Release v2.4.0

Dockerfile

@@ -0,0 +1,13 @@
+FROM phusion/baseimage:0.11
+
+RUN apt-get update && apt-get install -y sudo iproute2 iputils-ping
+
+RUN echo '* libraries/restart-without-asking boolean true' | sudo debconf-set-selections
+
+COPY docker/bin /usr/bin/
+
+COPY . /usr/bin/tuya-convert
+
+RUN cd /usr/bin/tuya-convert && ./install_prereq.sh
+
+RUN mkdir -p /etc/service/tuya && cd /etc/service/tuya && ln -s /usr/bin/config.sh run

README.md

@@ -32,6 +32,7 @@ These scripts were tested in
 * a Raspberry Pi 3B / 3B+ with Raspbian Stretch and its internal Wifi chip
 * a Raspberry Pi 3B+ + USB-WIFI with this image from [here](https://www.offensive-security.com/kali-linux-arm-images/)
 	https://images.offensive-security.com/arm-images/kali-linux-2018.4a-rpi3-nexmon-64.img.xz
+* Ubuntu 18.04.3 64Bit in VirtualBox on Win10 with a [cheap RTL8188CU Wifi Adapter](http://s.click.aliexpress.com/e/KrKIoPdI) connected to the VM
 	
 Any Linux with a Wifi adapter which can act as an Access Point should also work. Please note that we have tested the Raspberry Pi with clean installations only. If you use your Raspberry Pi for anything else, we recommend using another SD card with a clean installation.
 
@@ -48,7 +49,7 @@ On January 28th, 2019, Tuya started [distributing a patch](https://www.heise.de/
 BE SURE THE FIRMWARE FITS YOUR DEVICE!
 1. Place your binary file in the `/files/` directory or use one of the included firmware images.
 
-	Currently a Tasmota [v7.0.0.3](https://github.com/arendst/Tasmota/releases) `tasmota-wifiman.bin` build is included. You can update to a [current version](http://thehackbox.org/tasmota) via OTA after the Tuya-Convert process completes successfully. Please note that while we include this for your convenience, we are not affiliated with the Tasmota project and cannot provide support for post installation issues. Please refer to [the respective project](https://github.com/arendst/Tasmota) for configuration and support.
+	Currently a [Tasmota](https://github.com/arendst/Tasmota) `tasmota-wifiman.bin` build is included in the Tuya-Convert package. You can update to the [current maintenance release](http://thehackbox.org/tasmota) via OTA after the flashing process completes successfully. The included binary does not have any specific hardware configured. Once flashed using Tuya-Convert you will need to configure your device(s) properly. Please note that while we include this firmware for your convenience, we are not affiliated with the Tasmota project and cannot provide support for post installation issues. Please refer to the [Tasmota project](https://github.com/arendst/Tasmota) and [its documentation](http://tasmota.com) for configuration and support.
 
 	An ESPurna [1.13.5](https://github.com/xoseperez/espurna/releases/tag/1.13.5) binary is also included (`espurna-base.bin`). Like before, the binary included does not have any specific hardware defined. Once flashed using Tuya-Convert you can update to the device-specific version via any of the means that ESPurna provides (OTA, web interface update, update via telnet or MQTT). Please refer to the [ESPurna project page](http://espurna.io) for more info and support.
 
@@ -69,6 +70,35 @@ BE SURE THE FIRMWARE FITS YOUR DEVICE!
 
 	If you flashed the included ESPurna firmware file, the procedure will be very similar. The device will broadcast a `ESPURNA-XXXXXX` access point. You will have to connect to it using the default password: `fibonacci`. Once connected open the browser to 192.168.4.1 and follow the initial configuration instructions. Then go to the WIFI tab and configure your home WiFi connection (remember to save) or go to the ADMIN tab to upgrade the firmware to the device-specific image. 
 
