Sniffing packets from a selected LAN source and to it (logging them): IOT device capturing traffic

I got me some Door sensors, they are Tuya WiFi Door/Window sensor:

It uses a phone app called Smart Life:

It sort of works fine.

BUT

it bugs me senseless how these IOT devices use some cloud service and tie you to this one app etc.

And in this particular case the SmartLife app shows me a great log of open/close events but provides no means to export this data for statistical analysis. As it happens, these are sensors on the doors of a street library and we want to collect stats on frequency of use, times of day, and more. But the out of the box offerings are not there for that.

So, I have these on a LAN with an Omnia as a gateway and it strikes me it should be eminently possible (with some ssl concerns on the table), given I know the MAC and IP of each switch, to log all the traffic from and to it on the Omnia. Further, to possibly process those logs then (a Python script) to produce a neat summary of open/close events.

Alas I don’t know quite where to start or if this is a pipe dream because of SSL comms (though surely as man in the middle it’s possible to decrypt even SSL? being privy to whole comms - though I fear it be complicated and again not out-of-the-box). But it remains a premise in any case that the device opens a SSL socket on some remote server and sends its open/close events.

Wondering if anyone is doing anything similar?

Or is this a case of having to find a way to reflash the firmware on these switches to use something open?

Bump. Wondering if anyone has any experience here to share?

Not with tuya, but I’d look into home assistant and their localtuya integration.

Some hints could be found here: Tuya Door Sensor as sensor not switch - Third party integrations - Home Assistant Community

Thanks, have done a lot of reading in that direction and alas these door sensors underwent a chip technology change recently and the whole FOSS community hasn’t caught up yet. To work with Home Assistant you typically need to reflash the firmware to connect to Home Assistant and not the Tuya servers. Worse still Tuya don’t make that easy and OTA flashing is rarely possible with most people soldering wires onto the little PCB to achieve the end result.

The question I have mind you is a general one with many more applications. Basically watching traffic passing through the gateways and logging it. Would be very useful in many circumstances. Of course, may be confounded by SSL not sure (it’s a classic cat and mouse game, because SSL aims to make MITM sniffing impossible clearly and my gateway, albeit approved and mine, is a MITM).

You could try poking around mitmproxy.

That could allow you to sniff the traffic between the door sensor and tuya’s servers.

The one problem is that mitmproxy will generate an untrusted certificate chain, that the door sensor might not accept.

The reflashing route sounds better to me. You would be running a known good software and have control over where the data is being sent. Also, if that has already been validated and documented by the homeassistant community, you would not be embarking on an endless journey of reversing a protocol. Additionally: when tuya changes their API, which they did before, your solution will continue working.

Totally agree. Reflashing is the ideal. And I have played with mitmproxy before with no real success alas, but not in this application. Could try it.

Alas, reflashing is not an option until there is stable firmware for this new chipset. There is an initial cut I think but the reports are the batteries on the door sensors are flat in no time. The thing is the sensors are down and wake up on triggering for as long as it takes to send the signal and go down again thus extending battery life immensely.

The Omnia has Pakon though and it watches traffic if not content, but all the same it suggests it’s doable to at least log the traffic …

I’d also consider shopping around. Try to find a known good compatible door sensor, that is confirmed to be working with home assistant (locally).

Pricewise, these sensors are not that expensive. Finding a good compatible one, can save you days with setup, configuration and troubleshooting…

Any suggestions? Shopping is hard work.

Try Shelly brand. It is based on the esp, I have been using their trv.

It is wifi based - same as the tuya sensor you have.

Thanks. Alas twice the price of Tuya. I have 4 of these on a family of street library doors for monitoring so they are also in public space, and risk theft/vandalism, whatever else, so even less incentive to double the price ($15x4 for the Tuya sensors, sunk cost) vs. $35x4 for the Shelly sensors at best price I can see.