Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

❗❗❗Invalid cloud password on firmware build 230921 and higher #551

Closed
JurajNyiri opened this issue Apr 13, 2024 · 207 comments
Closed

❗❗❗Invalid cloud password on firmware build 230921 and higher #551

JurajNyiri opened this issue Apr 13, 2024 · 207 comments
Labels
Blocked Bug Something isn't working
Milestone

Comments

@JurajNyiri
Copy link
Owner

JurajNyiri commented Apr 13, 2024

Thread for invalid cloud password on firmware build 230921 and higher

Notice: This issue has been locked for discussion, and will be used to post updates only. Discuss or ask a question.

There has been reports of users on firmwares 1.3.8, and newer, or on some cameras other firmwares with build 230921 and newer of integration stopping to work. This shows as cloud password not being accepted.

I have been in touch with tplink regarding a security vulnerability I reported in the past and this is most probably a fix for it.

This currently only affects some users, not all and most probably requires camera to be connected to the internet in order to receive the update for authorization, given that it affects older firmwares as well, or possibly an interaction with the official app.

I have a solution that was rejected by TPLink to be released. However, they are working on adding a new feature to the app that would allow integration to connect to cameras. They expect this to be released by mid-november 2024.

Users reported this problem in numerous issues, this issue will serve for tracking the progress on the fix and group all the conversation under one issue.

Workarounds

If you wish to use this integration, until this issue is resolved, you will need to either:

  1. If your camera still works with integration: Block internet access of camera if you are using firmware build 230921 and higher
  2. If your camera no longer works with integration: Block internet access and factory reset camera or Use older firmware than build 230921 and optionally factory reset camera

This post will stay uptodate with the most recent updates below.

2024-04-11:

First report of the issue at #549

2024-04-12:

Second report of the issue at #550 along with more users confirming the issue.

2024-04-13:

This thread has been created.

From my side, I have unblocked one of my camera on the latest firmware to reach the internet, so that hopefully I can get this update soon and work on a fix. I hope TPLink will provide detailed instructions on what has been changed so that I can work on a fix.

2024-04-19:

Added instructions about build number as some cameras have different versioning of firmwares.

I reached out to TP-Link after 7 days for any updates.

2024-04-23:

@reypm found a solution how to workaround this issue without downgrading the firmware:

  1. Factory reset the camera (it remains with 1.3.11 Build 231117 firmware since I could not find a way to downgrade the firmware)
  2. Entirely block Internet access for the camera
  3. Reinstalled the component (this component)
  4. Re-added the camera (by reinstalling the component it removes the old config)

TPLink is working on providing me with the solution, got a reply today that I need to wait a bit more.

2024-05-08:

I have some very good news and a little bit of concerning news.

Good news:

  1. Today I was finally affected with this on one of my cameras which allowed me to conduct research and I spent my whole day working on that.
  2. I now know how to solve this, I just need to figure out some of the remaining details and implement the changes which should not take more than a few weekends of active work. There is a lot of work involved but it can be done and I now know roughly how.

Now the concerning news:

  1. Integration will need to interact with tplink cloud to get the new password. This is possibly a one time job, but I do not know yet, it might expire and get a new password if it no longer works. I will need to find a way to detect this as well but thats just a little detail.
  2. Due to integration's need to interact with TPLink cloud I have reached out to TPLink for their permission. If they refuse, there is no way how to implement this unless someone else makes a script to extract the pwd AND the pwd does not change, ever. Which would also make the set up harder for everyone.

2024-05-15:

See #551 (comment)

2024-05-18:

See #551 (comment)

2024-05-29:

See #551 (comment)

2024-06-25:

See #551 (comment)

2024-07-03:

See #551 (comment)

2024-07-16:

See #551 (comment)

2024-07-18:

See #551 (comment)

2024-07-20:

See #551 (comment)

2024-07-31:

See #551 (comment)

2024-08-12:

See #551 (comment)

2024-08-19:

See #551 (comment)

2024-09-16:

See #551 (comment)

2024-09-20:

See #551 (comment)

2024-11-12:

See #551 (comment)

2024-12-01:

See #551 (comment)

2024-12-02:
See #551 (comment)

2024-12-13:

Victory for Local Control: TP-Link Enables Third-Party Compatibility

@JurajNyiri JurajNyiri reopened this Apr 13, 2024
Repository owner deleted a comment from github-actions bot Apr 13, 2024
@JurajNyiri JurajNyiri changed the title PSA: Firmware 1.3.9 and newer causes integration not to work PSA: Firmware 1.3.9 and newer might cause integration not to work Apr 13, 2024
@JurajNyiri JurajNyiri changed the title PSA: Firmware 1.3.9 and newer might cause integration not to work ❗❗❗PSA: Firmware 1.3.9 and newer might cause integration not to work Apr 13, 2024
@reypm
Copy link

reypm commented Apr 13, 2024

I am using the iOS app and everything is working fine. My camera is a Tapo C110 with Firmware Version 1.3.11 Build 231117 Rel. 47346n(5553) and as of today is not working.

