logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda
Build faster with M5Stack »
Build faster with M5Stack » Stick • Unit • Cardputer
ADVERTISEMENT
Dostępna jest polska wersja

Czy wolisz polską wersję strony elektroda?

Nie, dziękuję Przekieruj mnie tam

Eswin ECR6600 flashing guide, datasheet, pinout, 100% local setup, Home Assistant

p.kaczmarek2 9354 116

TL;DR

  • ECR6600 WiFi+BT modules, including Tuya AXY2S and WG236 variants, get a pinout, datasheet links, and a guide for running them locally with Home Assistant.
  • Flashing uses UART0 TX0/RX0, GND, 3.3V, and ideally RST; unlike ESP chips, ECR6600 has no GPIO0 and relies on reset timing when prompted.
  • The chip pairs an Andes D10 @160MHz, up to 240MHz, with 512KB SRAM and 2MB/4MB Flash.
  • RDTool backs up the original firmware with a stub, then writes the OpenECR6600 UART binary; after reboot, the device exposes a WiFi access point for configuration.
  • The firmware release is still a March 2025 WIP, and backups should be made before cloud pairing because dumps may contain SSID and other personal data.
ADVERTISEMENT
Report a violation of the law
Reply Cool? Ranking DIY | New topic
Notify about new articles
📢 Listen (AI):
Reply Cool? Ranking DIY | New topic
Notify about new articles
📢 Listen (AI):
Report a violation of the law

Topic summary

✨ The discussion focuses on the Eswin ECR6600 WiFi+Bluetooth SoC module used in IoT devices, particularly smart plugs with integrated BL0937 energy metering chips. Key topics include detailed pinout configurations, firmware flashing procedures via UART, and local firmware development to enable cloud-free operation with Home Assistant using Tasmota/esphome-like firmware ports. Users report initial issues with the BL0937 driver not functioning due to its exclusion from firmware builds, which was later resolved by including the driver and verifying correct pin assignments. Attempts to extract and decrypt Tuya configuration keys from original firmware backups reveal challenges due to changed secondary keys and CRC errors, complicating full firmware analysis and key extraction. The community explores using Tuya Wind IDE on Linux for SDK access, and reverse engineering efforts with Ghidra face difficulties due to the ECR6600’s NDS32 architecture and base address uncertainties. Firmware disassembly and key extraction are ongoing, with partial success in identifying key material and decrypting some blocks. Additional tests confirm the ECR6600 supports WiFi 6 (2.4 GHz only) and HTTP GET/POST commands for local network control, including file downloads via HTTP client functionality. Integration efforts include porting missing HAL functions like hal_machw_time and lwip_close_force for timing and socket management. Various ECR6600-based devices, including plugs ordered from AliExpress (e.g., TNCE 16A power monitors and E103-W11 modules), are tested for firmware backup, flashing, and local control capabilities. The discussion also covers SDK build issues, firmware memory mapping, and the need for improved tooling and documentation to fully support ECR6600 development and integration with open-source platforms.
Today's popular

FAQ

TL;DR: You can fully back-up and re-flash any ESWIN ECR6600 module with only VCC, GND, TX0 (IO6) and RX0 (IO5); no “GPIO0” strap is required. Use RDTool, load the 16 kB stub at 0x10000, then dump up to 4 MB of flash in ≈90 s. The chip’s 2.4 GHz radio delivers +17 dBm and even speaks Wi-Fi 6/802.11ax [Elektroda, p.kaczmarek2, post #21479963]

Quick Facts

• SoC: Andes D10 @160 MHz, 512 kB SRAM, on-chip 2 / 4 MB QSPI flash [Elektroda, p.kaczmarek2, post #21479963]
• RF: 2.4 GHz 802.11 b/g/n/ax, +17 dBm Tx, BLE 5.0 +10 dBm [Elektroda, p.kaczmarek2, post #21479963]
• Pkg / modules: QFN40 5×5 mm (-40 D), QFN32 4×4 mm (-TSx), used in AXY2S, WG236, E103-W11 [Elektroda, p.kaczmarek2, post #21479963]
• Flash/UART pins: TX0 = IO6, RX0 = IO5, BOOT-log = IO13, Reset = CEN [Elektroda, p.kaczmarek2, post #21479963]
• Flash tool: RDTool v1.0.21, stub = ECR6600F_stub_V1.3.1.bin, begin 0x10000 [Elektroda, p.kaczmarek2, post #21479963]

What exactly is the ESWIN ECR6600?

