Reprogramming Cheap WiFi Outlets

If you want to retrofit your home with smart outlets and lightbulbs, bust out your wallet. You can easily spend forty dollars for a smart light bulb at your local home supply store, and strips of smart sockets could cost sixty. When [coogle] found a WiFi-enabled four-outlet power strip on Amazon, he couldn’t resist. Sure, the no-name strip would be locked down behind a stupid iPhone interface and will probably turn your house into a botnet, but never mind that: you can easily reprogram these power strips to be whatever you want.

After receiving these power strips and tearing them open, [coogle] found exactly what you would expect from a no-name white goods manufacturer. There’s a board with an Espressif chip and a WiFi antenna, and a second board with a few relays, with a few wires connecting the two. You only need to browse AliExpress for a few minutes to figure out what’s going on here. The brains of the outfit are in the ESP8266, and if you can control that, you have your own Internet of Power Strips.

The problem, then, was reprogramming the ESP8266. This was a version of the chip [coogle] hadn’t seen before, but a quick query with the Google Mother Brain revealed it was a WT8266-S1 module, with all the pins required for programming easily accessible on a convenient header. After connecting this header up to an ESP programming board, [coogle] had all the relevant information including the capacity of the Flash. There’s still a bit more work to make this a functional WiFi power outlet, namely figuring out which GPIOs and wires connect to which relays, but this is effectively a completely Open IoT device right now. All you have to do is bring your own firmware.

49 thoughts on “Reprogramming Cheap WiFi Outlets

  1. Be careful and don’t kill yourself. These outlets come in two types — isolated power supply and hot power supply. Look for the transformer to know if you have an isolated supply. Don’t try working on the hot power ones unless you know what you are doing.

    1. The Sonoffs are hot, make sure you either program them using the USB power (and no AC connected) of use the OTA updates. You can also build yourself an opto-isolated programming interface but the first two methods seem easier.

        1. You are correct the Basic does have a transformer. I can’t recall which one it is now that was hot. I do recall that I include a slide that shows one short circuiting and letting the magic smoke out. So now I’m left wondering. So I’ll leave my current statement amended with the live AC is very close to the DC so be careful.

          I’ll need to find the schematic for the Basic and see where the hot is.

    2. Oh geez. Nobody who is competent enough to reprogram these things is going to kill themselves working on mains voltage. Unplug it, discharge any big capacitors if present (probably not) and drive the board off a 3.3 volt desktop supply bypassing the device’s own power supply. No big deal.

      1. Ohhhhhh you’d be surprised. It doesn’t take much to follow along with a modification like this and miss a simpls idea of disconnecting mains. People are dumb enough to eat tide pods because they saw someone else on youtube doing it. Working on a live AC component seems like a great example of what might be simply overlooked if it’s not called out in the guide.

      2. Beware of programmers with soldering irons!

        I think you’d be surprised at how many folks are not competent enough to play with power (voltage and current). Things like why and when you need an isolation transformer (o’scopes and line voltage for instance).

        1. Yeah, happened to one intern at my company. I’m a programmer, but my hobby is also electronics. Intern was programming hot-supplied module made by one of our electronics guy. Conversation went like this:
          – Don’t you need to unplug this from programmer before connecting it to power?
          – Nah, electronics guy said I can do it.
          * Intern connects module to power
          * BAM (pause, quiet because all computers lost power) [sound of st-link cover falling from under ceiling]

      3. Testing your updated firmware would likely necessitate reconnecting it to mains so that the board has enough juice to actuate the relays (esp if it’s a board with triacs instead of mechanical relays). A few cycles back and forth between flashing and testing, and someone is going to get lazy. Couple that with a potentially fiddly process of connecting the programming header, and the odds go up.

        I have some boards of my own design (and for my own use), which use non-isolated supplies. They’re compact, easy to fabricate, and very cost-effective.

        Non-isolated supplies require the brain to be on at all times when you’re working with the circuit. With a large enough sample set, there will be those that don’t. If they’re lucky, they’ll let the magic smoke out of something (hopefully their device and not the connected computer) and come out without injury.

        1. In reference to the ESPs, that’s why I like the Tasmota firmware for the Sonoffs. Once programmed you can use the OTA (Over The Air) update for the firmware. I think it keeps a copy of the previous firmware but changes the pointers so it boots to the new so recovery is still possible. I’m not sure if this a button press that allows this or you need to connect with the serial port at that time.

  2. After playing with a cheap cloned wifi outlet, then plugging it into the wall outlet for testing only to have the entire plastic cover fall off exposing raw mains voltage I try to stay away from getting toooooo deep into this bit of tinkering. I’m absolutely sure if you have the knowledge you can hack away at it without risk but for weekend tinkerers like myself there are a lot of ‘gotcha’s that can risk fire and electrocution….

        1. Nope, just missed the humor. The MUST reprogram part. Much of the IoT world has no clue about security. The only way to get it is to add it yourself (reprogram it to add security).

