[BK7231T] My HTTP server, configurator, MQTT support from Home Assistant

p.kaczmarek2 177219 1242

Treść została przetłumaczona

Zobacz oryginalną wersję tematu

Reply Cool? Ranking DIY | New topic

Notify about new articles

#571 20010350 07 May 2022 18:51

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #571
20010350 07 May 2022 18:51

For a very long time I used this cheap soldering iron with power control:
https://www.elektroda.pl/rtvforum/topic3751728.html
Then I bought KSGER one (requiring external power supply):
https://www.elektroda.pl/rtvforum/topic3878290.html
Both my reviews are polish, but you know, Google Translate seems very advanced these days.

Which printer are you using?

This:
Quote:

dpid7 - timer remaining

Is a read-only value? Is this in minutes or what format? How often is it send from TuyaMCU to WiFi module?
I will need to add a read only channel type for that (just display value in OpenBeken) panel.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
ADVERTISEMENT
#572 20011398 08 May 2022 18:10

echojjj echojjj

Level 8

Helpful post? (0)

Post #572
20011398 08 May 2022 18:10

@p.kaczmarek2 I made a little programmer with pogo pins and I've been trying to get the fan controller's original firmware for tuya-cloudcutter (many attempts).

bk_writer = "Success" but 0 KB.

python3 uartprogram firmware.bin -r -b 115200 -s 0x0

UartDownloader....
Read Getting Bus...
Gotten Bus...
len: 119000
startAddr: 0
Reading 0
ReadSector Failed 0

I don't want to overwrite the firmware until I know I'm not doing something wrong here.
ADVERTISEMENT
#573 20011453 08 May 2022 18:59

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #573
20011453 08 May 2022 18:59

Erm did you remember to cut the RX and TX traces between WiFi module and TuyaMCU chip?
Otherwise the TuyaMCU might interfere with programming.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#574 20011487 08 May 2022 19:20

echojjj echojjj

Level 8

Helpful post? (+1)

Post #574
20011487 08 May 2022 19:20

p.kaczmarek2 wrote:
Erm did you remember to cut the RX and TX traces between WiFi module and TuyaMCU chip?
Otherwise the TuyaMCU might interfere with programming.

You're right... I did forget. I can't get a successful read.

bk_writer
FAILED

sudo python3 uartprogram firmware.bin -r -b 115200 -s 0x0
CRC check failed
#575 20011518 08 May 2022 19:47

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #575
20011518 08 May 2022 19:47

CRC check fails always for N chip while reading from offset 0.

Ah, I know, you have version that doesn't save the flash if CRC is wrong.
I have fixed that:
https://github.com/OpenBekenIOT/hid_download_...mmit/a0ac7af9768bec3b9cf542c63a9dad1246995f96
Get latest version from github again, as I changed the script.

Second option: use bk7231tools:
https://github.com/khalednassar/bk7231tools
Read whole readme, notice the "Note for reading BK7231N devices' flash" section.

Add file as .zip attachment here and I will forward it to Tuya-cloudcutter guys, so they can try to make OTA hack for this device.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#576 20011555 08 May 2022 20:13

echojjj echojjj

Level 8
Helpful post? (0)

Post #576
20011555 08 May 2022 20:13

@p.kaczmarek2 original firmware Qiachip 110V/220V Light and Fan Controller (FLC-220V/FLC-110V) with CB2S module.

Attachments:

firmware.zip Download (1.02 MB)
#577 20011570 08 May 2022 20:22

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #577
20011570 08 May 2022 20:22

You are fast. Well done! Thanks, this might allow future users to flash that device remotely with no soldering.
I have forwarded the zip file to cloudcutter devs, please wait a day or so before they check this out.

We could try flashing OpenBeken right now on your device, but you know, I think it won't hurt to wait one day so at least we know if the flash dump is correct.

Still, in my opinion is OK, I can find RBL header inside (even with text editor).

UPDATE: @echojjj can you dump whole 2MB with bk7231tools?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
ADVERTISEMENT
#578 20011720 08 May 2022 21:45

xabean xabean

Level 6

Helpful post? (0)

Post #578
20011720 08 May 2022 21:45

Hello! I am trying to flash OpenBK7231T_UA_1.0.20.bin via SPI to a WB3 module with a BK7231T microcontroller -- I've successfully dumped the factory firmware, but nothing I flash seems to bring up a new WIFI access point? I don't yet have 3.3v TTL serial connected to the WB3 module, I still need to figure out where the UART pins are on the edge of the module.

OpenBekenIOT/hid_download_py/SPIFlash.md mentions that writing firmware directly to flash requires "executable partitions must be encrypted and packaged (32->34 bytes with CRC)." -- are the releases of .bin files at openshwprojects/OpenBK7231T_App/releases/tag/1.0.20 not encrypted or missing CRC?
#579 20011734 08 May 2022 21:52

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #579
20011734 08 May 2022 21:52

@xabean please send device model name + photos + flash dump (full 2mb if possible) to tuya cloudcutter guys, or send it here, I will forward it to them, so they can do OTA hack for your device.

