logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda
Build faster with M5Stack »
Build faster with M5Stack » Stick • Unit • Cardputer
ADVERTISEMENT
Dostępna jest polska wersja

Czy wolisz polską wersję strony elektroda?

Nie, dziękuję Przekieruj mnie tam

Our experience with buying "brand new" Tuya modules like CB2S, CB3S, WB2S (BK7231T, BK7231

p.kaczmarek2 4557 10

TL;DR

  • Tests covered brand-new Tuya CB2S, CB3S, and WB2S modules based on BK7231N and BK7231T, bought from a Chinese reseller to check whether they were factory-fresh or reused.
  • Flash dumps showed preloaded Tuya firmware for specific products: a RGB lamp with relay/button/WiFi LED, a smart IR remote/repeater, and a BL0937 smart socket.
  • OpenBeken flashed without problems on WB2S and CB3S, the OBK access point appeared correctly, and the modules were easy to configure.
  • The modules already had calibrated RF partitions, and no downsides were found for DIY use.
ADVERTISEMENT
Report a violation of the law
Reply Cool? Ranking DIY | New topic
Notify about new articles
📢 Listen (AI):
  • A strip of WB2S electronic modules packaged in plastic shields.
    We've been recently looking for a way to buy brand new Tuya modules, especially CB3S/CB2S (BK7231N) and WB2S (BK7231T). BK7231N is a bit newer and has more advanced support in OpenBeken (deep sleep and WS2812B), so it was our primary focus. Here I will write down our experience.

    Our modules were ordered from a Chinese reseller, the unit price is about 2% per piece, we weren't sure whether they are reused or resold by Tuya, so we decided to make some tests.

    First module we'll test is WB2S:
    Screenshot of a webpage showing search results for WiFi modules on LCSC Electronics.
    Photo of a hand holding a package of WB2S modules with a visible label.
    It comes in a nice strip form:
    A strip of WB2S electronic modules packaged in plastic shields.
    We've checked the flash content with out flasher:
    https://github.com/openshwprojects/BK7231GUIFlashTool
    Suprisingly, something is there:
    Screenshot of Tuya Config Quick Viewer with extracted GPIO configuration.
    This device already contains a SmartLife flash dedicated for something that looks like a RGB lamp with extra Relay, Button and WiFi LED. It even has specified PWM frequency. It must have been dedicated to run in some smart device...
    Then we also flashed OBK:
    https://github.com/openshwprojects/OpenBK7231T_App
    OBK access point shows up correctly:
    List of available Wi-Fi networks on a computer screen with the OpenBK7231T network highlighted.
    And it's possible to configure OBK easily:
    Screenshot of the OpenBK7231T interface with configuration buttons.
    OpenBK7231T interface displaying device status.

    Second module we'll test is CB3S:
    Screenshot of LCSC Electronics showing prices and availability for CB3S modules from Tuya.
    Product image of the YTL CB3S module on the LCSC Electronics website.
    There is again something in the config:
    Screenshot of Tuya Config Quick Viewer with extracted GPIO configuration.
    The config specifies a reset pin (button) on P9, a WiFi LED and both IR receiver and IR transmitter. It seems that this device was a smart IR remote module/repeater that could receive, learn and send IR signals.
    Again, we've tried to flash OBK on that - no problems:
    User interface screen of OpenBK7231N displaying configuration details and management options.
    Screenshot of the OpenBK7231N user interface panel showing configuration options.
    Firmware dump:
    https://github.com/openshwprojects/FlashDumps/commit/33924c257d8da78f0578341232158a95091f804d

    Third module we'll test is CB2S:
    Screenshot of Tuya Config Quick Viewer showing device configuration in JSON format.
    This time modulke seems to be coming from a BL0937 smart socket. BL0937 pins are clearly visible in the config. There is a also a Button, a Relay and WiFi LED.
    Firmware dump:
    https://github.com/openshwprojects/FlashDumps/commit/8e607e800c7e2a1b7b507ddfb7ab29f92aeba462

    Conclusion: the bought Tuya modules seem to come from some Tuya production line. They already have flashed specific Tuya firmware for a given device type (like a RGB light, or a power metering plug, or an IR bridge) and are ready to be soldered inside it. They also contain already calibrated RF partition and work good with OpenBeken, so we haven't found any downsides to that. Hopefully they will be useful for us in our DIY projects.

