logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

Unusual firmware change for the non-detachable Blow 72-070 socket for PLN 30

p.kaczmarek2 
Two disassembled BLOW smart sockets with exposed electronics.
I will show you a little interesting fact - a quite invasive but effective way to change the firmware of the cheapest WiFi-controlled socket. This socket is characterized by a low price (PLN 30) and a structure that makes it impossible to remove the board with the WiFi module from inside, which makes changing the insert very difficult. This is not a product like Blitzwolf sockets, where we have either a hidden screw or retractable pins, here everything is held together and there is really no way to get to the programming pads. Normally I wouldn`t touch it, but I received a request from a reader to change the insert of such a socket at all costs ...

You can buy this socket really cheap and it`s not strange at all - it`s the cheapest option possible:
Blow Smart Home WiFi socket with packaging and Tuya mobile app.
The socket offers energy measurement:
Smart Wi-Fi socket timer Blow with Tuya app.
This is a variation of the LSPA9 socket, described here:
Electrical socket with LSPA9 energy measurement - we program our own firmware
but this version has a grounding plate whose rivet makes it impossible to remove the PCB .
We`ll get to that in a moment, but first, photos of the packaging:
Packaging of a Blow brand WiFi smart socket. Blow WiFi Smart Socket box on a wooden table. Back of the Blow smart WiFi socket packaging showing specifications and markings. Blow socket packaging with QR code
Set:
Blow smart socket with instruction manual in the background.
Polish-language instructions:
User manual for Blow WiFi smart socket. User manual for a smart Wi-Fi socket in Polish. Instruction manual for a WiFi smart socket with the Smart Life app. Polish-English user manual for using Amazon Echo to control smart devices. User manual for Blow smart socket with WiFi Declaration of conformity for the BLOW WiFi smart socket.
Socket itself:
Front view of a WiFi smart socket with visible prongs and technical markings.

Interior and blow flashing
At first, they are disassembled like LSPA9, but after a while we have a surprise - the ground plate holds the rest of the system:
Open plastic electrical socket with visible interior components.
I don`t know how to make sense of this:
Interior of a cheap WiFi socket showing the PCB and electrical components.
After consulting the reader, the decision was made - we cut:
WiFi socket with open casing revealing the interior.
Already then I tried to connect with the programmer:
View of a damaged electrical socket with exposed wires and exposed PCB. Modified electrical socket with exposed interior.
There is of course BK7231 inside, BK7231Flasher should be able to handle it:
https://github.com/openshwprojects/BK7231GUIFlashTool
but here is the problem, because the energy measurement system is probably on RX/TX... so you need to desolder the module:
Damaged Blow socket with exposed circuit board. Image of a damaged electrical socket with visible electronic components inside.
Outside the system, you can change the input normally:
Image of a WB2S module with a BK7231T chip placed on a wooden surface. Printed circuit board with markings on a wooden surface.
View of a disassembled Blow electric socket with wiring and a breadboard on a wooden table.
This is what the socket looks like from above:
Close-up of the inside of an electrical socket showing a circuit board.
The module returns to its place:
Damaged electrical socket with an exposed PCB.
Flasher obviously detected the configuration:
Screenshot of BK7231 Easy UART Flasher software with device configuration.
Verbal description:
Code: text Expand Select all Copy to clipboard

Device configuration, as extracted from Tuya: 
- BL0937 SEL on P24
- Button (channel 1) on P11
- LED (channel 1) on P10
- BL0937 VI on P8
- WiFi LED on P6
- BL0937 ELE on P7
- Relay (channel 1) on P26
Device seems to be using WB2S module, which is using BK7231T.
And the Tuya section starts, as usual, at 2023424

JSON Tuya:
Code: JSON
Log in, to see the code

OBK template:
Code: JSON
Log in, to see the code

After changing the firmware, you still need to perform calibration, similarly to Tasmota - CurrentSet, VoltageSet, PowerSet commands.