Regarding your question... I don't understand you.
1. If you have no 3.3V UART connected, then how did you managed to read the firmware dump?
2. Why SPIFlash.md ? It has nothing to do with UA, you just use bkWriter 1.60 and that's it. UA is a correct file to write with Beken Writer or python tool by UART.
3. WB3 = WB3S?
Look at my guide:
https://www.elektroda.com/rtvforum/topic3875654.html

@echojjj can you dump whole 2MB with bk7231tools?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#580 20011844 08 May 2022 22:42

xabean xabean

Level 6
Helpful post? (0)

Post #580
20011844 08 May 2022 22:42

(I couldn't make this post without breaking all the links, 5th try is the charm?)

Quote:
@xabean please send device model name + photos + flash dump (full 2mb if possible) to tuya cloudcutter guys, or send it here, I will forward it to them, so they can do OTA hack for your device.

It's the same smart outlet as Glaedr304 over in post #28. Aoycocr model X5P, or FCC ID 2AKBP-X5.

Quote:

1. If you have no 3.3V UART connected, then how did you managed to read the firmware dump?
2. Why SPIFlash.md ? It has nothing to do with UA, you just use bkWriter 1.60 and that's it. UA is a correct file to write with Beken Writer or python tool by UART.

I have my raspberry pi connected as a SPI flash programmer/reader, with the spiprogram tool from OpenBekenIOT/hid_download_py
It works great! I saw the RBL, bootloader, and app regions in the firmware. I know you prefer using the UART programming method, but I appreciate having a _full_ and _complete_ dump of the firmware, in case I brick it. Either I'm doing something wrong, or there isn't yet a process for flashing OpenBkenIOT over SPI written yet. I'm interested in figuring that out, and will make a github pull request to document it when I get it working

Quote:

3. WB3 = WB3S?
Look at my guide:
(removed)

WB3, according to the silkscreen on the PCB. Here are some close ups. The WB3 module edge is right up against the plastic and I haven't yet ohm'd out where the RX/TX/VCC/GND pins are on the edge. I have easier access to the SPI pins without having to unsolder the module:

Here's close ups of the WB3 module from one XP5 I completely tore apart:

I've attached the firmware dump, this was before ever plugging it in. I hope these help!

Code: text Expand Select all Copy to clipboard
$ sha1sum Aoycocr_X5P_0x000000-0x1fffff.bin 95797fedac634e18b65d261ebf37e718a3b692b3 Aoycocr_X5P_0x000000-0x1fffff.bin

Attachments:

PXL_20220508_200217948.jpg Download (2.02 MB)

PXL_20220508_200610714.jpg Download (2.82 MB)

PXL_20220508_200324934.jpg Download (595.29 KB)

PXL_20220508_031938356.jpg Download (913.98 KB)

PXL_20220508_031952004.jpg Download (693.66 KB)

Aoycocr_X5P_0x000000-0x1fffff.zip Download (1.02 MB)
#581 20011865 08 May 2022 22:51

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home
Topic author Helpful post? (0)

Post #581
20011865 08 May 2022 22:51

That changes a lot.

EDIT: Or maybe even better idea, try flashing QIO format, it seems like a full dump.

Ah, I see, you don't have Qio, QIO is not released for T version, as Obk was not planned to be flashed by SPI.
So, here it is:

Attachments:

OpenBK7231T_App_QIO_4e00c04f.zip Download (642.53 KB)

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#582 20011977 09 May 2022 00:16

xabean xabean

Level 6

Helpful post? (0)

Post #582
20011977 09 May 2022 00:16

Looks like I'm going to have to ohm out the 3.3v TTL UART.

None of the following worked:
1. Flashing the Obk rbl file at the offset of the application region in my factory firmware
2. Creating a full image by injecting the Obk rbl file into the factory firmware, and flashing that full image
3. Flashing the QIO image you just made (thanks! This is awesome progress!)

I wondered if flashing the Obk rbl file at a non-page boundary would cause an issue, which was why I tried #2.

I'll circle back once I find my 3.3v TTL UART FTDI cable!
#583 20012036 09 May 2022 03:52

echojjj echojjj

Level 8

Helpful post? (0)

Post #583
20012036 09 May 2022 03:52

p.kaczmarek2 wrote:
can you dump whole 2MB with bk7231tools?

Having a hard time with it (see below)... Every google tells me install pyserial. I install pyserial and no change. What is it that I'm doing wrong?

Traceback (most recent call last):
File "bk7231tools.py", line 13, in <module>
from bk7231tools.serial import BK7231Serial
File "/home/homeassistant/bk7231tools/bk7231tools/serial/__init__.py", line 6, in <module>
import serial
ModuleNotFoundError: No module named 'serial'
#584 20012046 09 May 2022 06:13

xabean xabean

Level 6

Helpful post? (0)

Post #584
20012046 09 May 2022 06:13

Ohmed out the edge connector to the BK7231T pinout from p.kaczmarek2. Found my 3.3v TTL adapter, but it's after midnight so I'll play some more tomorow. Right now I'm really wishing I had two 3.3v TTL adapters rather than just one

Edit: I flipped two test points, deleting the images until I make corrections
#585 20012048 09 May 2022 06:51

kuba2k2 kuba2k2

Level 13

Helpful post? (0)

Post #585
20012048 09 May 2022 06:51

xabean wrote:
None of the following worked:

Did you erase the flash chip prior to writing? Also try using flashrom (on raspberry pi) after putting BK into SPI flash mode.
#586 20012051 09 May 2022 07:03

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home
Topic author Helpful post? (0)

Post #586
20012051 09 May 2022 07:03

@echojjj
If you have issues with bk7231utils, then try this back in hid_download_py:
Code: text Expand Select all Copy to clipboard
sudo python3 uartprogram firmware.bin -r -b 115200 -s 0x0 -length 0x200000

If it works, then we can proceed to flashing OpenBeken on your device. Created file should be bigger.

