new Tuya Device Type request

[u253195]

When will Tuya device "smart lock" type be supported? Thanks all.

[ultratoto14]

Hello @u253195, do you already own one device of this kind ?

[u253195]

yes, i do have one Tuya smart lock fot my front door. it,s very convient.

[ultratoto14]

Can you use this page Qualifying-a-device ?

Get the DP dump for lock, unlock and whatever function your device is able to ?

[u253195]

I got this beow. It had something wrong.

./test.py ebd108215989303877cexw 192.168.1.243 44f56478d861c3b3
INFO:localtuya:localtuya version 1.0.0
INFO:localtuya:Python 3.8.2 (default, Jul 16 2020, 14:00:26) 
[GCC 9.3.0] on linux
INFO:localtuya:Using pytuya version '8.1.0'
INFO:localtuya:Detecting list of available DPS of device ebd108215989303877cexw [192.168.1.243], protocol 3.3.
DEBUG:localtuya.pytuya:Sending command status (device type: type_0a)
DEBUG:localtuya.pytuya:paylod=b'{"gwId":"ebd108215989303877cexw","devId":"ebd108215989303877cexw"}'
DEBUG:localtuya.pytuya:DATA RECEIVED!
DEBUG:localtuya.pytuya:decode payload=b'\x19\x12\xe3\x9e>\x92\xf2\xc7\x8c\xb2\xfa\x19\xec\xc9\x0b\x7f\xbbk\x12\x8b\xbbv5\x1c\xfa\x93v]\xc4<7#'
DEBUG:localtuya.pytuya:decrypted result=''
DEBUG:localtuya.pytuya:Failed to connect to 192.168.1.243. Raising Exception.
WARNING:localtuya.pytuya:Failed to get status: Expecting value: line 1 column 1 (char 0)
INFO:localtuya:Detecting list of available DPS of device ebd108215989303877cexw [192.168.1.243], protocol 3.3.
DEBUG:localtuya.pytuya:Sending command status (device type: type_0a)
DEBUG:localtuya.pytuya:paylod=b'{"gwId":"ebd108215989303877cexw","devId":"ebd108215989303877cexw"}'
DEBUG:localtuya.pytuya:DATA RECEIVED!
DEBUG:localtuya.pytuya:decode payload=b'\x19\x12\xe3\x9e>\x92\xf2\xc7\x8c\xb2\xfa\x19\xec\xc9\x0b\x7f\xbbk\x12\x8b\xbbv5\x1c\xfa\x93v]\xc4<7#'
DEBUG:localtuya.pytuya:decrypted result=''
DEBUG:localtuya.pytuya:Failed to connect to 192.168.1.243. Raising Exception.
WARNING:localtuya.pytuya:Failed to get status: Expecting value: line 1 column 1 (char 0)
INFO:localtuya:Detecting list of available DPS of device ebd108215989303877cexw [192.168.1.243], protocol 3.3.
DEBUG:localtuya.pytuya:Sending command status (device type: type_0a)
DEBUG:localtuya.pytuya:paylod=b'{"gwId":"ebd108215989303877cexw","devId":"ebd108215989303877cexw"}'
DEBUG:localtuya.pytuya:DATA RECEIVED!
DEBUG:localtuya.pytuya:decode payload=b'\x19\x12\xe3\x9e>\x92\xf2\xc7\x8c\xb2\xfa\x19\xec\xc9\x0b\x7f\xbbk\x12\x8b\xbbv5\x1c\xfa\x93v]\xc4<7#'
DEBUG:localtuya.pytuya:decrypted result=''
DEBUG:localtuya.pytuya:Failed to connect to 192.168.1.243. Raising Exception.
WARNING:localtuya.pytuya:Failed to get status: Expecting value: line 1 column 1 (char 0)
INFO:localtuya:TIMEOUT: No response from device ebd108215989303877cexw [192.168.1.243] after 2 attempts.

[postlund]

How did you extract the key? The payload decrypts to an empty strings, something that usually points towards the key being incorrect.

[u253195]

I use simulator run smartlift app 3.3.0 get local key from preferences_global_keyaz1605109505486DAK5p.xml I have another tuya smart socket. I test it with test.py, it returns what you said.

Pierre Ståhl notifications@github.com 於 2020年12月19日 週六 下午5:26寫道：

How did you extract the key? The payload decrypts to an empty strings, something that usually points towards the key being incorrect.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rospogrigio/localtuya/issues/232#issuecomment-748447986, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACSONN3C5GDGU7UOERDSE6DSVRWSPANCNFSM4UXSQJVA .

