Blog

In Part 1, I reverse engineered the iStrip+ app’s native AES encryption and discovered the encryption key hidden in libAES.so. With my coffee cup finally refilled, it was time to put that knowledge into practice: replicate the encryption in Python, generate valid BLE payloads, and build a Home Assistant integration.

Step 4: First Python Tests

With the AES key extracted and the protocol structure mapped out from Part 1, I was eager to test if everything actually worked. Time to write some Python and see if I could make the lamp do something—anything.

To add some ambiance to my apartment at the end-of-year 2024, I bought several smart lights. Among them was a sunset lamp, controllable via Bluetooth. While the official app worked fine, no Home Assistant integration existed.

As I wanted local control—secure, fast, and fully integrated with Home Assistant, armed with my iPhone, a Raspberry Pi 4, an ESP32, and a healthy dose of determination, I set out to reverse engineer the sunset lamp and build a Home Assistant integration from scratch.

After finally setting up in my apartment in 2024, I wanted to automate my place as much as possible. One of the devices I own is a Harman Kardon Aura Plus speaker, which has great sound but limited smart features.

The Aura Plus is a high-end wireless speaker with 360° sound and ambient lighting. Unfortunately, while it sounds great, it lacks an open API. The official app talks over Bluetooth/Wi-Fi — and that’s where I saw an opportunity..

You’ve probably seen the posts:

• “How B2B sales helped me run a marathon”
• “How cold calling made me a better engineer”

This isn’t that - unfortunately.

Redirects, DNS, and Terraform

This one started simple: I wanted to redirect the apex domain (vakintosh.com) to the www subdomain.

+-----------------+      1. User requests        +-------------------+
|      User       | ---------------------------> |   vakintosh.com  |
|     Browser     |          old URL             +-------------------+
+-----------------+                                     |
                                                        | 2. Server sends 301 Redirect
                                                        |    and new URL location (www.vakintosh.com)
                                                        v
+-----------------+      3. Browser requests     +--------------------+
|      User       | ---------------------------> | www.vakintosh.com  |
|     Browser     |           new URL            +-------------------+
+-----------------+                                     |
                                                        | 4. Server responds with new content
                                                        |
                                                        v
+-----------------+      5. User views new content +-----------------+
|      User       | <----------------------------- |   New Content   |
|     Browser     |          content               +-----------------+
+-----------------+

• The user sends a request to vakintosh.com.
• The request is intercepted and responded to with a 301 redirect.
• The user’s browser follows the redirect and lands on www.vakintosh.com.

I figured I’d just do it manually in the Porkbun DNS console - Bad idea.

I wanted to deploy my Hugo website using Terraform and GitHub Actions — securely — with least privilege — without Route 53, using my domain on Porkbun, and leveraging AWS Free Tier services.

Day 1 — AWS Account Setup + Role Plumbing

Started from scratch.

• Created the AWS account
• Set up MFA, secure root, all that
• Made a single Admin IAM user (for CLI/debug, not daily use)

Then I created a role: GitHubAction-AssumeRoleWithAction.