@xabean
Have you seen the SPI flash instructions?
https://github.com/OpenBekenIOT/hid_download_...mmit/c600685768a8cb91eedd57212f2d8184bddd5ccc
Quote:

## writing the flash

Writing consists of erasing sectors and then writing data.

As it is writing the faw flash, executable partitions must be encrypted and packaged (32->34 bytes with CRC).

From the Tuya SDK, the firmware file tagged '_QIO_' is suitable. e.g. to replace the bootloader, flash the first 0xf000 bytes from that firmware file.

Each command must raise CSN at the end to take effect, so all commands must be sent separately over SPI.

A sector is 0x1000 bytes, writing is max 256 bytes per page.

but still, I didn't use SPI yet. I have broke 0 BK7231s so far.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#587 20012356 09 May 2022 12:27

sharathbk1912 sharathbk1912

Level 8

Helpful post? (0)

Post #587
20012356 09 May 2022 12:27

p.kaczmarek2 wrote:
Do you need it? I can add this for you really soon.

yes please whenever possible along with your next release will help.
okay for bl0937 understood . Just wanted to know there is support coming

One more thing was for the RGBCW . Mostly these are designed to operate either C/W/RGB based on the power supply design.
so can we set it up similarly ? like RGB selection disables C/W. C disables W/RGB and W disables C/RGB . this is how its done in tasmota .. if we wanna override 2 things simultaneously we shd override some setting to do so .

Thanks and regards
Sharath B K
#588 20012377 09 May 2022 12:46

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #588
20012377 09 May 2022 12:46

@echojjj I am finalizing the work on your donation. That was really a new BK7231T module! I have never seen such a thing before. I desoldered it with hot air to make a photo of pins footprint.
Desoldering:

Done:

Footprint:

Cleared pads:

Soldering back:

I also had to remove button, because otherwise hot air would burn it. But don't worry, I put it together and it still works!

@sharathbk1912 please wait patiently or help me testing. I think that my led driver, described here:
https://www.elektroda.com/rtvforum/topic3880540.html#19938487
can work in all modes, RGB, CW, you just skip rgb or cw syntax part of Yaml for Home Assistant, and when numbering channel, keep R = 1, G = 2 , B = 3, C = 4, W = 5 numbering (if no RGB, then leave channels 1 2 3 empty).
As for single channel, that's easy, just use autogenerated yaml... I think.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#589 20012757 09 May 2022 17:41

xabean xabean

Level 6

Helpful post? (0)

Post #589
20012757 09 May 2022 17:41

kuba2k2 wrote:
Did you erase the flash chip prior to writing? Also try using flashrom (on raspberry pi) after putting BK into SPI flash mode.

No, but wouldn't that erase the wifi calibration data at [offset I remember seeing someone identify]?

I can successfully restore the factory firmware (all 2Mbit of it) and see it work immediately after flashing with spiprogram because it broadcasts via bluetooth a "TY" bluetooth device. I didn't even have to connect CEN to ground to reboot it! It just immediately came to life. I don't think I need to use flashrom just yet.

p.kaczmarek2 wrote:
Have you seen the SPI flash instructions?

Yes, that's why I asked if the .bin files you release had the encryption and CRC embedded in them. You already identified that you weren't making QIO releases for BK7231T, which are better suitable for SPI flashing and gave me one! Thank you

p.kaczmarek2 wrote:
I didn't use SPI yet. I have broke 0 BK7231s so far.

It's half about being able to recover from catastrophe, and half about not having easy access to the UART pins. I can pop the plastic shell apart and immediately have access to the SPI pins. To have access to the UART pins, I need to unsolder the whole board from the electric plug, or drill a hole in the plastic case. I don't want to make a permanent modification to the case.

I found my 3.3v TTL adapter, and managed to configure the UART on my raspberry pi to be a 3.3v TTL too, so
after work I should have time to look at both UARTs on my WB3 module.
ADVERTISEMENT
#590 20012832 09 May 2022 18:45

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #590
20012832 09 May 2022 18:45

You just have to flash OpenBeken once and they you can use OTA. So no problems with UART.

Donation from @opfer15 arrived. Thank you!

Remember that you can also donate at https://www.paypal.com/paypalme/openshwprojects , every $ counts, as I need to buy just a lot of devices to make sure they are all supported!

Btw, look at the uptimes - BL602 port is stable as well!