[postlund]

I'm still not convinced that the key is correct. Would you mind setting up an account at iot.tuya.com and try to register the device with tuya-cli instead?

[rospogrigio]

@u253195 is your smart lock directly connected to the network or is it passing through a gateway?

[u253195]

Yes, it is directly connected to my network with other tuya smart sockets.

rospogrigio notifications@github.com 於 2021年1月18日 週一 06:08 寫道：

@u253195 https://github.com/u253195 is your smart lock directly connected to the network or is it passing through a gateway?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rospogrigio/localtuya/issues/232#issuecomment-761888735, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACSONN465JDFKMKP6QJ66STS2NNT7ANCNFSM4UXSQJVA .

[G-Christ]

Hi, Any news on this? I just bought the Tuya X5 smart lock and much interested in managing it from Home Assistant.

[rospogrigio]

Currently it seems to be not possible to operate the Tuya locks. The most advanced thread that I know of about this is https://github.com/Koenkk/zigbee2mqtt/issues/4478 .

[G-Christ]

I got this beow. It had something wrong.

./test.py ebd108215989303877cexw 192.168.1.243 44f56478d861c3b3
INFO:localtuya:localtuya version 1.0.0
INFO:localtuya:Python 3.8.2 (default, Jul 16 2020, 14:00:26) 
[GCC 9.3.0] on linux
INFO:localtuya:Using pytuya version '8.1.0'
INFO:localtuya:Detecting list of available DPS of device ebd108215989303877cexw [192.168.1.243], protocol 3.3.
DEBUG:localtuya.pytuya:Sending command status (device type: type_0a)
DEBUG:localtuya.pytuya:paylod=b'{"gwId":"ebd108215989303877cexw","devId":"ebd108215989303877cexw"}'
DEBUG:localtuya.pytuya:DATA RECEIVED!
DEBUG:localtuya.pytuya:decode payload=b'\x19\x12\xe3\x9e>\x92\xf2\xc7\x8c\xb2\xfa\x19\xec\xc9\x0b\x7f\xbbk\x12\x8b\xbbv5\x1c\xfa\x93v]\xc4<7#'
DEBUG:localtuya.pytuya:decrypted result=''
DEBUG:localtuya.pytuya:Failed to connect to 192.168.1.243. Raising Exception.
WARNING:localtuya.pytuya:Failed to get status: Expecting value: line 1 column 1 (char 0)
INFO:localtuya:Detecting list of available DPS of device ebd108215989303877cexw [192.168.1.243], protocol 3.3.
DEBUG:localtuya.pytuya:Sending command status (device type: type_0a)
DEBUG:localtuya.pytuya:paylod=b'{"gwId":"ebd108215989303877cexw","devId":"ebd108215989303877cexw"}'
DEBUG:localtuya.pytuya:DATA RECEIVED!
DEBUG:localtuya.pytuya:decode payload=b'\x19\x12\xe3\x9e>\x92\xf2\xc7\x8c\xb2\xfa\x19\xec\xc9\x0b\x7f\xbbk\x12\x8b\xbbv5\x1c\xfa\x93v]\xc4<7#'
DEBUG:localtuya.pytuya:decrypted result=''
DEBUG:localtuya.pytuya:Failed to connect to 192.168.1.243. Raising Exception.
WARNING:localtuya.pytuya:Failed to get status: Expecting value: line 1 column 1 (char 0)
INFO:localtuya:Detecting list of available DPS of device ebd108215989303877cexw [192.168.1.243], protocol 3.3.
DEBUG:localtuya.pytuya:Sending command status (device type: type_0a)
DEBUG:localtuya.pytuya:paylod=b'{"gwId":"ebd108215989303877cexw","devId":"ebd108215989303877cexw"}'
DEBUG:localtuya.pytuya:DATA RECEIVED!
DEBUG:localtuya.pytuya:decode payload=b'\x19\x12\xe3\x9e>\x92\xf2\xc7\x8c\xb2\xfa\x19\xec\xc9\x0b\x7f\xbbk\x12\x8b\xbbv5\x1c\xfa\x93v]\xc4<7#'
DEBUG:localtuya.pytuya:decrypted result=''
DEBUG:localtuya.pytuya:Failed to connect to 192.168.1.243. Raising Exception.
WARNING:localtuya.pytuya:Failed to get status: Expecting value: line 1 column 1 (char 0)
INFO:localtuya:TIMEOUT: No response from device ebd108215989303877cexw [192.168.1.243] after 2 attempts.

