Category: IoT

Tasmota firmware (pwn your IoT)

Long gone are the days where X10 rules the Smart Home devices space and with ubiquitous WiFi and cheap ESP hardware we’re seeing IoT devices that connect to WiFi. The problem is that almost all of them want to call home and talk to some service in the cloud. Sure you bought the device, but do you really own it?

When I needed a WiFi controlled outlet, I headed off to the Tasmota Supported Devices Repository to determine which one I should buy. Tasmota is one of the options for alternative firmware for ESP devices. This gives you control over the software running on the IoT device, and most importantly the ability to use it without any cloud server that you don’t control. This is still annoyingly difficult, we really need the tech industry to adopt a better way to give people easy to use devices and software without insisting they give up all control.

Buying from Amazon, I didn’t have to wait long to get a cheap WiFi outlet. It is thanks to Michael Steigerwald and his talk “Smart home – Smart hack”  that we have a way to over the air update some of the devices running the Tyua firmware. Unfortunately, to my dismay, I discovered that many of the Tuya based devices ship with a newer and more secure firmware preventing this hack from always working.

The tuya-convert project is pretty comprehensive, but still requires a fairly deep technical understanding to pull off. I tried a couple of ways to run the software before giving up and using a RaspberryPi. Once I decided to go with the Pi things were much easier.

I got lucky as the Moko YX-WS01A appears to ship with old firmware, my next purchase may be more carefully researched. I was very careful to not connect it to the recommended software (smartapp.tyua.com) as that was likely to cause a firmware update. I really didn’t want to have to crack this thing open and hook up to the ESP physically. Maybe the Moko outlets will continue to ship the older, exploitable, firmware – but buyer beware.

Once I had the very basic Tasmota firmware installed, a tasmota_XXXXXX-#### network access point was available (where XXXXXX is a string derived from the device’s MAC address and #### is a number). I can now connect to this access point and configure the device to one of my WiFi networks by opening a browser on 192.168.4.1. Take care, if you mess up the WiFi password you may have trouble recovering the device.

This screen is different than the Tasmota instructions, I suspect this is because the binary provided as part of tuya-convert is stripped down and does not have any specific hardware configured.

Once you configure a connection to a WiFi network, you’ll lose the access point connection, but you will be able to locate the device on the network you connected it to. It will appear with the device name tasmota_XXXXXX-####.

Before we go further, we’ll perform a reset 5 as advised on this page. It may not be needed, but it sounds like a good idea. This is easy to do with the Console provided on the web UI.

We can see that we’re back on version 9.2.0 – so next we’re going to update the firmware. Which firmware should we pick? This page provides a good overview of the various options. There are many ways to perform the upgrade – I’ve elected to download the .gz binary an provide that file to the web UI. I’ve also picked the default and recommended tasmota.bin.gz file. This will update me to version 10.0.0.

The performance of the web UI seemed quite slow, I have to keep reminding myself this is a very basic microcontroller that costs a few dollars. It’s pretty amazing it works. Post firmware upgrade the web performance does seem quite a bit better.

At this point I can hit the Toggle button and see the LED on the outlet turn off an on, but I don’t seem to be triggering the outlet itself. More configuration is needed.

From the web UI, choosing Configure then Configure Module I can see that this is setup as a generic device with only 4 GPIO pins. Using this template as a guide, I select Generic (18) and set the GPIO pins as indicated. This works great, and I can now toggle the outlet on an off via the Web UI.

A word of warning. Back when the device was acting as an access point – you can only attach one device to it, attempts to connect a second client will fail. I also had some weirdness configuring the module, but I think this was because I had multiple browsers / apps pointed at the one device. Go slow, and do one thing at a time.

As for app based control, there are several Android apps which will bypass the need for a MQTT setup and work directly against the HTTP endpoint. I tried several, but decided for my simple needs Tasmota HomeSwitch was a good match.

Using the app seems to mostly work, but has some latency at times depending where the device is at in terms of responding to the HTTP requests. I notice the same type of latency using the web app, but this represents itself more as slowness to load the page vs. waiting for a button press on the app to take effect.

Bonus – the device appears to persist it’s state (on/off) even if you unplug it from power. This is pretty useful as it means that if there a power failure, it will return to the previous state.

Sure it only supports up to 10A, but wifi control over power and I can keep it entirely on my own network is pretty slick.

Review: Filtrete 3M-50 Wifi Thermostat

I came across this particular wifi enabled thermostat a year or so ago, unfortunately they are not available in Canada. I’d guess this is simply the additional headache of bringing an electronic device to market in Canada (yes, different hoops than what is needed in the USA) and the market size. On my last trip to the states I took the opportunity to drop into a HomeDepot and pick one up. There was only 1 unit in the entire city I was in (I had to go to both HomeDepot stores!) – so you may have trouble getting one even if you live in the US, I suggest you call ahead.

The sales pitch on having your home thermostat wifi enabled is to make it simpler to program, and easier to adjust from anywhere in the house or out of the house. When we leave on vacation, turning down the heat and reprogramming the 7 day schedule is pretty low on the priority list. Being able to do so from the hotel over the internet would be handy. I’m looking forward to the ability to pull out more statistics from the device and surface them in graphs, for example yesterday my furnace was on for 4hrs 47mins and today it ran 2hrs 46mins (it was much warmer today).

