Friday, January 24, 2025

Discombobulating ESP and home automation

 Never put it past a devoted group of hackers to not only bypass a locked-out device but to improve it and add functionality. Local Costcos were clearing out a multipack of Globe smart plugs for $2.50 each. It was a deal too good to pass up even if I had absolutely no use for such a device...yet!

Typically consumers would purchase these devices to allow switching over the internet. They would need to download the proprietary Tuya/Smart Life/Globe app and be restricted to whatever functionality is embedded. With this setup one is wholly dependent on the manufacturer to update the app (and device firmware) with appropriate security and functionality updates. Wiith many (most?) consumer devices updates are unlikely in the long term, especially with a device cheaper than bus fare.

Enter Tuya Cloudcutter, a toolchain that exploits a vulnerability in the BK7231 chipset-based devices (these Globe plugs have a WB2S module) that permits flashing of custom firmware to bypass the original manufacturer firmware. In my case, I used the exploit to flash a custom firmware that allowed integration with ESPHome, a management console for ESP devices. This would allow import into Home Assistant or allow local connection to the embedded webserver on the custom firmware.

The whole process:

  • install Tuya Cloudcutter on a Raspberry Pi or similar; it needs wifi and ethernet since it'll connect via wifi to the device.
  • run Cloudcutter (sudo ./tuya-cloudcutter.sh -r) and install ESPHome Kickstarter. This installs a local webserver on the device allowing for OTA (over the air) firmware updates.
    • Select Option #2 - Flash 3rd Party Firmware
    • Use By manufacturer/device name and select Globe - 50329 Smart Plug
    • Select ESPHome-Kickstart firmware
    • Put plug into AP mode by holding down power switch until LED slow blinks.
  • connect to the new Kickstart-bk7231 SSID on the device and navigate to 192.168.4.1. Connect the device to your wifi network. Record the device local IP.
  • In Home Assistant ESPHome create a new device. Edit the configuration file or use a standard template. Replace or add your own secrets as needed.
  • Install > Manually download
  • Select UF2 (OTA) and download file.
  • Connect to the device local IP and upload the configuration file you just downloaded.
  • Add modules and cards to Home Assistant with your new smart plug!
I still have no use for the devices yet but it's comforting knowing when I eventually do need them I will have access to a completely open configuration and not be tied to proprietary, outdated technology. Plus, I get all the benefits of integration into Home Assistant where I have the plugs interact with my other (very few) smart devices.

at