Hi,

I have a Tuya X5 smart lock, WIFI without gateway. https://www.aliexpress.com/item/1005002206270511.html?spm=a2g0s.9042311.0.0.2afb4c4dWz2nff It functions as it should from the Smart Life app but I am interested in integrating in i Home Assistant so I can include it in automations.

When I run the test.py, I get: "DEBUG: localtuya.pytuya: Failed to get status: [Error 113] No route to host"

I am sure that all input parameters are correct. I cannot ping it neither, from the PI running CLI and TuyaDebug, or other MS Windows machines on same network.

I tried both methods her https://github.com/codetheweb/tuyapi/blob/master/docs/SETUP.md anf got the ID, IP and Key (it returns my external public IP but I found the local IP to use) but still same problem.

Any trick of getting around this? What lock do you have yourself?

[G-Christ]

Currently it seems to be not possible to operate the Tuya locks. The most advanced thread that I know of about this is Koenkk/zigbee2mqtt#4478 .

Thanks for the tip. I am using the WIFI and not the Zigbee version. It should be another approach as no gateway is involved! Right?

[rospogrigio]

It looks like it cannot decrypt the payload, as if the localKey was wrong. Sorry but I have no idea on how to help you with this. I have an Airbnk M510 ( https://it.aliexpress.com/i/1005001724026708.html ) , BT with wifi gateway. That discussion is concerning the Zigbee gateway but in the end it is moving to trying to reverse engineer the traffic to the lock, independently from the Zigbee communication. I don't know where it will lead, and if it will ever succeed.

[G-Christ]

yes, but I need at least to pass my first network issue. then we'll see what happens. Maybe somebody can help :)

[nourmehdi]

@rospogrigio i just received the M531 LOCK today , tomorrow will receive the batteries , i installed necessary stuffs on rooted android , to sniff HCI bluetooth communication directly to wireshark , and i will use a script to bypass SSL certificate trust manager to sniff communication with airbnk cloud , will do both process in parallel to see if there's a kind of key exchange between server and device over internet . The bluetooth protocol used by the lock use non standard GATT profiles , but i did found the UUIDs inside the reversed code . I think the best and fastest way is to find a vulnerability , to use the lock via the W100(wifi bridge to BT ) , same as tuya local kind . after that will be more easy just to send http API commands to the bridge and the bridge will do the rest . The W100 bridge is based on ESP32 wifi chip . I don't know if the airbnk cloud informations are hardcoded inside the ESP32 firmware , or uploaded via bluetooth at initial connection between phone and W100 gateway . If it is the second case , it will be easier . I will keep you updated .

[formatBCE]

@nourmehdi i got Airbnk M300 (BT) with Wi-Fi gateway. Let me know, if i can help somehow, as i'm interested connecting it to HA too.

[nourmehdi]

@formatBCE , for the HA integration there's two approaches . First is to python code custom integration handling all lock functionalities( bluetooth com, encryption, otp.. ) therefore using integrated bluetooth hardware . Second is to make http API in HA wich will communicate with bluetooth wifi bridge via wifi( ESP32 OR SIMILAR) therefore ESP32 will be handling bluetooth communication with the lock . The W100 bridge is using ESP32 and web API . You can start by doing a wifi traffic analysis via wireshark to sniff communication between lock and bridge and see if they use a secure protocol ( secure websocket or HTTPS) . IF IT'S not secure will be more easy to use their API instead of creating one from scratch.

[formatBCE]

@nourmehdi actually, I did try it already. It's SSL, and for some reason I couldn't make it work with trusted certificate to become MITM... I guess I need rooted Android, which I don't have. Airbnk app just stops working via SSL proxy... But maybe, I'm doing it wrong.

I sent a letter to Airbnk yesterday - let's see what they answer (if ever).

[nourmehdi]

@formatBCE yes indeed the connection between the android app and airbnk server is HTTPS , and you cannot use trusted certificate to be MITM since the android trust manager won't allow you, in this particular case you need to reverse the airbnk apk and use frida tool to perform SSL pinning and therefore bypass the certificate trust process . You can do this without rooting by injecting thr frida gadget into apk and then sign it and repack it and install it . After that you will be able to sniff https calls to airbnk server. Despite this is very usefull to understand how it works , what i meant by sniffing traffic , is to sniff the downlink traffic coming from the airbnk server via internet to the bridge , this is the most usefull part . I think that even when you are at home connected to your local wifi network the request to open or close lock is transmitted via wifi the to the server and then down to the bridge then to the lock . Unfortunately i don't have the bridge to do all this tests( will receive it soon). You can do a traffic analysis in wifi monitor mode and catch traffic between bridge and the router to see if incoming packet is http or websocket and then if it's secured or not.

