Reverse Engineering Yokis Home Automation Devices

These days, it’s hard to keep track of all the companies that are trying to break into the home automation market. Whether they’re rebrands of somebody else’s product or completely new creations, it seems like every company has at least a few “smart” gadgets for you to choose from. We hadn’t heard of the Yokis devices that [Nicolas Maupu] has been working on before today, but thanks to his efforts to reverse engineer their protocol, we think they might become more popular with the hacking crowd.

Even if you don’t have a Yokis MTV500ER dimmer or MTR2000ER switch of your own, we think the detailed account of how [Nicolas] figured out how to talk to these devices is worth a read. His first step was to connect his oscilloscope directly to the SPI lines on the remote to see what it was sending out. With an idea of what he was looking for, he then used an nRF24L01+ radio connected to an ESP8266 to pull packets out of the air so he could analyze their structure. This might seem like a very specialized process, but in reality most of the techniques demonstrated could be applicable for any unknown communications protocol of which you’ve got a hex dump.

On the other hand, if you do have some of these devices (or plan to get them), then the software [Nicolas] has put together looks very compelling. Essentially it’s an interactive firmware for the ESP8266 that allows it to serve as a bridge between the proprietary Yokis wireless protocol and a standard MQTT home automation system. When the microcontroller is connected to the computer you get a basic terminal interface that allows you to scan and pair for devices as well as toggle them on and off.

This bridge could be used to allow controlling your Yokis hardware with a custom handheld remote, or you could follow the example of our very own [Mike Szczys], and pull everything together with a bit of Node-RED.

12 thoughts on “Reverse Engineering Yokis Home Automation Devices

  1. C^3: “Cheap – Ch**a – Cr*p”

    aka: stuff I don’t want anywhere near my home, network, electrical panel, etc.

    If it doesn’t sell your data, it might burn your home down.

        1. Photo above is the “remote” powered by a CR2032… No need to epoxy glue anything.
          However, modules connected to main AC are solidly glued to isolate electronic cuircuitry from the rest.
          The glue you see on the picture is just flux residue…
          Those modules are rather expensive because they are quite well made, robust and they target professional installers. As far as I could have seen, they respect European regulations (it’s a french brand and seems to be a rather small family business. I don’t know much but it’s actually far from the low quality brands I have seen in the past ;-)

    1. I’m sure that totally legit chinesium factory didn’t just buy the CE sticker maker and totally went through the correct channels for certification on one of their 30 garbage IOT light switches they keep reselling as new.

  2. Am somewhat certain that HaD has covered this stuff in past; and there have been my pedantic and nauseating comments on this stuff.

    The ‘CE’ mark has very little meaning. There is no requirement, for most stuff, that a notified body or any third-party lab test and/or certify the product. The CE mark only means that the manufacturer, or whomever places it on the market, has supposedly written a Declaration of Conformity. And the D of C itself may have little or no meaning.

    In summary, when compared to North America, market surveillance within the EU sucks and only serves to provide government employment to the marginally competent.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.