// the find
ct-Open-Source/tuya-convert
A collection of scripts to flash Tuya IoT devices to alternative firmwares
tuya-convert exploits a vulnerability in Tuya's OTA update mechanism to flash ESP8266-based smart home devices with alternative firmware (Tasmota, ESPurna) without a soldering iron. It works by impersonating the Tuya cloud server over a rogue AP. The target audience is DIY home automation people who want local control over their devices.
The approach is genuinely clever — hijacking the OTA handshake rather than requiring UART access means the barrier to entry is just a Linux box with WiFi. Docker support is a nice addition that removes the dependency installation pain. The firmware backup step before flashing shows someone was thinking about recovery paths. OUI lists for ESP vs non-ESP detection help users understand upfront whether their device is even flashable.
The core exploit was patched by Tuya in 2019 and the workaround was subsequently patched again — many modern Tuya devices simply will not work with this, making the star count somewhat misleading about current utility. Last meaningful activity was 2024 but the device compatibility situation has only gotten worse, not better, as manufacturers quietly switched away from ESP82xx. The bundled Tasmota binary is almost certainly outdated and will need an OTA update immediately after flashing anyway. No automated way to check if your specific device is still flashable before going through the whole setup.