Bonjour donc comme je suis en train de dépouiller les produits lidl et que je m’interesse à la gateway, je viens pondre mon oeuf ici, j’ai déjà démonté la prise
Box lidl
Au vu de la prise elle est sous la même techno que la prise « TUYA »
En effet on trouve le TYZS4en coordinateur zigbee
TUYA est bavard sur ses information, tant mieux, un point qui me fait aimer leur firm ( le seul point d’ailleurs)
On a le chipset realtech pour le réseau ip
Et
EM6AA160TSE-5G
DRAM Chip DDR SDRAM 256Mbit 16M X 16 2.5V 66-Pin TSOP-II
Donc tous se trouve dans le TYZS4, et en plus il y a un port de débug/prog en dessous et au pas de 2.54mm génial on peut donc y souder des plots standard
Features
A built-in low-power 32-bit ARM Cortex-M4 processor with a DSP instruction set and a floating point unit that doubles as an application processor
- Supports a main frequency of 40MHz
- Wide operating voltage: 2.2V-3.8V
- Peripherals: 4×GPIOs, 1×UART (with flow control),
- Zigbee operating characteristics
- Supports 802.15.4 MAC/PHY
- Operating channels 11 to 26 @2.400-2.483GHz, air-interface rate 250Kbps
- Built-in DC-DC circuit for maximum power efficiency
- +19dBm maximum output, dynamic power output > 35dB
- 63uA/MHz operating power consumption; 1.4 uA sleep current
- Active net pairing with terminal devices
- Built-in onboard PCB antenna/reserved Ipex connector for high gain external antenna
- Operating temperature: -40℃ to 85℃
- Supports hardware encryption and supports AES 128/256
- Supports wireless packet captures
le port de prog avec un j-link y est décrit
Le but est de pouvoir réorienter les info MQTT vers Jeedom et non plus TUYA
Après avoir trouvé la vitesse du terminal on obtient un équipement très bavard 38400bd n81
<CR><LF>
**Booting...** <CR><LF>
<NUL>**** <LF><CR>
**@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@** <LF><CR>
**@** <LF><CR>
**@ chip__no chip__id mfr___id dev___id cap___id size_sft dev_size chipSize** <LF><CR>
**@ 0000000h 0c84018h 00000c8h 0000040h 0000018h 0000000h 0000018h 1000000h** <LF><CR>
**@ blk_size blk__cnt sec_size sec__cnt pageSize page_cnt chip_clk chipName** <LF><CR>
**@ 0010000h 0000100h 0001000h 0001000h 0000100h 0000010h 000004eh GD25Q128** <LF><CR>
**@** <LF><CR>
**@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@** <LF><CR>
**DDR1:32MB** <LF><CR>
<LF><CR>
**---RealTek(RTL8196E)at 2020.04.28-13:58+0800 v3.4T-pre2 [16bit](400MHz)** <LF><CR>
**P0phymode=01, embedded phy** <LF><CR>
**check_image_header return_addr:05010000 bank_offset:00000000** <CR><LF>
<CR>
**no sys signature at 00010000!** <LF><CR>
**P0phymode=01, embedded phy** <LF><CR>
<LF><CR>
**---Ethernet init Okay!** <LF><CR>
**tuya:start receive production test frame ...** <LF><CR>
**Jump to image start=0x80c00000...** <LF><CR>
**decompressing kernel:** <CR><LF>
**Uncompressing Linux... done, booting the kernel.** <CR><LF>
**done decompressing kernel.