+## USING DOCKER
+You may want to use a docker image instead. Advantage of this solution: You don't have to install anything on your host (except docker), everything goes into the docker image.
+Requirements:
+* Linux computer with a wifi adapter
+* Secondary wifi device (e.g. smartphone)
+* docker is installed
+* docker-compose is installed
+
+Create docker image:
+* git clone https://github.com/ct-Open-Source/tuya-convert
+* cd tuya-convert
+* docker build -t tuya:latest .
+
+Setup docker-compose:
+* copy docker/docker-compose.sample.yml to a new folder you created, the file should be named docker-compose.yml
+* you may adjust this docker-compose.yml, if necessary:
+   * environment-variables may be different, for example network-adapter may be different from wlan0
+   * adjust the volume folder, where you want your backups stored
+
+Run the image:
+* go into the folder you copied docker-compose.yml
+* docker-compose up -d
+* docker-compose exec tuya start
+* tuya-convert now starts within docker
+
+Stop the image:
+* docker-compose exec tuya stop
+* docker-compose down 
+
 ## CONTRIBUTING
 
 This project is currently maintained by Colin Kuebler @kueblc

docker/bin/config.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+echo WLAN=$WLAN >/usr/bin/tuya-convert/config.txt
+echo AP=$AP >>/usr/bin/tuya-convert/config.txt
+echo GATEWAY=$GATEWAY >>/usr/bin/tuya-convert/config.txt

docker/bin/start

@@ -0,0 +1,3 @@
+#!/bin/bash
+cd /usr/bin/tuya-convert
+./start_flash.sh

docker/bin/stop

@@ -0,0 +1,3 @@
+#!/bin/bash
+cd /usr/bin/tuya-convert
+./stop_flash.sh

docker/docker-compose.sample.yml

@@ -0,0 +1,12 @@
+version: '3'
+services:
+  tuya:
+    image: tuya:latest
+    privileged: true
+    network_mode: "host"
+    environment:
+      - WLAN=wlan0
+      - AP=vtrust-flash
+      - GATEWAY=10.42.42.1
+    volumes:
+      - ./data/backups:/usr/bin/tuya-convert/backups

install_prereq.sh

@@ -3,18 +3,8 @@
 set -e
 
 sudo apt-get update
-sudo apt-get install -y git iw dnsmasq hostapd screen curl build-essential python-pip python3-pip python-setuptools python3-setuptools python-wheel python3-wheel python-dev python3-dev mosquitto haveged net-tools libssl-dev
+sudo apt-get install -y git iw dnsmasq hostapd screen curl build-essential python3-pip python3-setuptools python3-wheel python3-dev mosquitto haveged net-tools libssl-dev
 
-PY3_DEPENDENCIES="paho-mqtt pyaes tornado git+https://github.com/M4dmartig4n/sslpsk.git pycrypto"
-PY2_DEPENDENCIES="git+https://github.com/M4dmartig4n/sslpsk.git pycrypto"
-
-if python3 -c 'import sys; exit(0) if sys.version_info.major == 3 and sys.version_info.minor < 7 else exit(1)' ;
-then
-	sudo -H pip3 install $PY3_DEPENDENCIES
-	sudo -H pip2 install $PY2_DEPENDENCIES
-else
-	sudo -H python3 -m pip install $PY3_DEPENDENCIES
-	sudo -H python2 -m pip install $PY2_DEPENDENCIES
-fi
+sudo -H python3 -m pip install paho-mqtt tornado git+https://github.com/drbild/sslpsk.git@use-byte-string-for-identity-hints pycryptodomex
 
 echo "Ready to start upgrade"

scripts/fake-registration-server.py

@@ -24,9 +24,11 @@ def exit_cleanly(signal, frame):
 
 signal.signal(signal.SIGINT, exit_cleanly)
 
-from Crypto.Cipher import AES
+from Cryptodome.Cipher import AES
 pad = lambda s: s + (16 - len(s) % 16) * chr(16 - len(s) % 16)
 unpad = lambda s: s[:-ord(s[len(s) - 1:])]
+encrypt = lambda msg, key: AES.new(key.encode(), AES.MODE_ECB).encrypt(pad(msg).encode())
+decrypt = lambda msg, key: unpad(AES.new(key.encode(), AES.MODE_ECB).decrypt(msg.encode()))
 
