https://blog.csdn.net/flyingcys/article/details/49283273
Smart home / home appliances are still in the popular stage at this stage . Due to the popularization of home wifi network, wifi is generally used to connect with routers and exchange data with mobile phones / clouds.
Smart hardware , such as smart sockets , smart air conditioners , and smart air purifiers, because they do not have a human-computer interaction interface , they cannot search / select a designated router like a computer, and enter the interface for connecting passwords , so the problem of correct connection and routing must be solved first ;
At present, the popular wifi configuration modes generally have the following two types :
1: The smart hardware is in AP mode , and the mobile phone is used in station mode . After the mobile phone is connected to the AP of the smart socket, a local area network is formed . The mobile phone sends the SSID and password that needs to be connected to the route to the smart socket . After the smart hardware actively connects to the specified route , the connection is completed.
2: One-key configuration (smartconfig) mode : the intelligent hardware is in promiscuous mode , monitoring all the packets in the network ; the mobile phone APP encodes the SSID and password into the UDP packet, sends it through broadcast packets or multicast reports , and the intelligent hardware receives it . After decoding the UDP message , get the correct SSID and password , and then actively connect to the route with the specified SSID to complete the connection
The above two methods can achieve the effect of connecting the smart hardware to the specified route , but the AP mode needs to manually switch the network connected to the mobile phone wifi , first connect to the AP network of the smart hardware , and then restore the connection to the normal wifi network after the configuration is completed . There are certain complexity ;
However , due to the numerous brands of routers and mobile phones , smartconfig has certain compatibility problems , so at present, most manufacturers still keep AP mode as a backup network distribution solution after smartconfig fails ;
The following focuses on explaining the principle and application of the one-key configuration mode ; the current mainstream IOT wifi solutions are :
|
|
Manufacturer |
Chip solution |
technical name |
way of sending |
| 1 |
TI |
CC3200 |
SmartConfig |
Send udp packets to a fixed IP |
| 2 |
Qualcomm |
QCA4004 / QCA4002 |
SmartConnection |
|
| 3 |
MediaTek MTK |
MTK7681 |
SmartConnection |
multicast address encoding |
| 4 |
MARVELL |
MC200+8801/MW300 |
EasyConnect |
组播地址编码 |
| 5 |
Reltek |
AMEBA |
SimpleConfig |
组播地址编码 |
| 6 |
乐鑫 |
Esp8266 |
SmartConfig |
组播,通过长度编码 |
| 7 |
新案线 |
NL6621 |
SmartConfig |
组播地址编码 |
| 8 |
微信 |
|
AirKiss |
全网广播,通过长度编码 |
这个功能最早是TI提出并应用于CC3200上;不过从原理上讲,只要芯片驱动支持开启混杂模式(WiFi Promiscuous),就可以支持一键配网功能,只是各个厂家叫法及实现编码方式不同而已;
手机编码发送采用有UDP组播或广播,不同的发送方式和编码,对应的解码过程也不一样.,当前测试发现,微信是通过UDP广播包实现的;TI是通过往一固定IP地址发送udp包;其他芯片厂家提供的一般为UDP组播方式;
由于无线数据传播必定是广播的,所以必然可以被监听到;如果AP没有加密的话,UDP直接可以把相关的信息发送出来.但是路由器AP一般都是加密的,而且加密方式不固定.wifi模块在无法直接解析出数据包
我们通过分析802.11的MAC帧格式,可以知道,链路层载荷数据(即网络层的头部及网络层数)在数据帧中是清晰可见的,只要接到到802.11帧就可以立刻提取出载荷数据.
常见两种数据帧格式:
Station to AP
AP to Station
DA:目标MAC地址
SA:源MAC地址
LENGTH:表示后面数据的长度
LLC:表示LLC头
SNAP:表示3byte的厂商代码和2byte的协议类型表示
DATA:载荷数据
FCS:帧检验序列
发送端:可以采用2种不同的编码发送方式UDP广播和组播;
一:UDP广播:小规模测试后,发现当前只有微信的AirKiss采用了全网广播模式,为啥微信会采用广播模式,原因未知;TI采用的是固定IP地址的UDP数据包,原理和微信基本一致;
从802.11帧格式分析中获知,无线信号监听方的角度来说,不管无线信道有没有加密,DA、SA、LENGTH 、LLC、SNAP、FCS字段总是暴露的,因此信号监听方可以从这6个字段获取有效信息.从发送方讲,由于操作系统的限制,如果采用广播只剩下LENGTH发送方可通过改变其所需要发送数据包的长度进行控制.所以只要指定出一套利用长度编码的通讯协议,就可利用数据包的Lenght字段进行数据传递;
二:UDP组播:
组播地址是保留的D类地址从224.0.0.0-239.255.255.255
IP地址与MAC地址映射关系为:将MAC地址的前25位设定为01.00.5e,而MAC地址的后23位对应IP地址的位;
故发送端可以将数据编码在组播ip的后23bit中,通过组播包发送,接收端进行解码即可;
接收端进入一键配置功能后,wifi智能硬件从信道1开始监听路由上的数据,如当前监听信道有符合规则的数据包,就停止信道切换,停留在当前信道接收完全部数据.否则就依次切换至信道2.3.4....直到信道14后又从信道1开始继续监听依次循环;
当然,wifi智能硬件可以在开启混杂模式之前,先行扫描当前环境下存在的AP获取所有当前AP的信道,然后只对当前扫描到的信道进行依次监听,如当前环境下只存在2个路由,分别在1.6信道,只需轮流扫描channel1和channel6,这样可以提高配置效率