Eswin ECR6600 flashing guide, datasheet, pinout, 100% local setup, Home Assistant

p.kaczmarek2 5241 98

Reply Cool? Ranking DIY | New topic

Notify about new articles

📢 Listen (AI):

#61 21491220 23 Mar 2025 09:07

divadiow divadiow

Level 35

Helpful post? (0)

Post #61
21491220 23 Mar 2025 09:07

Hmm. Not sure what to suggest or do next tbh.
ADVERTISEMENT
#62 21492866 24 Mar 2025 09:16

divadiow divadiow

Level 35

Helpful post? (+1)

Post #62
21492866 24 Mar 2025 09:16

not that it helps, but I sought to find documented evidence of that address/range in relation to ECR6600. It seems perhaps chip_memmap.h in the SDK is a useful source

ChatGPT said:

Code: Text
Log in, to see the code

https://github.com/divadiow/ECR6600/blob/main...s/Boards/ecr6600/common/include/chip_memmap.h

sometimes get this though, but not with 0x40800000

https://github.com/search?q=repo%3Adivadiow%2FECR6600%2040800000&type=code

Added after 1 [hours] 1 [minutes]:

maybe we need to know the efuse content. need someone with a real device to flash the AT firmware and read the values from RDTool, assuming it allows read.
ADVERTISEMENT
#63 21501376 30 Mar 2025 20:33

divadiow divadiow

Level 35

Helpful post? (0)

Post #63
21501376 30 Mar 2025 20:33

p.kaczmarek2 wrote:
I can get this from LN882H:

does TEY_SN_8710 get you anywhere in this app with ECR6600 fw?
Helpful post

#64 21501866 31 Mar 2025 10:55

divadiow divadiow

Level 35
Helpful post? (+1)

Helpful post
Post #64
21501866 31 Mar 2025 10:55

divadiow wrote:
does TEY_SN_8710 get you anywhere in this app with ECR6600 fw?

no, this does not seem to be it

it was something GPT suggested was derivable from @miegapele's efuse bytes https://www.elektroda.com/rtvforum/topic4106357.html#21500523

Code: Text
Log in, to see the code

Added after 39 [minutes]:

some basic observations re key/SDK consistency/variations across the dumps we have.

Code: Text
Log in, to see the code

in summary, all the ECR6600 plugs have same key logged in boot output and are built with same SDK. Jasperro's LSC is the odd one out with a different key and older SDK.

boot, dumps and get key summary package attached for all 4.

Code: Text
Log in, to see the code

Attachments:

ECR6600_DECRYPT.rar Download (2.54 MB)

#65 21505163 02 Apr 2025 22:30

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Post #65

21505163 02 Apr 2025 22:30

Nice research, I'll get back to it in a moment.
@insmod what happened to ECR build? Did maintainer of ECR SDK submit code with syntax error?



../components/wpa/wpa_supplicant/ctrl_iface_freeRTOS.c: In function 'ctrl_iface_receive':
../components/wpa/wpa_supplicant/ctrl_iface_freeRTOS.c:100:27: error: 'CLI_PRINT_BUFFER_SIZE' undeclared (first use in this function); did you mean 'PRINT_BUFFER_SIZE'?
 #define PRINT_BUFFER_SIZE CLI_PRINT_BUFFER_SIZE//256
                           ^~~~~~~~~~~~~~~~~~~~~
../components/wpa/wpa_supplicant/ctrl_iface_freeRTOS.c:131:22: note: in expansion of macro 'PRINT_BUFFER_SIZE'
      if (reply_len > PRINT_BUFFER_SIZE ) {
                      ^~~~~~~~~~~~~~~~~
../components/wpa/wpa_supplicant/ctrl_iface_freeRTOS.c:100:27: note: each undeclared identifier is reported only once for each function it appears in
 #define PRINT_BUFFER_SIZE CLI_PRINT_BUFFER_SIZE//256
                           ^~~~~~~~~~~~~~~~~~~~~
../components/wpa/wpa_supplicant/ctrl_iface_freeRTOS.c:131:22: note: in expansion of macro 'PRINT_BUFFER_SIZE'
      if (reply_len > PRINT_BUFFER_SIZE ) {
                      ^~~~~~~~~~~~~~~~~
../components/wpa/wpa_supplicant/ctrl_iface_freeRTOS.c:133:15: error: unused variable 'atom' [-Werror=unused-variable]
          char atom[PRINT_BUFFER_SIZE+1];
               ^~~~

I'll accept your fix... https://github.com/NonPIayerCharacter/OpenECR...d334ded1dab18dcd506d52398df83329bb00095939a83 thanks

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.