 from base64 import b64encode
 import hashlib
@@ -82,7 +84,7 @@ class JSONHandler(tornado.web.RequestHandler):
 				't': ts,
 				'success': True }
 			answer = jsonstr(answer)
-            payload = b64encode(AES.new(options.secKey.encode(), AES.MODE_ECB).encrypt(pad(answer))).decode()
+			payload = b64encode(encrypt(answer, options.secKey)).decode()
 			signature = "result=%s||t=%d||%s" % (payload, ts, options.secKey)
 			signature = hashlib.md5(signature.encode()).hexdigest()[8:24]
 			answer = {
@@ -113,7 +115,7 @@ class JSONHandler(tornado.web.RequestHandler):
 		print(self.request.headers)
 		if payload:
 			try:
-                decrypted_payload = unpad(AES.new(options.secKey.encode(), AES.MODE_ECB).decrypt(binascii.unhexlify(payload))).decode()
+				decrypted_payload = decrypt(binascii.unhexlify(payload), options.secKey).decode()
 				if decrypted_payload[0] != "{":
 					raise ValueError("payload is not JSON")
 				print("payload", decrypted_payload)

scripts/mq_pub_15.py

@@ -18,11 +18,11 @@ help_message = '''USAGE:
 iot:	
 %s -i 43511212112233445566 -l a1b2c3d4e5f67788''' % (sys.argv[0].split("/")[-1])
 
-from Crypto.Cipher import AES
+from Cryptodome.Cipher import AES
 pad = lambda s: s + (16 - len(s) % 16) * chr(16 - len(s) % 16)
 unpad = lambda s: s[:-ord(s[len(s) - 1:])]
-encrypt = lambda msg, key: AES.new(key.encode(), AES.MODE_ECB).encrypt(pad(msg))
-decrypt = lambda msg, key: unpad(AES.new(key.encode(), AES.MODE_ECB).decrypt(msg))
+encrypt = lambda msg, key: AES.new(key.encode(), AES.MODE_ECB).encrypt(pad(msg).encode())
+decrypt = lambda msg, key: unpad(AES.new(key.encode(), AES.MODE_ECB).decrypt(msg.encode()))
 
 def iot_dec(message, local_key):
 	message_clear = decrypt(base64.b64decode(message[19:]), local_key)

scripts/psk-frontend.py

@@ -1,15 +1,15 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python3
 
 import socket
 import select
 import ssl
 import sslpsk
 
-from Crypto.Cipher import AES
+from Cryptodome.Cipher import AES
 from hashlib import md5
 from binascii import hexlify, unhexlify
 
-IDENTITY_PREFIX = "BAohbmd6aG91IFR1"
+IDENTITY_PREFIX = b"BAohbmd6aG91IFR1"
 
 def listener(host, port):
 	sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -24,17 +24,15 @@ def client(host, port):
 	return sock
 
 def gen_psk(identity, hint):
-    print("ID: %s" % hexlify(identity))
-    # sometimes the device only sends part of the prefix
-    # since it is always the same, we can correct it
-    if identity[1:17] != IDENTITY_PREFIX:
-        print("Prefix: %s" % identity[1:17])
-    identity = IDENTITY_PREFIX + identity[17:]
+	print("ID: %s" % hexlify(identity).decode())
+	identity = identity[1:]
+	if identity[:16] != IDENTITY_PREFIX:
+		print("Prefix: %s" % identity[:16])
 	key = md5(hint[-16:]).digest()
 	iv = md5(identity).digest()
 	cipher = AES.new(key, AES.MODE_CBC, iv)
 	psk = cipher.encrypt(identity[:32])
-    print("PSK: %s" % hexlify(psk))
+	print("PSK: %s" % hexlify(psk).decode())
 	return psk
 
 
@@ -47,7 +45,7 @@ class PskFrontend():
 
 		self.server_sock = listener(listening_host, listening_port)
 		self.sessions = []
-        self.hint = '1dHRsc2NjbHltbGx3eWh5' '0000000000000000'
+		self.hint = b'1dHRsc2NjbHltbGx3eWh5' b'0000000000000000'
 
 
 