[formatBCE]

@nourmehdi got you. Makes sense to learn the API from that side - this way we could make it local, right? Let me scan Google for correct ways to sniff that.

[nourmehdi]

@formatBCE Exactly if the API is clearly exposed we can make local API calls . For the bridge router sniff process , this is a usefull link https://mohit.io/blog/windows-capture-analyze-mobile-device-network-traffic/ , you can try to create a rogue acces point on windows and then connect the bridge to this access point , and using wireshark sniff data .

[formatBCE]

@nourmehdi i fought with my WiFi adapter drivers, but finally managed to arrange hotspot. However, for some reason, i can't connect Airbnk gateway to it. Checked and reassigned WiFi channel to 8 (was 11 though), but still can't... Maybe you will have more luck with it. I will be trying more.

[formatBCE]

@nourmehdi looks like BT gateway does not support WPA2-PSK security. This is the only difference i found between my regular WiFi for smart home devices, and mHotspot one. Other things are identical: frequency 2.4GHz, channel 8, speed 20MHz. I tried to delete and reconnect gateway to old WiFi - works good. But cannot connect to rogue hotspot.

Based on this info https://answers.microsoft.com/en-us/windows/forum/windows_10-networking-winpc/can-you-change-the-wifi-security-for-win10-wifi/7741cacf-5a70-4403-bbbb-e5efa7a9db2d, one cannot change hotspot security to WPA from WPA2... Do you know the way to do it, by chance?

[nourmehdi]

@formatBCE seems very weird , since the WPA2 PSK is the standard recommended encryption for wifi nowadays , because the WPA is more vulnerable. Sorry my question will seem stupid but have you tried to connect another device(your phone or other) to the rogue hotspot to see if it's working ?

[formatBCE]

@nourmehdi this question is pretty legit! :) Yes, before trying gateway, i connected my smartphone to that hotspot, and even captured packets from it with Wireshark. Moreover, Airbnk app doesn't provide manual WiFi SSID prompt, using current WiFi connection instead, so i had to do it anyway.

[nourmehdi]

@formatBCE i think i may have an idea about what's going wrong but i'm not sure . I think it's related to the type of the Access point( adhoc or infrastrucrure mode) , i think the default access point created on windows is adhoc mode , and many devices cannot connect to adhoc access point , check this to enable infrastructure mode and let me know , https://www.howtogeek.com/180649/htg-explains-whats-the-difference-between-ad-hoc-and-infrastructure-mode/

[formatBCE]

@nourmehdi well, from that link, seems like hosted network is the actual way to create infrastructure-grade access point. Ad-hoc hotspot can be created right from control panel. Add netsh (which is used by mHotspot program) is creating infra one.

[nourmehdi]

@formatBCE hmm i see , try to take a look at network cards to see if you have a new Microsoft virtual WiFi Miniport Adapter. Since windows 7 and windows 10 are slightly different in creating hotspots . And then in parralel try to create hotspot from your android mobile phone( android create infrastructure mode) , and then try to connect bridge to android hotspot and see if it works .

[formatBCE]

@nourmehdi i can't do it on my phone - Airbnk app is picking up main WiFi SSID automatically, ant there's no way to change it to my hotspot SSID. Yes, i have that additional adapter in device manager, and in connections.

[formatBCE]

@formatBCE seems very weird , since the WPA2 PSK is the standard recommended encryption for wifi nowadays , because the WPA is more vulnerable. Sorry my question will seem stupid but have you tried to connect another device(your phone or other) to the rogue hotspot to see if it's working ?

That's why i'm keeping all my smart home devices on separate dedicated WiFi router/SSID. I had similar troubles with dual-band WiFi...

[nourmehdi]

@formatBCE take a look at this video http://www.youtube.com/watch?v=klHzMyYFGeQ

[formatBCE]

@nourmehdi but that's how i did it. Well, in correlation to Win 10, and a lot of troubles with drivers for my PCIe WiFi card...

[nourmehdi]

@formatBCE yes that's what i found out looking for the issue , many driver troubles . Keep trying , i will get you informed once i get my bridge. I have windows 10 so we will see how it will ends . Otherwise try also to use wifi wireshark in promiscious mode , this way the packet sent from router to the bridge won't be dropped by your computer network card , we will be able to see traffic not belonging to you ,only condition is that your bridge and computer need to be connected to same router .