** <CR><LF>
**start address: 0x80003780** <CR><LF>
**Linux version 3.10.90 (dingsl@dingsl-pc) (gcc version 4.6.4 (Realtek RSDK-4.6.4 Build 2080) ) #10 Tue Apr 28 14:03:14 CST 2020** <CR><LF>
**CPU revision is: 0000cd01** <CR><LF>
**Determined physical RAM map:** <CR><LF>
**memory: 02000000 @ 00000000 (usable)** <CR><LF>
**Zone ranges:** <CR><LF>
**Normal [mem 0x00000000-0x01ffffff]** <CR><LF>
**Movable zone start for each node** <CR><LF>
**Early memory node ranges** <CR><LF>
**node 0: [mem 0x00000000-0x01ffffff]** <CR><LF>
**icache: 16kB/16B, dcache: 8kB/16B, scache: 0kB/0B** <CR><LF>
**Built 1 zonelists in Zone order, mobility grouping on. Total pages: 8128** <CR><LF>
**Kernel command line: console=ttyS0,38400 root=/dev/mtdblock2** <CR><LF>
**PID hash table entries: 128 (order: -3, 512 bytes)** <CR><LF>
**Dentry cache hash table entries: 4096 (order: 2, 16384 bytes)** <CR><LF>
**Inode-cache hash table entries: 2048 (order: 1, 8192 bytes)** <CR><LF>
**Memory: 27700k/32768k available (2479k kernel code, 5068k reserved, 525k data, 192k init, 0k highmem)** <CR><LF>
**SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1** <CR><LF>
**NR_IRQS:128** <CR><LF>
**console [ttyS0] enabled** <CR><LF>
**Calibrating delay loop... 398.13 BogoMIPS (lpj=1990656)** <CR><LF>
**pid_max: default: 4096 minimum: 301** <CR><LF>
**Mount-cache hash table entries: 512** <CR><LF>
**reg e0=0** <CR><LF>
**reg e1=0** <CR><LF>
**reg e2=0** <CR><LF>
**reg e3=0** <CR><LF>
**reg e4=0** <CR><LF>
**reg e5=0** <CR><LF>
**reg e6=0** <CR><LF>
**reg e7=0** <CR><LF>
**reg f0=0** <CR><LF>
**reg f1=0** <CR><LF>
**reg f2=0** <CR><LF>
**reg f3=0** <CR><LF>
**reg f4=0** <CR><LF>
**reg f5=0** <CR><LF>
**reg f6=0** <CR><LF>
**NET: Registered protocol family 16** <CR><LF>
**bio: create slab <bio-0> at 0** <CR><LF>
**NET: Registered protocol family 2** <CR><LF>
**TCP established hash table entries: 512 (order: 0, 4096 bytes)** <CR><LF>
**TCP bind hash table entries: 512 (order: -1, 2048 bytes)** <CR><LF>
**TCP: Hash tables configured (established 512 bind 512)** <CR><LF>
**TCP: reno registered** <CR><LF>
**UDP hash table entries: 256 (order: 0, 4096 bytes)** <CR><LF>
**UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)** <CR><LF>
**NET: Registered protocol family 1** <CR><LF>
**squashfs: version 4.0 (2009/01/31) Phillip Lougher** <CR><LF>
**jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc.** <CR><LF>
**msgmni has been set to 54** <CR><LF>
**Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254)** <CR><LF>
**io scheduler noop registered** <CR><LF>
**io scheduler deadline registered** <CR><LF>
**io scheduler cfq registered (default)** <CR><LF>
**Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled** <CR><LF>
**serial8250: ttyS0 at MMIO 0x18002000 (irq = 9) is a 16550A** <CR><LF>
**serial8250: ttyS1 at MMIO 0x18002100 (irq = 13) is a 16550A** <CR><LF>
**Realtek GPIO Driver for Flash Reload Default** <CR><LF>
**tuya_gpio_init ok, scan expire time:50** <CR><LF>
**SPI INIT** <CR><LF>
**------------------------- Force into Single IO Mode ------------------------** <CR><LF>
**|No chipID Sft chipSize blkSize secSize pageSize sdCk opCk chipName |** <CR><LF>
**| 0 c84018h 0h 1000000h 10000h 10000h 100h 84 0 GD25Q128|** <CR><LF>
**----------------------------------------------------------------------------** <CR><LF>
**SPI flash(GD25Q128) was found at CS0, size 0x1000000** <CR><LF>
**boot+cfg offset=0x0 size=0x20000 erasesize=0x10000** <CR><LF>
**linux offset=0x20000 size=0x1e0000 erasesize=0x10000** <CR><LF>
**rootfs