logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

Flashing VeSync GreenSun WHOGPLUG Smart Plug to BK7231M Module

divadiow 933 13
ADVERTISEMENT
Report a violation of the law
Reply | New topic
  • Helpful post
    #1 21450728
    divadiow
    Level 36  
    VeSync / GreenSun smart plug info.
    See https://github.com/openshwprojects/OpenBK7231T_App/issues/826 and flashing guide (though OTA ability might be a work-in-progress right now) https://www.elektroda.com/rtvforum/topic4058227.html

    Like the BSD33 here https://www.elektroda.com/rtvforum/topic4058227.html#21450591 I have flashed this user's (@thenitek) backup to a BK7231M module which has a key of 00000000 00000000 00000000 00000000 in efuse.

    fw ver 1.0.01 boot log from TX2
    Code: Text
    Log in, to see the code


    VeSync app pairing and update screesnhots:
    App interface for adding devices with a list of smart electrical outlets. App screen with an outlet icon and connection status to the router and VeSync Cloud. User interface for selecting a room for a smart device. Firmware update screen with device visualization and Update button. Device firmware update screen with VeSync app. Home device management application interface showing a device icon in the kitchen. App interface with power button and energy management options. Device settings interface on a dark background with configuration options. Screenshot of device information, including time zone, device time, firmware version, and MAC address. Home device management app interface.


    Firmware update screen.

    fw ver 1.0.02 boot log from TX2
    Code: Text
    Log in, to see the code


    Added after 10 [minutes]:

    both versions fw backups can be found here https://github.com/openshwprojects/FlashDumps/tree/main/IoT/BK7231M

    Added after 1 [hours] 33 [minutes]:

    OTA is at 0x125000 on these. Flash a BK7231N rbl to that address and it OTAs to OBK

    Code: Text
    Log in, to see the code

    Screenshot of OpenBK7231N user interface showing device information and configuration options.

    0x125000 start address and 0xB0000 length (737,280 bytes) - I think!
    Hexadecimal data snippet with text labels.

    I had to ask ChatGPT for help on the length
    Code: Text
    Log in, to see the code


    Added after 9 [minutes]:

    Regarding the mac. TLV starts at 0x1D9000 where the mac we'd like to see in OpenBeken after OTA from VeSync 1.0.02-> OBK is seen - FC 58 4A A1 D3 C2
    Screenshot showing hex data.
    which correlates with what's seen in the VeSync app
    Screenshot showing mobile device information.

    current:
    List of connected devices with name, IP address, and physical MAC address.
  • ADVERTISEMENT
  • #2 21452918
    divadiow
    Level 36  
    with custom build where OTA partition is changed to 0x125000 then OTA works as expected https://github.com/openshwprojects/OpenBK7231T_App/pull/1542

    Code: C / C++
    Log in, to see the code


    Code: C / C++
    Log in, to see the code


    Code: Text
    Log in, to see the code


    mac is still wrong though even with 0x1D9000 set for RF/Net
  • #3 21452972
    insmod
    Level 29  
    >>21452918 Are those partitions correct? They shouldn't intersect.

    Have you tried to replace bootloader with standard 1.0.1? That should fix OTA, but would still do nothing for MAC. Though you would have to edit build.sh
    Either uncomment (i don't know why it is commented out, not working perhaps?) https://github.com/openshwprojects/OpenBK7231...ter/platforms/bk7231n/bk7231n_os/build.sh#L72
    Or combine binary with unencrypted bootloader and then run encryption with these parameters: 0 0 0 0 0
    Not sure if it would work though, i did once encrypted a 1.0.13 bootloader for bk7231n and it worked.
  • ADVERTISEMENT
  • #4 21452984
    divadiow
    Level 36  
    insmod wrote:
    Are those partitions correct? They shouldn't intersect.

    ah probably not correct then. couldn't quite get head round the 01PE hex for this one for some reason.
    insmod wrote:
    Have you tried to replace bootloader with standard 1.0.1? That should fix OTA, but would still do nothing for MAC. Though you would have to edit build.sh


    this would be the ultimate, then no need for these odd M builds for each vendor's chosen partition layout. I have flashed a few BLs, but none so far have booted. I've also tried making my own using RT-Thread Partition Tool. I'll have another go, getting a good BL for 000000 key devices, which uses standard Tuya partition addresses, would be the way to go it seems