I also released a new article that also shows parts of scripting two OpenBeken devices to work together (one switch to control second switch via HTTP), right now only polish version:
https://www.elektroda.pl/rtvforum/topic3892160.html

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#591 20012981 09 May 2022 20:21

echojjj echojjj

Level 8
Helpful post? (0)

Post #591
20012981 09 May 2022 20:21

p.kaczmarek2 wrote:
If you have issues with bk7231utils, then try this back in hid_download_py:
Code: sudo python3 uartprogram firmware.bin -r -b 115200 -s 0x0 -length 0x200000

FTDI kept disconnecting mid-dump, had to switch to windows machine.
python uartprogram firmware.bin -r -d com3 -b 115200 -s 0x0 -l 0x200000

Attachments:

firmware.zip Download (1.03 MB)

#592 20013326 10 May 2022 04:44

xabean xabean

Level 6

Post #592

20013326 10 May 2022 04:44


V:BK7231S_1.0.5
CPSR:000000D3
R0:793DEBF9
R1:CAF7EA5F
R2:5B7A3DF6
R3:D76C4B37
R4:BFFFCFEE
R13:ECE5FFDF
R14(LR):A3FFCF7F
ST:20950B66
J 0x10000

is what I get after flashing OpenBK7231T_App_QIO_4e00c04f.bin via SPI. Does that sound like it's getting stuck jumping to 0x10000?


