Power Meter KWS-302WF: Switching from Shunt to Transformer with HT7017 Chip sometime in the futur ..

Question

Hi, This is my first post in the forum, so apologize if something is out of the rules. Recently I bought one Power Meter KWS-302WF and didn't like the way it used to current measuring. So I dismantled the device to see if I'm able to change from shunt to transformer. This is the beginning of the...

p.kaczmarek2 · Answer

This xlsx file is a very good and professional job. You've done it very well. It can certainly help. Your doc may seem to be missing the dpIDs, but I think you can use this tool for that:

See: https://www.elektroda.com/rtvforum/topic3970199.html

Then your data can be used to change CBU firmware, for details, see TuyaMCU guide:
https://www.elektroda.com/rtvforum/topic4038151.html

Was this captured at 9600 baud or 115200?

Make sure to create 2MB flash backup and to read the TuyaMCU guide first to get some generic information.

You can also check autoexec.bat samples here:
https://github.com/openshwprojects/OpenBK7231T_App/blob/main/docs/autoexecExamples.md

Remember that you may need to sever UART connection in order to flash the device, because the same UART port which is used for flashing is also used for TuyaMCU communications.

Here is our flasher:
https://github.com/openshwprojects/BK7231GUIFlashTool

Regarding shunt change - this may be very hard because PY32F002A is in charge of most of the stuff. You would need to somehow change the firmware of PY32F002A I guess. PY32F002A is already reporting measurements to the WiFi module via UART, so I don't think you can apply shunt change on WiFi module. But you probably already know that...

TM1622 is also very interesting for me, but again, in this case, TM1622 is handled by PY32F002A so you shouldn't worry about that. We're always changing just firmware of the WiFi module, not of the MCU. Still, OBK can already driver TM1650 and TM1637/TM1638 and similiar directly, so if there is a need, I could also get somehow a TM1622 driver working as well.

Is your goal just a firmware change or do you also want to change that shunt?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.

Lusant · Answer

Thanks for the cumpliment ...I've not lost the dpID, I deleted it .. I explain why, I'm new in this stuff of HA and giving the first steps, so it is my feeling that this ID can be used to Tuya block my device ... sorry if this is a big mistake.I will read your suggested hints ..The communication between HT7017 and the PY32F is 4800 bps.The communication between CBU and the PY32F is 115200 bpsIn order to flash the CBU, I'll take it out, it is only used as a kind of gateway and there are only 4 pins to be desoldered.This will be the hard part ... most probably I'll not succeed in reading the PY32F ... the chip probably is protected and only allowed programming.More .. there are few documents about HT7017 .. anyway I'm reading...

p.kaczmarek2 · Answer

Impossible. Once you flash OpenBeken, Tuya has no access at all. By TuyaMCU communication we mean between WiFi module and MCU, so 115200. You will need to include it into your autoexec.bat . I hope you can read a bit more about autoexec.bat in the TuyaMCU guide I mentioned. Why do you want to change shunt? There was something like: but I still think it would require lots of work. PY32F handles the MCU side of TuyaMCU communication, so by flashing it you'll already lose that.

erbharatrankawat01 · Answer

Hi LusantMay I get your email address, need your help as we are building the metering product using HT7017 through ESP32

Lusant · Answer

Hi @erbharatrankawat01,

The best and fast way to get support is to open a thread with that subject.
This is the noble purpose of Forums, people with doubts, ask, people who know, answer ...
In this way everyone can participate and learn.

Note: I've some documents and also some recorded sessions of serial comm between HT7017 and PY32F that I can publish if you want, anyway, there is a lot to learn about that chip because the documentation is not very detailed.

Hypnotics · Answer

Hi, Lusant, I have the same device with the same cbu and mcu. I would like to ask if you already flashed openbeken on it. And if so can you help me with the autoexec.bat file config. Thanks in advance.

