FAQ
TL;DR: XR806 OTA is 1,167,192 bytes; "Update SDK to optimize power consumption." Here’s teardown, UART, bootloader, OTA, and watchdog-reset guidance for Avatto SWT60. For tinkerers needing steps to stop restarts, dump firmware, or test OpenBeken. [Elektroda, divadiow, post #21441811]
Why it matters: It speeds up troubleshooting and salvage of a refunded or unstable smart watering timer.
Quick facts:
- PCB shows Allwinner XR806 Wi‑Fi SoC plus a BAT32G127 MCU on this model. [Elektroda, divadiow, post #21148584]
- OTA v1.0.4 exists: full image 1,167,192 bytes; diff package 147,605 bytes; MD5 provided. [Elektroda, divadiow, post #21441811]
- Reported behavior: only 2–3 seconds of control every 2–3 minutes due to watchdog resets. [Elektroda, Cramp1017, post #21147933]
- XR806 enters UART download mode by pulling PB02 low during reset. [Elektroda, divadiow, post #21148584]
- Unit is silicone‑potted; opening it destroys the water seal. [Elektroda, Cramp1017, post #21148498]
Quick Facts
- PCB shows Allwinner XR806 Wi‑Fi SoC plus a BAT32G127 MCU on this model. [Elektroda, divadiow, post #21148584]
- OTA v1.0.4 exists: full image 1,167,192 bytes; diff package 147,605 bytes; MD5 provided. [Elektroda, divadiow, post #21441811]
- Reported behavior: only 2–3 seconds of control every 2–3 minutes due to watchdog resets. [Elektroda, Cramp1017, post #21147933]
- XR806 enters UART download mode by pulling PB02 low during reset. [Elektroda, divadiow, post #21148584]
- Unit is silicone‑potted; opening it destroys the water seal. [Elektroda, Cramp1017, post #21148498]
What chips are inside the Avatto SWT60—Tuya board or dedicated MCU?
The board includes an Allwinner XR806 Wi‑Fi SoC and a BAT32G127 microcontroller. That points to a Wi‑Fi module plus a dedicated MCU. “ooh! an XR806” highlighted the platform, and BAT32G127 was identified on the PCB. [Elektroda, divadiow, post #21148584]
Why does my SWT60 keep restarting every few minutes?
One user logged repeated hardware watchdog resets, leaving only 2–3 seconds of Wi‑Fi control every 2–3 minutes. Capture boot logs, verify supply stability, and review firmware options before hardware changes. This pattern suggests firmware or MCU‑module communication faults rather than pure hardware failure. [Elektroda, Cramp1017, post #21147933]
How do I quickly find UART TX/RX on this board?
Attach a logic analyzer and watch for boot messages on power‑up. Users reported boot logs on UART2, which confirms a live TX. Once detected, set your serial adapter to 3.3 V and match the observed baud. [Elektroda, Cramp1017, post #21148711]
What are the five‑pin header signals I can probe safely?
Measured pins were: Pin1 = 3.3 V, Pin4 = GND, two pins pulled low, and one pulled high. Use 3.3 V logic only. Confirm with your meter before connecting a USB‑UART adapter. [Elektroda, Cramp1017, post #21147996]
How can I reset the Tuya Wi‑Fi chip without power‑cycling the whole unit?
Pull the NRST line low momentarily to reset the XR806 module. This method avoids full power removal and helps when iterating boot captures and mode changes. [Elektroda, Cramp1017, post #21148711]
How do I put the XR806 into UART download mode?
Follow these steps:
- Hold PB02 low to ground.
- Reset or power the XR806 while PB02 stays low.
- Release PB02 and connect your UART tool to the bootloader.
“Only PB02 needs to be pulled low to get XR806 into download mode.” [Elektroda, divadiow, post #21148584]
Which software can talk to the XR806 bootloader for dumping or flashing?
PhoenixMC connected successfully in bootloader mode. One user achieved a full memory dump using an older PhoenixMC release. If connection fails, recheck wiring, reset timing, and COM parameters. [Elektroda, Cramp1017, post #21148767]
My flash dump is all zeros—what’s going on?
This behavior indicates flash protection or a locked region. “This reminds me of a flash protection.” Try different regions, but expect restrictions on vendor images. Consider proceeding without a backup if you accept the risk. [Elektroda, p.kaczmarek2, post #21148871]
Can I load XR809 firmware on the XR806?
No, they use different SDKs. “There’s another SDK for XR806,” and flashing was confirmed after switching. Build against the XR806 SDK or use the provided tools for that platform. [Elektroda, Cramp1017, post #21148875]
Can I swap XR806 for ESP or Beken and still keep the device usable?
Yes. “You can still swap XR806 to ESP or to Beken and still use this device.” Maintain TuyaMCU serial control to the BAT32G127. Map pins and replicate serial protocol for valve and display. [Elektroda, p.kaczmarek2, post #21148686]
Where can I download official OTA firmware for analysis?
Tuya reports an OTA v1.0.4 with a 1,167,192‑byte full image and a 147,605‑byte diff. URLs were identified, and files were slated for a public dumps repo for XR806 reference. Verify hashes before use. [Elektroda, divadiow, post #21441811]
Is the unit still waterproof after teardown?
No. Screws are buried in silicone and the assembly is fully potted. Opening it destroys the water seal, and collateral damage like a broken screen can occur. Reserve teardown units for bench work only. [Elektroda, Cramp1017, post #21148498]
Which component actually switches the water valve?
A 7002K MOSFET drives the valve. If it is damaged during teardown, the valve will not actuate even if logic works. Replace it before functional tests. [Elektroda, Cramp1017, post #21148689]
Are most UART pads accessible without destroying the enclosure?
Access is limited. Most UART test points are not reachable without breaking the device apart. Plan for micro‑soldering or live probing through the existing header where possible. [Elektroda, Cramp1017, post #21148498]
Can I still capture TuyaMCU serial traffic if the device is partially damaged?
Yes, if it powers up. Sniff the UART between XR806 and the BAT32G127 to log DP frames before flashing or swapping modules. Capture sessions can reveal control registers and timing. [Elektroda, p.kaczmarek2, post #21148886]
)