V:BK7231S_1.0.5
CPSR:000000D3
R0:793DEBF9
R1:CAD7EFD9
R2:595A3DFE
R3:FF7FCB77
R4:BFDFCF7E
R13:ECE577DF
R14(LR):A3FFCF7E
ST:20850966
J 0x10000
prvHeapInit-start addr:0x41f7e8, size:133144
[01-01 18:12:15 TUYA Info][mqc_app.c:175] mqc app init ...
[01-01 18:12:15 TUYA Info][sf_mqc_cb.c:42] register mqc app callback
[01-01 18:12:15 TUYA Debug][mqc_app.c:118] mq_pro:5 mqc_handler_cnt:1
[01-01 18:12:15 TUYA Debug][mqc_app.c:118] mq_pro:31 mqc_handler_cnt:2
[01-01 18:12:15 TUYA Debug][uni_thread.c:215] Thread:sys_timer Exec Start. Set to Running Status
[01-01 18:12:15 TUYA Err][log_seq.c:709] log stats ufread fail, log status is empty
[01-01 18:12:15 TUYA Debug][svc_online_log.c:288] svc online log init success
[01-01 18:12:15 TUYA Err][tuya_ws_db.c:314] kvs_read fails gw_bi -1
[01-01 18:12:15 TUYA Err][ws_db_gw.c:111] gw base read fails -935
[01-01 18:12:15 TUYA Debug][tuya_bt_sdk.c:89] ty bt cmmod register finish 1
[01-01 18:12:15 TUYA Debug][tuya_ble_api.c:301] ble sdk inited
!!!!!!!!!!tuya_bt_port_init
[01-01 18:12:15 TUYA Debug][tuya_ble_api.c:337] ble sdk re_inited
[01-01 18:12:15 TUYA Notice][tuya_bt_sdk.c:130] ty bt sdk init success finish
[01-01 18:12:15 TUYA Debug][tuya_device.c:219] < TUYA IOT SDK V:1.0.2 BS:40.00_PT:2.2_LAN:3.3_CAD:1.0.2_CD:1.0.0 >
< BUILD AT:2020_09_25_17_24_52 BY embed FOR ty_iot_wf_bt_sdk_bk AT bk7231t >
IOT DEFS < WIFI_GW:1 DEBUG:1 KV_FILE:0 SHUTDOWN_MODE:0 LITTL[01-01 18:12:15 TUYA Debug][tuya_device.c:220] oem_bk7231s_rnd_switch:1.1.8
[01-01 18:12:15 TUYA Notice][tuya_device.c:221] firmware compiled at Jul  9 2021 19:30:26
bk_rst:0 tuya_rst:0[01-01 18:12:15 TUYA Notice][simple_flash.c:432] key_addr: 0x1ee000   block_sz 4096
[01-01 18:12:15 TUYA Notice][simple_flash.c:500] get key:
0xcb (redacted) 0x35 
[01-01 18:12:15 TUYA Notice][tuya_main.c:311] **********[oem_bk7231s_rnd_switch] [1.1.8] compiled at Jul  9 2021 19:30:24**********
[bk]tx_txdesc_flush
[rx_iq]rx_amp_err_rd: 0x018
[rx_iq]rx_phase_err_rd: 0x00e
[rx_iq]rx_ty2_rd: 0x000
*********** finally result **********
gtx_dcorMod            : 0x8
gtx_dcorPA             : 0xa
gtx_pre_gain           : 0x8
gtx_i_dc_comp          : 0x20b
gtx_q_dc_comp          : 0x207
gtx_i_gain_comp        : 0x3ff
gtx_q_gain_comp        : 0x3e4
gtx_ifilter_corner over: 0xb
gtx_qfilter_corner over: 0xb
gtx_phase_comp         : 0x200
gtx_phase_ty2          : 0x200
gbias_after_cal        : 0x14
gav_tssi               : 0x1d
g_rx_dc_gain_tab 0 over: 0x80808080
g_rx_dc_gain_tab 1 over: 0x8078807c
g_rx_dc_gain_tab 2 over: 0x86788478
g_rx_dc_gain_tab 3 over: 0x94689070
g_rx_dc_gain_tab 4 over: 0x94689468
g_rx_dc_gain_tab 5 over: 0x98649866
g_rx_dc_gain_tab 6 over: 0x9c639a64
g_rx_dc_gain_tab 7 over: 0x9c679c65
grx_amp_err_wr         : 0x1f4
grx_phase_err_wr       : 0x007
**************************************
ble use fit!
temp in flash is:282
lpf_i & q in flash is:11, 11
xtal in flash is:37
-----pwr_gain:12, g_idx:12, shift_b:0, shift_g:0
                                                -----[pwr_gain]12
                                                                 Initializing TCP/IP stack
gapm_cmp_evt_handler operation = 0x1, status = 0x0 
gapm_cmp_evt_handler operation = 0x3, status = 0x0 
STACK INIT OK
ble create new db
ble_env->start_hdl = 0x7gapm_cmp_evt_handler operation = 0x1b, status = 0x0 
CREATE DB SUCCESS
!!!!!!!!!!tuya_bt_reset_adv
[01-01 18:12:15 TUYA Notice][tuya_ble_api.c:398] ble adv && resp changed
!!!!!!!!!!tuya_before_netcfg_cb
appm start advertising
[01-01 18:12:16 TUYA Notice][tuya_main.c:341] mf_init succ
[01-01 18:12:16 TUYA Notice][tuya_device.c:117] pConfig = {reset_t:3,rl1_lv:1,netled_lv:0,bt_type:0,bt1_pin:8,ch_flag1:1,net_trig:1,module:WB3S,ch_cddpid1:9,jv:1.0.0,nety_led:2,ch_num:1,netled_pin:1,total_stat:2,reuse_led_m:1,rl1_pin:7,netn_led:2,ch_dpid[01-01 18:12:16 TUYA Notice][tuya_main.c:133] current product ssid name:tuya_mdev_test1
[bk]tx_txdesc_flush
ht in scan
scan_start_req_handler
do td cur_t:261--last:idx:13,t:282 -- new:idx:11,t:258 
--0xc:08, shift_b:-1, shift_g:-1, X:0
                                     [01-01 18:12:18 TUYA Notice][gw_intf.c:3671] serial_no:(redacted)
[01-01 18:12:18 TUYA Notice][gw_intf.c:3706] gw_cntl.gw_wsm.stat:0
[01-01 18:12:18 TUYA Notice][gw_intf.c:3709] gw_cntl.gw_wsm.nc_tp:1
[01-01 18:12:18 TUYA Notice][gw_intf.c:3710] gw_cntl.gw_wsm.md:0
[01-01 18:12:18 TUYA Notice][gw_intf.c:3754] gw_cntl.gw_if.abi:0 input:0
[01-01 18:12:18 TUYA Notice][gw_intf.c:3755] gw_cntl.gw_if.product_key:(redacted), input:(redacted)
[01-01 18:12:18 TUYA Notice][gw_intf.c:3756] gw_cntl.gw_if.tp:0, input:0
[01-01 18:12:18 TUYA Notice][gw_intf.c:3758] gw_cntl.gw_if.firmware_key:(redacted), input:(redacted)
[01-01 18:12:18 TUYA Info][gw_mqc_cb.c:475] register mqc app callback
[01-01 18:12:18 TUYA Notice][tuya_bt_sdk.c:148] ty bt update product:(redacted) 1
[01-01 18:12:18 TUYA Notice][memory_state.c:274] init cfg is null!!
[01-01 18:12:18 TUYA Notice][hw_table.c:43] IO - relay[0]:      pin-7   type high
[01-01 18:12:18 TUYA Notice][hw_table.c:43] IO - button[0]:     pin-8   type low
[01-01 18:12:18 TUYA Notice][hw_table.c:77] trig_type:level
[01-01 18:12:18 TUYA Notice][hw_table.c:82] CH[0],    DPID[1]
[01-01 18:12:18 TUYA Notice][hw_table.c:43] IO - wifi_stat:     pin-1   type low
[01-01 18:12:18 TUYA Notice][hw_table.c:97] trig_type:level
[01-01 18:12:18 TUYA Notice][hw_ctrl.c:546] ch sec is null!!
[01-01 18:12:18 TUYA Notice][ffc_remote.c:258] init cfg is null!!
[01-01 18:12:18 TUYA Notice][tuya_device.c:1129] device_init ok  free_mem_size:75616
[bk]tx_txdesc_flush
ht in scan
scan_start_req_handler
do td cur_t:266--last:idx:11,t:258 -- new:idx:12,t:270 
--0xc:08, shift_b:-1, shift_g:-1, X:0
                                     [bk]tx_txdesc_flush
me_set_ps_disable:840 0 0 0 413869 928304
------beacon_int_set:100 TU
set_active param 0
                  [msg]APM_STOP_CFM
                                   update_ongoing_1_bcn_update
mm-next-timer_null
hal_machw_enter_monitor_mode
[01-01 18:12:21 TUYA Notice][tuya_device.c:773] wifi stat is 1 
!!!!!!!!!!tuya_bt_reset_adv
[01-01 18:12:21 TUYA Notice][tuya_ble_api.c:398] ble adv && resp changed
gapm_cmp_evt_handler operation = 0x10, status = 0x0 
[01-01 18:12:23 TUYA Notice][tuya_device.c:1144] device_init ok  free_mem_size:74864
[01-01 18:12:23 TUYA Notice][tuya_device.c:1145] wifi_stat = 1
do td cur_t:281--last:idx:12,t:270 -- new:idx:13,t:282 
--0xc:08, shift_b:-1, shift_g:-1, X:0
                                     [01-01 18:12:28 TUYA Notice][tuya_device.c:1144] device_init ok  free_mem_size:74864
[01-01 18:12:28 TUYA Notice][tuya_device.c:1145] wifi_stat = 1
[01-01 18:12:33 TUYA Notice][tuya_device.c:1144] device_init ok  free_mem_size:74864
[01-01 18:12:33 TUYA Notice][tuya_device.c:1145] wifi_stat = 1
[01-01 18:12:38 TUYA Notice][tuya_device.c:1144] device_init ok  free_mem_size:74768
[01-01 18:12:38 TUYA Notice][tuya_device.c:1145] wifi_stat = 1
do td cur_t:290--last:idx:13,t:282 -- new:idx:14,t:294 
--0xc:08, shift_b:0, shift_g:0, X:2
                                   [01-01 18:12:43 TUYA Notice][tuya_device.c:1144] device_init ok  free_mem_size:74768
[01-01 18:12:43 TUYA Notice][tuya_device.c:1145] wifi_stat = 1

