Flashing of WiFi Switch with a Raspberry Pi
There are many similar devices made by the same big company (Tuya) and redistributed by 3rd parties companies (like Sonoff, AVATTO, ...). These devices are natively integrated with the Tuya cloud which can operate the device remotely. For example, from the cloud it's possible to upload a new firmware via OTA.
If you consider this to be unsecure and a kind of leakage in your home network, you can flash the device with a open source firmware (Tasmota) which can be operated locally on your network, does not require a cloud, and can be integrated locally with other system like Domoticz, Home Assistant, Alexa, Google.
Devices produced up to early 2020, could be flashed with a Tuya cloud simulator, e.g. tuya-convert. The vulnerability has been fixed and tuya-convert cannot works anymore (see #483).
If you want to flash the Tasmota firmware, you need to open the device and connect a serial device (like a Raspberry PI) to the test points. A bit of reverse engineering needs to be done to map the testing point to the ESP chip pins.
For the ESP pinout, you need to check the Espressif datasheet. See for example:
- ESP8266 https://www.espressif.com/sites/default/files/documentation/0a-esp8266ex_datasheet_en.pdf
- ESP8255 https://www.espressif.com/sites/default/files/documentation/0a-esp8285_datasheet_en.pdf
This page applyes to a specific device: 
Follow one of these procedures to edit /boot/config.ini and /boot/cmdline.txt https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3-4/ https://hallard.me/enable-serial-port-on-raspberry-pi/
In alternative, you can use any USB Serial devices or an Arduino serial
For this device the connection scheme is:
- connect RPI GPIO 5V to pin 3 of 5V/3V converted
- connect RPI GPIO TX to ESP serial RX
- connect RPI GPIO RX to ESP serial TX
- connect RPI GPIO GND to ESP GND
In order to make the reverse enginnering of the connection, you need to identify the test points and to follow the path up to the ESP pins. The test points are tipically always present in any device as they are used by the manufactor to flash the firwmare after the HW assembly. The test points shall allows therefore to power the chip (ESP 0 GND, +3.3 V), to connect to its serial (ESP GPIO TX, RX), to force the flash mode (ESP GPIO0) and to test that the button works properly. Indeed we need six test points. In this example...
First observation: you recognize the black square chip; in this example it's ESP8285.
The test points (6 in this example) are the circles plate in the bottom right part. Let's call the A, B, C, D, E, F.
To follow the path up the ESP chip, you need to follow some solders on the back plate.
See the attached photo. Note that this photo is left-right flip so that it's easy to correlate the points in which the connection move from the front to the back plate. These points are holes which are visibible in the same position on both plate.
The pin A is clearly solded with the button
; this means that it's connected to the ESP GPIO0 pin. There is no further need to sold this pin. When the ESP GPIO0 need to be put on ground, this is equivalent to pressing the button.
The pin F is clearly connected to the main ground (the light red present almost everywhere in the board)
- switch on the device with ESP GPIO0 shortcut on GND; this can be done by pressing the device button
- run esptool and flash the firmware
esptool.py erase_flash
esptool.py write_flash -fm dout 0x0 tasmota.bin
There a couple of additional step to configure your new tasmota devices.
For example you need to explain to the firware what is the expected action to execute when the button is pressed (i.e. seitch the relee).
There is a procedure in the Tasmota wiki which explain how to reverse engineering the internal device GPIO connections.
Once you have done, you can create a template to be uploaded to any equivalent device.
For this specific device the template is:
{"NAME":"Switch","GPIO":[0,0,0,0,0,17,0,0,21,0,0,0,0],"FLAG":0,"BASE":18}