Release Day about tuya-cloudcutter HOT 14 CLOSED

Looking forward to Tuesday with half the digiblurDIY Army in tow..

from tuya-cloudcutter.

ref bk firmware dumping, note also my fork of the beken python stuff... also does SPI from RPi if you stuff the bootloader...
https://github.com/btsimonh/hid_download_py

from tuya-cloudcutter.

tomorrow !!!

from tuya-cloudcutter.

I guess I get the soldering iron out to put openbeken on the device which will arrive today, and light my kitchen tomorrow.... I suppose I can always test on my test device by returning it to the factory firmware. - and maybe test on the device which is arriving as it's not TOO difficult to extract after installation.

I take it you will want reports of success to add to the list?

Looking forward to the details next week!
br,

Simon

from tuya-cloudcutter.

Nice work!

I'm going to assume that Tuya are looking at this thread....
To Tuya:
For those of us who love the hardware cost, but hate the cloud requirement (and have a strong distrust of commercial closed source networkable firmware), it would be great if Tuya took this into account in their devices -
I see two ways;
1/ enable local control by default, allowing people to block outgoing traffic, or run in an isolated LAN.
2/ enable local flashing with OSS firmware. It may never be as featured as the Tuya ecosystem, but that's our loss.
Let's face it, if these were Russian originated, we would have been told to turn off all of our lights in the last few weeks...

from tuya-cloudcutter.

Hi @tfrew-r7, thanks for your interest. The coordinated disclosure window with Tuya ends on March 29th (next Tuesday). We'll publish a write-up directly after, and will release our tooling either then or a few days after, depending on how fast we can polish it up. We're working on that right now.

tl;dr: any day now! ;)

from tuya-cloudcutter.

@btsimonh yep, we'd love to hear about successful exploitation. Do note that each unique firmware will need its own exploit chain addresses, which we currently build by hand. We've found a handful of devices that have the exact same firmware (and thus addresses), but most are different.

So if you have a device that's not yet in the supported list, the addresses first need to be determined. You can send a fw dump to us and we'll try to check it out, or you can find them yourself after we publish the writeup.

Talk soon!

from tuya-cloudcutter.

@tjclement - device is the one in this post:
https://www.elektroda.com/rtvforum/viewtopic.php?p=19932845#19932845
full dump (less bootloader) is attached to the post.
My other one (my true dev device) is a uk Calex LED strip, will use this to test the 'methods' of extracting the required :).

@digiblur - completely off topic - you have Tuya devices with Tasmota? - i'll need some help with Tuya testing... post an isuse at https://github.com/btsimonh/Tasmota/tree/Tuya if you feel you could help.

from tuya-cloudcutter.

Will the release include a dumper? Keep getting a CRC error trying to dump an N chip

from tuya-cloudcutter.

@tfrew-r7 have you tried https://github.com/khalednassar/bk7231tools ? There's a flag for this exact issue described in the README.

from tuya-cloudcutter.

Thanks, I will dump with that tool later today, should I email you the files?

from tuya-cloudcutter.

There's no particular process we've thought of yet, but please don't email it to us and instead make an issue here with a link to the dump or some other publicly readable form.

That way everyone can see it and others can help building payloads without us becoming a bottleneck.

from tuya-cloudcutter.

@tjclement - device is the one in this post: https://www.elektroda.com/rtvforum/viewtopic.php?p=19932845#19932845 full dump (less bootloader) is attached to the post. My other one (my true dev device) is a uk Calex LED strip, will use this to test the 'methods' of extracting the required :).

@digiblur - completely off topic - you have Tuya devices with Tasmota? - i'll need some help with Tuya testing... post an isuse at https://github.com/btsimonh/Tasmota/tree/Tuya if you feel you could help.

Sent you a message on that proejct branch.

from tuya-cloudcutter.

tomorrow !!!

now!

from tuya-cloudcutter.