ECR6600 is a 2.4 GHz Wi-Fi 6 and BLE 5.0 combo SoC built around an Andes-D10 core at 160 MHz. It integrates PA/LNA, 512 kB SRAM, hardware AES-256, TRNG and either 2 MB or 4 MB QSPI flash [Elektroda, p.kaczmarek2, post #21479963]

Which ready-made modules carry the ECR6600?

Confirmed modules include Tuya AXY2S/AXYU (CB2S-style), SkyLab WG236 (ESP-12 footprint), CDI-WX56600A and Ebyte E103-W11. All expose TX0 (IO6) and RX0 (IO5) on edge pads [Elektroda, p.kaczmarek2, post #21479963]

How do I enter the UART flashing mode?

Connect 3.3 V, GND, IO6→USB-TTL RX, IO5→USB-TTL TX and optionally RST. Start RDTool, click Start, then pulse RST (or power-cycle). No special boot-strap pin is needed; timing is within ~1 s after reset [Elektroda, p.kaczmarek2, post #21479963]

How can I back-up the factory firmware?

In RDTool choose Develop Tool → Single File. Load the 16 kB stub (ECR6600F_stub_V1.3.1.bin) at start-up address 0x10000, then switch to Flash tab and read 0x400000 bytes (4 MB) or 0x200000 for 2 MB parts [Elektroda, p.kaczmarek2, post #21479963]

How do I restore a full dump if something goes wrong?

Use the same Single File tab: select your backup BIN, set Begin Addr 0x0, tick “is download”, click Start, then reset the board. RDTool sends stub and image automatically [Elektroda, divadiow, post #21480971]

How do I flash OpenECR/OpenBK firmware?

Pick the latest all-in-one UART binary from the GitHub releases page, go to Develop Tool → All-in-One, click Start and reset the module. On reboot it opens an AP for web configuration just like Tasmota [Elektroda, p.kaczmarek2, post #21479963]

Does the chip really support Wi-Fi 6?

Yes. The radio claims 802.11ax HE20 single-stream support (“DCM, MCS7”) at +17 dBm, but only on 2.4 GHz; 5 GHz is not available [Elektroda, p.kaczmarek2, post #21479963]

Can I use HTTPS requests from scripts?

Not yet. The current HTTPClient in OpenBK for ECR6600 only handles plain HTTP. For secure endpoints use MQTT/TLS from an external bridge [Elektroda, p.kaczmarek2, post #21594735]

Will repeated SendGet events leak sockets or RAM?

No. A stress test toggling another device every second showed stable free heap (~188 kB) and only two open sockets after each cycle [Elektroda, DeDaMrAz, post #21594690]

How big is the flash and how do I check?

Run a 4 MB read first; RDTool prints “FLASH is not enough!” if the part is 2 MB. The size is also listed in the module datasheet, e.g., WG236 is 4 MB [SkyLab WG236 datasheet].

Can I still extract Tuya JSON config?

Not reliably. The usual BK7231 key set fails because ECR6600 uses a different secondary key; current tools stop after the first block [Elektroda, p.kaczmarek2, post #21481736]

Where can I download the official TuyaOS SDK?

Tuya Wind IDE lists it as “eswin_ecr6600_wifi-ble-tuyastack”; direct URL examples: …/pruduct/eswin_ecr6600_1.0.23.zip [Elektroda, divadiow, post #21481466]

Does the ECR6600 allow 5-GHz Wi-Fi?

No. Only 2.4 GHz is implemented. For dual-band 802.11ax consider ESP32-C5, the sole low-cost 2.4 / 5 GHz IoT SoC as of 2025 [Espressif Datasheet ESP32-C5, 2024].
ADVERTISEMENT