Hacking the Silvercrest (Lidl/Tuya) Smart Home Gateway

I think you can wait until it booted.
Then press Enter on the console to get a login prompt.
When you are in, you can continue.
Can you show what the console is reporting when you don’t interrupt?
If you cannot get a DHCP lease the device keeps retrying and you see:
Sending discover…
Sending discover…
Sending discover…
nameserver 114.114.114.114

I used a router which is not connected to the internet, but is able to act as a DHCP server.
So you will get an IP address and discover will stop.
MAC adresses start with: 10-5A-17-ED- (in my case)

I’ve waited 30 minutes and i can only see a MAC adress but it won’t recieve a DHCP ip from my Unifi environment.
I will pause this project and using the Zigbee devices with a Sonoff Zigbee 3.0 Dongle Plus.

You could try the reset button as a last attempt. You never know.

Thank you, Paul and everyone who posted helpful things here.
It worked. I succeeded in hacking the Silvercrest.

I was a total noob. First time ever using a USB TTL thingy. hardly did anything with linux shell before. Did a lot of (caferful) trial and error and google. But it was doable and really fun.

I even figured out how to sync the internal clock on startup.

I found a solution.

1. Go to pool.ntp.org: the internet cluster of ntp servers and find a suitable ntphost. I used one for Europe.
2. add this to /tuya/tuya_start.sh:

ntpclient -s -h 0.europe.pool.ntp.org > /dev/null

(replace “0.europe…” with the ntphost of your choice)

My tuya_start.sh file is now this:

#!/bin/sh
ntpclient -s -h 0.europe.pool.ntp.org > /dev/null
tuya/serialgateway &

This sets the date to utc time when you start the device.
Maybe there is a better place to run this and/or maybe it should be made to run on regular intervals, but for now it works.

Thanks Edward I added these NTP settings to the tuya_start script.

For Windows machines with Putty.

If you want use Windows and Putty, then this here is the best way to avoid making Putty disconnect all the time.
(READ THE ENTIRE PROCEDURE INCLUDING THE WARNING IN THE END BEFORE STARTING)

• Connect you FTDI USB device to you computer and to the hub, but DO NOT CONNECT 3V3. Only GND, TX and RX.
• Connect the power USB cable to the hub AND TO THE SAME COMPUTER AS THE FTDI DEVICE.

if you connect both 3V3 on the FTDI device and the extra USB cable, then you will give it too much power and damage the hub.
If you do not connect to the two USB cables to the same device, then you do not have a common ground and you can then also give to much power and damage the device.

This method makes it possible to disconnect and reconnect the USB cable to the hub and thereby restart without Putty shutting down, because the power connection on the Putty USB cable is not changing state.

Hi, i need help to set ip static.
i try to add to end of file in /tuya/tuya_start.sh this lines

killall udhcpc
ifconfig eth1 192.168.1.240 netmask 255.255.254.0

but on reboot the ip still get from dhcp and now the gateway not start with new IP only with old ip.
its work only when i run from ssh the command
sh tuya_start.sh
any idea ??

its work for you to set STATIC IP?

Are you sure on that 254 as 3. number?
It is a possible subnet, but a somewhat funny one.

I think you need a broadcast address too.
if the subnet mask is 255.255.255.0, then the broadcast would be 192.168.1.255 and the entire command would be ifconfig eth1 192.168.1.240 netmask 255.255.255.0 broadcast 192.168.1.255

Do anybody know if the never EmberZNet versions is available for the Lidl/Silvercrest gateway?
There is a version 6.9.0.0, a version 6.10.0.0 and a version 6.10.3.0

if i run this command in console without broadcast its work and change the ip, but in the file tuya_start.sh its won’t work, ip still get from dhcp but the serialgateway not running…

Sound like you might have a problem in the tuya_start.sh file.

Try to post it here.

this is my tuya_start.sh , i add the new line in end of file

#!/bin/sh
while true; do
pgrep -x serialgateway >/dev/null
if [[ $? -ne 0 ]] ; then
echo "Restarting SerialGateway: $(date)" >> /var/log/serialgateway.txt
/tuya/serialgateway >> /var/log/serialgateway.txt &
fi
sleep 30
done &
killall udhcpc
ifconfig eth1 192.168.1.240 netmask 255.255.254.0 broadcast 192.168.1.255

OK i fix it !! its just permission problem…
need to run after create the file :

chmod 755 tuya_start.sh

I did an update to version 6.7.8.0
Can you tell me the differences on the different versions?
Probably support for more devices?
Where did you find this firmware?
I used the guide on community.openhab.org I don’t now if I may put a link to that topic.
The firmware was downloaded from GitHub - grobasoz/zigbee-firmware: ZigBee Development Firmware
Procedure still the same?

A search for “EmberZNet 6.9.0.0” or whatever version you want will give you hits for release notes by Silabs.
But there are releases for different hubs, like here:

And there is a releasw för IKEAs hub which seems somewhat similar to the Lidl hub.

Hi, I’m looking for help to change the root password of my Tuya Gateway. I followed challs’ steps until the tftp part. I’m struggling to connect to the gateway after the ipconfig setting. It seems like the gateway does not connect to my router in bootloader mode. I can’t find it on my router admin page. If I reboot the gateway and let it run (so not in bootload mode), the gateway shows in the router’s list. Did anyone had this problem?
Note that I’m running my tftp command from a raspberry that is connected to the same network as the gateway
Thanks for your help

It will not show on your router, because it is not using DHCP and it is not broadcasting anything.

And be aware that the gateway might return to its default IP address if you are too slow with starting the tftp transfer.

OK that’s clear. Then I guess I tried the right commands yesterday, so what could explain that I receive a timeout when I change the IP to 192.168.1.12 (for example), and tftp this same IP? I also tried to tftp the default IP (in case the gateway returned to its default IP) but I get the same timeout