is what I get from putting the factory firmware back.

Added after 2 [hours] 56 [minutes]:

Ok, lesson learned: don't try to uartprogram dump from offset 0x0, it doesn't like that.

I successfully managed to flash Obk with uartdownload, and have it bring up a wifi access point -- I'm dumping the firmware over SPI now to see what the difference is.

#593 20013407 10 May 2022 07:46

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #593
20013407 10 May 2022 07:46

@echojjj good job, exploit will be ready later, but now you can flash OpenBeken. We will try to go through the whole fan device configuration step by step and resolve problems as they show.

@xabean post both dumps here now, the original one and the openbk, it would be interesting to compare how SPI sees them

Also... bkWriter 1.60 is not able seemingly to dump from 0x0, even if you change start offset to 0x0, it sets it back to default value

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#594 20014538 10 May 2022 22:40

kuba2k2 kuba2k2

Level 13

Helpful post? (0)

Post #594
20014538 10 May 2022 22:40

Meanwhile, I've created a Python program to generate board pinout images like this one:

Why? I'm not sure. But I just couldn't stand looking onto three different websites/documents at once, just to find out which pin on my board is SCL and which is SDA.
The program makes it relatively easy to write board definitions (yes, both the pin names and a graphical illustration) in JSON, and automatically generates a .svg file ✨
~~the code is terrible as writing it took just over a few hours, but who cares, right?~~[/spoiler]
#595 20014548 10 May 2022 22:47

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #595
20014548 10 May 2022 22:47

Nice, but wasn't there already a program for that? I saw that kind of image many times before.

Btw, look, this is the new module from the one of recent donations:

Is anyone here willing to do a prelimary google search before I start checking if this chip is programmable? DT-BL200.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#596 20014555 10 May 2022 22:55

kuba2k2 kuba2k2

Level 13

Helpful post? (0)

Post #596
20014555 10 May 2022 22:55

p.kaczmarek2 wrote:
Nice, but wasn't there already a program for that? I saw that kind of image many times before.

Not really. These images are mostly inspired by Adafruit's pinout drawings, however, these were all done by hand. There are a few generators, but they look worse (IMO) and are much harder to use (writing board info).

p.kaczmarek2 wrote:
Is anyone here willing to do a prelimary google search before I start checking if this chip is programmable? DT-BL200.

What about hooking TX? It's probably another BK or something

#597 20014576 10 May 2022 23:17

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Post #597

20014576 10 May 2022 23:17

kuba2k2 wrote:

What about hooking TX? It's probably another BK or something

I was trying to step up the game a bit and let us guess without seeing any logs, but... since you ask...


[0;32m1609473638 [I] [   doit_main] doit_mem_curr_used_size: 86848  mem_left_mini: 8658
[0mStarting bl602 now....
Reset cause 0: BL_RST_POWER_OFF
Heap 129168@0x42020770, 5920@0x420488e0

blog init set power on level 2, 2, 2.
[IRQ] Clearing and Disable all the pending IRQ...
[         0][[36mBUF[0m: hal_board.c: 606]  10  10  10  10  10  10  10 10  10  10  10  10  10  10 
[BL] [SEC] TRNG Handler
====== bloop dump ======
--->>> timer list

[MTD] >>>>>> Hanlde info Dump >>>>>>
      name PSM
      id 0
      offset 0x000f8000(1015808)
      size 0x00004000(16Kbytes)
      xip_addr 0x230e7000
[MTD] <<<<<< Hanlde info End <<<<<<
[EF] Found Valid PSM partition, XIP Addr 230e7000, flash addr 000f8000
ddefault_env_size = 0x00000001
ENV start address is 0x00000000, size is 16384 bytes.
EasyFlash V4.0.99 is initialize success.
You can get the latest version on https://github.com/armink/EasyFlash .