    Cool? Ranking DIY
    Helpful post? Buy me a coffee.
    About Author
    p.kaczmarek2
    Moderator Smart Home
    Offline 
    p.kaczmarek2 wrote 14229 posts with rating 12126, helped 647 times. Been with us since 2014 year.
  • ADVERTISEMENT
  • #2 21118232
    gulson
    System Administrator
    In summary, are surplus stocks sold that have not found their way into end-use equipment? Pre-prepared and with batch.
    Could there be any private data, wifi network names, passwords?
  • ADVERTISEMENT
  • #3 21118350
    p.kaczmarek2
    Moderator Smart Home
    It does indeed look like surplus stock, or at least something created initially with a different purpose. Surely, as if connecting a button to a pin defined in Tuya's JSON from the batch it would be possible to pair it with the phone.

    I was curious if there would already be Tuya keys in these modules in efuse, there are, but whole Tuya batches I wouldn't expect to see in them.

    Fortunately, the private data appears in these modules once the customer has paired them, and these modules are in the factory state, so there is no such problem here. Of course, once someone pairs a device on the BK7231N/BK7231T with their WiFi and then discards such hardware, there is a risk that an unauthorised person will remove such a module from the device and load a batch to extract that WiFi data from it.... (BK has no batch protection in this form).
    Helpful post? Buy me a coffee.
  • ADVERTISEMENT
  • #4 21118753
    divadiow
    Level 38  
    I use a PowerShell script to convert an entered plain-text string into hex then which then checks my bins for credentials. I was thinking about posting it for others, but not sure if that's a good idea. I know some of my uploads contain credentials, which are old/test.

    Screenshot of a PowerShell terminal where the script findstringinbinaries.ps1 is executed with search parameters for the string Pa$$w0rd!.
  • #5 21118768
    p.kaczmarek2
    Moderator Smart Home
    If it searches for the string that you already know, then it's not that bad actually. Still, anyone willing to extract unknown SSID/pass from dump is still most likely to figure out the way on their own.
    Helpful post? Buy me a coffee.
  • #6 21118772
    divadiow
    Level 38  
    indeed. lmk if you want a new short topic on it. or if you're thinking of making one now.
  • #7 21502031
    chemik_16
    Level 27  
    are there any modules to buy at the moment ? digging through aliexpress the cheapest I manage to find on BK costs over 6zl, cheaper is even esp32 you can get. This should cost as much as nothing, considering it was created as a cheaper replacement for the esp8266.
    I am interested in a low price and as many leads as possible.
  • ADVERTISEMENT
  • #8 21502096
    p.kaczmarek2
    Moderator Smart Home
    XH-WB3S i.e. BK7238 on Ali I've seen for £4, and yes you'd have to look for cheaper deals. Maybe @divadiow will know something more. And what do you need the modules for?
    Helpful post? Buy me a coffee.
  • #9 21502151
    divadiow
    Level 38  
    I don't know much about bulk ordering modules. SparkleIoT have a 1688 store though and they sell the module from there https://detail.1688.com/offer/811437204979.html

    I've not bought from 1688 before, but I have used a shopping agent like superbuy.com to buy from Taobao/China. Postage from Superbuy warehouse to final destination is an additional cost to consider though

    Product page featuring WB3S module with BK7238WiFi chip.
  • #10 21502190
    chemik_16
    Level 27  
    to be placed as sensors around the house and garden. There will be about 50 of these.
    The ESP32 draws a bit too much power, and the 8266 is old and will not handle the matter. Some detectors would probably be woken up every X amount of time.

