Benexmart Irrigation Timer - Tasmota conversion

Finding a cost effective Tuya water timer that can be converted, has been a bit of a hit and miss.

Earlier this year I found this Water Timer. Price was about $60 AUD from AliExpress. The Timer itself uses the TYWE1S module and consists of a single button and relay to control the valve.

Manufacture: Benexmart
Model: FJSJKZQ-TY-W-XV-JS (PCB Markings)

I have been running the timer via the regular Tuya integration with Home Assistant, but had the odd event when it failed to turn off. 

The original vendor listing isn't active, but I found these links.

TuyaSmart Life Store

https://www.aliexpress.com/item/4001244982369.html
https://www.aliexpress.com/item/4001363870790.html

As with recent devices, this was shipped with the newer Tuya firmware that doesn't work with tuya-convert, and needs to be flashed directly via serial.

credit

Important note: Make sure your flasher is set to 3.3v

Opening

Opening the device takes a little patience. Case is glued. I started at the bottom (vents) and pried around, carefully breaking the glue. Once open you can access the 4 screws holding the front plate on. These have a small amount of silicon applied, but easily removed.

Tasmota config

There wasn't an existing Template for this device, but it was simple enough to create.

Device has LED (red), Button and relay. The Green led is linked to the valve state and not controllable independantly.

{"NAME":"FJSJKZQ","GPIO":[0,0,0,0,32,0,0,0,288,0,224,0,0,0],"FLAG":0,"BASE":18}

GPIO4 - Button - 1

GPIO12 - Led - 1

GPIO14 Relay - 1

Other Config

Console commands to configure auto off rule, in case of WiFi/MQTT interruption and (red) LED function.

Set red led to reflect WiFi/MQTT connection state (optional)

LedPower 1

Automatic turn off after 15 minutes (900 Seconds)

Rule1 ON power1#state=1 DO RuleTimer1 900 ENDON ON Rules#Timer=1 DO Power1 off ENDON

Rule1 1

Mirabella Genio Power Plugs - Teardown / Open

This range of plugs can be sourced from Kmart or BigW for about $25-$30 AUD.

Mirabella Genio Wi-Fi Power Plug with Energy Monitoring (I002931) Kmart $25 Mirabella

Mirabella Genio Wi-Fi Double Power Plug with USB Ports (I002932) Kmart $29 Mirabella

New design

The new variety of Mirabella Genio Power Plugs lack screws and are now glued. With a bit of persistence, you can open these with a box cutter and small spatula or similar opening tool.

Mirabella are still using the TYWE2S is this design which is compatible with Tasmota.

Unfortunately these devices run the new Tuya firmware, which prevents using OTA tuya-convert to flash Tasmota or ESPHome.

WARNING - DISCLAIMER

Proceed at your own risk. This information is provided as a guide and you take full responsibility for any harm or damage that may result. Opening any mains powered device should only be done by a professional. I accept no responsibility for any malfunctioning devices as a result of this tutorial. This process will void warranty of the device. Proceed at your own risk.

Opening

Run the boxcutter around the outside, then use the spatula to carefully break the glue.

Once you have separated the sides, insert a the spatula just under the step a lift up. The corners can be a bit stubborn. Release both sides before trying to separate fully.

My favourite is the iSesamo from mymagmat.com, but you can find similar on ebay for half the price.

ISesamo - Ebay

Flashing

Only method available is serial. The TYWE2S IO can be accessed after unscrewing the PCB and separating the backplate. There is sufficient cable length to gain access.

Please see the other blog posts for flashing process.

We are sorry, but you do not have access to Please contact your organization administrator for access.

We are sorry, but you do not have access to <service Name>. Please contact  your organization administrator for access.

If you are a Google Workspace user and you see this message, it means your Google Workspace admin has turned off the a Google service for your account .

To resolve the issue, contact you Google Workspace admin or where you are the admin, please consult this article 

https://support.google.com/a/answer/182442?hl=en

Click a service name below for instructions (requires an administrator account).

Google Workspace	Additional Google Services	Google Workspace Marketplace Apps
Calendar Google Chat Cloud Search Directory Drive Gmail Currents Groups for Business Jamboard Keep Google Meet Google Voice Google Sites Classic Sites Tasks Classic Hangouts Vault	Blogger Brand Accounts Google Ads Google Analytics Google Cloud Google Domains Google Earth Google Maps Google My Maps Google Payments Google Photos Google Play Search and Assistant Search Console Web & App Activity YouTube Other...	Any Google Workspace Marketplace app

We are sorry, but you do not have access to google maps. Please contact your organization administrator for access.

