Tuya CWWW bulb 1.3.21 - Exploit succeeds, but unable to read flash #30
Description
I have a couple of those "decorative" 400lm CWWW E27 bulbs from Tuya (OEM is Airam, model D220, 9410775 A7GAMK). First I connected one to the Tuya cloud, after which I managed to flash the firmware with Cloudcutter (profile 1.3.21 - BK7231N / oem_bk7231n_light_ty), but the ESPHome YAML generated with that profile was not working at all. I managed dump the storage with OpenBeken (attached) and with that info I got the bulb working in Home Assistant.
However, as I have a couple of these bulbs, I thought that next I would try my hands at dumping the full firmware from a fresh device. I don't think that I would be able to disassemble the bulbs in a non-destructive way, so Lightleak is probably the only option? I used the lightleak-custom-ap_v2024.2.9_bk7231n.uf2 firmware on a previously flashed BK7231N device and a OnePlus 9 Pro with Android 14.
With the Lightleak - BK7231N - Type 2 (Standard) / Addr 2 and Lightleak - BK7231N - Type 2 (Standard) / Addr 4 profiles I managed to get the exploit through and the app went into the flash reading menu, but on that I'm only getting the error Couldn't receive packets from the device:
I have attached a couple of the logs from the attempts during which I was able to get to the said menu: A7GAMK_logs.zip