@@ -65,12 +63,14 @@ class PskFrontend():
 				ssl_version=ssl.PROTOCOL_TLSv1_2,
 				ciphers='PSK-AES128-CBC-SHA256',
 				psk=lambda identity: gen_psk(identity, self.hint),
-                hint=self.hint)
+				hint=self.hint.decode())
 
 			s2 = client(self.host, self.port)
 			self.sessions.append((ssl_sock, s2))
-        except Exception as e:
+		except ssl.SSLError as e:
 			print("could not establish sslpsk socket:", e)
+			if "NO_SHARED_CIPHER" in e.reason or "WRONG_VERSION_NUMBER" in e.reason or "WRONG_SSL_VERSION" in e.reason:
+				print("don't panic this is probably just your phone!")
 	def data_ready_cb(self, s):
 		if s == self.server_sock:
 			_s, frm = s.accept()

scripts/setup_ap.sh

@@ -3,6 +3,18 @@
 # Source config
 . ../config.txt
 
+version_check () {
+	echo "System info"
+	echo "==========="
+	git rev-parse --short HEAD
+	uname -a
+	openssl version
+	dnsmasq --version
+	hostapd -v
+	/usr/bin/env python3 --version
+	echo "==========="
+}
+
 setup () {
 	wpa_supplicant_pid=$(pidof wpa_supplicant)
 	if [ -n "$wpa_supplicant_pid" ]; then
@@ -51,6 +63,7 @@ cleanup () {
 	fi
 }
 
+version_check
 trap cleanup EXIT
 setup
 

scripts/setup_checks.sh

@@ -29,7 +29,7 @@ check_eula () {
 }
 
 check_config () {
-	if ! iw list | grep -q "* AP"; then
+	if ! iw list | grep -A 10 "Supported interface modes" | grep -q -e "\* AP$"; then
 		echo "AP mode not supported!"
 		echo "Please attach a WiFi card that supports AP mode."
 		exit 1
@@ -44,6 +44,22 @@ check_config () {
 		ls -m /sys/class/net
 		exit 1
 	fi
+
+	if [ -n "$SSH_CONNECTION" ]; then
+		remoteip=$(echo "$SSH_CONNECTION" | cut -d " " -f1)
+		if ip -o route get $remoteip | grep -q " dev $WLAN "; then
+			echo "Warning: It appears that you are running this script over an SSH connection"
+			echo "that uses the WiFi interface $WIFI. This interface will be reconfigured to run"
+			echo "in access point (AP) mode, at which time all connections will be dropped."
+			echo "If you continue, your SSH connection will be dropped and you can likely no longer"
+			echo "interact with this script. To avoid this, connect via wired ethernet or USB."
+			read -p "Continue? [y/N]" -n 1 -r
+			echo
+			if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+				exit
+			fi
+		fi
+	fi
 }
 
 check_port () {
@@ -58,6 +74,10 @@ check_port () {
 		echo "Port $port is needed to $reason"
 		read -p "Do you wish to terminate $process_name? [y/N] " -n 1 -r
 		echo
+		if [[ "$REPLY" =~ ^[Ss]$ ]]; then
+			echo "Skipping..."
+			return
+		fi
 		if [[ ! $REPLY =~ ^[Yy]$ ]]; then
 			echo "Aborting due to occupied port"
 			exit 1

scripts/smartconfig/multicast.py

@@ -9,7 +9,7 @@ multicast strategy reverse engineered by kueblc
 
 from crc import crc_32
 
-from Crypto.Cipher import AES
+from Cryptodome.Cipher import AES
 pad = lambda data, block_size : data + ('\0' * ( (block_size - len(data)) % block_size ) )
 aes = AES.new( b'a3c6794oiu876t54', AES.MODE_ECB )
 encrypt = lambda data : aes.encrypt( pad(data, 16).encode() )

scripts/tuya-discovery.py

@@ -9,11 +9,11 @@ Discover Tuya devices on the LAN via UDP broadcast
 import asyncio
 import json
 
