Share this page!

Maybe Scrolly?
Troy Hunt Profile picture
Twitter logo
6 Jun, 10 tweets, 4 min read
For my next IoT mission: I want to use Local Tuya to control lights without cloud. I don't want to solder stuff or pull lights out of the ceiling, you can no longer pull keys from the Tuya IoT portal (see descripting of vid) and I don't have a rooted Android. What's left?
All of this is just different levels of pain. BlueStacks and the Smart Life APK? My Tuya creds don't work. So screw it, just setup a dedicate Pi and use Tuya Convert to flash firmware. Nope, that won't work either: Image
I'm trying to find a "happy path" here, one that's not only happy for me, but one I can encourage others to follow. So far, that path remains having a cloud dependency and using the Tuya integration in @home_assistant. That's the least terrible of all the terrible options.
Because I don’t know when to give up, I went back to BlueStacks to work out what went wrong. There are **2** Tuya apps, one is TuyaSmart which I’ve paired dozens of lights through. The other is Smart Life which is the one used in the demos where the keys are pulled from it. Image
Totally different accounts used on both, so do I unpair every single light from TuyaSmart and manually repair them all to Smart Life? Let's check this all works first so I pair a test light to Smart Life and successfully extract the keys per this vid Image
The Local Tuya integration finds it on the network by device ID, I fill in the local key, submit and... Image
FFS. Ok, so let's check the log for some meaningful messaging about what went wrong... Image
Still swearing. Change of approach - grab the TuyaSmart APK, log in to that within BlueStacks then it has all my existing devices in it. Now all I need to do is pull out the preferences file with the keys... apkmirror.com/apk/tuya-inc/t… Image
But no, there's a reason you're meant to pull down an **old** Smart Life APK from years ago because it seems like the newer software doesn't store the keys in the clear. And even then, the keys aren't working in the Local Tuya integration anyway!
Don't get me wrong, I've loved toying with IoT, but this shit is just insanely hacky and a lot of people are trying to beat the technology into submission to do stuff it simply wasn't designed to do creating constant problems. I'm about ready to go back to candles at this rate 🕯

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Troy Hunt

Troy Hunt Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @troyhunt

Troy Hunt Profile picture
8 Jun
For folks asking about 8.4B record “RockYou2021” password list that’s in the news today, this is an aggregation of multiple other lists. For example, this password cracking list: crackstation.net/crackstation-w…
Among other things, it contains “every word in the Wikipedia databases” and words from the Project Gutenberg free ebook collection: gutenberg.org
Unlike the original 2009 RockYou data breach and consequent word list, these are not “pwned passwords”; it’s not a list of real world passwords compromised in data breaches, it’s just a list of words and the vast majority have *never* been passwords
Read 8 tweets
Troy Hunt Profile picture
27 May
I’m very happy to announce that @haveibeenpwned’s Pwned Passwords is now open source under the @dotnetfdn. Now we’ve got some work to do: building an ingestion pipeline for new passwords provided by the @FBI on an ongoing basis. This is super cool 😎 troyhunt.com/pwned-password…
There’s so much I love about this, starting with the fact that it removes a huge barrier for many orgs considering using Pwned Passwords: if I have an unfortunate jet ski related accident and can no longer run the service, you can pick it up and run it yourself.
And because all the passwords are already freely downloadable from @haveibeenpwned, all the data is already in the public domain. Open sourcing the code compliments the already open sourced data.
Read 7 tweets
Troy Hunt Profile picture
25 May
It’s finally here - the @haveibeenpwned 3D logo 😎 The reason I bought the @Prusa3D in the first place was to make a bunch of these and hand them out in my travels. A little tweaking to do then I’ll pump out a bunch and give ‘em away. ImageImage
Pretty happy with this now, might need to start some mass production: Image
I think I know what I have to do now… 🙂 Image
Read 4 tweets
Troy Hunt Profile picture
18 May
Is there a device to keep multi-monitor setups aligned? Other than duct tape, of course. Image
Alrighty, fixing this problem: first up, a bunch of 25mm Velcro measured and cut to size for a nice vertical fit along the edge of each screen (the 50mm one comes later) ImageImageImage
Next, some spirit level perfection to keep the centre screen straight and the same distance on each end off the wall, plus the Ergotron arm well and truly tightened up ImageImageImage
Read 5 tweets
Troy Hunt Profile picture
3 Apr
I’ve had a heap of queries about this. I’m looking into it and yes, if it’s legit and suitable for @haveibeenpwned it’ll be searchable there shortly.
On first review, it's an extensive data set with one file per country and a header row as follows:

phone,uid,email,first_name,last_name,gender,date_registered,birthday,location,hometown,relationship_status,education_last_year,work,groups,pages,last_update,creation_time
I actually couldn't find any of my own or my family's data in the Australia file which has 7.3M rows. Having said that, I'm hearing from other trustworthy sources that the data is legit and that seems a reasonable assumption to work on for now.
Read 27 tweets
Troy Hunt Profile picture
1 Apr
Oh wow, there’s so much to unpack in this video by @LewSpears. Maybe just start by watching it (it’s hilarious, but probably NSFW so wait until you get hom... oh, yeah)
This relates to the research my mate @TheKenMunroShow from @PenTestPartners did on the chastity lock vulnerability last year:
Subsequently, @lorenzofb did a story eloquently titled “Your Cock Is Now Mine” in response to @LewSpears reaching out to him in the earlier video and pretending to have had his wedding tackle cyber’d.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @troyhunt has new unrolls!

Check out other threads from @troyhunt!

Read all threads by @troyhunt

:(