pOwn your IoT – OpenBeken

If you buy something, you expect to own it – this means being able to decide what it’s doing or not doing. If you can’t open it, you don’t own it. I think this is really important when we consider IoT devices that you add to your home. You should have 100% control over your light switches, not be reliant on some company to allow you to manage them.

In the past I’ve used Tasmota to replace the firmware in some commodity devices with good success. I wanted a new light switch and found the Martin Jerry S01 switch, so I ordered one. Unfortunately when it arrived, I opened it up and discovered the control module was no longer an ESP 8266 – but a Tyua CB3S device.

Some searching turned up the OpenBeken project. This is an open firmware that supports a number of Tuya devices. It appears to be possibly inspired by Tasmota which I found attractive, but the fact that there was a way to run open firmware on this device was the big draw.

Let me back up a little. Opening the MJ-S01 is quite easy. I used a putty spatula (thin metal blade) to pry the side clips. There are 4 clips, two per side.

Once you’ve got the clips released, you can easily remove the switch plate. There is a metal grounding plate you’ll have to un-hook from the switch plate. There is a cable with a 3 pin connector to separate the switch plate from the base, this is optional but makes it easier to work with the switch plate that has the controller.

I went further and removed the screws holding the circuit board to the switch plate in order to see the other side where the CB3S is attached. In the picture above you can see the blue circuit board in the middle. You don’t need to do this extra disassembly as the row of 6 pads exposes the right pins we want to work with.

In order to flash new firmware, I need to find and connect 4 pins: 3.3v, GND, TX, and RX. To identify these I referenced the Tuya documentation on this module which listed the pin outs on the module. Using my multi-meter to check connectivity, I was able to map the pin outs on the module to the pads on the circuit board.

Now it’s a simple matter of heating up the soldering iron and hooking up some wires to these pads.

A bit ugly, but it works. Now I can test that I’ve got things correct by hooking up just 3.3v and GND. Success! When I power on the device this way I get the expected blinking LED, and I can long-press the button to enter setup mode. Getting the stock firmware into AP (access point) mode – I see the expected “Smart_XXXX” access point become available to my laptop WiFi.

Next we get to experience the adventure of setting up the application on Windows. I’m going to gloss over this because it’s both a bit complicated and also my experience is likely to be different than yours. We are trying to get the GUI based flash tool installed. I needed to install some .net framework, and tell Windows it was ok to run this un-trusted application. I was lucky that my USB<->serial dongle was recognized by Windows and showed up as COM6.

Assuming you are able to run the app, get your serial connection sorted out, and provide 3.3v power to the device – we are very close to being able to get things going. One note: I connected the TX of my serial device to the RX of the CB3S board, and RX to TX. Crossing the connection seemed to work for me.

There is quite a bit to unpack from the image above. First you can see that my Serial UART was correctly detected and setup as COM6. I expect your configuration here will be different, and I hope it works easily for you but USB serial devices and windows can be frustrating.

The second key thing is to pick the right “chip type”. The CB3S contains a BK7231N, thus I selected that from the list of supported chips. I suggest you then “Download latest from Web” which in my case upgraded me from version 606 to version 670.

At this point everything seemed OK, but I wanted to proceed cautiously. The CB3S apparently enters programming state upon power on. I had this all hooked up, and tried “Do firmware backup (read) only”. This just worked for me, and I was greeted with the screen capture I took above showing “Reading success!” – so I knew now that I had at least all of the right connections made. The other thing that reading the firmware did was give the tool something to parse and discover the Tuya settings, this data appeared in a second dialog box and provided a JSON payload for me to save away.

Now we need to be brave and flash the latest version of the open firmware. This time it seemed to get stuck trying to enter programming mode and I needed to very (very) briefly disconnect/reconnect power to reset it. This worked great and I held my breath while it flashed.

I had not checked off the box “Automatically configure OBK on flash write” so once it was flashed, I then did a second operation of “Write only OBK config” to write the discovered values (that JSON payload). I didn’t need to configure anything, the tool had already initialized the values internally after the firmware backup step.

In theory, I have the original firmware downloaded to my machine in case I want to revert. If you care about this, maybe track down that file and save it. I personally don’t think I’d ever go back.

One more power cycle, and I’m very happy to see a WiFi access point appear named “OpenBK76231N_XXXXX”. Connecting my laptop to this I’m able to visit the IP address of the gateway (http://192.168.4.1) and am greeted by a very Tasmota looking web page to configure the device.

