I wish this wasn’t talked about in this very forum. They’re probably working on patching it right now
Interesting, there’s a project at GitHub for it, but it’s one-way with no way to revert to stock firmware. Personally I’d think long and hard before flashing a 120V power control device. It’s managing something much more dangerous than a camera lens…
Search sonofflan alexxit in google and you will see. I have not tested bulbs but switches work well with HA
Forkers, all of them.
Why would it be a negative thing to discuss here?
Wyze sees that plugs/bulbs can be flashed with custom firmwares for local access (thanks to this thread) → Wyze pushes firmware updates to prevent it → no more local access. I may be wrong. Maybe they don’t care. We will see. They’re probably already aware of it. I just don’t think talking about it here helps.
They’ve never censored talk of Dafang Hacks or TinyCam’s reverse engineering or the sensor HA hacks et al., so it’s probably okay? Still sells product after all.
It’s not so much censorship, it’s more them blocking/preventing us from doing it via software/firmware updates. Dafang no longer works for example. Tinycam’s become very buggy with wyzecams.
Yeah, I don’t think they care, particularly not when it comes to something like bulbs or plugs where the only money they make off of them is at the time of initial purchase. After that, those products are only 100% liability expenses using up their servers, bandwidth, processors, etc, without any further income for them because there are no available monthly subscriptions anyone could get for those items. For things like that it actually benefits them when people flash the firmware to run through somewhere else. They save money, and it allows their products to reach a larger market making them sell even more. There is no incentive to prevent any of that.
Furthermore, they already announced in their last AMA Webinar that they are working to make API’s public for many of their devices so that people can modify their products to work any way they want with various third party platforms and devices. Their roadmap plans are the exact opposite of trying to block/prevent things.
I think any incompatibilities that arise on other devices are simply coincidence…they certainly aren’t actively trying to support specific third party hacks by any means, but I am pretty confident they aren’t actively working to destroy or prevent them…most of the hacks actually benefit their business model a lot without taking anything away from them.
What do you mean Dafang no longer works? I could’ve sworn I read of people using it recently on V2’s still…do you mean it doesn’t work for V3’s? Because they’re using entirely different components, so someone would have to reprogram Dafang to support them separately as it wasn’t designed for that yet…If you have an indication that no V2’s work with Dafang anymore, can you please direct me to something confirming this? If this is the case, I suspect it is the last batches of V2’s with this issue. One of the Wyze employees was saying on here somewhere that there are actually like 3 different versions of the V2 that have some slightly different components in them from the others, so sometimes some of them function differently than the others. I would suspect that any Dafang issues are due to the component differences between the 3 generations of V3, rather than an intentional Wyze firmware/software conspiracy.
TinyCam hasn’t exactly reverse engineered anything, they require you give them full access to your Wyze account, Username and password and everything and then just take everything available to them that way and relay it with a different interface/stream. The reason it is so buggy is for multiple reasons…none of which are intentional from Wyze…For one, it’s increasing the relaying and points of failure, and even streaming through the Wyze App directly you get the same problems with disconnects, etc…TinyCam can’t make better what the company directly doesn’t have themselves.
The people who would flash to alternate software were never going to pay Wyze for a subscription anyway, so they have no incentive to prevent it…but allowing it enlarges the width of their funnel for higher selling volume, and cuts out their costs on free cloud space, server usage, bandwidth limitations, etc. There really is no downside for them…but they’re just not going to go out of their way to cater to a specific hack. That’s all it is.
They’ve announced they are working on releasing official public API’s for some things to make it easier for people to make their own modifications.
I personally think it’s fine to discuss basically anything [that is legal and respectful] in this forum without Wyze trying to subvert it. At least that’s been my experience. Wyze doesn’t always want do the work for all the fixes and modification, but I’ve never seen them care at all if someone wants to do anything with a device after they already made their money off it. Modifiers were never going to use the subscriptions anyway, it’s a totally different market group of customers, but ones they are also happy to have.
The only reason I will not use TinyCam, even if it is secure I do not like giving it out.