Most of this post will discuss the installation process, as this is primarily my experience with it so far. Some of this will be specific to my particular install but I’ll try to walk you through the process I used to arrive at a successful result. If you want to stop reading here the short version is that it’s pretty cool, you probably want one.

The first step is to read (or at least flip quickly) through the manuals included. The packaging strongly indicates you need a C wire, the manual lists it as optional. The C wire is required, don’t get confused by the manual. Next take a look the wiring for your existing thermostat.

The good news is that the wire coming out of the wall has more than enough conductors to carry a C wire if I need to add one. The bad news is that I’m standing there scratching my head because I don’t really understand the current wiring.  My existing thermostat is a Honeywell MagicStat CT 3300 for which I was able to easily find a manual online. This helped me identify the wiring that was connected.

Next stop is to go take a look at the furnace, to map the other end of the wires. Unfortunately between the furnace and the thermostat I found this, something I’ll call the mess-o-wires.

The mess-o-wires ties in my A/C unit to the furnace and the thermostat. Opening up the furnace I get to the control board where the wiring starts.

So basically I have my furnace, connected to a wire A, this in turn heads to the mess-o-wires, then connects to wire B, this runs upstairs to the thermostat. Mapping the wire colors and connections results in the following table. The last column is the CT3300 hook ups. I also found a helpful reference to understand what the wiring names were.

Color Wire A Wire B CT 3300
Y orange yellow Y
R red red + black Rh + Rc
W1 white white W
G green green G
C black

This lead to an ah-hah moment. So I’m basically running in a 4 wire mode at the thermostat W Y RH G. The RH and RC are bridged back in that mess-o-wires. Knowing this helped me map to the 3M-50 manual for how to properly hook things up. The solution is that I need to fix the mess-o-wires to allow the C wire to run up to the thermostat using the black wire. Let me stress that this is unlikely to be your solution, but the process of wire tracing and mapping should help you understand your current setup and how to perform the install. If this is over your head, call your furnace service folks to do this part.

Once I was past this part, the actual installation went very smoothly – just follow the manual. The wifi unit ships along with the unit, but is not installed and the manuals don’t seem to reference it beyond providing a URL: www.radiothermostat.com/wifi. I inserted the wifi module while the thermostat was on and running, it seemed to handle that just fine. When you do visit www.radiothermostat.com/wifi you’ll find a friendly 3 step process:

  1. Register for an account on the web
  2. Verify Thermostat Installation
  3. Use laptop to connect your thermostat to your local wifi, and then to the internet

It’s not really three steps since step three contains more sub steps. My notes are a bit sketchy here, but it didn’t seem to provide much in the way of hand holding – they assume you know what you’re doing when it comes to wireless setup. At this point I’ll deviate from how I did the setup and talk about the iOS app. If you have an iDevice, then you should do step 3 above entirely using it. I’m not sure how smoothly a second iOS device will work out as it seemed that I was forced to re-setup the wifi connection (step 3) on the iPad even though it seemed to be working fine over a web browser. (again my notes are a bit rough as to what happened) I’m certain you can have multiple iOS devices, you just might have to go through the setup phase more than once.

There is also an Android app. This seems to be poorly advertised as I only found it while writing this post, they should really add it to the website. Adding the app to my phone and logging in, I’m able to view my thermostat without any network re-setup required. So my iOS app experience above of needing to re-setup the wifi must have been due to some other issue I was having.

I will say that I really like the wireless configuration approach. Much better than the Logitech HarmonyLink mess with a USB cable and browser plugins. The HarmonyLink could easily adopt this style of setup – creating an ad-hoc network to do the wireless configuration. The thermostat generates a 5 digit verification code to ensure that it’s really you, the HarmonyLink could simply flash the led to give you a verification pattern.

For some reason Chrome didn’t seem to work to create an account. Switching to Firefox solved this. After I had created the account, Chrome worked just fine. In fact, the website has a reasonable mobile layout as well. So a strike against them for doing something odd with account sign ups, but kudos for getting it mostly right no matter what device you visit the website with.

The iOS app is very simple, it lets you control the basic functions: temperature up/down; home/away; fan on/off/auto; heat/cool. You cannot set a schedule with the app it seems. The schedule can be set on the device (but who would do that?) and via a full web browser. The mobile version of the website is limited in a similar manner as the iOS app. The Android app appears to offer the same functions as the iOS app.

Configuration of Celcius vs. Fahrenheit is supported by the web/iOS/Android app in a single setting. The physical display on the thermostat requires you configure this as is shown on this youtube video. This had me puzzled for a bit until I found the video link, it is also mentioned in the FAQ.

There is a developer API available and folks who’ve created impressive private versions of a web UI. Interesting that temperatures are all Fahrenheit in the developer API, so I assume that’s how it is stored internally. I’ll certainly be experimenting in this direction when I have some time. The forums seems to be fairly active and have some good content in them from the quick browsing I’ve done.