// image removed.

@JurajNyiri
Copy link
Owner Author

@reypm have you opened and used the app just before it stopped working or only after?

@reypm
Copy link

reypm commented Apr 13, 2024

@JurajNyiri Yes, everything is working as expected and nothing has changed on my end with the app, I do keep my iOS apps up to date most of the time, not sure when the Tapo app did update to the latest

@JurajNyiri JurajNyiri added Bug Something isn't working Help wanted Extra attention is needed labels Apr 13, 2024
@JurajNyiri JurajNyiri added this to the 6.0.0 milestone Apr 13, 2024
@Seb-

This comment was marked as duplicate.

@wavemop
Copy link

wavemop commented Apr 14, 2024

Operating System: Android
App version: 3.2.976
Camera: C200 (Hardware-Version 3.0)
Firmware version: 1.3.13

pytapo output is: "Exception: Invalid authentication data"

I'm really hoping tp-link is calling you soon ;)

@reypm
Copy link

reypm commented Apr 14, 2024

@JurajNyiri I am using this other custom component repository as well and today I noticed it disconnected some of my Tapo devices, upon research some people reported issues in their issues and the problem was fixed with version 3.1.0. I updated the component today and is working fine, I am using the very same creds I am using with your component, you can maybe take something from there or just take a look

Disclaimer: I am not advertising the other repository at all just providing some help to get the issue fixed ASAP

@JurajNyiri
Copy link
Owner Author

@petretiandrea any idea if this might be related? I know your integration uses different communication method completely.

@scetu
Copy link

scetu commented Apr 14, 2024

I have 3x C200 with 1.3.11 sice December (#472 (comment)) with blocked DNS (only NTP is enabled - otherwise they are in zombie state) and so far no major issues.

@reypm
Copy link

reypm commented Apr 14, 2024

with blocked DNS (only NTP is enabled - otherwise they are in zombie state)

@scetu what does this mean? is there a guide for this?

@JurajNyiri
Copy link
Owner Author

JurajNyiri commented Apr 14, 2024

Blocking the access after having the issue will not help — and I am not sure if it helps at all even when not having issue as the update might be pushed through the app. In order to use the camera you will either need to wait or follow steps in main post in this issue - downgrade firmware.

@jjvelar
Copy link

jjvelar commented Apr 14, 2024

Hi @JurajNyiri
I have 1.3.9 firmware but no issues with integration version 5.4.17.
Should I then update the integration to version 5.4.17PSA?
Thanks,

José

@JurajNyiri
Copy link
Owner Author

JurajNyiri commented Apr 14, 2024

5.4.17PSA Has nothing new. It’s a way how to get the information to the end users and help them prevent having issues.
You will soon be affected most probably unless it is fixed by then.

@mbentancour
Copy link

Thanks for pushing the PSA as an "update". I would have missed this if it wasn't for it. I block internet access to all my cameras but from time to time I update the firmware just to keep them up-to-date. It would be a lot of work to factory reset them just to get them to work again.

I see you have the "help wanted" tag, I have a C200 that I can use for testing, and I might be able to do some python debugging if that helps.

@scetu
Copy link

scetu commented Apr 15, 2024

with blocked DNS (only NTP is enabled - otherwise they are in zombie state)

@scetu what does this mean? is there a guide for this?

Use AdGuard Home or Pi-Hole and add custom rules for filtering

||tplinknbu.com^$important
||iot.i.tplinknbu.com^$important
||tplinkcloud.com^$important

@jsapede
Copy link

jsapede commented Apr 15, 2024

hello,
my cameras are C210 1.3.13 but fully blocked internet since some weeks. Still working at this time.
is there a documented procedure and firmware ressource for downgrade ?

@jakwarrior
Copy link

Thanks for this "update", I would have missed the issue without it. I'm using a Tapo C200 with firmware 1.3.9 Build 231019 according to the integration. I've just blocked updates with AdGuard filters, and I haven't launched the Android app. So far, everything is still working perfectly.

@petretiandrea
Copy link

petretiandrea commented Apr 15, 2024

@petretiandrea any idea if this might be related? I know your integration uses different communication method completely.

