MEROSS MSS620 -- a Journey Into Strangeness

By in CircuitsMicrocontrollers

2,129

1

12

Introduction: MEROSS MSS620 -- a Journey Into Strangeness

By Detlef Amend media
About: Hard- and Software developer. Knows his way around servers, clients and all that internetz stuff. Sleeps a lot.

A friend of mine needed needed some wifi controlled power outlets for her balcony - you know, the usual stuff: watering plants, bringing up the lights when it gets dark. So after some browsing the web, I came up with the MEROSS MSS620 - two power outlets, wifi controlled.

Of course I wasn't looking to keep the original firmware - maybe I'm oldschool, but I don't like trusting some obscure chinese company with my WiFi password ;) Since I couldn't find any info about that specific model, I opted to go with my guts: 2.4GHz Wifi, some app... right: sounds like ESP8266.

Step 1: Open Up!

The parcel arrived, and there it was: A fairly familiar looking MCU Module, RX, TX, GND and some jumper labeled "KEY". Grabbed my continuity meter and confirmed: all those signals go where I would expect them to go for an ESP12 - this is going to be easy... so I thought.

!!!! One word of caution before I proceed: never operate a device that uses mains voltage open! Mains voltage can seriously harm you, in the worst case kill you! If you have no Idea what to do about mains voltage, ask someone who does! If you don't know anybody, who can help you - dont't touch that stuff !!!!

Anyways - grabbed a USB Serial adapter and connected to RX/TX/GND - worked like a charm. The output was 9600 baud, the MCU gave a bunch of cryptic status messages, nice sign of life. ESP8266's GPIO0 must be pulled to GND to get the MCU into flash mode - so a jumper across the KEY pins, powering up the system... why is the MCU still talking to me? That's right: no change, if the KEY jumper was closed or open - that's impossible for an ESP12.

I was getting tired of plugging-unplugging the device, so I powered the system though the 3v3 of my USB-Serial adapter and tried the hardware reset of the module - that didn't do anything, either. WTH??

Measuring some more control pins of the module didn't help at all: there should be some pullups, that should be detectable with a simple meter - they werent.

So I deciided to go the hard way: I knew that all the needed pins where at the right place for a ESP12 module. Let's get one in there!

Step 2: Something Familiar

A bit out of the right tools for the job I successfully desoldered the MCU module and dropped a fresh ESP12 in - bang, worked out of the box.

Step 3: Who Are You?

But I was curious: what had I just removed? Getting rid of the HF Shield explained the strange behaviour: that wasn't an ESP module at all! Inside I found a MediaTek MT7662 - a bit a mix between an ESP8285 and an ESP32, single chip MCU, Wifi & BT.
So I guess, that the development intended to use an ESP12 module - that's why there's the KEY jumper. Somewhere along the way they switched MCU Modules.

So - the MSS620 is hackable. But be aware that it takes some soldering and getting rid of the MCU module.

If you're interested of the pin assignment:

Relays/Channels: IO12 / IO4

LEDs: IO5 (green/lower) / IO13 (red/top)

Switch: IO14 (Pulldown, so read it via INPUT_PULLUP)

2 People Made This Project!

Recommendations

Rubik's Cube Solver
Rubik's Cube Solver by aaedmusa in Gadgets
152 23K
Laser-Cut Infinity Dodecahedron (Fusion 360)
Laser-Cut Infinity Dodecahedron (Fusion 360) by thomasj152 in LEDs
194 17K
Pingo, the Secret Color Clock by Illusionmanager
Pingo, the Secret Color Clock by Illusionmanager by illusionmanager in Clocks
1 41 4.1K
A Pocket Sundial From a Broken Pocket Watch!
A Pocket Sundial From a Broken Pocket Watch! by JGJMatt in Metalworking
95 8.5K

