logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

Our experience with buying "brand new" Tuya modules like CB2S, CB3S, WB2S (BK7231T, BK7231

p.kaczmarek2 3498 10
ADVERTISEMENT
Reply Cool? Ranking DIY | New topic
Notify about new articles
  • A strip of WB2S electronic modules packaged in plastic shields.
    We've been recently looking for a way to buy brand new Tuya modules, especially CB3S/CB2S (BK7231N) and WB2S (BK7231T). BK7231N is a bit newer and has more advanced support in OpenBeken (deep sleep and WS2812B), so it was our primary focus. Here I will write down our experience.

    Our modules were ordered from a Chinese reseller, the unit price is about 2% per piece, we weren't sure whether they are reused or resold by Tuya, so we decided to make some tests.

    First module we'll test is WB2S:
    Screenshot of a webpage showing search results for WiFi modules on LCSC Electronics.
    Photo of a hand holding a package of WB2S modules with a visible label.
    It comes in a nice strip form:
    A strip of WB2S electronic modules packaged in plastic shields.
    We've checked the flash content with out flasher:
    https://github.com/openshwprojects/BK7231GUIFlashTool
    Suprisingly, something is there:
    Screenshot of Tuya Config Quick Viewer with extracted GPIO configuration.
    This device already contains a SmartLife flash dedicated for something that looks like a RGB lamp with extra Relay, Button and WiFi LED. It even has specified PWM frequency. It must have been dedicated to run in some smart device...
    Then we also flashed OBK:
    https://github.com/openshwprojects/OpenBK7231T_App
    OBK access point shows up correctly:
    List of available Wi-Fi networks on a computer screen with the OpenBK7231T network highlighted.
    And it's possible to configure OBK easily:
    Screenshot of the OpenBK7231T interface with configuration buttons.
    OpenBK7231T interface displaying device status.

    Second module we'll test is CB3S:
    Screenshot of LCSC Electronics showing prices and availability for CB3S modules from Tuya.
    Product image of the YTL CB3S module on the LCSC Electronics website.
    There is again something in the config:
    Screenshot of Tuya Config Quick Viewer with extracted GPIO configuration.
    The config specifies a reset pin (button) on P9, a WiFi LED and both IR receiver and IR transmitter. It seems that this device was a smart IR remote module/repeater that could receive, learn and send IR signals.
    Again, we've tried to flash OBK on that - no problems:
    User interface screen of OpenBK7231N displaying configuration details and management options.
    Screenshot of the OpenBK7231N user interface panel showing configuration options.
    Firmware dump:
    https://github.com/openshwprojects/FlashDumps/commit/33924c257d8da78f0578341232158a95091f804d

    Third module we'll test is CB2S:
    Screenshot of Tuya Config Quick Viewer showing device configuration in JSON format.
    This time modulke seems to be coming from a BL0937 smart socket. BL0937 pins are clearly visible in the config. There is a also a Button, a Relay and WiFi LED.
    Firmware dump:
    https://github.com/openshwprojects/FlashDumps/commit/8e607e800c7e2a1b7b507ddfb7ab29f92aeba462

    Conclusion: the bought Tuya modules seem to come from some Tuya production line. They already have flashed specific Tuya firmware for a given device type (like a RGB light, or a power metering plug, or an IR bridge) and are ready to be soldered inside it. They also contain already calibrated RF partition and work good with OpenBeken, so we haven't found any downsides to that. Hopefully they will be useful for us in our DIY projects.

    Cool? Ranking DIY
    Helpful post? Buy me a coffee.
    About Author
    p.kaczmarek2
    Moderator Smart Home
    Offline 
    p.kaczmarek2 wrote 11949 posts with rating 9991, helped 572 times. Been with us since 2014 year.
  • ADVERTISEMENT
  • #2 21118232
    gulson
    System Administrator
    In summary, are surplus stocks sold that have not found their way into end-use equipment? Pre-prepared and with batch.
    Could there be any private data, wifi network names, passwords?
  • ADVERTISEMENT
  • #3 21118350
    p.kaczmarek2
    Moderator Smart Home
    It does indeed look like surplus stock, or at least something created initially with a different purpose. Surely, as if connecting a button to a pin defined in Tuya's JSON from the batch it would be possible to pair it with the phone.