Finally, we protected the socket - first with a solder mask, and then (on the reader`s side) with epoxy or some form of filler, at our discretion:
Two damaged electrical sockets with exposed PCBs. Two electrical sockets with visible damage and glowing blue light.

Summary
Nothing to be proud of here, terrible load changing device. Very problematic, especially since now the products are no longer susceptible to the exploit allowing the first OTA via WiFi. I have very fond memories original LSPA9 where it was possible to remove the entire PCB from the housing. In the case of Blow, this is not possible due to the previously mentioned rivet plate.
It`s possible that something better could be invented, but I only programmed two pieces, so the method from the topic worked anyway.
What not to do to have automation operating fully locally, without the Chinese cloud...
About Author
p.kaczmarek2
p.kaczmarek2 wrote 11960 posts with rating 9995 , helped 572 times. Been with us since 2014 year.

Comments

Nargo 14 Mar 2024 20:22

Wouldn`t it be easier to drill out the rivet? [Read more]

p.kaczmarek2 14 Mar 2024 23:47

Well, I don`t know if I would be able to solder it solidly without melting the center of the socket. If I have some to destroy, I`ll try. [Read more]

acctr 15 Mar 2024 00:03

If there was determination, it had to succeed. Alternatively, after drilling out the rivet, you can rivet it again or tighten it with an M3 screw. [Read more]

neo_84 15 Mar 2024 05:36

I would do that too. By the way, why change the load to something other than the factory one? I`m just guessing that the original batch doesn`t work with a given smartphone application, as we would li... [Read more]

p.kaczmarek2 15 Mar 2024 08:08

I wrote about why people want to change the load in the topic The electrode list of interior IoT devices has reached 500 entries [Read more]

K 15 Mar 2024 10:07

Why bottle it at all, what does it give? I`ve always wondered about this, and finally today I decided to ask. [Read more]

jajacek44 15 Mar 2024 10:21

Dissociating yourself from observation by Rice Brother, e.g. . [Read more]

p.kaczmarek2 15 Mar 2024 11:20

@K, there was an answer posted above. I will add that I also change the batch because I like to have the device available in the local network through a browser, normally by IP address, and Tuya etc.... [Read more]

omaxp 15 Mar 2024 14:51

but then you don`t have access to the device outside your home?? [Read more]

acctr 15 Mar 2024 14:52

The point is that if the user is sitting on the sofa and wants to close the blinds from the smartphone, the request should not go through the server room in Shenzhen but only through the home router. ... [Read more]

p.kaczmarek2 15 Mar 2024 15:00

Access to the device is whatever you organize, i.e. after flashing the IoT device with an alternative firmware that works without the cloud, such as Tasmota and connecting the device to your WiFi,... [Read more]

William Bonawentura 16 Mar 2024 09:35

Isn`t it enough to, for example, redirect the DNS router to your own service? [Read more]

acctr 16 Mar 2024 10:20

It may be possible, but you still need to support the original software protocol. I have never played with it, I prefer to move four letters, go to the switch and manually turn on the light. I only use... [Read more]

tomaszlonski 16 Mar 2024 11:15

Just invest in a router with VPN or simply run a VPN server on your router if it has one. With public IP, access to your home network around the world. [Read more]

acctr 16 Mar 2024 11:33

Or set up your own server with a public IP. Or subscribe to AWS or Azure and write your own applications with all the benefits of possibilities. There are many possibilities - it`s just a matter of ... [Read more]

tomaszlonski 16 Mar 2024 15:50

But why, since VPN is the simplest and relatively safe way to access your home network. Most new routers are supported, configuration and launch on any device takes 5 minutes without any additional costs. ... [Read more]

Oddawajsanki 17 Mar 2024 00:27

You could have reached the arrangement in a simpler way [Read more]

Jurek_I 19 Mar 2024 08:12

@tomaszlonski How did you achieve this? [Read more]

tomaszlonski 19 Mar 2024 19:15

I described only have a router with a VPN server (not with the client because that`s different). And at home I have two Vu+ Uno 4kSE tuners, one with satellite and the other with terrestrial. [Read more]

%}