[BL] Initi Wi-Fi with MAC #### 24:94:94:D5:35:9B ####
     hostname: Bouffalolab_BL602-d5359b
[WF] country code CN used, num of channel 13
-----------------------------------------------------
[IPC] [TX] Low level size 204, driver size 92, total size 296
Enable BMX IRQ
[version] lmac 5.4.0.0
[version] version_machw_1 000055FB
[version] version_machw_2 000001B3
[version] version_phy_1 00822111
[version] version_phy_2 00000000

[version] features 000089DF
[ME] HT supp 1, VHT supp 0
[WF] country code CN used, num of channel 13

    ____               _     _  __      
   / ___|___ _____   _| |   (_)/ _| ___ 
  | |   / _ \_  / | | | |   | | |_ / _ \
  | |__| (_) / /| |_| | |___| |  _|  __/
   \____\___/___|\__, |_____|_|_|  \___|
                 |___/                  


cozylife_app_info
CozyLife SDK Version: 0.2.0
CozyLife SDK Build Aug 10 2021 17:28:38

cozylife_app_info
Product Id: e2s64v
Firmware Version: 1.0.0
Firmware Build Ag 10 2021 17:28:56

dohome_hal_wifi_set_sleep_flag not support now
[0;32m1609473600 [I] [    lib_wifi] read wifi_info ssid:   passwd: 
[0m[0;32m1609473600 [I] [  lib_device] MAC: 249494d5359b
[0m[0;32m1609473600 [I] [  lib_device] read api_domain: dohome.doiting.com
[0m[0;32m1609473600 [I] [  lib_device] admin_info admin: 
[0m[0;32m1609473600 [I] [  lib_device] tcp_info: :0
[0m
device id:

[0;32m1609473600 [I] [     lib_log] udplog_init on: 0, 192.168.2.2:7789
[0m[0;32m1609473600 [I] [doit_product] doit_product_read_status H: 65535, S: 65535, T: 1000, B: 1000
[0m[0;32m1609473600 [I] [   doit_main] save reset_cnt: 1
[0m[       304][[33mWARN  [0m: bl_mtd.c: 201] addr@0x2307fcdc is xip flash, size 12
[0;32m1609473600 [I] [   doit_main] rese_cnt: 1
[0m[0;33m1609473600 [W] [    lib_wifi did not found
[0m[0;32m1609473600 [I] [     factory] doit_factory_test_read_time: 0
[0m[0;32m1609473600 [I] [   doit_main] doit_mem_curr_used_size: 99240  mem_left_mini: 99240
[0m[0;32m1609473600 [I] [   doit_main] doit_mem_curr_used_size: 98776  mem_left_mini: 98776
[0m[0;32m1609473600 [I] [     factory] wifi_scan_start cnt: 1
[0m[0;32m1609473602 [I] [   doit_main] doit_mem_curr_used_size: 99120  mem_left_mini: 96960
[0m[WIFI] [IND] SCAN Done
AP01  rssi:-98  channel:11  ssid:5G_FullPower
AP02  rssi:-85  channel:9  ssid:QQQQQQQQQQQQQQQQQ
AP03  rssi:-49  channel:10  ssid:fdsafdsafdsa
AP04  rssi:-98  channel:1  ssid:fdsafdsafdsa
AP05  rssi:-98  channel:1  ssid:fdsafdsaf
AP06  rssi:-98  channel:1  ssid:fdsafdsafads
AP07  rssi:-60  channel:1  ssid:fdasfdas
AP08  rssi:-82  channel:1  ssid:fdsafdsafdsafsd
[APP] [EVT] SCAN Done 3722, SCAN Result: OK
[0;32m1609473603 [I] [     factory] wifi_scan_start cnt: 2
[0m[0;32m1609473605 [I] [   doit_main] save reset_cnt: 0
[0m[      5354][[33mWARN  [0m: bl_mtd.c: 201] addr@0x2307fcdc is xip flash, szze 12
[WIFI] [IND] SCAN Done
AP01  rssi:-98  channel:11  ssid:5G_FullPower
AP02  rssi:-85  channel:9  ssid:QQQQQQQQQQQQQQQQQ
AP03  rssi:-49  channel:10  ssid:fdsafdsafdsa
AP04  rssi:-98  channel:1  ssid:fdsafdsafdsa
AP05  rssi:-98  channel:1  ssid:fdsafdsaf
AP06  rssi:-98  channel:1  ssid:fdsafdsafads
AP07  rssi:-60  channel:1  ssid:fdasfdas
AP08  rssi:-82  channel:1  ssid:fdsafdsafdsafsd
[APP] [EVT] SCAN Done 7052, SCAN Result: OK
[0;32m1609473606 [I] [   doit_main] factory_test_scan_cb: 0
[0m[0;32m1609473606 [I] [   doit_main] start wifi config
[0m[0;32m1609473606 [I] [    lib_wifi] wifi_start_config
[0m[lwip] netif status callback
  IP: 192.168.11.1
  MK: 255.255.255.0
  W: 0.0.0.0
[WF] MM_ADD_IF_REQ Sending: AP
[WF] MM_ADD_IF_REQ Done
[WF] vif_index from LAMC is 0
[lwip] netif status callback
  IP: 192.168.4.1
  MK: 255.255.2550
  GW: 0.0.0.0
[DHCP] ip_start: [192.168.4.2]
[DHCP] ip_start: [192.168.4.254]
[WF] APM_START_REQ Sending with vif_index 0
[WF] APM_START_REQ Done
[WF] status is 00
[WF] vif_idx is 00
[WF] ch_idx is 00
[WF] bcmc_idx is 03
[0;32m1609473607 [I] [    lib_wifi] ap create Successfully !