  • Make It Bridge

    Make It Bridge

  • For the Home Contest

    For the Home Contest

  • Big and Small Contest

    Big and Small Contest

12 Comments

0
peter_vasil
peter_vasil

9 months ago

Hello, I just bought a Meross wifi wall switch as an experiment, it also has an MRE3S inside though apparently some newer variant (-MSS660X...). This was the first page that popped up when I started googling it :-) Very nice work replacing the whole module btw. :-D
Just wanted to clarify - you write the chip is MT7662 Wifi+BT, are you sure about that? From your photo it could just as well be MT7682SN, which is a low power 1T1R wifi-only, much more likely for this kind of device (7662 is a 2T2R with usb3, usually used in usb-wifi-bt dongles).
7682 should be reasonably programmable, seems to be supported by MediaTek LinkIt RTOS SDK, though their labs site seems to be dead meanwhile :-(
I don't intend to invest in replacing the control module, have enough other ESP-based switches to play with ; when I have a bit time I may try taking off the shielding to check which chip this newer module version contains. Perhaps there will be some SDK available for experimenting.
Anyway thanks for sharing this!

0
Detlef Amend
Detlef Amend

Reply 9 months ago

Hey Peter -- wow, this is a long time ago; I seriously don't remember what kind of MCU I found inside the MEROSS. Since Espressif MCUs are more my hometurf, I decided for the transplant - but I wish you a lot of fun playing around with the unit :)

0
harnon
harnon

1 year ago

Hello,

Thank you for your nice instruct, exactly what I was looking for after discovering this device was not so...like I hoped.

I got the same plug, and I just received my esp8266mod for this. I am planing to flash tasmota, like for my other devices.

But I have a question: do I need to flash the module before soldering it or can it be done directly through the rx/tx from Meross after soldering?

Thank you very much for your answer!
Have a nice day.

H.

0
Detlef Amend
Detlef Amend

Reply 1 year ago

Hello Harnon, if you have a programmer like this one:

https://www.aliexpress.com/item/1005001785742145.html

I would suggest you flash your firmware before soldering the module into the MEROSS.

Select something you can update via Wifi (OTA). This way, you minimize the possible contact with live (and deadly) voltage.

Programming a soldered ESP12 Module is possible - grab a 3v3 serial adapter, connect RX and TX in the usual - crossed - way. These adapters usually have a 3v3 output, so you can power the ESP12 via the module. Check if the module "talks" to you.

If that works, programming is a bit of a hassle - whlie powercycling the ESP12, the KEY pin in the MEROSS must be pulled LOW (just use some pin headers and a jumper) - that sets the ESP into programming mode and you can upload your firmware.

But it's way more elegant to go OTA for any updates :)

Have fun with your MEROSS!!

0
harnon
harnon

Reply 1 year ago

Thank you for your wise recommendations.
I didn't think about live and deadly voltage, right.
I will try something and let you know the result.
I am used to esp01's but not yet with the "mod". I have one....because of you ;o)

Anyway, thanks!

0
harnon
harnon

Reply 1 year ago

Got it soldered and flashed with my simple ftdi! Will update the things later. Have to remount the case and so on. Will try tomorrow.
Fantastic idea you had with this.

0
Detlef Amend
Detlef Amend

Reply 1 year ago

Happy this works out for you :)

0
heimod
heimod

Question 2 years ago on Introduction

uhm... what else I need to do after replacing the MCU, to be able to make use of it via wifi/raspi? how do I get it to connect to my wifi, and what protocol/commands can then talk to it?

0
Detlef Amend
Detlef Amend

Reply 2 years ago

Hi Heimod, this Instructable was more for the hardware side - the software is a different beast. I for myself wrote a complete webserver for it - but if you're using a raspi, I'm guessing MQTT. So you're probably better off with tasmota or espEasy. You find the needed Pins in the instructable itself to configure the firmware of your choice.

0
Elaina M
Elaina M

2 years ago

Nice tip for keeping your home secure ! Thanks for sharing

0
Detlef Amend
Detlef Amend

Reply 2 years ago

Thanks, Elania! I'll try to keep up projects like that :)