Amazon Dash Button Hack

by fiveseven808 in Circuits > Computers

150048 Views, 249 Favorites, 0 Comments

Amazon Dash Button Hack

Screen-Shot-2015-03-31-at-9.23.22-AM-620x311.png

On March 31st, 2015, Amazon launched the Amazon Dash button in an attempt to change the paradigm by which we regularly purchase consumables.

August 10th, Ted Benson publishes details for a fairly involved Amazon button hack on medium.com

August 26th , A coworker brings one in to work, throws it on my desk, and I explode in excitement. Unaware of what it was, and the work done by Ted, I set foot on writing my own exploit.

September 1st, With a successful working exploit in my toolbox, I finished writing a pairing procedure for the button and host computer as well as implemented a rudimentary ability to handle multiple buttons with ease.

tldr;

Wanna use your Amazon Dash Button for things other than buying stuff? Check out this program that will change your world!

Update 7/16/2016
Daemon Version 4.0 is now up and running! As per the old update, this ible will not be updated to reflect the new features. Visit the GitHub for instructions on how to use the latest features!
Also, Windows Defender flags my program for some reason. False positive obviously. A report has already been submitted to Microsoft for review. If you don't trust the EXE, review and run directly from the source;) that's the beauty of open source software!

Update 7/3/2016:
GitHub files have been updated, program is now open source under the Creative Commons License, newer daemon and Discovery program available! A few things have changed and the program should work with all of the newer buttons, but I've decided not to update this ible yet. Gonna make some bigger changes and write a second ible for it!

Requirements

What you will need:

  • An Amazon Dash Button (any product will do)
  • A Windows PC
    • Because I can't be bothered to program anything else
  • An Android or iOS smartphone or computer with Wifi
    • Required to join the button to wireless
  • A home or work wireless network
    • Class C subnet or smaller (ignore this if you're setting it up at home)
  • The desire to subvert Amazon
  • An app or file to open on said PC
    • A picture!
    • A program! (calc.exe lol)
    • A URL (pandora.com !)
    • Endless possibilities!

Setup Your Button!

First step?

Setup your button!

Have an Android or iOS device? Download the Amazon App and connect your button to Wifi. Just don't select a product! Exit the application when you get to that screen!

Have a wifi connected computer but no smartphone? No problem! Hold down the button for a few seconds till it starts blinking Blue. This means it's in pairing mode. Use your wifi connected computer (or whatever) and connect to "Amazon ConfigureMe". Follow the instructions to setup wifi, and then your button's light should be off.

If you complete the setup correctly, when you push the Amazon dash button, It will light up white (connected to wifi) then turn Orange/red (cannot make purchase). IF THE BUTTON TURNS GREEN, then you've ordered something. Go and cancel that order (unless you want it) and delete the button from your account to start over.

Pair Your Button!

file.png
ping.png
keeppushing.png
keepmashing.png
found2devices.png
1buttonfound.png
select a file.png
button confirmation.png

Source and project files listed here! Scroll down a bit to download the latest version!
https://github.com/fiveseven808/AmazonDashButtonHa...

Extract the zip into a directory by itself (program writes to the hdd unfortunately)

Disclaimer 1: Program will run best with all other programs closed

Disclaimer 2: If you have more than one Amazon device on your network (i.e. Fire Stick, Fire TV, Echo, Dash, etc) this program will pick it up. Please skip to the end for troubleshooting tips.

  1. Open AmazonButton_Discovery.exe
  2. Program will proceed to ping every address in your class C subnet
  3. Once the thing tells you to push the button, mash your Dash button and keep it white as much as possible
  4. Keep mashing after pushing "ok"
  5. If all went well, you should see a message box that says "1 Amazon Devices found"
    1. If not, open the program to try again or skip to the end for troubleshooting tips!
  6. Click Continue if that's your button!(Wait until all the lights stop flashing first)
    1. Don't worry, the program will just not do anything if that's another Amazon device in your house
  7. Select the file, URL, playlist, program, script, etc you wish to trigger when pushing the button
  8. A confirmation message will tell you what IP the daemon will look for and what action it will trigger!
  9. Well done!

Troubleshooting

1buttonfound.png
found2devices.png
devices found.png
toomany devices.png
ip list.png
ip goes here.png

Having Issues pairing? Read on!

  • If you have (0) Amazon Devices found, you may not have started mashing soon enough OR your computer might be too slow.
    • Try steps 1-5 again, and if you still haven't found the button, then your computer may be too slow. Open AmazonButton_Discovery.exe and immediately start mashing the button repeatedly until the results come up.
  • If you have multiple Amazon Devices and the pair was unsuccessful (it won't tell you in this version), it will try to connect to a non-dash button. This can be confirmed by completing the hack setup process but upon pushing the button, no action on the computer occurs after 10 seconds.
  • If you have multiple Amazon Devices, a future version of the hack is coming for you! For those who are a little tech savvy, I have included a workaround.
    • If more than once Amazon device is discovered, a text file will eventually open containing the IP addresses of those devices.
    • Any device that responds to pings when your button's light is "off" is not your button. Put the address of your button in the following dialogue box to continue.

Other things

  • If your Dash button is not pairing with the program for whatever reason (i.e. new MAC that didn't get entered in my search list) then fret not! If you're tech savvy enough a commenter has alerted me to a temporary solution!
    • If you can figure out the IP of your dash button (if you can do a DHCP reservation, even better!) you can use the AmazonButton_v2.exe program and start the daemon yourself!
      i.e. "amazonbutton_v2 192.168.1.15 calc.exe"