#66 21505185 02 Apr 2025 22:44

insmod insmod

Level 26

Helpful post? (0)

Post #66
21505185 02 Apr 2025 22:44

>>21505163
Unknown what happened, it worked ok, but suddenly, without any changes in code, it started failing build.
That only happened in github actions, building locally worked like before.
I eventually determined that cli.h stopped including, so that hack will add it's path to include dirs.
Though now that i checked the code, probably another cli.h was included, instead of the needed one.
But why it worked before then?
#67 21505459 03 Apr 2025 09:28

divadiow divadiow

Level 35

Helpful post? (0)

Post #67
21505459 03 Apr 2025 09:28

p.kaczmarek2 wrote:
Nice research, I'll get back to it in a moment.

no pressure. I notice IDA have mentioned NDS32 in their 2025 visions and goals https://hex-rays.com/blog/2025-product-vision-and-goals

Code: Text
Log in, to see the code

but no sign of a release with that support, assuming I could even get hold of it somehow. My angle was that maybe that Ghidra processor add for NDS32 isn't as good as it could be, but I don't really know.
#68 21506165 03 Apr 2025 20:06

DeDaMrAz DeDaMrAz

Level 20

Helpful post? (+1)

Post #68
21506165 03 Apr 2025 20:06

I finally got one of the ECR6600 modules - E103-W11 from this link - https://www.aliexpress.com/item/1005008353738026.html

Some further read that can be useful - https://www.cdebyte.com/products/E103-W11/4#Downloads

If you like my work, support me at: https://paypal.me/openshwprojects
#69 21506177 03 Apr 2025 21:28

divadiow divadiow

Level 35

Helpful post? (0)

Post #69
21506177 03 Apr 2025 21:28

nice. another ECR6600 to swoon over. Would be interesting to know what fw it has and how its RF compares to the WG236.
I was going to hook up WG236 again this evening just to experience the efuse read in RDTool using AT.

Added after 1 [hours] 7 [minutes]:

yuh. no great surprise. all 0x0. read via TX0/IO6 and RX0/IO5

UART prints

Code: Text
Log in, to see the code

Added after 4 [minutes]:

this would be doable on the ECR6600 EU plugs because that's the same RX/TX as flash is through - but miegapele has already read it somehow. not sure how @miegapele's values translate to what would be displayed in RDTool though.
Helpful post

#70 21509234 06 Apr 2025 16:33

divadiow divadiow

Level 35

Helpful post? (+1)

Helpful post
Post #70
21509234 06 Apr 2025 16:33

hurrah, finally. got two in this bundle deal: https://www.aliexpress.com/item/1005005729080838.html

16A wifi, 2pcs. TNCE
#71 21509287 06 Apr 2025 17:09

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #71
21509287 06 Apr 2025 17:09

Nice! Take a backup and we'll compare them.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
ADVERTISEMENT
#72 21509304 06 Apr 2025 17:24

divadiow divadiow

Level 35

Helpful post? (0)

Post #72
21509304 06 Apr 2025 17:24

in my haste I neglected to uncheck the WG236A backup under stub and flashed that already! 🤦🏼‍♂ I'll dump second, I'm betting it'll be the same as the others we've had though.

efuse read is successful but doesn't reveal anything different to trying on WG236 https://www.elektroda.com/rtvforum/topic4111822-60.html#21506177

Added after 2 [minutes]:

seeing what else I can read from it. any requests?
#73 21584722 20 Jun 2025 15:21

divadiow divadiow

Level 35

Helpful post? (0)

Post #73
21584722 20 Jun 2025 15:21

>>21506165
did you ever dump flash from this?
#74 21594320 01 Jul 2025 00:46

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #74
21594320 01 Jul 2025 00:46

I didn't make any futher tests with IDA, but I am helping user to port HTTP GET/POST requests to ECR in OBK, and I'm currently looking for hal_machw_time equivalent in their SDK - any ideas?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#75 21594322 01 Jul 2025 00:52

insmod insmod

Level 26

Helpful post? (0)

