- Other Devices
- Pwn the Tuya lightbulbs
- Tag: tasmota
- SmartLife/Tuya WiFi light switch with Tasmota and nymea
- Tuya-Convert guide – OTA flashing of smart bulbs and plugs
Other DevicesThese lightbulbs use the Tuya Cloud. So, once connected, they become a part of the Tuya ecosystem. I install the lightbulb, download and install the Smartlife app on an Android smartphone. My Wi-Fi password is transferred from the phone to the bulb:. Interesting to see this nice 90 degrees interconnected PCBs design:. Then, this ugly on-the-fly setup is achieved:. I tried a dedicated plugin hereread some articles here and here. A nice presentation here. Special mention to this guy able to reverse the entire bootROM. Here a little PoC to shut down the light, even when the app is open:. Also based on ESP The entire body the grey one on the picture encapsulating the electronic device is in metal and it is conductive, I confirm with a multimeter. Same method. Same firmware. Same results. The SDK version is the same. Here, it is interesting to see two different lightbulbs, having two different hardware designs based on the same SoC, and coming from two different manufacturers, embeds exactly the same firmware. Really funny to imagine how the guys in charge can propose brown tape to insulate hazardous voltages during a meeting…. And QA, management… totally OK with that? So then, I can imagine what these guys think about security. Otherwise, these ESP SoCs are low-cost, quite powerful, easy to program and benefit from an active open source community. You just drop a kind comment on my STM32 securing article. Kind of off topic but would like your input: I tried downloading the firmware as you described using esptool and loaded it back onto the bulb after I flashed with AiLight did erase first and the light just goes into a boot loop. Any thoughts or maybe a way to get the original firmware? Hi, is it possible that you share the original firmware of this Lamp? Your email address will not be published. Search for: Search. Skip to content These lightbulbs use the Tuya Cloud.
Pwn the Tuya lightbulbs
Recently I started looking at alternative ways to achieve Philips Hue lighting, without spending the money that Philips Hue commands. After a little digging, I found that there are literally thousands of bulbs on Amazon. So where to start? Luckily, the vast majority of these bulbs come from a single vendor, Tuya, and are then rebranded. This means that they are all pretty much identical under the hood. Inside of these bulbs is the ever popular esp, which, as you guessed, means we can modify it to suit our needs. This is by far the easier method. Unfortunately Tuya started rolling out patches for this sometime at the start of the year which prevents tuya-convert from working. Some bulbs are on this new firmware out of the box, some are not. My recommendation is to try tuya-convert first — and whatever you do, do not connect your light to the Smart Life app, this will automatically flash the bulb and Tuya-Convert will no longer be an option. This guide assumes you have experience soldering and have access to soldering equipment. If you do not, please try the tuya-convert method mentioned above. If I can obtain a compatible device, I will write a guide using that method in the future. Now we have direct access to the PCB. If we look closely at the chip, we can confirm that the chip we are working with is indeed an esp We can then start identifying where we need to solder our wires. You need to identify the following points on the board:. They should have markings on the PCB which identify these points:. Go ahead and carefully solder these connections, they are quite small and may require a bit of patience. One very important final step here, make sure you have the jumper on your USB to serial adapter set to 3. Before continuing, you read the paragraph above right? Please make sure you have your USB to serial adapter set to 3. Now proceed to plug your USB adapter into your laptop. It should pick up that you have plugged something in. You will need to have python 2. Once you have python installed, run the following command in command prompt or terminal to install esptool:. To do this on Windows, right click the start menu and choose device manager. It should bring up the device manager window. The screenshot below shows that mine is COM4. Linux users, again depends on the distro but you should be able to type the following command, you can see that mine is ttyUSB With that out the way, we go back to our esptool terminal. The following command instructs esptool to read the flash memory of our bulb and store it so that we have a backup of our original firmware which can be kept if you want to go back to the original firmware. This can take a few minutes to complete so sit tight. Once complete you should have a full firmware backup file, keep this safe if you want to use it again in the future. Let me know if you want to see a Tasmota example. This will run the wizard which will create a basic configuration for you. Also make sure and set your wifi correctly, as well as the password you want to use for OTA updates.
I explained that Tuya-Convert is a much easier method assuming you can get a bulb that has not been updated. Well I finally managed to get my hands on a bulb that was on the correct firmware so finally I can show how to use the much easier Tuya-Convert method to flash your bulb! Tuya-Convert is a very easy method of flashing your esp based smart bulbs with custom firmware, so that you can remove the need for your IoT devices to speak to Chinese cloud servers and allows you to integrate with Home Assistant, OpenHAB or Domoticz. Finally you might want to check out the compatibility list on the Tuya-Convert GitHub page where the community has kindly posted their results with certain bulbs. Firstly we need to be booted into our Linux environment. Then open a terminal and issue the following commands:. This will install Git if not already included in your distro, then will download Tuya-Convert. The final step will update your distro and install the required package for Tuya-Convert to run. This can take a few minutes to complete depending on your hardware. Once both these steps are done, you can hit enter and wait. This can take a minute or two to complete. Your device should stop flashing and the light should be on constant. Your terminal window should look similar to this which will indicate a success:. Once done, you can then connect to the web page of your device to continue setup. Congratulations, you just successfully flashed your smart bulb or plug! You have a ton of options now for integrations and are free to flash any firmware you desire! A backup of the original firmware is automatically saved so keep this safe incase you ever want to go back for some reason. You will find it in the tuya-convert folder. The most common issue you will run into is that your device has a new firmware on it which prevents this procedure. You know if this is the case if when you start the flash procedure, your device exists pairing mode and stops flashing, but nothing happens in your terminal window.
SmartLife/Tuya WiFi light switch with Tasmota and nymea
Add the following snippet to your HTML:. Free your Tuya device with Tasmota and nymea. Read up about this project on. The surfaces were just too small for it to be used in a hazzle-free manner. So I decided to replace it with something that has actual buttons again. Ok, but how would I get Tasmota on it? Some research on the net revealed that there is a project called tuya-convert. While it didn't seem to list the actual piece of hardware it is said to flash Tuya devices with Tasmota, over the air, no soldering required, so why not giving it a shot. As you can probably guess by the parts list and the picture, that didn't work out so well for me. Not to blame the tuya-convert project, I messed up all by myself in that I installed the official app for this device and connected it to the switch. It immediately did a firmware upgrade of the switch and that would change the OTA mechanism in a way that tuya-convert can't deal with any more, at least at the time of this writing. Do not connect the switch to the internet or the official SmartLife app or it will upgrade the firmware and can't be flashed to Tasmota over the air any more. Here we are, with a Tuya light switch ready to be flashed to Tasmota using tuya-convert. I have tried it on the Raspberry pi and it seemed to have worked like a charm - well, up to the point where it would fail because of the new firmware which prevents the Tasmota image from being injected, but I managed to connect the Tuya device to the tuya-convert WiFi and actually talk to the switch. Now, if you're lucky that's it for you No soldering, not even opening the case. OK, if you ended here like me and it is too late, you already got the latest firmware, or if your newly bought device comes with the latest firmware already preinstalled, stay calm, no need for getting it replaced. It is not required to have it plugged to the main power supply for flashing and in fact, it will likely destroy the device doing so, putting your hardware and your health at risk. So, this entire chapter goes without mains connected, just using the 3. This Tuya dimmer has the same chip on it, but a different layout. It works nevertheless, If you have a flasher, solder on the wires like in that picture.