If you have a NodeMCU instead, then follow this guide:
The NodeMCU can actually power the boards, but it is better to not connect the 3V3 pin and instead use the boards own USB port to power it.
For anyone who is struggling with getting the boot process to abort - it does seem like there might be a firmware version that’s locked.
After finding it impossible to get the boot to abort, I bit the bullet and bought a new gateway (slightly different casing) and it aborted on the first try and works perfectly !
Weirdly - I also had the “Aborted!” issue when running the FLR commands - I was originally using CoolTerm on MacOS which appeared to be causing the problem. It would skip straight to aborted without letting me press “y” or “n”.
Swapping to use the “screen” command from the mac os terminal worked perfectly.
I presume there is a setting somewhere in “CoolTerm” but I was unable to figure out which setting was causing it.
I successfully got the root password and connected to the gateway using ssh.
My goal is to upgrade the firmware to a newer release because some switch with power monitoring don’t work correctly with 6.5.0 (no power info available). But for now, I don’t need to free the device from tuya.
My questions are:
- Can I backup my current FW to restore it in case something goes wrong. I saw the script for backup but how do I restore?
- Can I upgrade to 6.7.8 (or newer) can keep tuya working as it is now?
- As I only want to upgrade EZSP, can I use the OTA upgrade feature?
Read the link in the first post and then also read post 132 for how to restore an flash image,
I suggest you backup the partitions one by one and not them all in one go.
It will simply be easier to restore them then.
I have no idea if updating the EmberZNet firmware can be done with Tuya and I am not sure if you can restore the firmware back to the old version again.
Restoring the flash will restore the firmware.
I got password in clear but I cannot find how connect to the gateway using SSH.
Could you please describe how to get in? How gateway is connected sitll with serial link ?
sorry maybe my question looks stupid but I’m not programmer at all.
The SSH port on the device is not running on port 22 as standard, but on some other port number, like 2222, 2333 or some other strange number.
Now I’m connected with putty SSH. I was facing issue to find IP adress of my gateway. I finally managed to log root in the serial and get IP adress. In serial the only issue is that there are always incoming instruction from gateway that are perturbating the entry of root and pwd. I did not find way to interrupt it. only longer time to proceed is when “nameserver 114.114.114.114” is apearing.
Now I’m trying to follow these web site : https://community.openhab.org/t/hacking-the-lidl-silvercrest-zigbee-gateway-a-step-by-step-tutorial/129660.
I’ll try to proceed step 8 (as Im now more familiar with previous steps) 
Hello sir
This device can be integrated in Home Assistant by zigbee2MQTT?. And if is how?
Thank you
Could someone clarify when the dump.py has to be lanched in the process? 
Up to what I understood dump script uses serial communication?
Do we need to launch the script while we are on the first steps (bootloader interrupted by esc) of after once we log by serial to root or SSH to root.
Note that Iwas able to connect with either putty serial or SSH to root.
I also was able to log to root with SSH thru WSL. I hope I was clear enough.
Now I’m confused what to do next despite reading most of posts.
thanks for help 
Following this command:
cat serialgateway.bin | ssh -p2333 root@<gateway IP address> "cat >/tuya/serialgateway"
and typing password I got following answer
sh: can’t create /tuya/serialgateway: Is a directory
Try to SSH into the device, then do a cd /tuya followed by ls -la
This should list the files and directories in the /tuya folder and you can see what type of object serialgateway is.
Then you can do a cd serialgateway and again a ls -la to see what is inside that folder, if it is in fact a directory.
Hi WallyR
thanks for help
I got
in tuya
drwxr-xr-x 2 root 0 0 Jan 1 00:06 serialgateway
in serialgateway directory
drwxr-xr-x 2 root 0 0 Jan 1 00:06 .
drwxr-xr-x 11 root 0 0 Jan 1 00:00 …
should I delete this serialgateway directory to be able to proceed with serialgateway.bin?
Did you do a “ls” or a “la -la”?
The latter one will show hidden files too.
If there is still only the two directories inside serialgateway with a “ls -la”, then I think it is safe to do a “rmdir serialgateway”
I did “ls -la” as per you request 
“rmdir serialgateway
-sh: rmdir: not found”
seems it does not wanna do it maybe due to the 2 hidden file inside directory
shall I delete directory with “rm” command?
There are no files
. Is refering to current directory and … is refering to parent directory.
They are present by default in all directories.
Try rm instead. rmdir is usually the command to remove a directory on linux
I got it removed 
Whenever I try to run the lidl_auskey_decode.py script to calculate the key, I keep getting this error.
Why is this?
thorsten@Monster10:/mnt/c/WINDOWS$ python3 lidl_auskey_decode.py
Traceback (most recent call last):
File “/mnt/c/WINDOWS/lidl_auskey_decode.py”, line 35, in
from Crypto.Cipher import AES
ModuleNotFoundError: **No module named ‘Crypto’
thorsten@Monster10:/mnt/c/WINDOWS$
I use WSL
Your Linux installation is missing a crypto package. You need to install that for the script to work. Your Linux installation might have a package manager available to make the installing easy.