Post #75
21594322 01 Jul 2025 00:52

>>21594320
hal_machw_time in beken returns time since start in us?
Then HAL_GetTimeMs() * 1000?
And hal_machw_time_past can be taken from here https://github.com/openshwprojects/OpenBK7231...8f90ddbf9/src/win32/stubs/win_rtos_stub.c#L79
#76 21594381 01 Jul 2025 07:42

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #76
21594381 01 Jul 2025 07:42

I'll give it a go. Another missing think would be lwip_close_force, which was added by me to LWIP some time ago as a work around to lingering sockets... they weren't freed correctly and kept using heap. I'm curious if the same problem will occur on ECR, maybe it should be solved differently.

@divadiow do you have ECR?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#77 21594385 01 Jul 2025 07:49

divadiow divadiow

Level 35

Helpful post? (0)

Post #77
21594385 01 Jul 2025 07:49

p.kaczmarek2 wrote:
@divadiow do you have ECR?

of course!

WG236A modules and 4 EU LSPA9-type ECR6600 plugs - the one we've seen posted about a few times by various users
ADVERTISEMENT
#78 21594402 01 Jul 2025 08:17

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home
Topic author Helpful post? (0)

Post #78
21594402 01 Jul 2025 08:17

https://github.com/openshwprojects/OpenBK7231T_App/pull/1700
It compiled with following stubs:
Code: text Expand Select all Copy to clipboard
void lwip_close_force(int x) { lwip_close(x); } int hal_machw_time() { return os_time_get() * 1000; }

Now, will this work?
Code: text Expand Select all Copy to clipboard
// SendGet http://192.168.0.112/cm?cmnd=Power0%20Toggle // addRepeatingEvent 5 -1 SendGet http://192.168.0.112/cm?cmnd=Power0%20Toggle // addEventHandler OnClick 8 SendGet http://192.168.0.112/cm?cmnd=Power0%20Toggle

This SendGET is HTTP only. It can be tested easily with two OBK devices. One with single LED/relay on channel (or anything, really) and second (ECR) to send it.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#79 21594487 01 Jul 2025 10:18

divadiow divadiow

Level 35

Helpful post? (0)

Post #79
21594487 01 Jul 2025 10:18

I'll try. Not home til next week though but I have some stuff with me
#80 21594548 01 Jul 2025 12:01

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #80
21594548 01 Jul 2025 12:01

Thank you, are you on holidays?

I've also looked at BL602. I've managed to get it to compile but the time call is missing.

I think that maybe we could just have some kind of our own crude timer, for example, counted by quicktick calls, but maybe that's not necessary...

Added after 51 [minutes]:

It has turned out that quicktick already has a time mechanism. I've renamed it to g_timeMs. Currently it's 32 bit but probably should be long.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#81 21594657 01 Jul 2025 13:03

DeDaMrAz DeDaMrAz

Level 20

Helpful post? (0)

Post #81
21594657 01 Jul 2025 13:03

Since I am back to digging through my collection of modules I've noticed something interesting, first E103W module has a non standard pinout

And second is this little detail

If you like my work, support me at: https://paypal.me/openshwprojects
#82 21594671 01 Jul 2025 13:15

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #82
21594671 01 Jul 2025 13:15

I didn't notice it as well, but it seems that this module can work with WiFi 6.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#83 21594674 01 Jul 2025 13:19

insmod insmod

Level 26

Helpful post? (0)

Post #83
21594674 01 Jul 2025 13:19

I knew that it can work with Wifi 6. But it can't work with 5Ghz.
The only module i know that supports both wifi 6 and 5ghz is ESP32-C5.
#84 21594681 01 Jul 2025 13:23

DeDaMrAz DeDaMrAz

Level 20

Helpful post? (+1)

Post #84
21594681 01 Jul 2025 13:23

Confirmed, SendGET is working from ECR module to another OBK, both as a single toggle and as a repeating event!

If you like my work, support me at: https://paypal.me/openshwprojects
#85 21594683 01 Jul 2025 13:26

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home
Topic author Helpful post? (0)

Post #85
21594683 01 Jul 2025 13:26

I have fixed SendGet on BL602 as well, I am working on LN882H now. I'm also going to clear up codebase there a bit.

