[Tutorial] Flashing OpenBK via OTA using tuya-cloudcutter

ferbulous 5658 14

Reply Cool? Ranking DIY | New topic

Notify about new articles

Helpful post? (+1)

Helpful post #1 13 Dec 2022 16:50

Download the tool here
https://github.com/tuya-cloudcutter/tuya-cloudcutter

Before using the script, verify your device tuya-firmware version using the tuya/smartlife app
and download the correct firmware for your device chip (T or N). The chip would not boot if wrong firmware version is flashed on it and it would require using serial method to re-flash it again with the correct firmware.

Steps:
1. Start the script (run_flash.sh)
2. Select the firmware that you have downloaded earlier to the custom-firmware directory.
3. Select your profile that matches with the tuya-firmware version.
4. Reset your device to AP mode (if profile matches, A-xx prefix would show up after it gets reset the 2nd time)
5. Reset your device again for the OTA flashing,

For no (3), if your device is not supported, then you would need to make dump of your device firmware using bk7231tools and submit a github request for profile creation.
There's also Lightleak app that can obtain firmware dump wirelessly. I've had some success with T device but not N yet

Alternatively you could still generate your own profile using hexomatic with this batch script

Spoiler:
Code: text Expand Select all Copy to clipboard
bk7231tools dissect_dump -e -O %1 %1.bin pushd %1 ..\haxomatic.py %1_app_1.00_decrypted.bin ..\parse_storage.py %1_storage.json ..\parse_app.py %1_app_1.00_decrypted.bin mkdir extracted move *.txt extracted\ popd assemble_universal.py %1

save as do_magic.bat

On windows rename full dump .bin to device-manufacturer_device-name.bin and run it like this
Code: text Expand Select all Copy to clipboard
do_magic.bat device-manufacturer_device-name

It should generate these files

Copy the last two JSON files to a subdirectory in device-profiles.
Rename each to device.json and profile.json, respectively
And execute run_flash.sh <wifi adapter name> <your subdirectory name>

Cool? Ranking DIY
About Author
ferbulous ferbulous

Level 16
Offline

Joined: 29 Jan 2022

Posts: 312

Help: 5

Posts rating: 37

Points: 1350
ferbulous wrote 312 posts with rating 37, helped 5 times. Been with us since 2022 year.
#2 17 Dec 2022 19:25

nielspiersma nielspiersma

Level 6

Helpful post? (0)

#2 17 Dec 2022 19:25

Excellent tutorial. I want to share that it is essential to double-check the real chip on the PCB. Tuya has been shipping out CB2S labelled PCB's with BK7231Ts.

So, removing the label and double-checking if you run into flashing issues is imperative.
#3 18 Dec 2022 13:22

ferbulous ferbulous

Level 16

Topic author Helpful post? (0)

#3 18 Dec 2022 13:22

nielspiersma wrote:
Tuya has been shipping out CB2S labelled PCB's with BK7231Ts

Thanks for highlighting that, probably won't notice if I never open the metal case which I rarely do
I think I'll edit my post to recommend running 'run_detach' script first just to verify which chip the device is running on.
#4 21 Feb 2023 21:02

mcheibani mcheibani

Level 3

Helpful post? (0)

#4 21 Feb 2023 21:02

Thanks for the great tutorial. The wireless method is very easy and beginner friendly (like myself). It will help a lot of us disconnect from the Tuya cloud.
I tried it in a couple of devices and it worked with one but the other one failed to boot after flashing which is likely caused by flashing the wrong firmware. Is there a way to find out which chip I have (N or T)? I find it a bit confusing. I have for example a MOES dimmer module (105B). In the OpenBeken device list page, it shows that the device has the T version. But in cloudcutter device profiles, if I select manufacturer and profile, it suggestes that it's N. I opened up the device and I see Model: CB2S. Is there a way to confirm which chip I have?
#5 21 Feb 2023 21:29

nielspiersma nielspiersma

Level 6

Helpful post? (0)

#5 21 Feb 2023 21:29

We found that tuya is sending out pcbs with wrong labeling. So the only way to know 100% sure is by finding the chip and reading it.

Other method is just try on error. The good thing is that it is almost impossible flashing T on N or vise versa.

Niels
#6 21 Feb 2023 21:37

mcheibani mcheibani

Level 3

Helpful post? (0)

#6 21 Feb 2023 21:37

Thanks for the reply. The problem is that I have caused a device not to boot by flashing the wrong firmware. I had a 16a mini switch that I flashed with the N firmware and it didn't boot after the flash process completed. Afterwards I found out that it has a T chip. I need now to flash it with the serial method for which I don't have the tools.
#7 21 Feb 2023 21:48

nielspiersma nielspiersma

Level 6

Helpful post? (0)

#7 21 Feb 2023 21:48

Okay,

That is kinda new for me. I never was able flashing an T to N or vice versa.