    Screenshot of RT-Thread Partition Tool showing a partition list with names, offsets, and lengths.
  • ADVERTISEMENT
  • #5 21452990
    insmod
    Level 29  
    As i've written before, i don't remember what exactly i've done to encrypt bootloader.
    But, another possibility is to run encrypt with zero keys and zero address on unencrypted bootloader directly, and then combine it with uart firmware and run standard encrypt with zero keys and 10000 address.
  • #6 21453255
    divadiow
    Level 36  
    i see.

    so we could perhaps do that with something like

    Code: Text
    Log in, to see the code


    if using the newer version of encrypt.exe

    Screenshot showing the usage of the encrypt.exe tool in the command line.

    https://github.com/openshwprojects/OpenBK7231...k7231n_os/beken378/build/post-build-steps.bat

    Added after 3 [minutes]:

    hmm. bootloader_bk7231n_uart2_v1.0.8_enc.bin doesn't seem to boot. nor does a standard BK7231N_1.0.1 decrypted/re-encrypted from a device with bk7231tools

    Added after 25 [minutes]:

    oh. doesn't this suggest M QIO already has this https://www.elektroda.com/rtvforum/topic4056377.html#21106098
  • #7 21466587
    p.kaczmarek2
    Moderator Smart Home
    Probably related discussion:
    https://www.elektroda.com/rtvforum/topic4032988-30.html#21466523
    Helpful post? Buy me a coffee.
  • ADVERTISEMENT
  • #9 21724001
    p.kaczmarek2
    Moderator Smart Home
    Nice, i think I have BK7231M hooked to WiFi flasher, so I can check, however, please first make sure that your changes do not affect other binaries going through that path, in this case, the classic BK7231N binary.
    Helpful post? Buy me a coffee.
  • #10 21724004
    divadiow
    Level 36  
    OK. I will double-check BK-N is OK.
  • #11 21725131
    divadiow
    Level 36  
    wait. BK7231M_ALT (OpenBK7231M_ALT_QIO_1.18.202.bin) does boot already. It's being built with bk7231n_bootloader.bin, assuming comparison script is working. bk7231n_bootloader_zero_keys.bin not being used at all?

    Screenshot of a table with QIO files and corresponding bootloader matches

    uncrc and comparison script

    Code: Powershell
    Log in, to see the code


    Added after 2 [hours] 9 [minutes]:

    oh https://github.com/openshwprojects/OpenBK7231...s/bk7231n/bk7231n_os/build.sh#L144C20-L144C30

    Added after 37 [minutes]:

    not sure I fully understand what's happening. If you delete bk7231n_bootloader_zero_keys.bin build does not fail. With these two changes BK7231M QIO boots and detection script says:

    Table of QIO file matches to bootloaders using Uncrc decoding and ExactRaw mode

    Screenshot of build.sh diff showing bootloader change from _enc.bin to standard .bin
  • #12 21725507
    p.kaczmarek2
    Moderator Smart Home
    It is possible that zeroKeys was not used in the end, but I am not sure.

    I've checked ALT now with WiFi Flasher. It boots:
    Code: text Expand Select all Copy to clipboard
    
wifiprogram bk7231n -d 192.168.0.139:8888 -w -s 0 -u OpenBK7231M_ALT_QIO_1.18.202.bin

    OpenBK7231N web UI with debug info and flash programming console log.
    Helpful post? Buy me a coffee.
  • #13 21725511
    divadiow
    Level 36  
    ALT boots yes, but the old SDK M QIO does not

    Added after 2 [minutes]:

    change bk7231n_bootloader_enc.bin to bk7231n_bootloader.bin in the M code block and then it'll boot
  • #14 21725674
    p.kaczmarek2
    Moderator Smart Home
    I am not sure what happened there, but you may have a correct solution. First I tried to manually insert a bootloader with 0 keys, but then I realized that we can just use the one without _enc
    Helpful post? Buy me a coffee.
Reply | New topic
Report a violation of the law

Topic summary

The discussion revolves around flashing the VeSync GreenSun WHOGPLUG Smart Plug to a BK7231M module. Users share insights on modifying the OTA (Over-The-Air) partition to enable OTA functionality, referencing specific GitHub issues and guides. A custom build with the OTA partition set to 0x125000 is suggested for successful OTA operations. Participants discuss the importance of correct partition configurations and the potential need to replace the bootloader with a standard version to resolve OTA issues. Various methods for encrypting the bootloader and combining it with firmware are explored, with users sharing their experiences and challenges in achieving successful flashes. Related discussions and links to additional resources are also provided.
Summary generated by the language model.
Popular Topics
ADVERTISEMENT