EEVblog Electronics Community Forum
General => General Technical Chat => Topic started by: lmester on July 19, 2025, 07:46:34 pm
-
Do you remember when FTDI was bricking counterfeit serial adapters?
I have smart home devices running on the Tuya smart platform. I recently tried to move a Zigbee bulb from one gateway to another. I was unable to pair it to the new gateway. I got an error message "This device is not authorized".
I found that many people are having this problem. Tuya has recently started blocking counterfeit or unlicensed chips from conecting to their network. I found some more info on this. If the device has a Z2 chip it's good. If it has a TLSR8253 or TLSR8258 it is now blocked from Tuya.
Unlike FTDI they have not bricked connected devices. They continue to work unless you disconnect and then try to reconnect them to the Zigbee gateway. Devices not yet connected are bricked and can not be paired. I have tested several new Zigbe devices. I have several switches, light bulbs and PIR sensors that won't pair. Looking inside I see that all have a counterfeit chip.
Complaints about this started about a month ago. I only noticed when I tried to pair a Zigbee device a few days ago.
https://www.reddit.com/r/smartlife/comments/1ldal9k/failed_to_add_the_device_tuya_zigbee_switch/ (https://www.reddit.com/r/smartlife/comments/1ldal9k/failed_to_add_the_device_tuya_zigbee_switch/)
Be careful if you have any of these smart home devices. If you try to pair it to a gateway again you'll have a useless device. Test any new devices when you receive them. I had several that were still in the return period. I was able to return them for a refund.
We may want to call this Tuya gate.
-
Were you able to tell in advance that the devices were not genuine? If not, then I think this means you can't use Tuya anymore. Probably not the result they wanted.
We have the same thing with CH340 UART adapters. Nothing is bricked, but the last Windows driver that worked with counterfeit chips was the 2021 version. So the answer is to avoid CH340. Probably not the result they wanted. You would have thought they would have picked up on FTDI gate, but apparently not.
-
Were you able to tell in advance that the devices were not genuine? If not, then I think this means you can't use Tuya anymore. Probably not the result they wanted.
No. The only way I've found to tell is to take it apart and see what chip was used. With smart bulbs this can be a problem. It's hard to get them apart without breaking them. The cover is glued in place. Certainly need to be careful in the future when buying any Tuya compatible devices. Make sure you are able to return them.
-
If not, then I think this means you can't use Tuya anymore. Probably not the result they wanted.
Not the result the idiot managers wanted, but the obvious result to anyone with more than 1 brain cell. RIP Tuya. Idiot managers get exactly what they deserve. It is of course sad they destroy their own business for other employees who do not agree with this business strategy, but they'll find other jobs.
-
As I understand TLSR8253/TLSR8258 are not fake. But they never came from Tuya other than contained within modules. So whichever manufacturer used them standalone or in 3rd party modules, they well knew what they were doing and pretty much got what was coming.
-
IMHO: for as long as they are not bricking devices, then they are not destroying other people's property. Whether it is a good idea to reject unlicensed devices remains to be seen. The reason to do this may have to do with security / privacy issues. For example: Apple requires manufacturers of Homekit devices to buy a security chip from Apple and go through compliance testing so they can identify each device, make sure it is genuine and make sure it is fully compatible.
-
Another walled garden with a gatekeeper. BTW, Tuya is a Chinese company. :-DD
-
Another walled garden with a gatekeeper. BTW, Tuya is a Chinese company. :-DD
Since when not wanting everyone and their dog exploiting your app/cloud infrastructure for free became a walled garden?
-
They could offer a subscription for US$ x per year to allow up to n unlicenced devices, if it's just about licence fees.
-
Another walled garden with a gatekeeper. BTW, Tuya is a Chinese company. :-DD
Since when not wanting everyone and their dog exploiting your app/cloud infrastructure for free became a walled garden?
The interesting part is that it seems people almost never get back at the company that sold them counterfeit or unlicensed stuff, but always at the company being ripped off.
So in the end, the counterfeiters win. I'm not sure this is how a sane economic model works. Just a thought.
-
Another walled garden with a gatekeeper. BTW, Tuya is a Chinese company. :-DD
Since when not wanting everyone and their dog exploiting your app/cloud infrastructure for free became a walled garden?
The interesting part is that it seems people almost never get back at the company that sold them counterfeit or unlicensed stuff, but always at the company being ripped off.
So in the end, the counterfeiters win. I'm not sure this is how a sane economic model works. Just a thought.