Lusant · Answer

Hi @Hypnotics I didn't do it yet.I already have made the backup using the tool made by @p.kaczmarek2 and also get some more data about the communication between the PY32F and the BK7231N.Meantime, I've read a bit more of Tuya and there is something about local address that I want to test. As I'm not sure if I can go back after flashing it, I suspend the project until I have time to restart.

divadiow · Answer

@Lusant kindly sent me the firmware backup for sanitisation and info extraction. I attach the result of that for anyone's interest with this device.

storage data:

Log in, to see the code

Tuya app paired images:

boot log:

Log in, to see the code

divadiow · Answer

Code: JSONLog in, to see the code

Hypnotics · Answer

@divadiow here is the factory firmware for kws-302wf.

divadiow · Answer

thanks. interesting. Lusant's backup is v2.1.6 which now has a Cloucutter profile. Yours is 2.1.17 which is a known patched version.

Hypnotics · Answer

>>21340504 can you help me with the autoexec.bat config for this device.

p.kaczmarek2 · Answer

Hey, what is your current autoexec.bat , @Hypnotics ? What's the current issue you're having?

Have you seen my ATORCH tutorial, which is a very similiar device with similiar screen?
Atorch S1TW-FR advanced energy meter/thermostat with LCD - cloudless operation
That topic should give you more or less detailed guide showing how to process TuyaMCU devices like the one you have...

Hypnotics · Answer

>>21347403 @p.kaczmarek2 my demo autoexec.bat file attached. check it thoroughly and guide me.

 startdriver tuyamcu
startDriver NTP
tuyaMcu_setBaudRate 115200
// tuyaMcu_defWiFiState 4

// Power On/Off dpID 16  - Channel 1
setChannelType 1 toggle
setChannelLabel 1 "On/Off"
// linkTuyaMCUOutputToChannel dpId verType tgChannel
linkTuyaMCUOutputToChannel 16 bool 1

// channel types
setChannelType 2 voltage_div10
setChannelLabel 2 "Voltage"
setChannelType 3 current_div1000
setChannelLabel 3 "Current"
setChannelType 4 power_div10
setChannelLabel 4 "Power"
setChannelType 5 ReadOnly
setChannelLabel 5 "RunTime"
setChannelType 6 EnergyTotal_kWh_div1000
setChannelLabel 6 "Total Energy"
setChannelType 7 ReadOnly
setChannelLabel 7 "Power Factor"
setChannelType 8 ReadOnly
setChannelLabel 8 "Frequency"
setChannelType 9 temperature
setChannelLabel 9 "Temperature"


// linkTuyaMCUOutputToChannel dpId verType tgChannel
// voltage
linkTuyaMCUOutputToChannel 101 val 2
// current
linkTuyaMCUOutputToChannel 102 val 3
// power
linkTuyaMCUOutputToChannel 103 val 4
// Runtime
linkTuyaMCUOutputToChannel 104 val 5
// power
linkTuyaMCUOutputToChannel 105 val 6
// power
linkTuyaMCUOutputToChannel 106 val 7
// power
linkTuyaMCUOutputToChannel 107 val 8
// power
linkTuyaMCUOutputToChannel 108 val 9



// NOTE: test code only so I can refresh quickly without restarting
tuyaMcu_sendQueryState

p.kaczmarek2 · Answer

So, are you able to control the relay? Is voltage properly displayed?

Hypnotics · Answer

>>21348886 Yes I can control the relay, and the voltage is shown properly as shown in the device screen. Help me with OVP OPP and other configurable parameter settings.

adolfotregosa · Answer

Hi,

Thank you for this project.
I’d like to report that the parsing of the frequency value is incomplete, as it is missing the decimal part.

Info:TuyaMCU:Received: 55 AA 03 07 00 08 6B 02 00 04 00 00 00 32 B4
Info:TuyaMCU:ProcessIncoming[v=3]: cmd 7 (State) len 15
Info:TuyaMCU:ParseState: id 107 type 2-val len 4
Info:TuyaMCU:ParseState: int32 50

As far as I can tell:
32 = 50
B4 = 180
In this case, the decimal point is the "0" from 180, so the correct value should be 50.0Hz.

Another example:
Info:TuyaMCU:Received: 55 AA 03 07 00 08 6B 02 00 04 00 00 00 31 B3
Info:TuyaMCU:ProcessIncoming[v=3]: cmd 7 (State) len 15
Info:TuyaMCU:ParseState: id 107 type 2-val len 4
Info:TuyaMCU:ParseState: int32 49

Here:
31 = 49
B3 = 179 = 9
This corresponds to 49.9Hz.

So the first number in decimal form from right to left is the missing decimal number.

Thank you for looking into this!

