Initially I thought that I would be able to reflash the Avatar Controls smart plug that I had repaired with Tasmota using tuyaconvert. But they only work with Espressif ESP32 based boards and once I had access to the internals I found that the microcontroller was a Beken BK7321TQN32 module.
 |
| Beken BK7231T sub board |
Packed into this tiny 15x20 mm board (marked WB3) is a 32-bit CPU with 2 MB of flash ROM and both Wi-Fi and Bluetooth LE wireless connectivity. Which is all well and good, but how do I get access to and change the firmware of this SoC?
The first decision to make was - which open source firmware system to use on the reflashed device? Broadly speaking there appearred to be two main options, the previously mentioned Tasmota and ESPHome (there are other OS projects, eg EspEasy or ESPurna, but they seem to be somewhat deprecated). Tasmota is based on the MQTT protocol, which is a venerable and widely used communication protocol that should work with any home automation system. ESPHome is a newer project and tailored to integrate with Home Assistant. As I am planning on using the latter, ESPHome seemed the more reasonable choice (though I freely admit that this choice wasn't based on any deep understanding of their relative merits).
The next decision was - how to get the new firmware onto the chip? There is a no soldering option for reflashing Beken chips using tuya-cloudcutter, which uses an over-the-air exploit that has since been patched by Tuya. However the plug was probably old enough that it might have not been patched. The second option required a small amount of soldering - which I was not adverse to - and the use of a USB-to-TTL adapter, but had the advantage of being certain that it would work. However, depending on where the soldering points were this could get a little awkward.
Much rummaging later I couldn't find a Raspberry Pi (the OTA exploit is injected via a networked Raspberry Pi). But after taking another look at the access for soldering (I would have needed to unsolder the whole Beken board) I bit the bullet and ordered a second-hand Pi 4B from eBay along with a case, a 64 GB micro-SD card and a HMDI-to-micro HDMI cable (ouch!).
The instructions from Digiblur's site are given at pace with limited explanation but I found that I could follow them for most of the journey (appended below are some notes on the process). The Avatar plug wasn't on the list of known Manufacturer/Device names so I had to install the Tuya app on a smartphone (fortunately you can use it as a guest) to get the firmware information, which was v1.0.8 for both main and MCU modules. Armed with this info I went down the list of BK7231T 1.0.8 versions until one stuck - 1.0.8 - BK7231T / oem_bk7231s_rnd_switch. Then opened ltchiptool to get details of the active pins on the device, which gave;
I: UPK: Found BK7231T config!
I: UPK: Switch/plug config
I: UPK: - relay 1: pin P7
I: UPK: - button 1: pin P8
I: UPK: Status LED: pin P1,inverted True
So, one relay, one button and one LED. Ltchiptool will output a starter YAML file that will allow for basic control of the device.
Setting up ESPHome as an Add-on to Home Assistant was straightforward but I did have a hiccough on selecting the device type as, for BK72xx boards, there were two options, WB3S and WB3L. I couldn’t see any easy way of identifying which board I had (it was only marked as WB3). So I had to compare the pinouts for the two chips on LibreTiny and make an educated guess based on the proximity of the SCK and CEN attachment points and plumped for WB3L. I did have to combine the ESPHome and ltchiptool YAML into a single piece of code in order to get it to work (with a bit of assistance from Gemini on correct formatting of the YAML output). But work it did, in the end.
JOB DONE
Time: 1 day (combined over several)
Cost: ~£0.50 materials (£73.96 tools - an investment)
Digiblur - How To Guide - Tuya CloudCutter with ESPHome LibreTiny - No soldering
Step 1 - Building the Raspberry Pi Image
Rather than use a standard Raspberry Pi OS distro the protocol uses a headless Lite version that is stripped down and accessed remotely via SSH. I have no idea whether you could just use the standard Desktop Raspberry Pi OS but I'm guessing that you probably could. However in the absence of any real understanding I just followed the instructions…
The command line instructions are:-
sudo raspi-config - opens the system settings menu to reset the country localisation
sudo apt update && sudo apt install network-manager - updates the Pi with a list of relevant upgrades and installs the most recent NetworkManager package to manage local network connections
sudo nano /etc/dhcpcd.conf alterations - tells your Raspberry Pi to stop managing the wireless network interface, giving the system a static IP address
sudo nano /etc/NetworkManager/NetworkManager.conf alterations - opens the config file for NetworkManager and takes control of the systems network interfaces
Once rebooted Docker is installed, which is a "container" that tuya-cloudcutter will run in (basically a way to ensure that a program will run on all hardware environments).
Step 2 - Install / Update Tuya-CloudCutter
Set up tuya-cloudcutter for use.
The command line instructions are:-
sudo apt install git - installs Git, which is a versioning software, but will also allow automatic downloading and installation of tuya-cloudcutter from a repository such as GitHub
git clone https://github.com/tuya-cloudcutter/tuya-cloudcutter - downloads and installs tuya-cloudcutter
Step 3 - Install ESPHome Kickstarter firmware on the Device
Once tuya-cloudcutter is running it will need to know the current firmware version on the device to be cut. I located this via the Tuya app and stepped through the choices for my firmware and Beken chip versions until one stuck. Once tuya-cloudcutter has done its thing, you should see the reflashed device as an open network with the SSID of kickstart-bk7231. Connecting to it and opening the 192.168.4.1 address in a browser will pop up the device control page where you can give it the details of your network for it to connect. Once on your network you will be able to see its local IP number.
Step 4 - LT Chip Tool to configure the device
The next step is to install ltchiptool, which will interrogate the chip and give you a description of which pins are connected to output devices. It will also supply a basic YAML file for the device.
Step 5 - Install ESPHome Add-On or Docker Container
This will allow the move from the basic kickstart firmware to ESPHome firmware. As I am running Home Assistant adding ESPHome as an Add-on was the simplest option for me.
Step 6 - Install ESPHome Firmware and Integrate into Home Assistant
At this point things drifted a little from the protocol. Once the kickstart device is located, you can generate an .uf2 file with the ESPHome firmware and use the device's control page to upload it. After some time the device will reappear in Home Assitant with the new name you have given it. For me the process didn't result in a opportunity to include the YAML file supplied by ltchiptool, but with a bit of judicious copy and paste I could include it from the ESPHome Add-on by editing the device's YAML file there and installing it via the Add-on.
The end point of the protocol should be a reflashed device with basic control over its functions via a page on the Device & services Settings page of Home Assistant.
No comments:
Post a Comment