Am I correct in assuming you used tuya cloud cutter for initial flash and then a flash with OTa resulting in a bricked device?

Afaik it is not possible flashing the wrong firmware during cloud cutter...

Niels
#8 21 Feb 2023 21:54

mcheibani mcheibani

Level 3

Helpful post? (0)

#8 21 Feb 2023 21:54

nielspiersma wrote:
Am I correct in assuming you used tuya cloud cutter for initial flash and then a flash with OTa resulting in a bricked device?

I meant that I flashed it the initial time with the wrong firmware using cloudcutter.
nielspiersma wrote:
Afaik it is not possible flashing the wrong firmware during cloud cutter...

Hmm. the device stopped working right after flashing with cloudcutter. I assumed that it was because of the wrong firmware.
#9 21 Feb 2023 22:19

nielspiersma nielspiersma

Level 6

Helpful post? (0)

#9 21 Feb 2023 22:19

Hmm. That is new for me.

I initially had a problem with a wrongly labelled N version that was actually a T. It was never possible for me to flash it with the N version until I tried the T version that magically worked.

So I would recommend trying to boot it again in recovery mode and try flashing it again.

Getting the device into recovery mode differs from device to device. My best results are. Power on. Wait 2 seconds. Keep button pressed for 7 to 8 seconds. Release and press again for 6 to 8 seconds. Usually it is in open access point mode and you should be able to run cloudcutter again.

Niels
#10 21 Feb 2023 22:33

Zain00 Zain00

Level 9

Helpful post? (0)

#10 21 Feb 2023 22:33

nielspiersma wrote:
We found that tuya is sending out pcbs with wrong labeling. So the only way to know 100% sure is by finding the chip and reading it.

Other method is just try on error. The good thing is that it is almost impossible flashing T on N or vise versa.

Niels

A few months ago I had AVATTO Bulb that came with WB2L module .
Under the metal shield I found C-chip CC8000 instead of BK7231T
I don’t know if it's the same chip under a different name or Tuya was trying other chips than Beken
#11 22 Feb 2023 05:21

ferbulous ferbulous

Level 16

Topic author Helpful post? (0)

#11 22 Feb 2023 05:21

@mcheibani

To avoid this, i would recommend initially using the detach script (just cloudcut from tuya).
If N profile works, then it has to be N device
Same goes with T device

Added after 4 [minutes]:

@Zain00
Well that’s something new
That’s not even a beken chip, i’ve bought one before with the exact same chip (CC8000) and i ended just selling that one.
The pinout was odd so I wasn’t sure if i could just swap it with esp
#12 22 Feb 2023 17:56

mcheibani mcheibani

Level 3

Helpful post? (0)

#12 22 Feb 2023 17:56

nielspiersma wrote:
So I would recommend trying to boot it again in recovery mode and try flashing it again.

Thank you! This helped solve the issue for my old switch that I thought will need to be reflashed using the serial/soldering method. I tried again to put it in recovery mode and was able to flash it with the correct firmware.

Added after 1 [minutes]:

ferbulous wrote:
@mcheibani

To avoid this, i would recommend initially using the detach script (just cloudcut from tuya).
If N profile works, then it has to be N device
Same goes with T device

Thank you for the response. I will try that.
#13 24 Feb 2023 19:12

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

#13 24 Feb 2023 19:12

WB2L with CC8000? Can you try doing a flash read of that? Or at least try to get UART log?
@Zain00

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600 and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects
#14 24 Feb 2023 21:37

Zain00 Zain00

Level 9

Helpful post? (0)

#14 24 Feb 2023 21:37

This picture was taken 5 months ago.
Sadly, I can't find the module
#15 24 Feb 2023 23:07

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

#15 24 Feb 2023 23:07

Yea, same here... I once ordered BK7231U dev board from aliexpress and also got CC8000. I am not sure if I tested it more... I must find my module and test.

https://www.elektroda.pl/rtvforum/find.php?q=CC8000
https://www.elektroda.com/rtvforum/find.php?q=CC8000

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600 and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects
Create an account, log in and become active in a forum and ads will not appear. You will receive points by participating in discussions.
Join this discussion.

Log in with Google

Reply Cool? Ranking DIY | New topic

Notify about new articles

Home page
/
Forum
/
Smart Home IoT
/
Smart Home Tutorials
/
[Tutorial] Flashing OpenBK via OTA using tuya-cloudcutter