That is the 'Jerry Springer effect'. Most people don't get angry at their cheating spouse but can get very violent towards the person their spouse is also having a relation with :popcorn:
-
http://wiki.telink-semi.cn/doc/ds/PB_TLSR8253-E_Product%20Brief%20for%20Telink%20BLE%20SoC%20TLSR8253.pdf (http://wiki.telink-semi.cn/doc/ds/PB_TLSR8253-E_Product%20Brief%20for%20Telink%20BLE%20SoC%20TLSR8253.pdf)
https://github.com/pvvx/TlsrComProg825x (https://github.com/pvvx/TlsrComProg825x)
Figure out how they're behaving differently and fix them...
-
They could offer a subscription for US$ x per year to allow up to n unlicenced devices, if it's just about licence fees.
Apparently it does not even need to be a licensed module/IC. https://support.tuya.com/en/help/_detail/Keoi0xcq6kn4b?issueCodes=2%2C5 (https://support.tuya.com/en/help/_detail/Keoi0xcq6kn4b?issueCodes=2%2C5) And those devices were running with trial licenses. Blame the device manufacturer.
-
I have smart home devices running on the Tuya smart platform.
I've long decided to ban anything tuya in my home network. Home assistant support is crap anyway and requires workarounds that tuya is actively blocking to work locally. Anything i can't replace the firmware of, i don't buy it.
I have to replace the irrigation controller, the only options with wifi that is under 300€ are all tuya-based. Screw that, i'm doing my own.
The point of using zigbee these days is to not have anything connected to the cloud.
-
They could offer a subscription for US$ x per year to allow up to n unlicenced devices, if it's just about licence fees.
Apparently it does not even need to be a licensed module/IC. https://support.tuya.com/en/help/_detail/Keoi0xcq6kn4b?issueCodes=2%2C5 (https://support.tuya.com/en/help/_detail/Keoi0xcq6kn4b?issueCodes=2%2C5) And those devices were running with trial licenses. Blame the device manufacturer.
Of course, the device manufacturers are to blame. But they are mostly Chinese companies and it's nearly impossible to hold them accountable. Since Tuya doesn't offer a solution (selling a 'support of unlicenced devices' package) users have to throw away all affected devices. How would you fix this problem in a pragmatic way? Blaming the device manufacturers won't help and blaming users for buying cheap Chinese IoT won't help either. Therefore I blame Tuya for being a gategeeper instead of offering a solution.
-
I have smart home devices running on the Tuya smart platform. I recently tried to move a Zigbee bulb from one gateway to another. I was unable to pair it to the new gateway. I got an error message "This device is not authorized".
You can do several things. You could debug it using CC2540 kit or you could flash new (stock) firmware onto it, see if it solves your issues. https://www.aliexpress.us/item/3256806797908634.html (https://www.aliexpress.us/item/3256806797908634.html)
P.S. highly doubt you will be charged customs on this thing
-
Zigbee is an American company, in fact Texas Instruments, and Tuya is a Chinese company. I can see how American company is going to block counterfeit or otherwise competitor devices, because of trade war. This could get progressively worst and you might end up setting up VPN on your router because internet services are blocked on internet provider level or even higher up. So choose American.
-
They could offer a subscription for US$ x per year to allow up to n unlicenced devices, if it's just about licence fees.
Apparently it does not even need to be a licensed module/IC. https://support.tuya.com/en/help/_detail/Keoi0xcq6kn4b?issueCodes=2%2C5 (https://support.tuya.com/en/help/_detail/Keoi0xcq6kn4b?issueCodes=2%2C5) And those devices were running with trial licenses. Blame the device manufacturer.
Of course, the device manufacturers are to blame. But they are mostly Chinese companies and it's nearly impossible to hold them accountable. Since Tuya doesn't offer a solution (selling a 'support of unlicenced devices' package) users have to throw away all affected devices. How would you fix this problem in a pragmatic way? Blaming the device manufacturers won't help and blaming users for buying cheap Chinese IoT won't help either. Therefore I blame Tuya for being a gategeeper instead of offering a solution.
The issue is that some shitty companies were selling devices that used paid service in unscrupulous way. Now that devices no longer work with this service, you blame the service (which is a victim) for not bothering with customer support of these devices. In fact Tuya is a service for businesses/developers and does not directly provide support to device buyers at all.
-
that shit is sad though because its in your god damn house and then suddenly they make your house stop working. There could be people there that actually rely on those devices for good reasons (i.e. disability life help)
if you do it to a business that people work for, and cause a disruption, OK, they have the cash on hand to fix things quickly. It sucks for your boss but at least you can go home if they have to close for a bit. But destabilizing someones home is just low. I think there is a serious lack of respect.
