Reverse-engineering the UniFi inform protocol
7 hours ago
- #Reverse-Engineering
- #Networking
- #UniFi
- UniFi devices communicate with their controller via the inform protocol on port 8080 every 10 seconds.
- The inform protocol's first 40 bytes are unencrypted, including the device's MAC address at bytes 8-13.
- AES-128-CBC encryption is used for the payload, but the header's plaintext MAC allows for routing without decryption.
- A proxy can route traffic based on the MAC address, enabling multi-tenancy without per-tenant VMs.
- The web UI on port 8443 is easily routed via subdomains, while other ports have straightforward handling.
- The inform protocol's design allows for cost-effective hosting solutions by sharing infrastructure among tenants.