Back to projects
2020

Reverse engineering the TP-Link Tapo protocol

JavaPython

TP-Link's Tapo smart plugs speak an undocumented local HTTP protocol. I recovered it by decompiling the Android app: an RSA key-exchange handshake, an AES encryption layer the vendor calls securePassthrough, and the credential login flow that sits on top of it.

I published proof-of-concept implementations in Java and Python, which were widely forked and reimplemented across the community. TP-Link has since moved Tapo to the newer KLAP protocol, but securePassthrough remains a documented fallback path in many libraries.