15 Jan 2020 - tsp
Last update 06 Jul 2020
Since this blog post is about electrical equipment that interfaces directly to mains voltage please note that one should adhere to the standard basic safety rules when manipulating devices and wiring (this is of course not a complete list):
Please also note that manipulation of electrical installations might be highly regulated and require to be an certified electrician in your country - if you are unsure ask an professional. The same goes about safety rules - if you don’t know really what you’re doing ask an professional. It’s not worth the monetary saving to risk fire or death.
The Sonoff T4EU1C is a variant of the well known Sonoff T1 smart switch (note: Amazon affiliate link - this pages author profits from qualified purchases) that offers - additional to local control - WiFi based control of room lights. The main problem that many people have with retrofitting smart switches into their homes in central Europe is that most Sonoff switches like the mentioned T1 as well as modules as the Sonoff basic (note: Amazon affiliate link) do require neutral and phase for their own power supply (since the local 3.3V and 12V power supply requires phase and neutral for their local transformer to work).
Since most room lights are wired in a way where the neutral is routed through the (mostly brick or concrete) walls most of the time inside pipes, sometimes in old houses directly inside the concrete and only the phase is routed downwards to the switch and the switches phase back upwards towards the room light. Because of this it’s sometimes really hard or impossible without major reworking of your walls to route a neutral wire towards the light switch. Because of this traditional smart switches like T1 or the Sonoff basic cannot be put in that place easily.
To cover such situation one can use the Sonoff T4EU1C. This switch does not require a neutral connection. How does this work? Basically the switch-mode supply inside the T4EU1C switches on for very short periods of time (i.e. at a high frequency) to charge a local inductor at a relatively high current. This inductor then gets discharged to supply the local power supply - this is the same mechanism that’s used in nearly all modern switch-mode power supplies. Of course this means that the main power towards your room light gets enabled for a really short time - this leads to an effect of LED lights flickering or - in case of some fluorescent lamps to not provide enough current during the charge phase and so not enough power for the T4EU1Cs local power supply - this is caused for example by the high inductance of the choke used to ignite fluorescent lamps that also limits inrush current at higher frequencies. For LED lights the effect is caused by the switch-mode power supply circuit that tries to do it’s own high frequency switching when powered up. The short high frequency pulses do not lead to visible problems with traditional ohmic light bulbs because they heat up too slow to cause any visible artifacts. To counter these effects an circuit that’s called anti flicker by Sonoff is used. This circuit provides a high frequency bypass around the load (it can be connected across the live and neutral wires at the lamp itself or somewhere where one can access the switches phase as well as the neutral).
This bypass circuit seems to be (from visual inspection) just an $100pF$ capacitance (realized as two capacitors in parallel that connect live and ground) as well as a huge bleeder resistor to discharge the capacitors. As one knows such a circuit forms a high pass connection between neutral and live wire - and (I guess) the effect of reactance will be compensated by the inductor inside the switch itself.
Just for reference: A $100 pF$ capacitor has a resistance of about $33 G\Omega$ at a frequency of $50 Hz$. At a supply voltage of $230V$ this would lead to a current of about $7 nA$ that leak through the circuit at line frequency which would be equal to a loss of $1.7 \mu W$ caused simply by the presence of the bypass circuit. This is of course not related to the power required by the switch supply itself - that’s just the leakage caused by the bypass circuit.
The first thing that I’ve discovered that made me not so pleasant with the bought T4EU1C was that the wires of this bypass circuit / anti flicker circuit had been tinned. Of course that could easily be solved by cutting them, dismantling again and using proper clamps or proper wire end sleeves. Unfortunately I can imagine that many users might directly use the part as delivered - please don’t do that. Due to even pretty low heat the solder might start to flow, reducing the cross-section of the contact point which leads to increased current which again leads to more heat buildup. If one’s lucky this will lead to interruption of the connection and simply a device failure (as if the circuit is not connected). If one’s not that lucky the current through the thin connection will be high enough and stable enough to build up heat that might even cause the typical fire - this is nearly the same process as with serial electrical arcs at broken wires (an AFDD would detect that of course). Of course that’s more of a theoretical problem since the load itself has high resistance around the mains frequency but since it’s not allowed to tin wires for live connections in most places it’s worth mentioning.