[nourmehdi]

@formatBCE after some research , since the capture directly on the interface while using it as a rogue hotspot didn't work ,and the promiscious mode don't work either to capture wifi traffic sent to another client , you can try and check if your wifi card support monitor mode , then using the npcap wlanhelper tool via command line , change channel to match your router channel , and then keep your computer and bridge both close to the router to capture the wpa 4 way handshake .After that using your wpa key on wireshark, you can decrypt raw radio packet and analyse communication between bridge and router . This is a usefull link , https://kalitut.com/decrypt-wi-fi-traffic-wireshark/

[nourmehdi]

@formatBCE good news , i received the W100 bridge today and i configured my wireless adapter under kali linux in monitor mode , decrypted wifi packets in wireshark. I found that the bridge is not using TLS to connect to server , instead it's using non secured MQTT over websocket . I found some pub sub data packets ,i will dig further and let you know

[formatBCE]

@nourmehdi great news indeed!

[formatBCE]

@nourmendi any luck with that? :)

[Sthopeless]

i have managed to unlock my tuya zigbee lock using the API as described here

[schachar]

Do you have a code sample?

[rospogrigio]

Yeah, a code sample would be precious!

[Sthopeless]

@rospogrigio maybe we could do it over discord? this is my nick sthope#5558

I am using Postman: https://developer.tuya.com/en/docs/iot/set-up-postman-environment?id=Ka7o385w1svns And converting the messages with http://tool.chacuo.net/cryptaes/

[Sthopeless]

@schachar what kind of Tuya Lock do you have if you dont mind me asking?

I have put together a small python script that unlocks Tuya Zigbee Locks (Lock needs to have the option to unlock via Tuya/Smartlife App and have Pincode) .

If you want to give it a try i put the files here https://github.com/Sthopeless/74757961 Env's file needs to be mostly filled up and after all set up you can send a MQTT msg to topic TuyaLock/cmd with payload unlock_door and within few seconds your door should unlock.

let me know if you decide to give it a go and how it went.

I have also discovered how to unlock the Tuya WiFi Locks that send a request to the App asking to unlock..

But everything needs connection to Tuya Cloud because of the 'random' password...

Tuya is now developing a new integration for Home Assistant and have said the plans are to also enable local control.. Maybe if we all make a little pressure on the topic magic will happen https://github.com/tuya/tuya-home-assistant

[schachar]

@Sthopeless Not at all. I have an M531 with ZigBee and the wifi hub I'll try your code on the weekend, I hope. So far, I have tried using the cloud API but didn't invest too much time. It wasn't clear from tuya API how exactly to decrypt the temp password etc. I will look into it when I get the time.

Right now, I use a "trick" to lock the door: I put a small electromagnet on the wifi bridge and use home-assistant to enable/disable it. The app can configure the amount of time after a "door closed" the lock automatically locks, so I put that to a minimum, and the door locks once I activate the electromagnet.

[schachar]

@Sthopeless I tried it, but keep getting a token expired message on the first API call which is strange as I manage to get a working session with postman have you encountered anything like it?

[Sthopeless]

@Sthopeless I tried it, but keep getting a token expired message on the first API call which is strange as I manage to get a working session with postman have you encountered anything like it?

Have you configured env.py file according? Also have you installed the pip requirements?

I know Tuya has been updating the API but I just tested under Windows and Linux and it still unlocked with no errors.

[Sthopeless]

Also be sure your mobile App is linked to your https://iot.tuya.com/cloud project

[schachar]

@Sthopeless I loaded it with docker, I saw it does all the pip installs. Configure the ENV file (MQTT works fine, and I also added debug printout for the parameters but it fails on the first API call here https://github.com/Sthopeless/74757961/blob/main/Zigbee_Doorlock.py#L49 (The actual error comes from here as the field isn't found in the json https://github.com/Sthopeless/74757961/blob/main/Zigbee_Doorlock.py#L52

[Sthopeless]

redownloaded and entered all my env's and tested just to be sure and it works @schachar. if first API call is falling either means wrong entries in env.py or something wrong awhile creating the project.

Check this pictures to see if it matters or helps anyhow:

1:

2:

3:

4:

[schachar]

@Sthopeless now we are getting somewhere, thanks I've created a new project and now the communication is working fine (for temp password) but the door doesn't open. On the API call I get: {'code': 2009, 'msg': 'not support this device', 'success': False, 't': 1626880057631}

Where do I configure to lock password, is it one of the passwords from the airbnk API?

Also I don't see the smart lock in the device list on the cloud page (only the light switches) in the application I do see it Edit: I do see it was just on the next page