We are sorry, but you do not have access to google maps. Please contact  your organization administrator for access.

We are sorry, but you do not have access to google maps.

If you are a Google Workspace user and you see this message, it means your Google Workspace admin has turned off the Google Maps service for your account.

Google recently made a change in Workspace admin:

"When the Google Maps service control is set to off, users are prevented from using Google Maps when signed into their Workspace account."

To resolve the issue, contact you Google Workspace admin or where you are the admin, please consult this article https://support.google.com/a/answer/6304830?hl=en

 

How to Flash Tasmota onto a Arlec Grid Connect Smart Plug-In Socket PC190HA from Bunnings

 

About

The Arlec PC190HA is a cost effective smart socket that is Tasmota compatible. The socket uses the TYWE2S module based upon the ESP8266.

This socket can be purchased from Bunnings individually for $17.50 or in a 4 pack for $60.

Downside of this unit, is Arlec have introduced Tri-Groove Security screws, which is rather uncommon and does make opening this unit a little more difficult, but not impossible. More about this later.

Tri-Groove Security Screw

Replacing the firmware

Arlec like many other manufactures have updated the Tuya firmware. Frustratingly this means the OTA update method via Tuya-Convert is no longer an option. Efforts are still ongoing to fix this, but there is no ETA.

The alternative is to flash via serial using a USB to TTL Serial Converter and Tasmotizer (Windows).

HW-417 USB to TTL Serial Converter

Opening the PC190HA

To get access the TYWES2 requires opening the socket. At this point I remind readers;

WARNING - DISCLAIMER

Proceed at your own risk. This information is provided as a guide and you take full responsibility for any harm or damage that may result. Opening any mains powered device should only be done by a professional. I accept no responsibility for any malfunctioning devices as a result for this tutorial. This process will void warranty of the device. Proceed at your own risk.

With that out of the way opening the PC190HA will require a Tri-Groove screwdriver or similar.

Make your own Tri-groove screwdriver

As I couldn't find a local supplier, I opted to fashion my own from a spare Allen key (~4mm or 1/8") and a common triangular file.

Process isn't as difficult as it seems and even a rough tool will be sufficient to remove the screws. Below was my first attempt and I was successful in removing the screws. 

To fashion the Tri-Groove tool, place the Allen key into a vice and simply file a V from the middle of every second flat side. Position the file at a ~45 degree angle.

With any luck the tool will be sufficient to remove the screws. The top case is secured by three lugs which can be overcome by hand.

Flashing

The PC190HA uses the common TYWE2S module and is relatively easy to get access to the serial port pads. The rear cover will need to be removed to expose the IO0 pad on the TYWE2S. Remove the single Philips screw in the centre of the PCB.

Solder on jumper wires.

To successfully flash the TYWE2S the USB TTL converter needs to be connected supplying 3.3v. Also  IO0 needs to be pulled to ground, at initial power on only.

Make sure your USB TTL converter is set to supply 3.3v, not 5v.

The approach I used was to split off an additional ground wire and hold it on the IO0 pad, while connecting the USB TTL converter.

Open Tasmotizer, Select the USB port.

Select Release and optionally backup original firmware.
Note: you can preload the WiFi and other configuration detail if you so choose.

Click Tasmotize!

If flashing was successful, unsolder the jumper wires and reassemble. I opted to keep the Tri-Groove screws, but you can replace with similar Philips head screws if needed.

Setup

By Default Tasmota will present as an AP. My preferred option is to use a phone to connect and configure the WiFi. Once it is connected to your WiFi use Fing (Android app) to locate the device IP and connect to the web interface at http://192.168.4.1

Arlec PC190HA Tasmota configuration

Refer to the Tasmota Devices database at https://templates.blakadder.com/arlec_PC190HA.html

Template: {"NAME":"Arlec-PC190HA","GPIO":[0,0,0,0,320,0,0,0,224,576,32,0,0,0],"FLAG":0,"BASE":18}

Google Vault: Are shared files discoverable?

Google Vault: Are off domain shared files discoverable in Vault?

Recently a question about Google Vault was put to me in the G Suite product forums where I contribute under Google's Product Experts Program.

We are setting up Google Vault for our organization. Using me as an example, say my wife, who not a part of our organization but who has a personal Google account, shares a Google Doc for a household grocery list with me at my work address. Are you saying that that document would be then searchable by Vault administrators, since it was shared to my work account? [link]

Normally Google's Help Center is the place to go for most answers, but I was unable to find an article that covers this specific question. This article goes close but does specifically talk about the drive content owned by an off domain user.

