Tp-Link M7350 4G LTE Router - Send SMS using python script with a Raspberry Pi

Question

• Raspberry Pi 4B 4GB with Pi Os.
• TP-Link M7350 4G LTE Router.

---

After long time searching the internet for a guide how to send SMS using python script and M7350, i only found for model MR-6400.

---

The router emulator page is the following: Router emulator page(for password use: "admin")

Code found for model MR-6400

# -*- coding: utf8 -*-
"""
Send SMS via TP-Link TL-MR6400.
This code shows how to send an SMS using the admin GUI of the above router.
FIXME TODO add error handling, logging
Author: Fabio Pani <fabiux@fabiopani.it>
License: see LICENSE
"""
from hashlib import md5
from base64 import b64encode
from datetime import datetime
from time import strftime
import requests

# SMS
router_domain = '192.168.1.1'  # set actual IP or hostname of your router
router_url = 'http://' + router_domain + '/'
router_login_path = 'userRpm/LoginRpm.htm?Save=Save'
router_sms_referer = '/userRpm/_lte_SmsNewMessageCfgRpm.htm'
router_sms_action = '/userRpm/lteWebCfg'
router_admin = 'ADMIN_USERNAME'  # set admin username
router_pwd = 'ADMIN_PASSWORD'  # set admin password


def send_sms(phone_num, msg):
"""
Send an SMS via TP-Link TL-MR6400.
:param phone_num: recipient's phone number
:type phone_num: str
:param msg: message to send
:type msg: str
"""
# SMS payload
sms = {'module': 'message',
       'action': 3,
       'sendMessage': {
           'to': phone_num,
           'textContent': msg,
           'sendTime': strftime('%Y,%-m,%-d,%-H,%-M,%-S', datetime.now().timetuple())
       }}

# authentication
authstring = router_admin + ':' + md5(router_pwd.encode('utf-8')).hexdigest()
authstring = 'Basic ' + b64encode(authstring.encode('utf-8')).decode('utf-8')
cookie = {'Authorization': authstring, 'Path': '/', 'Domain': router_domain}
s = requests.Session()
r = s.get(router_url + router_login_path, cookies=cookie)
if r.status_code != 200:
    # FIXME TODO log errors
    exit()
hashlogin = r.text.split('/')[3]
sms_form_page = router_url + hashlogin + router_sms_referer
sms_action_page = router_url + hashlogin + router_sms_action

# send SMS
s.headers.update({'referer': sms_form_page})
r = s.post(sms_action_page, json=sms, cookies=cookie)
if r.status_code != 200:
    # FIXME TODO log errors
    pass

Answer 1

After jumping into the emulator website and inspecting the website and looking at the downloaded code I spotted the following:

var phoneNumber = $('#nPhoneNumberInput').val(),  
    content = $('#nContentInput').val(),
    date = new Date(),
    dateString = [date.getFullYear(), date.getMonth()+1, date.getDate(),
                date.getHours(), date.getMinutes(), date.getSeconds()].join(','),
    req = {};

req.sendMessage = {
  to: phoneNumber,
  textContent: content,
  sendTime:  dateString
};

So the HTTP request body it's the same as your python sample. Note that the date is formatted as 2022,6,9,10,25,30 where fields match: Year, Month, Day of the month, hour in 24h format, minutes and seconds.

I've also noted that it doesn't send any Basic or Authorization headers and you'd need to double-check by doing the same I did on your actual device as I don't have that TP-Link myself but it does send a Cookie header:

Cookie: tpweb_token=testToken; check_cookie=check_cookie

So perhaps you should put what you're using in your access token into the tpweb_token key of this cookie.

I've also figured out that the request is a GET request which is strange and I think this is because this is just an emulator so you might need to do a POST request as you're already doing in the sample code provided.

Finally I've seen that the hit URL is this one:

https://emulator.tp-link.com/M7350v5/dist/cgi-bin/web_cgi/message_3

So my bet is that your target URL on your real device might be as follows (assuming that 192.168.1.1 is the IP address of the TP-Link):

http://192.168.1.1/dist/cgi-bin/web_cgi/message_3

or

http://192.168.1.1/cgi-bin/web_cgi/message_3

---

With all this said my reccommendation is to use your admin site, open the web developer tools and check the actual request that is being sent when you send an SMS from there and try to mimic that with python and the requests library. It shouldn't be too hard.

Also pay attention to the dev-tools once you're making a login request as you're likely to need to reproduce the same steps in order to get the access token.