[0m[APP] [EVT] Unknown code 11, 7199
[0;33m1609473607 [W] [    lib_wifi] did not found
[0m[0;32m1609473607 [I] [    lib_wifi] set_boot_start_config: 1
[0m[      7204][[33mWARN  [0m: bl_mtd.c: 201] addr@0x23080e00 is xip flash, iize 11
[0;32m1609473607 [I] [     lib_ble] ble_start_wifi_cfg
[0mBD_ADDR:(MSB)24:94:94:d5:35:9c(LSB)
[0;32m1609473607 [I] [     lib_ble] ble mac: 24:94:94:d5:35:9c
[0m[0;32m1609473607 [I] [     lib_ble] bt_enabled
[0m[0;32m1609473607 [I] [     lib_ble] bt_adv_ready
[0m[0;32m1609473608 [I] [   doit_main] doit_mem_curr_used_size: 86848  mem_left_mini: 86544
[0m[0;32m1609473617 [I] [    lib_wifi] set_boot_start_config: 0
[0m[     17269][[33mWARN  [0m: bl_mtd.c: 201] addr@0x23080e00 is xip flash, size 11
[0;32m1609473618 [I] [   doit_main] doit_mem_curr_used_size: 86848  mem_left_mini: 86588
[0m[0;32m1609473628 [I] [   doit_main] doit_mem_curr_used_size: 86848  mem_left_mini: 86528
[0m[0;32m1609473638 [I] [   doit_main] doit_mem_curr_used_size: 86848  memlleft_mini: 86528
[0m[0;32m1609473648 [I] [   doit_main] doit_mem_curr_used_size: 86848  mem_left_mini: 86528
[0m[0;32m1609473658 [I] [   doit_main] doit_mem_curr_used_size: 86848  mem_left_mini: 86528
[0m[0;32m1609473668 [I] [   doit_main] doit_mem_curr_used_size: 86848  mem_left_mini: 86528
[0m[0;32m1609473678 [I] [   doit_main] doit_mem_curr_used_size: 86848 mem_left_mini: 86528
[mm[0;32m1609473688 [I] [   doit_main] doit_mem_curr_used_size: 86848  mem_left_mini: 86528
[0m[0;32m1609473698 [I] [   doit_main] doit_mem_curr_used_size: 86848  mem_eft_mini: 86528
[0m[0;32m1609473708 [I] [   doit_main] doit_mem_curr_used_size: 86848  mem_lett_mini: 86528
[0m

It seems it's already supported one. Altought no OTA yet.

the uart log recommend me to use https://github.com/armink/EasyFlash

D8 is also routed out...

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.

#598 20016816 12 May 2022 17:12

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #598
20016816 12 May 2022 17:12

I have started working on supporting Tasmota Device Groups:

still, it's a long way to go.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#599 20019649 15 May 2022 09:37

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #599
20019649 15 May 2022 09:37

I have confirmed that we have UDP multicast in Beken SDK. It is done by LWIP library. IGMP flag must be set on network interface in order for it to work, but that's it. So I have a clear path towards supporting Tasmota Device Groups now.

DGR protocol will most likely work on other platforms as well.

I already have power states (ON/OFF), dimmer lighting values (0-255) and color (RGBCW) parsing.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#600 20025730 19 May 2022 17:01

jimbolaya jimbolaya

Level 2

Helpful post? (0)

Post #600
20025730 19 May 2022 17:01

p.kaczmarek2 wrote:

So, the suggested setup is:
- USB to UART converter with 3.3V logic levels connected to programming RX TX port
- extra 5V power supply (maybe from second USB port if they dont reset together) connected to 3.3V LDO connected to board (Beken chips are 3.3V only).

I've got the UART connected and I've powered the chip through a 3.3v breadboard power supply. I have TX2/RX2 connected to a second TTY to see if I can see anything and I'm getting messages. It appears to be a standard tuya load. Here's the screen log:

screenl...txt Download (5.67 kB)

p.kaczmarek2 wrote:

Procedure is:
1. start bkwriter read (first read flash to backup it)
2. power off and power on board
3. the bkwriter will do whole read after reboot of the board

Unfortunately, reading the flash fails. I'm not sure if I should wait to write the flash before I can read it. In the Beken Writer app, the "Scanner Port COM" is blank, even if I plug both TX/RX and TX2/RX2 in.

I can also provide 5v either by plugging in the USB (which wasn't advised) or using the 5v from my breadboard power supply into the USB VCC, but I'm not sure that's necessary. I tried reading the flash either way and was unsuccessful.

Let me know what you think the best next steps are.

Here's my setup:
Create an account, log in and become active in a forum and ads will not appear. You will receive points by participating in discussions.
Join this discussion.

Install the application

Reply Cool? Ranking DIY | New topic

Notify about new articles

Report a violation of the law

Topic summary

The discussion revolves around the development and implementation of custom firmware for devices using the BK7231T and BK7231N chips, particularly focusing on creating a mini HTTP server, MQTT support, and integration with Home Assistant. Users share their experiences flashing various smart devices, troubleshooting issues related to UART connections, and configuring GPIO pins for different functionalities. The conversation also touches on the challenges of maintaining WiFi connectivity, the importance of proper pin configuration, and the potential for using I2C for additional device control. Several users report successful firmware updates and the addition of new features, including support for various sensors and devices.
Summary generated by the language model.