TP-Link Tapo P100

Does anyone know if the TP-Link P100 smart plug is supported on home assistant. It looks like it uses its own app called Tapo rather than the Kasa app. These plugs are cheaper and more compact than the HS100 plugs.

Did you find out anything more on these plugs? I’m considering them as well.

I did e-mail TP-Link technical support asking about local control for the Tapo P100:

Thank you very much for requesting information about our product.

After configuration,you can control the plug locally without any internet but your phone needs to connect to your home wifi network.

But for the firmware updates, it needs internet to download the firmware first.

Have a nice day.

Hi,
Can you advise whether these plugs currently support control over the local
network only (similar to the HS-10x range of plugs) without any requirement
for an internet connection (excluding firmware updates)?
Thanks,

I’ve got one arriving tomorrow. Will let you know how I get on.

https://www.home-assistant.io/integrations/tplink/ does not mention it. I also don’t see anything in https://github.com/home-assistant/home-assistant/tree/dev/homeassistant/components/tplink that prohibits the P100.

2 Likes

Thanks, I’d be interested, too. From my experience with the HS110, it’s best to set up an IP address reservation in your router BEFORE connecting the device to your network using the TP-Link app. On the HS110, the MAC address is printed on the back of the device.

Bad news I am afraid, it does not seem to work out of the box. I tried with discovery: true and with an explicit switch and IP address. No, luck.

I dug into it a bit, it seems that the HA tp-link component(1) uses pyHS100(2) as a dependency. pyHS100 seems to have been based of the great work done by a security researcher(3) and a set of libraries(4). The security research noted that ports 80/tcp, 9999/tcp and 1040/udp were open, this does not seem to be the case with the tapo device. Port 80/tcp looks to be open but it has a different API.

At first glance it appears to use requests to an /app endpoint with a token. The request and response looks like JSON enveloping around encrypted payloads.

{
    "method": "securePassthrough",
    "params": {
        "request": "..."
    }
}
{
    "error_code": 0,
    "result": {
        "response":  "..."
    }
}

I only got it in the post an hour ago so I will dig into it more later.

1 - github/home-assistant/home-assistant/blob/d96cd4c4ea1999f87db5b660ec225ad26cb3d471/tests/components/tplink/test_init.py
2 - github/GadgetReactor/pyHS100
3 - https://www.softscheck.com/en/reverse-engineering-tp-link-hs110/
4 - github/softScheck/tplink-smartplug/

Sorry for making the github links non-clickable. As a new user I am limited to 2 links per post

1 Like

I had a quick dig into how the Tapo devices work. The encrypted payload is AES and the key is shared before with a handshake. It would really require a different HA component.

Hi,
I’m also looking for api of new Tapo P100, is it known how the handshake is performed?
I suppose it makes use of Bluetooth because official application requires it for the first configuration…

Hi,

I just set one up via their app and it requires bluetooth to pair before it links it to your local Wi-Fi. Not sure if it’ll do it without Bluetooth though

Did anyone make some progress with this ?

I bailed on this option with the release of a 3 socket power strip from TP-Link in the UK.
I the power strip recently without the app or an account using this python library which worked a treat.

I used a reserved IP for the strip, blocked all outbound traffic from it except for NTP and then added it to HA. Works reliably.

Any progress here? Unfortunately I also bought them because of Power Standby consumption compared to the HS100 before I realized that it is a different App and not Kasa. The setup is indeed with Bluetooth. Would a Bluetooth sniffer be required to get the Key?

Hi,

There are any news on this?

I tried to do an API call on the wap.tplinkcloud.com endpoint with following body

{
	"method": "login",
	"params": {
		"appType": "Tapo_Android",
		"cloudPassword": "password",
		"cloudUserName": "username",
		"terminalUUID": "'$(< /proc/sys/kernel/random/uuid)'"
	}
}

Then the following one

https://wap.tplinkcloud.com?token=TOKEN
{ "method" : "getDeviceList" }

And i see the TAPO smart plug

image

But then if i call the same endpoint with this body it always give a -1 error_code

{
    "method": "passthrough",
    "params": {
        "deviceId": "DEVICEID", 
        "requestData": "{\"system\":{\"get_sysinfo\":null}}" 
   }
}

Thank you

Hi, Anyone managed any more on this subject?

I have tried multiple attempts using different methods to toggle the plug using the api.

Firstly I used the normal method of connecting but changed Kasa_IOS to Tapo_IOS and the device was being seen through
{"method" : "getDeviceList"}
but when I tried to call that device using its device id it always gave
{'error_code': -1}

Secondly I tried to connect to I using the same technique just on https://eu-wap.tplinkcloud.com and the same
{'error_code': -1}
was still coming up

Interestingly when I connected to Kasa_IOS (and all the other android versions of Kasa and Tap) the device was still being found but nothing was stopping the
{'error_code': -1}

Sorry for the long post this is my first time posting,

Thanks

Hi guys,

I’m on the same boat, got 4 of these and really wanted to get them integrated.
I tried the method suggested by lorenzor95 but unfortunately after having my Token issued when I’m trying to get the devices list I get the following error:

{
    "error_code": -20104,
    "msg": "Parameter doesn't exist"
}

So right now I’m trying to follow the process that was used on the HS1XX series posted by iain on his second link, but so far my Nmaps haven’t proved very usefull.