Ok, next test. Does ECR have LFS? I think it does? So... try to download a file.
Code: text Expand Select all Copy to clipboard
// Following command will send get and save result to file: // SendGet http://example.com/ myFile.html // test code: addRepeatingEvent 30 -1 SendGet http://example.com/ myFile.html

Just make sure to use HTTP, not HTTPS. We don't have HTTPS enabled.
Maybe try on Beken first, my memory may be faulty here, but it should work more or less...

Just to be sure - no sockets in use/heap impact after repeated requests?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#86 21594684 01 Jul 2025 13:27

DeDaMrAz DeDaMrAz

Level 20

Helpful post? (0)

Post #86
21594684 01 Jul 2025 13:27

insmod wrote:
I knew that it can work with Wifi 6. But it can't work with 5Ghz.
The only module i know that supports both wifi 6 and 5ghz is ESP32-C5.

I honestly didn't even notice that until now, but I have something exotic to try it with 2.4GHZ WiFi6 Mikrotik that has a 160MHz channel 😁

I'll test that later this night as if I turn that thing on most of my neighborhood will lose their WiFi's 😁

If you like my work, support me at: https://paypal.me/openshwprojects
#87 21594686 01 Jul 2025 13:29

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #87
21594686 01 Jul 2025 13:29

This os_ stuff is messy:
Code: C / C++
Log in, to see the code

What is even the initial purpose of that on Beken? @insmod do you know anything about it? Maybe we could normalize all functions and remove os_* stuff. I know os_realloc/os_malloc vs malloc is an ongoing issue on Beken, tough

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.

#88 21594690 01 Jul 2025 13:30

DeDaMrAz DeDaMrAz

Level 20

Post #88

21594690 01 Jul 2025 13:30

p.kaczmarek2 wrote:
Just to be sure - no sockets in use/heap impact after repeated requests?

Confirmed, heap does go down some, check the log.

Error:HTTP_CLIENT:success to establish tcp, fd=2
Error:HTTP_CLIENT:connection is closed
Error:HTTP_CLIENT:httpclient - no response buff, skipped 240
Info:MAIN:Time 745, idle 0/s, free 188376, MQTT 0(46), bWifi 1, secondsWithNoPing 676, socks 2/20 
Info:MAIN:Time 746, idle 0/s, free 188376, MQTT 0(46), bWifi 1, secondsWithNoPing 677, socks 2/20 
Info:MAIN:Time 747, idle 0/s, free 188376, MQTT 0(46), bWifi 1, secondsWithNoPing 678, socks 2/20 
Info:MQTT:mqtt_host empty, not starting mqtt
Info:MAIN:Time 748, idle 0/s, free 188376, MQTT 0(47), bWifi 1, secondsWithNoPing 679, socks 2/20 
Info:MAIN:Time 749, idle 0/s, free 188376, MQTT 0(47), bWifi 1, secondsWithNoPing 680, socks 2/20 
Info:CMD: CMD_SendGET received with args http://192.168.0.48/cm?cmnd=Power1%20Toggle
Info:HTTP_CLIENT:HTTPClient_Async_SendGet for http://192.168.0.48/cm?cmnd=Power1%20Toggle, sizeof(httprequest_t) == 160!
Info:HTTP_CLIENT:Parse url http://192.168.0.48/cm?cmnd=Power1%20Toggle
Info:HTTP_CLIENT:host: '192.168.0.48', port: 80
Info:HTTP_CLIENT:HAL_TCP_Establish: created socket 2

