dash2pi

RE-PURPOSING THE AMAZON DASH BUTTON WITH A RASPBERRY PI

This writeup details how to use the dash button for your own purposes using only a Pi to monitor it: there's no need for an internet connection or WiFi router.

CONFIGURING THE BUTTON

You need to configure the dash button to connect to your Pi. The easiest way is to borrow a WiFi router, configure it's SSID to temporary, and make it an open access point (authentication disabled). Connect the router to the internet.

Set up the dash button per these instructions but only through step 4. It's not necessary to have an Amazon Prime account. Note that you don't select a product. After you're done, power off the router: you don't need it anymore, and it'll interfere with the Pi.

CREATING AN ACCESS POINT

Install a WiFi dongle on the Pi and get connected to the Internet. Install needed software:

    sudo su

    apt-get install hostapd dnsmasq tcpdump

Edit your /etc/hostapd/hostapd.conf file to look like this:

    interface=wlan0

    driver=nl80211

    ssid=temporary

    channel=1

    auth_algs=1

    ignore_broadcast_ssid=1

Run hostapd and test it:

    killall wpa_supplicant

    hostapd /etc/hostapd/hostapd.conf

If you get an error message like "Driver does not support authentication...", hostapd doesn't support the WiFi driver the Pi is loading. If you're using the 8192cu driver (type lsmodto check)  you can fix this by getting a special version of hostapd. Follow these excellent instructions, change the driver line in hostapd.conf to driver=rtl871xdrv then re-run the command.

Now press the dash button. In about ten seconds you should see text indicating the button tried to connect. The button's MAC address is also displayed: write it down for later use. Mine was 74:C2:46:E4:5B:99, and is used in the examples below.

To have a bit better control over how hostapd runs, run systemctl disable hostapd then add the following lines to /etc/rc.local:

    ifconfig wlan0 10.0.0.1

    hostapd -B /etc/hostapd/hostapd.conf

Now change the name of the /etc/wpa_supplicant directory to keep wpa_supplicant from causing problems. There's probably a more elegant way to control hostapd and wpa_supplicant, but I didn't have time to research further.

If you stop here, you can detect the button press by monitoring for arp probes, however the button will remain on for longer than a minute. With a little extra work you can shorten this time to under twenty seconds. That'll make the battery last about 4 times longer!

SETTING UP DHCP AND DNS

After the button connects to it's configured access point it gets an address via dhcp, queries Google's dns server at 8.8.8.8 for the address of parker-gateway-na.amazon.com, then begins communicating with it via https. You can use a combination of the dnsmasq program and Linux's built in packet translation capability to simulate most of this:

Edit your /etc/hosts file to look like this:

    27.0.0.1 localhost

    10.0.0.1 parker-gateway-na.amazon.com

    10.0.0.1 parker-gateway-na.amazon.com.https

And edit your /etc/dnsmasq.conf file to look like this:

    domain-needed

    bogus-priv

    no-resolv

    local=/amazon.com/

    domain=amazon.com

    interface=wlan0

    dhcp-range=10.0.0.2,10.0.0.3,12h

    dhcp-host=74:C2:46:E4:5B:99,10.0.0.10

    dhcp-ignore=tag:!known

NOTE: Change the dhcp-host line to match the mac address you wrote down.

Finally add the following to the /etc/rc.local file:

    iptables -I PREROUTING -t nat --destination 8.8.8.8 -j DNAT --to-destination 10.0.0.1 -i wlan0 

    iptables -A INPUT -j ACCEPT -m mac --mac-source 74:C2:46:E4:5B:99 -i wlan0

    iptables -A OUTPUT -j ACCEPT -o wlan0

    iptables -P OUTPUT DROP

    iptables -P INPUT DROP

    iptables -P FORWARD DROP

NOTE: Change the mac-source line to match the mac address you wrote down.

Now reboot the Pi and give it a test. After pressing the button it's light should turn to solid red after about fifteen seconds.

DETECTING THE BUTTON PUSH

Tcpdump can be used to monitor the button as it tries to access the Amazon https server. The following command will wait for a press from the button, then exit:

    tcpdump -l -c 1 dst host parker-gateway-na.amazon.com and dst port https

It can be used in a shell script or other program to trigger an action. I'll leave the details as an exercise for the reader.

BATTERY LIFE    

Should be around 600 presses as long as the button is only active for twenty seconds at a time. This will happen as long as the Pi is on and working correctly. If not, the default button on time of over a minute will reduce this to around 200 presses.

SECURITY    

There isn't much. The good news: the firewall and dhcp are configured to only allow access from the button's mac address, and the action is only triggered when the dash button tries to connect to it's server. The bad news: the mac address is is easily discovered and spoofed, and the server address is public knowledge. So the button could be simulated easily by an attacker.

You could improve things by configuring the button and the Pi to use a WiFi password. You can find how using the hostapd-conf man page. Then set up the dash button to match. This is hackable given enough traffic, which I doubt the button generates.

You should also disable any unneeded services - especially ssh. And the firewall rules could be improved. Maybe I'll work on this bit later...

At any  rate, I recommend you get it running without security first. It's one less thing to troubleshoot. Which leads to....

TROUBLESHOOTING

The end of the file /var/log/daemon.log will have entries showing progress. There should be entries something like this if everything is working: 

    Oct 14 07:04:52 raspberrypi hostapd: wlan0: STA 74:c2:46:e4:5b:99 IEEE 802.11: associated

    Oct 14 07:04:52 raspberrypi hostapd: wlan0: STA 74:c2:46:e4:5b:99 RADIUS: starting accounting session 561E60F8

    Oct 14 07:04:52 raspberrypi dnsmasq-dhcp[458]: DHCPDISCOVER(wlan0) 74:c2:46:e4:5b:99

    Oct 14 07:04:52 raspberrypi dnsmasq-dhcp[458]: DHCPOFFER(wlan0) 10.0.0.10 74:c2:46:e4:5b:99

    Oct 14 07:04:52 raspberrypi dnsmasq-dhcp[458]: DHCPREQUEST(wlan0) 10.0.0.10 74:c2:46:e4:5b:99

    Oct 14 07:04:52 raspberrypi dnsmasq-dhcp[458]: DHCPACK(wlan0) 10.0.0.10 74:c2:46:e4:5b:99

    Oct 14 07:05:11 raspberrypi hostapd: wlan0: STA 74:c2:46:e4:5b:99 IEEE 802.11: disassociated

You can see that the button connected successfully to hostapd, got an address of 10.0.0.10 via dhcp, then disconnected 19 seconds later.

This site has been tested to display correctly using Epiphany on the Raspberry Pi