Saturday, June 14, 2014

Debugging Elertus (and a general review)

Since no information on the hacking of the Elertus door/water sensor is available, I thought I'd share some basic information about the device.

The Elertus is a simple, but powerful, wifi alert sensor. It captures temperature, humidity, light, movement and optionally a door sensor or water sensor. It then sends an email/sms/push notification to your Android.

There's not much in the way of a custom Android app for this to tie in with IFTTT and the app itself is pretty basic. The device connects to Elertus every hour (or more frequent if movement is detected). The app connects to the Elertus server. The app never connects directly to the device, except during initial setup.

Using Wireshark to capture the packets, it looks to be a very basic POST to with the following information:


The device itself seems to be a very basic. The CPU is a Freescale Kinetis K (K10 48pin series) with the following specs:

Silicon - Rev 2.0
MC Partnumber - MK10DN512VLK10(R)
Superset - PK10DN512ZVLK10
CPU Frequency - 100MHz
Package - 80LQFP
Total Flash Memory - 512KB
Flash - 512KB
SRAM - 128KB

The Elertus device lacks in some basic areas:

  • No graphing
  • No "all clear" when the threshold for alert situation subsides
  • No IFTTT integration
  • Fixed hourly check-ins with no option to adjust
  • Battery powered only
  • Fixed external IP with information sent cleartext, unencrypted
  • No Android integrated features (widgets, nested api, deep links)
  • The alerts advise you of an alert, but not what the alert is. You have to open the app.
  • No way of updating the firmware, from what I've seen... but I could be wrong...
I've tackled the graphing issue by setting up a small VM with wireshark to continually monitor any traffic from the mac address to the external IP with a filter for the POST traffic. This in turn updates a very basic sql server with the temperature and humidity levels and displays this information on an internal webserver. While not ideal, this is the only way I can find to hack the Elertus to enable historical view. 

While I hope changes are made, I still think this was a good purchase. It does what I need, but can do more. Hopefully an update is in order.

1 comment:


    I have a Safelert (Liberty Safe rebranded Elertus) in my safe. I was also disappointed to learn there is no public API. I asked Elertus several times to add a IFTTT channel, but the response has always been they have no plans to do so. So I used IMAPFILER to look for incoming email notifications to tigger actions. ( it works for what is does, but is is not real time and it relies on having a live internet connection.


    I added an IFTTT SMS number and added a second contact to send SMS text messages for motion and lighting (door open) events. Unfortunately, it appears IFTTT SMS triggers requires the text message to be from the phone number you associate with IFTTT SMS, not to mention, the IFTTT SMS service is thru Level3 (aka. TextPlus) which does not use an email SMS gateway, thus you cannot select an appropriate service provider to send the SMS message. I did notice Elertus supports Google Project Fi, but I have not looked into it. I might be able to use a Google SMS number to relay a SMS message to IFTTT, but that seems a bit over complicated and of course still require a live internet connection.


    I too was able to capture the clear text HTTP POST from the Safelert using Wireshark and a remote SSH TCPDUMP packet capture (DD-WRT router.)


    My lighting/security system has a REST API which I used in the my IMAPFILTER implementation.


    If there a way to use TCPDUMP (or other Linux method) with an appropriate filter to trigger a separate HTTP command to the REST API of my lighting/security controller when the Safelert sends a motion light event (alert_flag=X)? For example pipe TCPDUMP POST form data into BASH script which parses the alarm_flag, or an all inclusive script which runs as a systemctl daemon?