Now I can remove my patch wires from the solder pads, re-assemble the device and test that things still work end-to-end (they do). While there are similarities to Tasmota, things are quite different. There isn’t a built in timer facility which I was hoping for, but it turns out that via some simple scripting I can program in a timer schedule. You can even change the built in web UI via scripting which is pretty cool.

There is also very nice Home Assistant integration built in. The CB3S controller appears to be more snappy than the Tasmota ESP-8266 based devices I have, so while this device wasn’t what I expected when I ordered it – with a bit of work it seems I’m in a pretty good place.

Footnote: There is a forum which seems fairly active on the OpenBK firmware and various supported devices.

Generating SSH key pairs

Despite having had some excitement recently, SSH continues to be both the utility and a protocol that I use heavily every day. I will also have to shout out to mosh which is a must have overlay, if you aren’t using it – stop reading this now and go get mosh.

Not often, but every once in a while I find myself needing to generate a new key pair for use with SSH. GitHub has one of the best articles on doing this, but it’s not quite what I want. I find myself having to re-think the small differences I want to make each time, clearly time to write up what I do so I can just visit this post when I need to generate a key.

Yup, that’s it. In the directory you run this there will be two files generated. The private key is basename, and the public key is basename.pub. I’m also a fan of the .ssh/config file which you may want to adopt, this makes it easy to have different keys for different systems.

Breaking down the creation command. We are generating a key using the Ed25519 algorithm, most modern systems will support this. Next up we see that we are adding a comment, I find this useful to identify what the public key is for. Last is the filename(s) we want the output written to.

You’ll see that comments often have no whitespace in them, if you want to be risk adverse avoid using spaces and use dashes or something.

OpenWRT on GL.iNet GL-MT6000 (aka: Flint 2)

I was reading through the OpenWRT forum several months back to see if the TPLink AX23 was still the right upgrade choice for me. I’ve been very happy with the classic TPlink Archer C7 – having 3 of these as my core network (two as dumb AP). I came across this thread on devices for ‘newcomers’ and discovered the GL.iNet GL-MT6000, it looks like a monster bit of hardware at a pretty low price point. My travel router is a GL.iNet device and it’s been great hardware for OpenWRT. Then bonus time at work hit, and I ran out of excuses to buy the GL-MT6000.

While you can buy directly from GL.iNet, just after I pushed the buy now button there I discovered that I was going to be on the hook for import duties and the shipping was via FedEx. I’ve not had good experiences with this path and the administration fees are high. The support process from GL.iNet was amazing – a few emails and my order was cancelled without any fuss.

I ended up buying via Amazon.ca (camelcamelcamel link) because shipping costs were predictable. I see that it’s not currently in stock, but my total including shipping was $248.49 – still a deal for this much hardware.

Speaking of hardware

  • Two 2.5Gb ports
  • 1GB RAM
  • 8GB Flash
  • Quad core 2GHz CPU
  • Wifi6

This may not be enough hardware to handle 1Gb symmetric fibre, but I’m still back on a much slower cable 100/30 plan. It also gets me thinking about upgrading my network switches to 2.5Gb.. but that’s a different post.

The device itself has some heft to it – there is apparently a sizeable heat-sink inside. The power cord is short – about 3′, and there is no power switch, not a problem for me, but I can see why some people felt this was a limitation.

Of course, the very first thing I’m going to do is flash this with OpenWRT. This is as simple as grabbing the sysupgrade.bin file from https://openwrt.org/toh/gl.inet/gl-mt6000 and connecting to the device over a wired connection.

The factory firmware hosts an administration web UI on http://192.168.8.1/ allowing you to do basic setup. I’m prompted to pick a language and set a password.

From this screen we can select Upgrade on the left navigation bar, then local upgrade and upload the sysupgrade.bin file we downloaded

The built in firmware handles the upgrade very nicely, it even detects a kernel change and automatically selects to not keep setting (which is what the OpenWRT wiki advises)

Even during the upgrade the web UI is pretty slick

Once it hits 100% it will automatically reboot. Since the OpenWRT default IP is different, we need to visit a different admin web page http://192.168.1.1

I have to say that the exterior of the device has a matte black finish, and the angular styling appeals deeply to my 80’s stealth bomber admiring inner teen. It reminds me of the USRobotics Courier 56k modems back in the day.

At this point we’ve got OpenWRT installed, and it’s just a matter of working through the configuration steps. I did run into a few problems that were my own tripping over my own feet issues. Linux apparently ‘remembers’ the name of the connection, and the type of connection security. If you change the encryption but not the name it seems you can run into problems. I also messed up one of the passwords with a type-o. Eventually I got it all settled down and things worked great.