So how does Vault handle this?

Testing

Test #1: Discover shared Drive content by off domain owner.

1. Login as a consumer gmail account.
2. Create a Google Doc
3. Share it directly with a G Suite user in a domain with Vault enabled.
4. Login as G Suite user and confirm I can view the shared file.
5. Login in as an Admin to Vault and search for the Google Doc.

Test #1 Result: Files shared by off domain user (owned) are discoverable in Vault.

Test #2: Discover unshared content by off domain owner.

1. Login as a consumer gmail account.
2. unshare the above Google Doc
3. Login as G Suite user and confirm I cannot view the shared file.
4. Login in as an Admin to Vault and search for the Google Doc.

Test #2 Result: Files unshared by off domain user (owned) are no longer discoverable in Vault.

Test #3: Discover publicly shared Drive content by off domain owner.

1. Login as a consumer gmail account.
2. Create a Google Doc
3. Share it publicly (link).
4. Login as G Suite user and use the link to confirm I can view the shared file.
5. Login in as an Admin to Vault and search for the Google Doc.

Test #3 Result: Files shared publicly (by link) by an off domain user (owned) are not discoverable in Vault.

Test #4: Discover publicly shared Drive content by off domain owner and "Add to My Drive..."

1. Login as a consumer gmail account.
2. Create a Google Doc
3. Share it publicly (link).
4. Login as G Suite user and use the link to confirm I can view the shared file.
5. Add the Doc to "My Drive" via the "Add to My Drive..." Option
   
6. Login in as an Admin to Vault and search for the Google Doc.

Test #4 Result: Files shared publicly (by link) by an off domain user (owned) are discoverable in Vault, if the G Suite user adds the file to their Drive .

Test #5: Discover publicly unshared content by off domain owner after it's removed from My Drive.

1. Login as G Suite user, select the Doc and "Remove from my Drive".
2. Login in as an Admin to Vault and search for the Google Doc.

Test #5 Result: Files are not discoverable in Vault.

Summary

Key findings:

• Files owned by users outside the domain and shared directly with G Suite users are discoverable.
• Discovery is only possible while sharing remains enabled.
• If the owner revokes the sharing, discovery is no longer possible.
• Files publicly shared, must be added via "Add to My Drive" for discovery to work.
• Removing the file from "My Drive", will stop discovery.

Considerations:

1. Vault will not provide visibility to data leakage via files owned by off domain users.
   
   Potentially a malicious actor could establish a Google consumer account, create and share a file with an G Suite user. Then dump data into that file and unshare, without Vault showing a record of that.
   
2.  External parties sharing Drive files or Google Docs with G Suite users must be aware G Suite admins can access via Vault. 

Office 365 Exchange online Outbound email blocked by Spamhaus (CBL)

Seems MS can't give a straight answer, but users on some trials are reporting difficulties with sending email (internal and external) due to transport restrictions enforced by MS.

MS uses the Spamhaus CBL to match IP in the header of the sending device. X-Originating-IP

Generally block lists are used for abusive SMTP/email servers, but MS are using it against Exchange clients (Outlook / Active Sync and OWA). Presumably to kerb spammers abusing the trial.

Error

Resulting in a NDR

Remote Server returned '550 5.7.501 Service unavailable, Client host blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso (AS16042849)'

The NDR will contain the IP of the actual device where the message was generated, not the Exchnage server IP, as it the case with some other platforms.

X-Originating-IP: [1.125.48.104]

The Fix:

Modify the default connection filter to allow these IP's

• Use the EAC to edit the default connection filter policy - detailed here
• Use powershell to add multiple (max 1273) subnets (max subnet size /24)

PS> $UserCredential = Get-Credential

PS> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection


PS> $sn=@{Add="1.124.0.0/24",
"1.124.1.0/24",
"1.124.2.0/24",
...<snip>...
"1.127.255.0/24"}

PS> Set-HostedConnectionFilterPolicy “Default” –IPAllowList $null
PS> Set-HostedConnectionFilterPolicy “Default” –IPAllowList $sn

Links

Telstra Mobile IP's - http://wq.apnic.net/apnic-bin/whois....AINTERNET49-AU
Powershell command ref above - https://technet.microsoft.com/en-us/...xchg.160).aspx
EAC - IPAllowList Limits - https://technet.microsoft.com/en-us/...or=-2147217396

Full script - https://pastebin.com/3wkGF7Gx