Reverse engineering the TP-Link Tapo protocol
JavaPython
TP-Link's Tapo smart plugs speak an undocumented local HTTP protocol. I recovered it by decompiling the Android app: an RSA key-exchange handshake, an AES encryption layer the vendor calls securePassthrough, and the credential login flow that sits on top of it.
I published proof-of-concept implementations in Java and Python, which were widely forked and reimplemented across the community. TP-Link has since moved Tapo to the newer KLAP protocol, but securePassthrough remains a documented fallback path in many libraries.