Ttlock support

orlandogil2007 · August 15, 2020, 12:04am

Hi good information but a lost on step #4

botts · August 15, 2020, 12:27am

Step 4 updated

orlandogil2007 · August 15, 2020, 2:37am

thank you botts

Valentino_Stillhardt · September 4, 2020, 12:22pm

Nice finding! I’m currently reverse-engineering the SDK that TTLock provides. If I succeed, I can make it work with a RPi or even port it to the ESP12 and make a firmware for it.

Spoiler: The SDK is pretty extensive once you decompile it. It uses AES to encrypt data from and to the lock, CRC8/Maxim to XOR the bytes and more. It’s not that easy to figure the protocol out, but I’m trying! The good thing is the calculation of the keys are all done locally.

If you want to help me in this journey, send me a PM and I’ll let you know what I already have!

Let’s be honest, it’s ridiculous that it needs to phone china to open the lock. If the server ever ceases to exist, we won’t have any web-capabilities anymore.

EDIT: Here’s my repo and what I’ve accomplished so far: https://github.com/Fusseldieb/ttlock-reverse-engineering

Sthope · September 17, 2020, 11:16am

@Valentino_Stillhardt if you open the gateway it has already a esp8266 for wifi chip and a a serial pinout next to it. you can sniff the protocol using it.

I can see similar messages to what you have on github
Screenshot (82)

Sthope · September 17, 2020, 11:34am

the first pin from the right is not connected directly to the 3v of the ESP8266 but powers the gateway instead, for flashing is not possible without blocking communication with the othe MCU but I broke one gateway going that road I haven’t attempted again.

Valentino_Stillhardt · September 17, 2020, 11:58am

That’s interesting! Wouldn’t have expected a ESP in there!

This would make it possible to still use it with a custom firmware, which is neat.

With that said…

Can you open the Serial in putty or something? Maybe the serial logs say something?

I didn’t quite understand what you mean

Sthope · September 17, 2020, 12:03pm

Yes I can (that’s where the print screen comes from)
Altho I am using a logic analyzer like this https://www.youtube.com/watch?v=rR5cEFRO9_s

and what I mean is that I wasn’t able to flash another firmware using that pinout without blocking the N51802 mcu

and yes my ‘idea’ would be after having it all working we could install something like tasmota etc

orlandogil2007 · September 20, 2020, 5:14pm

Hi Botts

i have problem on the step #3, i have the user/password/token but the APP TTLOCK requires phone number or email as user.

#TTLOCK_password 5f45dfe63be56ddc1f1xxxxxxx
#TTLOCK_username homedoor_Orlandoxxxxxxx
#TTLOCK_clientId 7fe8e31xxxxxxxxxxx5xxxxxxxxx
#TTLOCK_clientSecret 05a5xxxxxxxx7fbxxxxxxxxxx

{
“access_token”: “bbf1ccccc2b08d2xxxxxxxxxxxx”,
“refresh_token”: “d10accccc43949xxxxxxxxxxxxx”,
“uid”: 418xxxx,
“openid”: 191334xxxx,
“scope”: “user,key,room”,
“token_type”: “Bearer”,
“expires_in”: 7702780
}

Best Regards

orlandogil2007 · September 20, 2020, 6:58pm

Hi Botts
i find the problem on the APP password, I was using the MD5 password format.

now i working on HA

Antonio_Campos · September 25, 2020, 1:20am

hello everyone,
I add some scripts at TTLockIO lib to help with the “access token” for ttlock api.
I hope that help someone.

See the instructions at readme:

kenzojrc · November 9, 2020, 1:57pm

Hi @Antonio_Campos, really great work! Any chance TTLock2MQTT could be made into a custom component?

I’m currently running Home Assistant on Raspbian, so I cannot install Hass.io addons. Was wondering if I can simply run the add-on directly in Docker… but still figuring it out

gazzzzac · November 15, 2020, 5:41am

Hey Botts, first time caller long time listener to the community. Nicely put together and even I was able to follow the instructions - but I’m just getting an error reply when trying to register new user at frist part of your step 2. Do you know if the app being registered on open.ttlock.com needs to have a status change from Under Review before it accepts ?

botts · November 15, 2020, 6:08am

Yes my understanding is it needs to be approved before you will have access to the api

Albinsson66 · November 20, 2020, 7:27am

Hi Botts and thank you for a very good overview. I am trying to get my TTlocks into home assistant and manage to register my user but got stocked when requesting the token.
“errcode”: 10008, “errcode”: 10008,
“errmsg”: “invalid redirect_uri”,
“description”: “redirect_uri无效，必须和应用信息里保持一致”
I have tried both with my own site (xxx.com registered to the app) and a sub-site (yyy.xxx.com) but still the same issue. Do you know the requirements for the “redirect_uri”? (Sciener does not answer)

botts · November 21, 2020, 3:36am

If u use port when going to your page try updating you sciener api url with port number

********.com:8123

Albinsson66 · November 23, 2020, 10:57am

Thank you for the tip. I noted it was not enough to fw my subdomain to xxx.com:8123 instead I used http://xxx.hopto.org:8123 and that worked. (It was no problem to change the email address after the app had been revived.) After some work with the “Mosquitto broker” and the “TTLock2MQTT” (not so easy for me…) the HA integration is now working. Great!
The TTlock market is huge so I believe this integration could be a hit if a bit more user friendly. Thank you tonyIdo, boots, etc for your work.

kind3r · January 5, 2021, 4:27pm

Hi guys, if anyone is interesed I developed an offline integration that can connect straight from your BLE equipped HA host to the lock: HASS Addon TTLock offline integration

test1 · January 6, 2021, 6:01am

Hi guys.
You have done a great job.
Now I also want to understand how to work with such locks, but a difficulty arose. I try cloud api, got tokens, but I don’t understand how to get data on locks. I registered a user, entered the program under this account on my phone. But when I make requests to get the lock id, there are no answers. Can you help?

darking25399 · July 6, 2021, 9:53am

How many entity which show in mqtt and what are their? Someone please show screenshot?