff\xff"        // 6
           "EDIMAX"                // 6
           "\x00\x00\x00\x00\x00\x00"        // 6
           "\x00\xA1\xFF\x5E",            // 4
        22, 0,
               (struct sockaddr *)&servaddr, sizeof(servaddr));

    signal(SIGALRM, gotalarm);
    alarm(2);
    while (!alarmed) {
        len=sizeof servaddr;
        n=recvfrom(sockfd, &reply, 1000, 0,
            (struct sockaddr *)&servaddr, &len);
        if (n>=186) {
            char ipbuf[16];
            char macbuf[20];
            snprintf(ipbuf, sizeof ipbuf, "%d.%d.%d.%d",
                reply.ipaddr[0],
                reply.ipaddr[1],
                reply.ipaddr[2],
                reply.ipaddr[3]);
            snprintf(macbuf, sizeof macbuf, "%02X:%02X:%02X:%02X:%02X:%02X",
                reply.macaddr[0],
                reply.macaddr[1],
                reply.macaddr[2],
                reply.macaddr[3],
                reply.macaddr[4],
                reply.macaddr[5]);
            printf("%-15s %5d %-20s %-12.12s %-14.14s %-8.8s %s\n",
                ipbuf, reply.port, macbuf, reply.manufacturer,
                reply.model, reply.version, reply.displayname);
        }
    }
}

The alarm(2) allows for 2 seconds until the response is received, adjust as needed.

One thought on “Finding your Edimax SP-2101W devices from your PC”

Marcus 25. April 2016 at 17:40

Thank you very much for this post. Based on your C-code snippet I have created a Node.JS implementation for device discovery – https://github.com/mwittig/edimax-smartplug

Reply ↓

Leave a Reply to Marcus Cancel reply