So I have this pet tracker I got from China This model (not advertising at all). It includes an option to change the report server so I set it up to report to my server but now I'd like to ba able to "decode" TCP Frame.
Here are two examples of what's sent (it's not sent together). It's really not intuitive so I'm posting this here hoping some of you are better at reading between the lines.
Frame 1
4500 0040 affa 4000 7506 3884 4dcd 9901
25bb 10b0 f05a 1e4b 1123 3ec4 0000 0000
b002 4fb0 e868 0000 0204 0550 0103 0300
0101 0402 0101 080a 0003 8282 0000 0000
Frame 2
4500 0040 affb 4000 7506 3883 4dcd 9901
25bb 10b0 d67e 1e4b 126d 9432 0000 0000
b002 4fb0 67e5 0000 0204 0550 0103 0300
0101 0402 0101 080a 0003 c629 0000 0000
Here are the information about what might be sent :
I can also have this sent to your server if you wish to have some samples (give me IP + Port)
Thx
I did not understand fully the usage of the server change command.
I stumbled upon this https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers/
In fact, the sensor has to get some response from the server for it to work properly, which lead me to setup a MITM (with socat, simply) and tcpdump is now way more verbose, scanning nearby WiFi networks and stuff, thanks China !! All without encryption OFC