-from Crypto.Cipher import AES
+from Cryptodome.Cipher import AES
 pad = lambda s: s + (16 - len(s) % 16) * chr(16 - len(s) % 16)
 unpad = lambda s: s[:-ord(s[len(s) - 1:])]
-encrypt = lambda msg, key: AES.new(key, AES.MODE_ECB).encrypt(pad(msg))
-decrypt = lambda msg, key: unpad(AES.new(key, AES.MODE_ECB).decrypt(msg))
+encrypt = lambda msg, key: AES.new(key.encode(), AES.MODE_ECB).encrypt(pad(msg).encode())
+decrypt = lambda msg, key: unpad(AES.new(key.encode(), AES.MODE_ECB).decrypt(msg.encode()))
 
 from hashlib import md5
 udpkey = md5(b"yGAdlopoPVldABfn").digest()

start_flash.sh

@@ -1,6 +1,11 @@
 #!/bin/bash
 bold=$(tput bold)
 normal=$(tput sgr0)
+. ./config.txt
+
+setup () {
+	pushd scripts >/dev/null || exit
+	. ./setup_checks.sh
 	screen_minor=$(screen --version | cut -d . -f 2)
 	if [ "$screen_minor" -gt 5 ]; then
 		screen_with_log="sudo screen -L -Logfile"
@@ -9,14 +14,6 @@ elif [ "$screen_minor" -eq 5 ]; then
 	else
 		screen_with_log="sudo screen -L -t"
 	fi
-. ./config.txt
-
-./stop_flash.sh >/dev/null
-
-pushd scripts >/dev/null || exit
-
-. ./setup_checks.sh
-
 	echo "======================================================"
 	echo -n "  Starting AP in a screen"
 	$screen_with_log smarthack-wifi.log -S smarthack-wifi -m -d ./setup_ap.sh
@@ -34,8 +31,25 @@ $screen_with_log smarthack-psk.log -S smarthack-psk -m -d ./psk-frontend.py -v
 	echo "  Starting Tuya Discovery in a screen"
 	$screen_with_log smarthack-udp.log -S smarthack-udp -m -d ./tuya-discovery.py
 	echo
-REPLY=y
-while [[ $REPLY =~ ^[Yy]$ ]]; do
+}
+
+cleanup () {
+	echo "======================================================"
+	echo "Cleaning up..."
+	sudo screen -S smarthack-web          -X stuff '^C'
+	sudo screen -S smarthack-mqtt         -X stuff '^C'
+	sudo screen -S smarthack-psk          -X stuff '^C'
+	sudo screen -S smarthack-udp          -X stuff '^C'
+	echo "Closing AP"
+	sudo pkill hostapd
+	echo "Exiting..."
+	popd >/dev/null || exit
+}
+
+trap cleanup EXIT
+setup
+
+while true; do
 	echo "======================================================"
 	echo
 	echo "IMPORTANT"
@@ -63,6 +77,7 @@ while ! ping -c 1 -W 1 -n 10.42.42.42 &> /dev/null; do
 			pkill -f smartconfig/main.py && echo "Stopping smart config"
 			read -p "Do you want to try flashing another device? [y/N] " -n 1 -r
 			echo
+			[[ "$REPLY" =~ ^[Yy]$ ]] || break 2
 			continue 2
 		fi
 	done
@@ -89,7 +104,7 @@ echo "======================================================"
 	echo "Ready to flash third party firmware!"
 	echo
 	echo "For your convenience, the following firmware images are already included in this repository:"
-echo "  Tasmota v7.0.0.3 (wifiman)"
+	echo "  Tasmota v8.1.0.2 (wifiman)"
 	echo "  ESPurna 1.13.5 (base)"
 	echo
 	echo "You can also provide your own image by placing it in the /files directory"
@@ -97,17 +112,11 @@ echo "Please ensure the firmware fits the device and includes the bootloader"
 	echo "MAXIMUM SIZE IS 512KB"
 
 	./firmware_picker.sh
+	sudo mv *.log "$backupfolder/"
 
 	echo "======================================================"
 	read -p "Do you want to flash another device? [y/N] " -n 1 -r
 	echo
-
-sudo mv *.log "$backupfolder/"
+	[[ "$REPLY" =~ ^[Yy]$ ]] || break
 done
 
-echo "Exiting..."
-
-popd >/dev/null || exit
-
-./stop_flash.sh >/dev/null
-

stop_flash.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-sudo screen -S smarthack-web          -X stuff '^C'
-sudo screen -S smarthack-smartconfig  -X stuff '^C'
-sudo screen -S smarthack-mqtt         -X stuff '^C'
-sudo screen -S smarthack-psk          -X stuff '^C'
-sudo screen -S smarthack-udp          -X stuff '^C'
-echo "Closing AP"
-sudo pkill hostapd