Instructions for adding new devices ? about tuya-cloudcutter HOT 20 CLOSED

Note that if you just want to find out if the device is vulnerable so you can stock up on a bunch of them, you can check that wirelessly: https://github.com/khalednassar/tuya-cloudcutter#testing-if-a-device-is-exploitable

from tuya-cloudcutter.

also for some chips i've had success by getting everything connected, running the dump tool, and then disconnecting/reconnecting VCC from the programmer pin. Forces the chip to reset without resetting the programmer itself, and the dumping software (that is already running) is able to interface with the beken chip as it resets.

from tuya-cloudcutter.

Those are Beken chips so yes they would be for this project. You would need to solder to the chip and dump the firmware.

from tuya-cloudcutter.

Ah rats, hoping there was an OTA firmware dump via this exploit.

from tuya-cloudcutter.

Ah rats, hoping there was an OTA firmware dump via this exploit.

at this point you'll have to wait for someone else to dump that switch then.

from tuya-cloudcutter.

Good to know! Is it not possible to get a firmware dump using the exploit, or just not a priority to write a dump tool that uses the exploit?

from tuya-cloudcutter.

The exploit depends upon the firmware dump, not the other way around as you suggest.

from tuya-cloudcutter.

Alright you've motivated me, I may give a dumping the firmware a shot this weekend.

from tuya-cloudcutter.

I've got it apart and soldered leads to the WB2S pins needed. How do I build the firmware dump tool for terminal use on osx? I've got an ft232 USB adapter I've used for tasmota on other things.

from tuya-cloudcutter.

@AndyRPH sorry for the late response. For the firmware dump tool, you can use https://github.com/khalednassar/bk7231tools - just make sure you have Python 3.7 + installed and pipenv installed ( https://pipenv.pypa.io/en/latest/ ) then follow the README.

from tuya-cloudcutter.

No luck just get a timeout error. "TimeoutError: Timed out attempting to link with chip" which I'm hoping means I've got the tool running correctly, and this device just can't be read while the WB2S chip is still soldered into the rest of the device?

from tuya-cloudcutter.

For most devices it's possible, there's might be some interference from other components but usually it works. What you can do is run the tool, and connect the CEN pin to GND briefly (tap them together), which should get it running. Otherwise, just power off the module on and off a few times while the tool is running, but don't power off your FT232.

It's a bit finicky, but give it a few power cycles and it should work.

from tuya-cloudcutter.

yep, they can be a right royal pain. Triple check everything and try again. also can be worth trying a different adaptor. (I have one which is much less reliable than my others).

from tuya-cloudcutter.

I've had success dumping with FT232RL and CP2012 based dongles. The 340C based ones were not working for me at all. It may come down to timing but the FT232RL worked every time for me.

from tuya-cloudcutter.

Pulling CEN to GND for a moment didn't seem to have an effect. Hmm, finicky indeed: power cycling it once connected while the program is running gives a different error:
termios.error: (6, 'Device not configured')

Is that a sign it was communicating correctly?

from tuya-cloudcutter.

@AndyRPH be sure to only power cycle the Tuya device, and leave the USB uart converter connected. The error you're getting sounds like the converter is being disconnected along with the Tuya device

from tuya-cloudcutter.

Yeah, I'm keeping the FT232 plugged in and just disconnecting and reconnecting the VCC pin.

from tuya-cloudcutter.

Make sure you have connected TX1 on chip to RX on USB adapter and RX1 on chip to TX on USB adapter.

from tuya-cloudcutter.

If you have a second adaptor, and access to the second serial port (tx only) , it's worth looking at the boot log.

from tuya-cloudcutter.

Closing stale ticket, instructions have changed drastically since this ticket was opened.

from tuya-cloudcutter.