Error:HTTP_CLIENT:success to establish tcp, fd=2
Error:HTTP_CLIENT:connection is closed
Error:HTTP_CLIENT:httpclient - no response buff, skipped 239
Info:MAIN:Time 750, idle 0/s, free 175512, MQTT 0(47), bWifi 1, secondsWithNoPing 681, socks 3/20 
Info:MAIN:Time 751, idle 0/s, free 188368, MQTT 0(47), bWifi 1, secondsWithNoPing 682, socks 2/20 
Info:MAIN:Time 752, idle 0/s, free 188368, MQTT 0(47), bWifi 1, secondsWithNoPing 683, socks 2/20 
Info:MAIN:Time 753, idle 0/s, free 188368, MQTT 0(47), bWifi 1, secondsWithNoPing 684, socks 2/20 
Info:MAIN:Time 754, idle 0/s, free 175512, MQTT 0(47), bWifi 1, secondsWithNoPing 685, socks 3/20 
Info:CMD: CMD_SendGET received with args http://192.168.0.48/cm?cmnd=Power1%20Toggle
Info:HTTP_CLIENT:HTTPClient_Async_SendGet for http://192.168.0.48/cm?cmnd=Power1%20Toggle, sizeof(httprequest_t) == 160!
Info:HTTP_CLIENT:Parse url http://192.168.0.48/cm?cmnd=Power1%20Toggle
Info:HTTP_CLIENT:host: '192.168.0.48', port: 80
Info:HTTP_CLIENT:HAL_TCP_Establish: created socket 3

Error:HTTP_CLIENT:success to establish tcp, fd=3
Error:HTTP_CLIENT:connection is closed
Error:HTTP_CLIENT:httpclient - no response buff, skipped 240
Info:MAIN:Time 755, idle 0/s, free 188368, MQTT 0(47), bWifi 1, secondsWithNoPing 686, socks 2/20 
Info:MAIN:Time 756, idle 0/s, free 188368, MQTT 0(47), bWifi 1, secondsWithNoPing 687, socks 2/20 
Info:MAIN:Time 757, idle 0/s, free 188368, MQTT 0(47), bWifi 1, secondsWithNoPing 688, socks 2/20 
Info:MAIN:Time 758, idle 0/s, free 175512, MQTT 0(47), bWifi 1, secondsWithNoPing 689, socks 3/20 
Info:CMD: CMD_SendGET received with args http://192.168.0.48/cm?cmnd=Power1%20Toggle
Info:HTTP_CLIENT:HTTPClient_Async_SendGet for http://192.168.0.48/cm?cmnd=Power1%20Toggle, sizeof(httprequest_t) == 160!
Info:HTTP_CLIENT:Parse url http://192.168.0.48/cm?cmnd=Power1%20Toggle
Info:HTTP_CLIENT:host: '192.168.0.48', port: 80
Info:HTTP_CLIENT:HAL_TCP_Establish: created socket 2

Error:HTTP_CLIENT:success to establish tcp, fd=2
Error:HTTP_CLIENT:connection is closed
Error:HTTP_CLIENT:httpclient - no response buff, skipped 239
Info:MAIN:Time 759, idle 0/s, free 188368, MQTT 0(47), bWifi 1, secondsWithNoPing 690, socks 2/20 
Info:MAIN:Time 760, idle 0/s, free 188376, MQTT 0(47), bWifi 1, secondsWithNoPing 691, socks 2/20 
Info:MAIN:Time 761, idle 0/s, free 188376, MQTT 0(47), bWifi 1, secondsWithNoPing 692, socks 2/20 
Info:MAIN:Time 762, idle 0/s, free 175520, MQTT 0(47), bWifi 1, secondsWithNoPing 693, socks 3/20 
Info:MAIN:Time 763, idle 0/s, free 188376, MQTT 0(47), bWifi 1, secondsWithNoPing 694, socks 2/20 
Info:CMD: CMD_SendGET received with args http://192.168.0.48/cm?cmnd=Power1%20Toggle
Info:HTTP_CLIENT:HTTPClient_Async_SendGet for http://192.168.0.48/cm?cmnd=Power1%20Toggle, sizeof(httprequest_t) == 160!
Info:HTTP_CLIENT:Parse url http://192.168.0.48/cm?cmnd=Power1%20Toggle
Info:HTTP_CLIENT:host: '192.168.0.48', port: 80
Info:HTTP_CLIENT:HAL_TCP_Establish: created socket 2

Error:HTTP_CLIENT:success to establish tcp, fd=2
Error:HTTP_CLIENT:connection is closed
Error:HTTP_CLIENT:httpclient - no response buff, skipped 240
Info:MQTT:mqtt_host empty, not starting mqtt
Info:MAIN:Time 764, idle 0/s, free 188376, MQTT 0(48), bWifi 1, secondsWithNoPing 695, socks 2/20

LFS is present and confirmed working. SendGET obviously needs some delay after booting but it is working. For http file download I will try at some point, not sure when though.