    I was curious if there would already be Tuya keys in these modules in efuse, there are, but whole Tuya batches I wouldn't expect to see in them.

    Fortunately, the private data appears in these modules once the customer has paired them, and these modules are in the factory state, so there is no such problem here. Of course, once someone pairs a device on the BK7231N/BK7231T with their WiFi and then discards such hardware, there is a risk that an unauthorised person will remove such a module from the device and load a batch to extract that WiFi data from it.... (BK has no batch protection in this form).
    Helpful post? Buy me a coffee.
  • #4 21118753
    divadiow
    Level 34  
    I use a PowerShell script to convert an entered plain-text string into hex then which then checks my bins for credentials. I was thinking about posting it for others, but not sure if that's a good idea. I know some of my uploads contain credentials, which are old/test.

    Screenshot of a PowerShell terminal where the script findstringinbinaries.ps1 is executed with search parameters for the string Pa$$w0rd!.
  • #5 21118768
    p.kaczmarek2
    Moderator Smart Home
    If it searches for the string that you already know, then it's not that bad actually. Still, anyone willing to extract unknown SSID/pass from dump is still most likely to figure out the way on their own.
    Helpful post? Buy me a coffee.
  • ADVERTISEMENT
  • #6 21118772
    divadiow
    Level 34  
    indeed. lmk if you want a new short topic on it. or if you're thinking of making one now.
  • #7 21502031
    chemik_16
    Level 26  
    are there any modules to buy at the moment ? digging through aliexpress the cheapest I manage to find on BK costs over 6zl, cheaper is even esp32 you can get. This should cost as much as nothing, considering it was created as a cheaper replacement for the esp8266.
    I am interested in a low price and as many leads as possible.
  • #8 21502096
    p.kaczmarek2
    Moderator Smart Home
    XH-WB3S i.e. BK7238 on Ali I've seen for £4, and yes you'd have to look for cheaper deals. Maybe @divadiow will know something more. And what do you need the modules for?
    Helpful post? Buy me a coffee.
  • #9 21502151
    divadiow
    Level 34  
    I don't know much about bulk ordering modules. SparkleIoT have a 1688 store though and they sell the module from there https://detail.1688.com/offer/811437204979.html

    I've not bought from 1688 before, but I have used a shopping agent like superbuy.com to buy from Taobao/China. Postage from Superbuy warehouse to final destination is an additional cost to consider though

    Product page featuring WB3S module with BK7238WiFi chip.
  • ADVERTISEMENT
  • #10 21502190
    chemik_16
    Level 26  
    to be placed as sensors around the house and garden. There will be about 50 of these.
    The ESP32 draws a bit too much power, and the 8266 is old and will not handle the matter. Some detectors would probably be woken up every X amount of time.

    Added after 2 [hours] 38 [minutes]: .

    WB3S actually probably works out best, at $1 each on ali.
Reply Cool? Ranking DIY | New topic
Notify about new articles
Report a violation of the law

Topic summary

The discussion revolves around the purchase and testing of "brand new" Tuya modules, specifically the CB2S, CB3S (BK7231N), and WB2S (BK7231T). Users express concerns about the authenticity of these modules, suspecting they may be surplus stock or repurposed devices. Initial tests on the WB2S module revealed that it contains some flash content, raising questions about potential private data exposure, such as WiFi credentials. However, it was noted that these modules are in a factory state and do not contain user-specific data until paired with a network. The conversation also touches on the risks associated with discarded devices and the lack of batch protection in the BK7231 series, which could allow unauthorized access to WiFi information. Additionally, a user mentions a PowerShell script for credential extraction, highlighting security considerations in handling these modules.
Summary generated by the language model.
Popular Topics
ADVERTISEMENT