Hi, actually I'm not calling the "cloud", so no "cloud password". My integration is completely based on local communication.
My library is using KLAP protocol

@Write
Copy link

Write commented Apr 16, 2024

with blocked DNS (only NTP is enabled - otherwise they are in zombie state)

@scetu what does this mean? is there a guide for this?

Use AdGuard Home or Pi-Hole and add custom rules for filtering

||tplinknbu.com^$important
||iot.i.tplinknbu.com^$important
||tplinkcloud.com^$important

Just to be entierly precise : this doesn't block their internet access per se, if the firmware contains direct IP address Pi-Hole won't be able to block it. Hence, why I'd try to block their internet access at the router level. Most consumer router from ISP comes with a "child protection mode" to block internet from specific devices at specific time, which is what I would do if I didn't have a "true" configurable router.

However, this would also block NTP (Server to which the device request to, to get current time and date) requests too.

That's the solution I use at my mom's house, and it works perfectly fine, with an automation to force sync date / time from HA to Tapo devices.

alias: "camera : Sync Tapo Time"
description: ""
trigger:
  - platform: time_pattern
    minutes: /5
condition: []
action:
  - service: button.press
    data: {}
    target:
      entity_id:
        - button.tapo_salon_sync_time
        - button.tapo_entree_sync_time
mode: single

@PeteDenmark
Copy link

PeteDenmark commented Apr 16, 2024

Mine are still working (well - as "well" as they always have).

Have now blocked their internet access in my router, just because there is no need for them to have internet access.

Cams: Tapo C200 (two of them)
App version: 3.2.976
Firmware: 1.3.13 Build 240327 Rel.63336n(4555)
Hardware: 3.0
Android
Haos
WebRTC for streaming

@sgurgul
Copy link

sgurgul commented Apr 16, 2024

I believe accessing (or not) cameras from mobile Tapo application might explain why some cameras still operates well.

I manage 3 locations with different set of users, all having same Tapo C100/C110 cameras, with same firmware versions (1.3.9 & 1.3.11, depending on the camera model).

Two locations are "broken" since last few days - HA claiming authorization errors. 3rd one still works smoothly.

The difference is that in two broken locations users use Android Tapo application to monitor cameras. 3rd location is only integrated with HA. I made some experiments in this 3rd location - resetting camera, resetting HA, even removing and adding integration in HA - everything still works smoothly.

All locations & cameras has an Internet access so this factor does not seems to explain the phenomenon in my case.

@WeatherWitch
Copy link

WeatherWitch commented Dec 13, 2024 via email

@alexboss
Copy link

Thanks a lot, what a great news ! All credits due to JurajNyiri of course, for his hard work and dedication.

But let's not forget TP Link / Tapo which allowed third-party interactions and listened to feedback and suggestions of external developers.

Not all manufacturers do this (see Chamberlain and their decision to block control of their garage door from third party tools, Everything Smart Home had a nice ranting video about that, hope he would mention this happy ending with Tapo in a next video).

So glad to have my 4 tapo cameras, and looking to get even more after this great move from TP Link / Tapo.

@florian-weiss
Copy link

florian-weiss commented Dec 13, 2024

Many many thanks @JurajNyiri for your effort and your continous communication and updates!!
Just updated the app und can now use my cameras again.
and i think also a thank you to tp-link for allowing 3rd party integrations

@llewelynb
Copy link

I'm in the US with Android and no update either. I've consider joining the beta program in case the update goes there, but I'm leaving it to more brave people 😁

I'm in the US on the beta Android app and it's not updated past 3.7.811, no toggle yet. I'll report back if that changes.

I'm on the beta program, but the lastest version is still 3.7.811. So we're patiently waiting for the update!

@DieterGitHub
Copy link

DieterGitHub commented Dec 13, 2024

In Germany also still no Android update.

@jrhansen
Copy link

Also, big thanks for the effort here from Denmark!

After adding the camera to HA, can 2-factor auth be re-enabled or does it need to stay disabled?

@blitzdose
Copy link

Update available in Germany in the Beta Channel. Did the following steps to get it working (I had still the invalid cloud password like @t0bst4r):

  • Rebooted the camera twice
  • turned on/off/on third party integrations
  • changed the password for my TP-Link account directly in the app
  • Rebooted the camera again
  • 🥳

Thank you so much @JurajNyiri !!!!!! I know from personal experience how difficult it is to communicate with manufacturers about stuff like this. Amazing that you put your time into making the integration work again. And we have to admit that this is also a huge step forward for TP-Link. Allowing Third-Party-Integrations is sadly not always "by-design".

@Happy-Cadaver
Copy link

@blitzdose is that for Android?

@blitzdose
Copy link

@blitzdose is that for Android?