If you like my work, support me at: https://paypal.me/openshwprojects

#89 21594698 01 Jul 2025 13:36

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Topic author Helpful post? (0)

Post #89
21594698 01 Jul 2025 13:36

LN882H also compiled now, so we would need to check that platform as well. Still, for now, just check file downloading on your ECR, since you have it at hand.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#90 21594701 01 Jul 2025 13:37

insmod insmod

Level 26

Helpful post? (0)

Post #90
21594701 01 Jul 2025 13:37

>>21594686
os_malloc/free/realloc should remain as it is.
os_memmove/os_strcmp/os_strchr/os_strstr are only used in http_client.c
os_strcpy is in BK hal, new_mqtt.c, logging.c, http_client.c and http_tcp_server.c
os_memcpy in BK hal and http_client.c
os_memset is used ...
os_strlen in BK hal and http_client
Perhaps default functions are problematic on Beken and removing them could create problems?

But no, i see that for example os_memmove just returns memmove in https://github.com/NonPIayerCharacter/beken_f...os_sdk/blob/master/beken378/os/mem_arch.c#L14
Create an account, log in and become active in a forum and ads will not appear. You will receive points by participating in discussions.
Join this discussion.

Install the application

Reply Cool? Ranking DIY | New topic

Notify about new articles

📢 Listen (AI):

Report a violation of the law

Topic summary

The discussion focuses on the Eswin ECR6600 WiFi+Bluetooth SoC module used in IoT devices, particularly smart plugs with integrated BL0937 energy metering chips. Key topics include detailed pinout configurations, firmware flashing procedures via UART, and local firmware development to enable cloud-free operation with Home Assistant using Tasmota/esphome-like firmware ports. Users report initial issues with the BL0937 driver not functioning due to its exclusion from firmware builds, which was later resolved by including the driver and verifying correct pin assignments. Attempts to extract and decrypt Tuya configuration keys from original firmware backups reveal challenges due to changed secondary keys and CRC errors, complicating full firmware analysis and key extraction. The community explores using Tuya Wind IDE on Linux for SDK access, and reverse engineering efforts with Ghidra face difficulties due to the ECR6600’s NDS32 architecture and base address uncertainties. Firmware disassembly and key extraction are ongoing, with partial success in identifying key material and decrypting some blocks. Additional tests confirm the ECR6600 supports WiFi 6 (2.4 GHz only) and HTTP GET/POST commands for local network control, including file downloads via HTTP client functionality. Integration efforts include porting missing HAL functions like hal_machw_time and lwip_close_force for timing and socket management. Various ECR6600-based devices, including plugs ordered from AliExpress (e.g., TNCE 16A power monitors and E103-W11 modules), are tested for firmware backup, flashing, and local control capabilities. The discussion also covers SDK build issues, firmware memory mapping, and the need for improved tooling and documentation to fully support ECR6600 development and integration with open-source platforms.
Summary generated by the language model.

Home page
/
Forum
/
Smart Home
/
Smart Home IoT
/
Smart Home Guides
/
Eswin ECR6600 flashing guide, datasheet, pinout, 100% local setup, Home Assistant

FAQ

TL;DR: You can fully back-up and re-flash any ESWIN ECR6600 module with only VCC, GND, TX0 (IO6) and RX0 (IO5); no “GPIO0” strap is required. Use RDTool, load the 16 kB stub at 0x10000, then dump up to 4 MB of flash in ≈90 s. The chip’s 2.4 GHz radio delivers +17 dBm and even speaks Wi-Fi 6/802.11ax [Elektroda, p.kaczmarek2, post #21479963]

Quick Facts

• SoC: Andes D10 @160 MHz, 512 kB SRAM, on-chip 2 / 4 MB QSPI flash [Elektroda, p.kaczmarek2, post #21479963]
• RF: 2.4 GHz 802.11 b/g/n/ax, +17 dBm Tx, BLE 5.0 +10 dBm [Elektroda, p.kaczmarek2, post #21479963]
• Pkg / modules: QFN40 5×5 mm (-40 D), QFN32 4×4 mm (-TSx), used in AXY2S, WG236, E103-W11 [Elektroda, p.kaczmarek2, post #21479963]
• Flash/UART pins: TX0 = IO6, RX0 = IO5, BOOT-log = IO13, Reset = CEN [Elektroda, p.kaczmarek2, post #21479963]
• Flash tool: RDTool v1.0.21, stub = ECR6600F_stub_V1.3.1.bin, begin 0x10000 [Elektroda, p.kaczmarek2, post #21479963]

What exactly is the ESWIN ECR6600?