The second things that I don’t really like about these type of switches is that they are connected via WiFi. This is great for retrofitting (which is the main use of the T4EU1C) but in my opinion a solution based on a wired network should always be preferred if possible (for example an ethernet based solution based on the ESP32 instead of the ESP8266). The second drawback when using these switches is that the boards simply miss a marking containing the MAC address of the device which makes provisioning a little bit harder - of course that’s not a problem when one has to manually flash own firmware anyways.
The main problem with WiFi is that it uses a shared medium that doesn’t stop at your flats or houses walls. Since we are talking about infrastructure it’s unlikely that stuff like light switches should be exchanged in the near future - which means that one relies on a single cryptographic protocol (if there’s not some magic like strong signatures happening inside the firmware later on) will be used to trust with the entire infrastructure. As is known nearly all wireless protocols had weaknesses discovered at some point in time and it’s pretty hard to upgrade your whole infrastructure in such a case. The second problem with WiFi is that it’s most of the time used with preshared keys (i.e. WPA-PSK for example). All devices are using the same password - if your loose one the attacker has access to the entire network and you would have to reconfigure every single device - and you can’t do that in an automated way when you’ve not added some additional per device encryption for that. WPA-PSK is also known as the weakest and least trustable encryption and authentication mechanism for WiFi. The main working approach to security is to simply threat WiFi as an untrusted and broken network - which is normally in strong contradiction to how home automation systems are built.
There is a major difference of the Sonoff switch to most European light switches that one should consider. Since most switches are mounted inside installation sockets that are again embedded directly inside the walls most switches are attached via clamps that can be spread using screws from the front of the switch. The Sonoff Switches on the other hand don’t have such screws and braces in place - I think the idea is to screw them against a wall directly which is what’s done for example in many wooden buildings. This makes mounting them on top of installation sockets a little bit harder. Screws for mounting are of course delivered together with the switch - they are again suited for mounting on wood or inside cement / gypsum walls. If you mount the switch on a concrete wall you might require special sockets that provide space for screws or own screws and anchors.
First before assembly or flashing one has to dismantle the switch. This is done by pulling away the front cover from the back which gives access to the logic board (including flash and ESP8266). This doesn’t provide any access to live voltage. All live voltage handling is done on a second board that’s connected to the back of the logic board via a pin header (one can simply pull out the logic board).
The second board situated in the back exposes live main power - beware when doing any work on the switch while not disabling main power supply (which you shouldn’t do anyways). The second board contains the high voltage relay which is a mechanical relay and the power supply logic.
To flash the board with custom firmware the usual pins (3V3, RXD, TXD and GND)
are exposed as usual. To put the device
into bootloader mode an additional step is required - the GPIO0 pin has to
be pulled to ground during the power-up sequence. When done manually a single
time to flash an OTA capable firmware (which is the first thing one should do)
one can connect one of the pins of the resistor R10 on the backside - I’ve
done this in a hackish way by using male DuPont connectors to connect 3.3V, RX,
TX and GND to the mainboard and push a bridge between GND and R10 manually. With
the remaining hand I’ve connected power to USB and then - immediately after
the port has been detected - I’ve started
esptool to upload the firmware
image. After the first upload I’ve used OTA - which provides an much less
complicated method for firmware upload.
The GPIO pins are mapped as known from the Sonoff T1 Touch:
|GPIO0||Input (Enable Pullup)||Low on touch, High idle||Touch sensor input|
|GPIO12||Output||Active High||Relay and main LED|
|GPIO13||Output||Active low||WiFi LED|
I’ve uploaded a simple example on how one could solve remote control using the Arduino framework to a GitHub GIST.
Note that this should only be used as a starting point and just implements some basic stuff (HTTP and MQTT control, OTA upgrade, etc.).