Or even a simple case, where they disable the stairway light to the basement, a driveway light, a pipe heater (so your pipe does not freeze) and you can have real consequences
They act like it will like empower you as a individual and be important, but the actions they took means they consider it a mere auxiliary gimmick for rich people.
I believe amazon is also known to have been doing things that destabilize your home.
I say if they do this, the people developing it don't think its very important to have. Maybe its not a wise investment as a home owner unless you absolutely need it. I think I will just spend my money on buying a better cut of beef and a imported cheese
-
In fact Tuya is a service for businesses/developers and does not directly provide support to device buyers at all.
Users install and use the Tuya Smart app, not the app of the device manufacturers.
-
Local control without any cloud BS is the only correct way to do home automation.
Tying your home to a service somewhere else in the word is madness imho.
-
Local control without any cloud BS is the only correct way to do home automation.
Tying your home to a service somewhere else in the word is madness imho.
The wonders of "clouds"... I recalled a 2 or 3 years back from the news, there was a > 1 day internet outage in the NYC area. Some folks were unable to use their disk/cloth washers, some can't even lock/unlock their house...
Endless adventures when you hand control of your home over to some business entity that could be sold-off or shutdown with little or no notice.
That said, house control is hardly as risky as medical devices. I have a relative with a pace-maker in his chest that is remote control. He is very pleased that his doctor can check and change remotely...
-
Home Assistant + IOT devices running ESPHome is the way i did mine to avoid cloud BS.
But getting ESPHome onto devices usually involves a screwdriver and some wires to the ESP32 programming pads. So definitely not consumer friendly.
Some companies have exposed those pins externally which is nice. Shelly devices have a hole you can poke a header into if you want to reflash them to esphome. But they do have local control options, so you can run them as is.
-
The only good thing to do to a Tuya is hack the sucker, break it's cert and flash it.
Before the encrypted their upload end point it was easier. Now I just don't buy their stuff.
-
Note. The ESP32 released a Zigbee variants, ESP32C6.
-
Note. The ESP32 released a Zigbee variants, ESP32C6.
There is a zigbee component for esphome on ESP32-C6, but i have no idea how stable it is or what exactly it supports.
https://github.com/luar123/zigbee_esphome
-
Note. The ESP32 released a Zigbee variants, ESP32C6.
There is a zigbee component for esphome on ESP32-C6, but i have no idea how stable it is.
https://github.com/luar123/zigbee_esphome
I took a look at it. Seems very fresh. ESP IDF only. Very C++ descriptor heavy, call back heavy, etc.
Not difficult, but unless your copy and paste and edit works out first time it looks like a nightmare to debug.
-
that shit is sad though because its in your god damn house and then suddenly they make your house stop working. There could be people there that actually rely on those devices for good reasons (i.e. disability life help)
Well, to be fair, that raises a point that goes beyond counterfeiting or licensing issues per se.
The problem is proper information of customers. Quite often, critical information about some product is NOT clearly given by the seller upfront. So customers don't know what they're actually buying.
For instance, if you buy a "Zigbee gateway" that will only work with *some* Zigbee devices, the seller SHOULD definitely inform customers about it. Otherwise, for anyone, especially not specialized in the matter, it's reasonable to assume that a Zigbee gateway should work with any Zigbee device - conversely if you buy a Zigbee device, you could assume it will work with the gateway you already own. How are you supposed to know otherwise if sellers and vendors do not inform you?
-
For example: Apple requires manufacturers of Homekit devices to buy a security chip from Apple and go through compliance testing so they can identify each device make sure it is genuine and make sure it is fully compatible
and make sure Apple gets their cut.
-
I am wary of Thread/Chip etc.
What I see happening there is that these new super architecture protocols will become bloated and complicated fast. They will add security layers and encryption layers which are not completely transparent like Zigbee, but will facilitate device "lock in", deliberate incompatibilty outside of brand eco-systems and putting the bar to "hobby entry" extremely high.
To me it doesn't make sense for Google, Amazon et. al. to even tolerate Home Assistant existing. If they are building protocols for the future of home automation, I'm fairly sure that any compatibility with the wider world will be "begrudged" and often avoided.
The same happened with the Zigbee alliance. Before the ink was dry on the agreements, Philips added proprietary extensions for Hue. Not "illegal" but not in the spirit.
The solution needs to be a community driven effort, not heavily funded by the large corporates, but everyone is still happy playing with Zigbee, RF and Wifi to care.