If I get time, I plan to hack the Tuya / Lidl Smart Home hub to integrate with Home Assistant. Fortunately the device is fairly easy to get into and the ZigBee module might even have an open source SDK available so it might make a nice project for a rainy day. It would be nice to gauge interest in this.
For those interested, I have documented findings so far here:
Ok, I have a working integration and it’s not much work at all. It was a fun hack but since there’s not much interest in this I’ll keep the writeup short and sweet as follows.
The Tuya/Lidl hub contains a Zigbee Module that talks the EZSP protocol by Silicon Labs. ZHA directly supports this protocol so it’s a matter of just linking the two up.
Thanks for this
Let us see how it compares to Sonoff ZbBridge in terms of Zigbee radio coverage and other usage params.
Both devices are superb in ability to place them in strategic place in house limited only by WiFi coverage and power outlet existence…
Best, JR
I connected GND, Rx, Tx and plugged to USB
I can see output messages but unable to activate the console.
Tried ESC to get to bootloader, then Enter in the console but unable to get in.
—RealTek(RTL8196E)at 2020.04.28-13:58+0800 v3.4T-pre2 16bit
P0phymode=01, embedded phy
check_image_header return_addr:05010000 bank_offset:00000000
no sys signature at 00010000!
P0phymode=01, embedded phy
—Ethernet init Okay!
tuya:start receive production test frame …
Jump to image start=0x80c00000…
decompressing kernel:
Uncompressing Linux… done, booting the kernel.
done decompressing kernel.
start address: 0x80003780
Linux version 3.10.90 (dingsl@dingsl-pc) (gcc version 4.6.4 (Realtek RSDK-4.6.4 Build 2080) ) #10 Tue Apr 28 14:03:14 CST 2020
CPU revision is: 0000cd01
Please press Enter to activate this console. Tuya Gateway Application Normal Srart /tuya/tuya_start.sh UserAppRunDir:
set defult run_dir:/tuya
TY_ENV_APP_RUN_DIR=/tuya
get user cfg file error, load defult cfg file
load platform configure file:/tuya/def.cfg
start.conf is exist
udhcpc (v1.13.4) started
current run dir:/tuya/tuya_user2
tuya_start_children.sh:UserAppRunDir:/tuya JsonFile Path:/tuya/def.cfg
Sending discover…
How could I unlock the keyboard?
P.S. I guess it may be possible UART one of the art connectors is not properly soldered but I can’t see it. It’s too small for me.
Flow control is None
I suspect Rx connector on the board.
I can’t see small details. Tried to resolder it.
If I put out GND and leave Rx and Tx + USB, the Tx still able to send signals. With errors but however. So, Rx is linked.
Besides the functions of the gateway networking SDK, the extended functions are as follows:
There are a large number of Zigbee sub-devices on the market, and Tuya Zigbee gateway cannot be compatible with Zigbee sub-devices of all manufacturers. Extended functions allow you to integrate third-party Zigbee sub-devices that are not compatible with the Tuya ecosystem.
Extended functions allow you to develop multi-protocol convergence gateways, such as Zigbee + 443, Zigbee + Z-Wave, and other multi-protocol combinations, and connect non-Zigbee protocol sub-devices to Tuya Cloud.
Extended functions allow you to develop multi-functional gateways to connect to peripherals such as night lights, siren alarms, and achieve multiple smart scenarios with sensors.
I think it should be a random string of letters and numbers… but no “\x” in it. On my device, the value is encrypted with an encoded key that comes from the SPI at address 0x401800. On mine the raw key looks like this:
<RealTek>FLR 80000000 401800 18
Flash read from 00401800 to 80000000 with 00000018 bytes ?
(Y)es , (N)o ? --> y
Flash Read Successed!
<RealTek>db 80000000 18
[Addr] .0 .1 .2 .3 .4 .5 .6 .7 .8 .9 .A .B .C .D .E .F
80000000: 10 10 7e 7e 7e 7e 7e 7e 7e 7e 7e 7e 7e 7e 7e 7e ..~~~~~~~~~~~~~~
80000010: 7e 7e ~~
They’re different things. The key at 0x402002 is itself encrypted with the key at 0x401800. Security through obscurity! The above script assumes your key is 16 “~”'s like it was on my device. If not then there’s a little more work to do!
simulacra@DESKTOP-EFF32PG:~$ python3 log.py
Encoded aus-key as hex string line 1>80000000: 10 10 45 30 69 72 69 6f 78 42 39 5a 60 5d 78 36
Encoded aus-key as hex string line 2>80000010: 51 4e
Traceback (most recent call last):
File "log.py", line 38, in <module>
auskey = cipher.decrypt(encoded_key)
File "/usr/lib/python3/dist-packages/Crypto/Cipher/blockalgo.py", line 295, in decrypt
return self._cipher.decrypt(ciphertext)
ValueError: Input strings must be a multiple of 16 in length
simulacra@DESKTOP-EFF32PG:~$