  3. … there are too many home automation suites. Let me create one to rule them all …

    http://xkcd.com/927/

    Yes, that’s a little bit unfair but I’ve stopped using these HA packages and just started creating Node-Red flows with MQTT and my scripts from the last 30 years. I will say I still need to document things a little better (there’s some kruft). But I will say it works. A few of us are thinking about tossing together a wiki where the flows can be found and shared.

        1. Much of my automation is automation. I feel the best interface is no interface, it should just work. The automation is based on sensors so it doesn’t require a phone or tablet. I do have such an interface for when you want it. Also everything still works with a manual interface, should the system stop working. One thing my wife asked for is a sleep timer. If she hits a certain button on the Tivo it starts a timer which will turn off the lights and TV after x minutes. The web interface can adjust that also.

          The rest of my automation is for safety such as alerts for areas I am in (geo-fencing). The rest on resource monitoring and security. I then store the data and can analyze it later.

    1. One of the single biggest reasons I was so excited to find a easily hackable smart strip like this was because I too run all of my home automation through an in-house MQTT server. I personally really wish vendors would stop trying to do their own thing and everyone just use MQTT for control. Personally I use HASS/Home Assistant as my frontend and automation logic with a Mosquitto server as my data pipe. I then wrote my ESP8266 firmware framework (CoogleIOT) which serves as a base-line for devices that I add whatever other logic I need to for the particular project.

      1. I totally agree with the MQTT part. I have scripts from the 1980’s running that I slightly modified to deliver the information to MQTT. I have other HA software I migrated to MQTT (and I’ve since replaced) and the current Node-Red flows. MQTT sits in the middle and allows me to share info with all of this and other machines. By utilizing an external MQTT service I can get devices outside my home network to share data with my local stuff and not break security. They never need to login to my local MQTT.

  4. Reminds me of modifying the Etekcity voltson outlets.

    Im running the Tasmotta Firmware on them, however these etekcity units also have a HLW8012 for the power monitoring, however it doesnt work right.
    At the moment the power in W jumps all over the place

  5. Since the author of the article doesn’t mention which brand of power strip this is, I’m guessing it’s one of the $30-ish ones on Amazon that also has 4 USB ports on it. If that’s the case, near as I can tell, the item doesn’t have any sort of UL Listing (although the manufacturer of one of them states that the power cord is UL Listed…. GG). Note that this article is from the same guy who recently had his Anet A8 printer catch fire. Considering all that, these power strips seem really risky, custom firmware or not.

    1. Yeesh yeah. Well there’s a lot less to go wrong with a relay and some plugs of course.

      I’m currently waiting for a RAMPS board in the mail so I can replace my craptacular A8 controller with a real system that runs Marlin and has thermal runaway protection. It’s goddamn ridiculous that it doesn’t come with that incredibly simple and absolutely mandatory feature. Oh well.

      1. One big problem with these sorts of things is the relays being underrated or very low quality. I had a cheap device catch fire because the relay didn’t actually meet the power ratings printed on it, I was barely pushing 50% of its nominal max and it still melted. Even when the relays are legit, often the connectors/wires/traces are too small for the rated power of the device. It’s also common to see shitty isolation between the low and high energy sides of the board. I’ve seen all three of these cause failures on various no-name, ultra-cheap devices.

        1. I totally agree. The imports from the far east seem to be pretty liberal with their ratings. And I have to wonder how that works as you move up the food chain.

          For example on his youtube channel big clive dissects an imported 25A solid state relay. The part number for the triac in the SSR was for a part rated for something like 15 or 20A, not 25A. And you have to wonder if the company that made the triac itself labeled the part as say a 20A part but it is really a 15A part. You have derating on top of derating.

          I have used some of the imported 8 channel relay boards and I personally would never run anywhere near the 10A rated current through one of them, at least not unattended. I suspect the failure mode would be the contacts welding themselves together, but you never can tell. It may arc and light the plastic case on fire, or the internal structures may get hot and cause the plastic case to melt and than burn. And depending on what the relay is controlling having that on continuously may cause all kinds of safety issues.

          I would not say don’t use the imported stuff, but I would say derate everything by at least 20 if not 50% if you want it to have a long happy life.

          1. In my experience it’s most often the connectors that fail. 10 amp relay? Sure we can rate this thing for 10 amps! Nobody will notice that the screw terminals can barely handle 5…

            I will say I don’t think all of them are like that. In my experience the Sonoffs are pretty well made, though even they had some manufacturing hiccups a while back they did a proper recall.

  6. After all these comments about unsafe plugs, melting plastic and esps getting too f*ing hot. Which wifi plug is CE rated, doesn’t catch fire, and can be reprogrammed safely.
    I don’t mind a medium price. But a bosch smart plug for 50€ is just too much for the things it offers. Switching things on and off.

  7. I got one of these cheap outlets. Not UL mark anywhere. The insides are a bit different: https://photos.app.goo.gl/GvL394AfHwnXrBVe2

    The Android app is super sketchy with all sorts of hidden APKs masqueraded as .so files etc. I created a separate WiFi network on my router with traffic isolation. I also ran the OEM app on a “spare” phone and connected it trough Alexa on my real phone. It has been working fine for the past 3 months.

    I was thinking of re-flashing the firmware as the OP did, but did not find many appetizing options out there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.