offset=0x200000 size=0x200000 erasesize=0x10000** <CR><LF>
**tuya-label offset=0x400000 size=0x20000 erasesize=0x10000** <CR><LF>
**jffs2-fs offset=0x420000 size=0xbe0000 erasesize=0x10000** <CR><LF>
**5 rtkxxpart partitions found on MTD device flash_bank_1** <CR><LF>
**Creating 5 MTD partitions on "flash_bank_1":** <CR><LF>
**0x000000000000-0x000000020000 : "boot+cfg"** <CR><LF>
**0x000000020000-0x000000200000 : "linux"** <CR><LF>
**0x000000200000-0x000000400000 : "rootfs"** <CR><LF>
**0x000000400000-0x000000420000 : "tuya-label"** <CR><LF>
**0x000000420000-0x000001000000 : "jffs2-fs"** <CR><LF>
**PPP generic driver version 2.4.2** <CR><LF>
**nf_conntrack version 0.5.0 (432 buckets, 1728 max)** <CR><LF>
**ip_tables: (C) 2000-2006 Netfilter Core Team** <CR><LF>
**TCP: cubic registered** <CR><LF>
**NET: Registered protocol family 17** <CR><LF>
**l2tp_core: L2TP core driver, V2.0** <CR><LF>
**8021q: 802.1Q VLAN Support v1.8** <CR><LF>
**Realtek FastPath:v1.03** <CR><LF>
<CR><LF>
**Probing RTL819X NIC-kenel stack size order[1]...** <CR><LF>
**eth0 added. vid=9 Member port 0x10f...** <CR><LF>
**eth1 added. vid=8 Member port 0x10...** <CR><LF>
**[peth0] added, mapping to [eth1]...** <CR><LF>
**VFS: Mounted root (squashfs filesystem) readonly on device 31:2.** <CR><LF>
**Freeing unused kernel memory: 192K (802f0000 - 80320000)** <CR><LF>
<CR>
**init started: BusyBox v1.13.4 (2020-04-28 13:57:36 CST)** <CR><LF>
**Set power startcmd read** <CR><LF>
<CR><LF>
<CR><LF>
**b8000038: 2794A104 0000000F 00000042 00000018 '"¡ B** <CR><LF>
**cmd write** <CR><LF>
**Write memory 0xb8000038 dat 0x1794a104: 0x1794a104** <CR><LF>
**Set power end** <CR><LF>
**udhcpc (v1.13.4) started** <CR><LF>
**Sending discover...** <CR><LF>
<CR><LF>
**Please press Enter to activate this console. Tuya Gateway Application Normal Srart /tuya/tuya_start.sh UserAppRunDir:** <CR><LF>
**set defult run_dir:/tuya** <CR><LF>
**TY_ENV_APP_RUN_DIR=/tuya** <CR><LF>
**get user cfg file error, load defult cfg file** <CR><LF>
**load platform configure file:/tuya/def.cfg** <CR><LF>
**start.conf is exist** <CR><LF>
**udhcpc (v1.13.4) started** <CR><LF>
**current run dir:/tuya/tuya_user2** <CR><LF>
**tuya_start_children.sh:UserAppRunDir:/tuya JsonFile Path:/tuya/def.cfg** <CR><LF>
**Sending discover...** <CR><LF>
**killall: app_detect.sh: no process killed** <CR><LF>
**killall: tyZ3Gw: no process killed** <CR><LF>
**killall: log_detect.sh: no process killed** <CR><LF>
**killall: process_monitor.sh: no process killed** <CR><LF>
**killall: tyZ3Gw: no process killed** <CR><LF>
**Sending discover...** <CR><LF>
**Sending select for 192.168.110.98...** <CR><LF>
**Lease of 192.168.110.98 obtained, lease time 82168** <CR><LF>
**deleting routers** <CR><LF>
**route: SIOCDELRT: No such process** <CR><LF>
**adding dns 8.8.8.8** <CR><LF>
**adding dns 8.8.4.4** <CR><LF>
**nlRecvFromAppSock sg_netlinkKeyPid:240** <CR><LF>
**nlRecvFromAppSock port link sg_netlinkPid:240** <CR><LF>
On dirait que l’on a un linux embarqué
On essaie avec putty sur le port 2333
On repart sur le terminal serie et on tape « entrée » ou 0x0d
02/02/2021 16:23:57.084 [TX] -
02/02/2021 16:23:57.086 [RX] -
tuya-linux login:
maintenant il faut trouver le login et pwd