Anyone had any progress with this?

Hi guys,

A couple of advances:

After using these parameters:

{
        "method" : "login",
        "params": {
            "appType": "Tapo_Ios",
            "cloudPassword": "password",
            "cloudUserName": "[email protected]",
            "terminalUUID": "6ff68c53-6057-40f3-a266-b2e41404c809"
        }
}

I’m getting my list of devices:

{
    "error_code": 0,
    "result": {
        "deviceList": [
            {
                "deviceType": "SMART.TAPOPLUG",
                "role": 0,
                "fwVer": "1.3.2",
                "appServerUrl": "https://eu-wap.tplinkcloud.com",
                "deviceRegion": "eu-west-1",
                "deviceId": "deviceId",
                "deviceName": "P100",
                "deviceHwVer": "1.0",
                "alias": "alias",
                "deviceMac": "Mac",
                "oemId": "9552772F906C60A9AEEA36A3347B6EBC",
                "deviceModel": "P100",
                "hwId": "9994A0A7D5B29645B8150C392284029D",
                "fwId": "1D18AD293A25ABDE41405B20C6F98816",
                "isSameRegion": true,
                "status": 0
            },

However when using old requests from TP-Link KASA Api I’m getting the following:

{
    "method": "passthrough",
    "params": {
        "deviceId": "deviceId", 
   }
}

Response:

{
    "error_code": -20571,
    "msg": "Device is offline"
}

I’m running out of ideas now, I’ve been trying to Nmap the devices and so far I just see requests from the IOs App to UDP port 20002 but they go to the broadcast address.
Anyone made any other progress?

1 Like

Alright guys another update:
Although the TAPO devices are listed in the API, I’m not able to manipulate them.
But my NC220 IPCamera, does appear on the list of devices on TPCloud.
That makes me wonder if the API for the TAPO devices is actually the same as the ones from KASA, or if the API is even prepared to deal with them.
Will try to dig up a bit more tonight.

Hi,

I just sent through the same method with that body (Not sure what you meant by this)

but I was still getting the same Error_code: -1

In other news I have played around with the appType field of the login and I believe that it doesn’t actually effect the outcome as I could add any string to it and I could still see all my devices.

I’m going to continue some digging this evening,
Thanks

So i am using charles web proxy on the iOS and i can get this from the tapo app

Request to 192.168.1.10

{
	"params": {
		"key": "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GN____(removed)____\n-----END PUBLIC KEY-----\n"
	},
	"method": "handshake",
	"terminalUUID": "EE77ED1B-xxxx-4AE2-8F54-21DC7F74xxxx"
}

Response

{
	"error_code": 0,
	"result": {
		"key": "gXlObI8mQQjYe6E___(removed)__"
	}
}

Request to 192.168.1.10

{
	"params": {
		"request": "mTrvviLX4YgghM5Okeu6OfM0___(removed)___"
	},
	"method": "securePassthrough",
	"terminalUUID": "EE77ED1B-3EEA-xxxxx"
}

Response:

{
	"error_code": -1009
}
1 Like

Using the program Proxyman i can see other stuff

When I request to turn off device the tapo is encrypting all the things

http://192.168.1.10/app?token=60E3E2E4xxxxxxxxxxxxxxxxxxxx

{
  "params": {
    "request": "OtCEvtNnKt5yA/lhUk/fs4Zt/A6l3JwpTLvyVGDi79OFHCTpaSz8rJsAoAgAa488qgEIyTG08fqMLyZ8enrUmngNFYg8ALDd7NBVSVoMVVUK0t47q55fgiGFIQrpuq5x"
  },
  "method": "securePassthrough",
  "terminalUUID": "EE77ED1B-3EEA-4AE2-8F54-21DC7F74XXXX"
}

Response

{
  "error_code": 0,
  "result": {
    "response": "KFDk3AnnjPNDWLUqdbdhnitVBmq/n+X/BHB+6ceVLfOSduZe71pLsNKjLrCm7GgbhlDDJ2UyAlpLandI2Bb7l04+oXg+KbZgm5VkFxiCOI5vFIfTiqUJjJ2IhPNHvgDnNI++FWjBkeRjloobrBmVo8ht0X3ulmyybvKhz33vAc+ytJfoI18B1ClLLFsqq56CwfVEFNIcpkeGc+yW3oSMct3t4pM6NDD1J7oNvmyFHLwBZTggOZlYILqfb8nrAUsUj8QeOg7BES1PizTsPYNgErk0qqnR9S94UIVHVhM36n6yc3L+gAg+Gz0GrYrNI837lGKoHcvyCRUVXMDq9FHkro50lvbcRL30Uvk/o0kr/4CJfrpJMp4EAsboKHnmVxrpQ7KlW7TjqAjY0TrYq7NgpDakBqTYWTdxkqJl2wNCoaE="
  }
}
1 Like

Hi Tiago,

I believe some mentioned earlier that the payload is AES, have you tried decrypting the requests and responses that way and with your public key? May be a dumb suggestion, but it’s all I can think right now, by the way do you have an alternative t o Proxyman for windows?

Thanks!