Yeah, Wyze has strongly recommended against giving our username/PW even to Tiny Cam for security reasons…they could even totally block it if they really wanted to, but they respect us enough to make our own decisions and I am thankful for that…I believe it is in TinyCam’s best interest to keep everything fairly secure…they are making a ton of residual income from their own cloud offerings, etc…it would be stupid to risk losing that…
That’s a little different from guaranteed honesty…but it is something…I like the benefits I get from it. Thankfully both Wyze and TinyCam have recently turned to support 2FA, so you could in theory grant and revoke TinyCam’s access to only work when you want to use it…but also in theory, the developer could potentially just download all the cloud and live recording during the few times you give access.
IDK, I totally get the hesitation. For me personally, I don’t worry about it too much because I don’t have cameras in sensitive areas (bedrooms, bathrooms, etc), and I BELIEVE it is encrypted/secure or someone would’ve noticed otherwise by now after all these years…but I still don’t blame anyone for refusing to give such access on principle. When Wyze finally provides API access we could probably use solutions similar to TinyCam without having to give up our login credentials. That would be nice.
Three small but important points. One, there is no “relay”. TinyCam developer and/or servers never touch your video stream (as far as I understand). It’s point to point from your camera to your TinyCam device, just as with the regular Wyze app.
Second, he did really reverse engineer the Wyze login and access protocols to be able to do what TinyCam does. That’s no small feat in my opinion. Nobody else has done it (even though he shared it publicly).
Third, the TinyCam developer has answered right in this forum (another member asked on my behalf) that the Wyze credentials are stored on your local TinyCam Android folder and are never shared or stored anywhere else. It’s your Android device doing the authenticating and connecting. My concern about this kept me from even trying TinyCam for a long time but I’m now willing to trust him on this (and not motivated enough to do packet captures to verify).
Yeah, I’ve also read all of the above before too. And like you, I believe it all. I think the problem for most people comes down to this:
Tiny Cam is not open source. There is no way for most of us to ever be able to tell if all of the above are true. We have to “trust him on this” and believe he didn’t program in a backdoor or any number of other things that could possibly be exploited in some way some day.
I believe all of the above is true, and I believe it enough that I choose to use it… But I can’t blame those who instead choose to take the opposite as us and aren’t willing to blindly believe what some third party developer claims.
As I said before, I think the value he gets from keeping honest far exceeds anything he could get sneaking peeks at someone’s puppy while they’re away at work… And I also think it’s popular enough that others have tested packets and other things and would’ve reported concerns by now if they were there… But I totally get the hesitation of others to not be “willing to trust” but wanting more clear assurances somehow even if it’s enough for some of us.
I am in full agreement with @Customer .
I’ve gone through the camera sharing process with @alexey.vasilyev for problem resolution on both Yi (battery and playback) and Wyze (2FA) issues. He has always been responsive and helpful.
The process as I experienced it:
- problem is corrected
I don’t see how anyone can complain for a one-time payment of $3.99US.
Another +1 for HA integration. Pre-ordered two v3 cams excited at the capabilities and prices and did a quick google and I saw RTSP for the cams but quickly disappointed when I got the v3s to set up and realized it’s a separate firmware that isn’t out for the v3s. They’re not of much use without being able to integrate with my HA I’ve built over the last 3-4 years. Big bummer.
i’d love for integration for the robo vac with alexa. i want to be able to say “alexa, ask robo vac to vacuum the living room” instead of having to go to my phone and open the app and scroll thru my devices and start the vacuum from there.
It’s not already? Thought it was. My 2 year old non-Wyze vac works great with Alexa.
Talked to Wyze yesterday, they didn’t learn anything from the V2 RTSP firmware fiasco, they’re doing EXACTLY the same BS with the V3!
Instead of incorporating the RTSP into the production firmware, they’re birthing yet another unwanted stepchild of “RTSP” firmware.
That’s disappointing, I was hoping the improved precessor and RAM and everything on the V3 would support the full RTSP firmware, so they wouldn’t have to branch out the development, and potentially reduce other features.