Another observation is that OpenBK is missing a "push button" option. We currently only have a toggle, whereas some functions are a simple "press to clear" type of action. In my autoexec.bat it would be used for setChannelType 9. Is this possible to implement somehow?

I've created a more comprehensive autoexec.bat for this device:

autoexec.bat


startdriver tuyamcu
startDriver NTP
tuyaMcu_setBaudRate 115200
tuyaMcu_defWiFiState 4

// Power On/Off dpID 16  - Channel 1
linkTuyaMCUOutputToChannel 16 bool 1
setChannelType 1 toggle
setChannelLabel 1 " Relay On/Off"


// Measurements

// voltage
linkTuyaMCUOutputToChannel 101 val 2
setChannelType 2 voltage_div10
//setChannelLabel 2 "Voltage"

// current
linkTuyaMCUOutputToChannel 102 val 3
setChannelType 3 current_div1000
setChannelLabel 3 "Current"

// power
linkTuyaMCUOutputToChannel 103 val 4
setChannelType 4 power_div10
//setChannelLabel 4 "Power"

// Total Energy kWh 
linkTuyaMCUOutputToChannel 105 val 5
setChannelType 5 EnergyTotal_kWh_div1000
//setChannelLabel 5 "Total Energy"

// power factor
linkTuyaMCUOutputToChannel 106 val 6
setChannelType 6 PowerFactor_div100
setChannelLabel 6 "Power Factor"

// frequency
linkTuyaMCUOutputToChannel 107 val 7
setChannelType 7 ReadOnly
setChannelLabel 7 "Frequency Hz"

// external temperature
linkTuyaMCUOutputToChannel 108 val 8
setChannelType 8 ReadOnly
setChannelLabel 8 "External Temperature (°C)"

// Reset Total kWh
linkTuyaMCUOutputToChannel 118 bool 9
setChannelType 9 toggle
setChannelLabel 9 "Reset EnergyTotal"

// low voltage
linkTuyaMCUOutputToChannel 109 val 10
setChannelType 10 TextField
setChannelLabel 10 "Low Voltage (V)"

// over voltage
linkTuyaMCUOutputToChannel 110 val 11
setChannelType 11 TextField
setChannelLabel 11 "Over Voltage (V)"

// over current
linkTuyaMCUOutputToChannel 111 val 12
setChannelType 12 TextField
setChannelLabel 12 "Over Current (mA)"

// over power
linkTuyaMCUOutputToChannel 114 val 13
setChannelType 13 TextField
setChannelLabel 13 "Over Power (W)"

// over temperaure
linkTuyaMCUOutputToChannel 115 val 14
setChannelType 14 TextField
setChannelLabel 14 "Over Temperature (°C)"

// screen_poweroff
linkTuyaMCUOutputToChannel 119 val 15
setChannelType 15 TextField
setChannelLabel 15 "Screen Power Off (0-60 Minutes)"

Hypnotics · Answer

>>21365074 Is there any dpID for recovery time setting after overvoltage protection has tripped the relay?

adolfotregosa · Answer

>>21365793 afaik, no

divadiow · Answer

>>21365793 I've compared the dpIDs in the firmware you posted to the one from Lusant. They're both identical, so this list applies:

Hypnotics · Answer

@divadiow Is there any way to set recovery time after the relay has tripped for overvoltage protection activation in this device?

m_orkisz · Answer

.Hello,In my case the Wi-Fi stopped working and then the screen went out. On opening it up there is a faulty component - what is it and can it be purchased?

divadiow · Answer

>>21366148 @Hypnotics sorry I missed this. I don't know the answer though

Lusant · Answer

>>21428074 Maybe too late, but the chip is part of the power supply. There are some stores where you can buy it .. google for uni u3211.

p.kaczmarek2 · Answer

I'm attaching U3211 datasheet (chinese, but with schematics and some info in english):

Power Meter KWS-302WF: Switching from Shunt to Transformer with HT7017 Chip sometime in the futur ..

Post #1

Post #2

Post #3

Post #4

Post #5

Post #6

Post #7

Post #8

Post #9

Post #10

Post #11

Post #12

Post #13

Post #14

Post #15

Post #16

Post #17

Post #18

Post #19

Post #20

Post #21

Post #22

Post #23

Post #24

Post #25

Post #26

Topic summary