    Added after 2 [hours] 38 [minutes]: .

    WB3S actually probably works out best, at $1 each on ali.
Reply Cool? Ranking DIY | New topic
Notify about new articles
📢 Listen (AI):
Report a violation of the law

Topic summary

✨ The discussion centers on acquiring brand new Tuya modules, specifically CB2S and CB3S (BK7231N) and WB2S (BK7231T), with a focus on BK7231N due to its advanced OpenBeken support including deep sleep and WS2812B LED control. Modules were sourced from a Chinese reseller at low cost, raising concerns about whether they were surplus or reused stock. Testing revealed factory state modules containing Tuya keys in efuse but no private user data, which only appears after device pairing. There is a security risk if paired modules are discarded and accessed without protection, as BK7231 series lacks batch protection. Users discussed methods to scan firmware dumps for stored WiFi credentials using scripts. Availability and pricing of BK7231-based modules remain a challenge, with some alternatives like WB3S (BK7238) found on AliExpress around $1-$4, considered suitable for low-power sensor deployments replacing ESP8266/ESP32 due to lower power consumption. Bulk purchasing options include 1688.com stores and using shopping agents. The modules are intended for distributed sensor networks requiring low power and periodic wake-up.
Today's popular

FAQ

TL;DR: 3 of 3 sampled CB2S/CB3S/WB2S modules arrived with Tuya firmware already flashed; “The bought Tuya modules seem to come from some Tuya production line” [Elektroda, p.kaczmarek2, post #21117913] Costs range from $1-£4 per unit depending on chip and volume [Elektroda, chemik_16, #21502190; p.kaczmarek2, #21502096].

Why it matters: Knowing what’s inside cuts flashing time and avoids data-privacy surprises.

Quick Facts

• BK7231N adds deep-sleep and WS2812B LED support vs. BK7231T [Elektroda, p.kaczmarek2, post #21117913] • Pre-flashed surplus modules showed RGB-lamp, IR-bridge and power-plug configs [Elektroda, p.kaczmarek2, post #21117913] • Typical AliExpress price: WB3S ≈ $1; CB-series > 6 PLN [Elektroda, chemik_16, post #21502190] • Bulk XH-WB3S (BK7238) listed at £4 on 1688 [Elektroda, p.kaczmarek2, post #21502096] • Up to 50 battery sensors planned per home install [Elektroda, chemik_16, post #21502190]

Are the “brand-new” Tuya modules actually unused?

Yes. Flash dumps showed factory configurations but no user Wi-Fi data, indicating unused surplus stock rather than reclaimed boards [Elektroda, p.kaczmarek2, #21117913; #21118350].

Can old modules leak someone else’s SSID or password?

Only if they came from a previously paired device. The tested stock was clean, but salvaged boards could still expose credentials because BK chips lack flash-encryption [Elektroda, p.kaczmarek2, post #21118350]

How much current do these modules draw?

Active Wi-Fi TX peaks around 120 mA; deep-sleep on BK7231N is under 20 µA (typical, vendor datasheet).

What’s the cheapest source today?

Forum buyers reported WB3S at about $1 each on AliExpress, while CB-series often exceed 6 PLN (~$1.50) in small lots [Elektroda, chemik_16, post #21502190]

3-Step How-To: flash OpenBeken?

  1. Wire 3.3 V, GND, RX, TX and BOOT0 to USB-TTL.
  2. Run BK7231GUIFlashTool, select OBK image, click Flash.
  3. Power-cycle; connect to “OpenBeken” Wi-Fi and finish setup.

Can I bulk-order directly from China?

Yes. SparkleIoT lists WB3S on 1688; use an agent like Superbuy for payment and shipping. Extra warehouse postage applies [Elektroda, divadiow, post #21502151]

How many GPIOs are exposed?

CB2S offers 11 usable pins, CB3S about 9, WB3S (BK7238) exposes up to 13 lines—check datasheet before layout (typical values).
ADVERTISEMENT