ECR6600 is a 2.4 GHz Wi-Fi 6 and BLE 5.0 combo SoC built around an Andes-D10 core at 160 MHz. It integrates PA/LNA, 512 kB SRAM, hardware AES-256, TRNG and either 2 MB or 4 MB QSPI flash [Elektroda, p.kaczmarek2, post #21479963]

Which ready-made modules carry the ECR6600?

Confirmed modules include Tuya AXY2S/AXYU (CB2S-style), SkyLab WG236 (ESP-12 footprint), CDI-WX56600A and Ebyte E103-W11. All expose TX0 (IO6) and RX0 (IO5) on edge pads [Elektroda, p.kaczmarek2, post #21479963]

How do I enter the UART flashing mode?

Connect 3.3 V, GND, IO6→USB-TTL RX, IO5→USB-TTL TX and optionally RST. Start RDTool, click Start, then pulse RST (or power-cycle). No special boot-strap pin is needed; timing is within ~1 s after reset [Elektroda, p.kaczmarek2, post #21479963]

How can I back-up the factory firmware?

In RDTool choose Develop Tool → Single File. Load the 16 kB stub (ECR6600F_stub_V1.3.1.bin) at start-up address 0x10000, then switch to Flash tab and read 0x400000 bytes (4 MB) or 0x200000 for 2 MB parts [Elektroda, p.kaczmarek2, post #21479963]

How do I restore a full dump if something goes wrong?

Use the same Single File tab: select your backup BIN, set Begin Addr 0x0, tick “is download”, click Start, then reset the board. RDTool sends stub and image automatically [Elektroda, divadiow, post #21480971]

How do I flash OpenECR/OpenBK firmware?

Pick the latest all-in-one UART binary from the GitHub releases page, go to Develop Tool → All-in-One, click Start and reset the module. On reboot it opens an AP for web configuration just like Tasmota [Elektroda, p.kaczmarek2, post #21479963]

What pin mapping is needed for BL0937 energy plugs?

Typical EU smart plug uses IO14→CF, IO15→SEL, IO20→CF1, IO25→Relay and IO24→Button [Elektroda, spectrality, post #21481109] With the fixed driver build the meter reports Voltage, Current and Power correctly [Elektroda, insmod, post #21481313]

Does the chip really support Wi-Fi 6?

Yes. The radio claims 802.11ax HE20 single-stream support (“DCM, MCS7”) at +17 dBm, but only on 2.4 GHz; 5 GHz is not available [Elektroda, p.kaczmarek2, post #21479963]

Can I use HTTPS requests from scripts?

Not yet. The current HTTPClient in OpenBK for ECR6600 only handles plain HTTP. For secure endpoints use MQTT/TLS from an external bridge [Elektroda, p.kaczmarek2, post #21594735]

Will repeated SendGet events leak sockets or RAM?

No. A stress test toggling another device every second showed stable free heap (~188 kB) and only two open sockets after each cycle [Elektroda, DeDaMrAz, post #21594690]

How big is the flash and how do I check?

Run a 4 MB read first; RDTool prints “FLASH is not enough!” if the part is 2 MB. The size is also listed in the module datasheet, e.g., WG236 is 4 MB [SkyLab WG236 datasheet].

Can I still extract Tuya JSON config?

Not reliably. The usual BK7231 key set fails because ECR6600 uses a different secondary key; current tools stop after the first block [Elektroda, p.kaczmarek2, post #21481736]

Where can I download the official TuyaOS SDK?

Tuya Wind IDE lists it as “eswin_ecr6600_wifi-ble-tuyastack”; direct URL examples: …/pruduct/eswin_ecr6600_1.0.23.zip [Elektroda, divadiow, post #21481466]

Does the ECR6600 allow 5-GHz Wi-Fi?

No. Only 2.4 GHz is implemented. For dual-band 802.11ax consider ESP32-C5, the sole low-cost 2.4 / 5 GHz IoT SoC as of 2025 [Espressif Datasheet ESP32-C5, 2024].