Yes PlayStore, Android. Signed up for the beta a couple of days ago and today I looked there and the update was online

@Happy-Cadaver
Copy link

Thank you :)

@us243227
Copy link

Works PERFECTLY ... I have my home assistant connected to my MAIN home automation system HUBITAT - and through the home assistant device bridge I am getting ALL of the camera attributes now so I can write automations to do darn near anything - IN HUBITAT. Wow great job Juraj and THANK YOU so much for the hard work AND hanging with this. How you interfaced with Tapo was very well done as well. Also - a BIG thank you to the folks at TP LINK for allowing this YOU ROCK!!!

@TeiruzuX
Copy link

I am already beta tester of the Play Store version and it is still version 3.7.811, the third party integration function does not appear.

@stevieb12345
Copy link

Has anyone got this working with the C120 cameras? I've tried everything and can't get it to work.

@msoaresp
Copy link

I thought it was fantastic and started testing it early on—it worked perfectly. Thanks to the developers and the team!

Unfortunately, when I updated to version 6.0.0, the motion sensors on the C500 simply disappeared. I removed the camera from HA and re-added it, but the sensors still don’t show up. On the TC70, however, the sensors are working perfectly fine.

Something in this version caused the C500 sensors to vanish.

@JurajNyiri
Copy link
Owner Author

Follow faq for that. There is virtually no difference in 6.0.0 to previous version functionality wise.

@KelvinVenancio
Copy link

It's working wonderfully well with the C200 and C70 cameras. I've been waiting for this since April without updating this integration in HA. Huge thanks to everyone involved, especially @JurajNyiri, for the amazing work for the community.

@elpabre
Copy link

elpabre commented Dec 13, 2024

So happy it works again (C200 & C510W) !!
Thank you so much for your patience and hard work...

@Mushoz

This comment was marked as off-topic.

@Mushoz
Copy link

Mushoz commented Dec 13, 2024

Anyway, with that out of the way I really want to thank you @JurajNyiri for your continued effort on this matter. Communication with big companies tends to be a nightmare, but you made it work somehow. It's really awesome to see how it led to the absolutely best solution TP-Link could have offered us. Thanks again!

@sytler
Copy link

sytler commented Dec 13, 2024

Thanks a lot, I was able to add my c320ws 2.0, however for some reason HD stream is not available most of the times 🤷‍♂️ not sure why

@mateuszdrab
Copy link

Hey @JurajNyiri

I have a suggestion

How about locking this issue since it's now addressed and instead, create a discussion for the chit chat post today?

Feels like a lot of noise and even if there is a real new issue, it deserves a new issue.

@sheitmaster
Copy link

Great news, unfortunately i live in an android home, i don't even know people with iOS so i will have to wait for the update, but atleast it's on it's way.

@ivanjx
Copy link

ivanjx commented Dec 14, 2024

does the camera need to be connected to the internet for this to work? currently i only allow ntp

@andipilz
Copy link

Thank you @JurajNyiri and Tapo for this. Especially your persistence and conviction, @JurajNyiri was great and as you write in the update notes confirmed the commitment to open source.

@Cenedd
Copy link

Cenedd commented Dec 14, 2024

Thanks JurajNyiri.
I've got new Tapo cameras and once set up simply denied them access to the internet so they couldn't update their firmware. Any reason to update the firmware and jump through these hoops (any improvements I'm going to care about?) or should I just leave them as they are?

@fenty17
Copy link

fenty17 commented Dec 14, 2024

I have the opposite problem. C210 v1 and despite many restarts/resets it’s stuck on older firmware 1.3.11 and won’t see newer version. Has the ‘can only be locally controlled’ message. Tried disabling pihole, VPN and changing DNS to google for camera setup. Still no luck yet which means no notifications from the app. Motion detection also unusably slow which I assume would be resolved if I can get the firmware updated. Anyone any suggestions or experiencing something similar?

@Tvojm100
Copy link

I have the opposite problem. C210 v1 and despite many restarts/resets it’s stuck on older firmware 1.3.11 and won’t see newer version. Has the ‘can only be locally controlled’ message. Tried disabling pihole, VPN and changing DNS to google for camera setup. Still no luck yet which means no notifications from the app. Motion detection also unusably slow which I assume would be resolved if I can get the firmware updated. Anyone any suggestions or experiencing something similar?

Have you tried manually applying newer firmware via the SD card method?

@JurajNyiri
Copy link
Owner Author

Locking this again for organisation of information.

If you have any issues with camera feel free to use discussions, or issues if you are experiencing integration problems.

Repository owner locked as off-topic and limited conversation to collaborators Dec 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Blocked Bug Something isn't working
Projects
None yet
Development

No branches or pull requests