S20 Smart Switch

S20 Smart Socket

Since I discovered the Sonoff I’ve been thinking about embedding it inside a switch. I started looking for old power meters, timers,… I had at home but the Sonoff is a bit too long. Why didn’t they design a square board? I event bought a bulky Kemo STG15 case with socket.

Next I decided to design my own board. It is meant to be the “official” hardware for the ESPurna project so it’s called ESPurna too. It’s opensource hardware and available at the ESPurna project repository at Bitbucket. I have some boards already for the first iteration (version 0.1). They are mostly OK but I’m already working on a revision.

But then ITead’s released their S20 Smart Socket. It’s the Sonoff in a wall socket enclosure. Almost 100% what I wanted. And at 11.70€ it’s hard to beat. There are other wifi smart sockets available, mainly Orvibo and BroadLink (an SP2 Centros should be arriving home anyday now) but ITead’s is cheaper and you can easily re-flash it. Just solder a 4 pins header, connect it to your FTDI programmer, hold the S20 button, connect the programmer to your computer and flash. Done.

OK, not so fast. Why would I do that? Why would I change the stock firmware?

The answer for me is a mixed up of philosophy and practicity. But you are right. Let’s go step by step.


First let’s take a look at the device. The wall socket is nice looking and pretty small (at least compared to the STG15!!). In the socket you can read “16/250 ~” which I don’t know what it means since the relay inside is the same the Sonoff TH has and it’s rated at 10A and the label in the back says 2kW max, but maybe there will be a 16A version like the new Sonoff TH 16A. The ground terminals (connected from input to output) are not tightly fit and they make a metallic sound when you shake the device (OK, why should you shake it?). The ON/OFF button symbol is upside down (ehem looks like the designer thought about it with the button over the plug, which makes perfect sense since most of the time the cable hangs down). But the overall feeling is really good.

To take a look inside the enclosure you have to remove a single screw on the back of the device, but there is a “tore invalid” label covering it (hey, blame Google translate), so don’t do it.

S20 Smart Socket

S20 front view, yes, the ON/OFF button icon is upside down…

S20 Smart Switch back

S20 back with the “tore invalid” label

But if you do, this is what you will see:

S20 upside down button from the inside

A detail of the “upside down” button from the inside. It looks like a communication problem between the guy that was working on the enclosure and the guy that designed the button itself…

S20 Smart Socket guts

S20 guts. The ground clip has been removed. You can see the programming header: GND, RX, TX and VCC, everything a hacker needs (almost).

S20 Smart Switch board back

On the back of the board you can see the short live tracks, the ESP8266EX, SPI flash memory and the AMS1117-3V3.

The guts of the S20 are very much like those of the Sonoff albeit with a different layout. Connections to mains are in the upper side, that provides a better isolation between the safe part and the unsafe part, whilst on the Sonoff you have hot tracks running all along the board. Like in the Sonoff it has live lines duplicated on both sides of the board and an extra of tin on the bottom. There are air gaps between the mains lines and the low voltage side, but they had to leave a bridge, probably to provide mechanical strength to the board.

On the bottom of the board you have several components including the ESP8266EX, a Winbond 25Q80DVSIG 8Mbit SPI Flash memory and an ASM1117-3V3 that provides regulated 3.3 volts to the ESP8266 and the flash chips from the 5V output of the AC/DC power supply. Whilst 1Mbyte on flash ROM is enough for most applications, even with OTA functionality (check my ESPurna firmware) some might find it a bit too short. If that’s your case there are cheap and easy ways to upgrade the memory chip to a 4Mbytes one.

There is a button attached to GPIO0 and two LEDs, a green one connected to GPIO13 like in the Sonoff and a blue one to the GPIO12, like the relay, so whenever the relay is closed the LED will lit blue. Close by the blue LED there is an unpopulated header perfectly labelled with VCC, RX, TX and GND lines. That’s everything you need to flash the ESP8266 onboard a custom firmware.


ITead’s home automation products are managed through the eWeLink app for Android and iPhone. The goal of the app is to become a hub for different wifi home automation devices: switches, lamps, power strips, fans,… and the operation should be straight forward: set the device in pairing mode (AP mode), configure wifi credentials and control it.

I swear I have tried hard to use it. Several times. Even accepting weird permissions I would have not accepted to any other app (why should it ask for my phone number or my location?). But I never ever managed to make it work. I have not been able to pass the pairing step. Not even after giving the app permissions over my personal life. Impossible. I quitted. If anyone has a clue on how to do it, please let me know. Permissions and connection problems are common between the comments on Android app market. No one has commented yet on iTunes. Weird.

wWeLink Pairing error screenshot

This is the furthest I got

But even thou the app had worked fine I wouldn’t use it. I’m not saying you shouldn’t use it. My case might not be yours. Why would I flash my own firmware? Basically to really own the device.

We are in the very early days of the IoT and we are not even sure of what it means. Companies are trying to capitalize the concept providing their users all-in-one solutions including the device, the app and the cloud (whatever that is). But why should anyone know when you set your livingroom lights in romantic mode? And what happens if the company shuts off? Greenwave by TCP or Revolv cases are well know. Google has a reputed history of closed services (not IoT related, true).

And what about interoperatibility? You can easily end up having to use an app to switch your reading lamp and a different one for your ceiling light! Even those that provide open cloud solutions have weak days: Phillips recently released a trial balloon about locking out 3rd party hardware from Hue brigde. Elliot Williams at hackday put it simply: “The 900-pound gorilla in the corner of the Internet of Things (IoT) hype that everyone is trying to ignore is interoperability”.

That’s why i would always prefer open APIs and protocols over proprietary ones. I’m not even talking about open/free source software or hardware but protocols. You don’t own a device and the information it manages if you cannot talk to it directly, without middlemen.

The great thing about the Sonoff or the S20 Smart Socket is that you can easily flash your own firmware on them. So now I can control it with through my MQTT local broker, add schedules, behaviours,… through my local Node-RED instance or rely on 3rd party cloud services like Blynk or IFTTT if I want to, because if they ever shut off, it’s no big deal.


From the end-user point of view the device is a great deal: cheap, nice, wifi-enabled. But the mobile app is a disaster and I would expect people returning their devices because of this.

From the hacker point of view it’s a even greater deal. You can easily flash a custom firmware and make it talk to your local services. It could have more flash memory. It could have more GPIOs exposed in the header to add sensors like a simple LDR to switch ON/OFF depending on the ambient light or a PIR to detect that someone’s near. Or maybe it could have a jack out like the new Sonoff TH 10A/16A.

I will recommend the S20 Smart Socket to anyone with the skills to customize it. For less than 12€ it’s an amazing device you can own.

CC BY-SA 4.0 S20 Smart Socket by Tinkerman is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

17 thoughts on “S20 Smart Socket

  1. freezing

    If you not accepted “my location permission” to ewelink, you will never success to pair : because the app need to change the connecting wifi network from your router to the device ( when the device in pairing status, the esp8266 in AP mode, search the wifi you will see ITEAD-xxxx ) and connect to this AP , then tell the device your wifi router ssid and password. If the app want to change the wifi network , it need this “my location permisssion” … don’t ask me why changing the wifi network need this permission, without this permission android will not allow you to change the wifi network so the app cannot connect to device and tell it the router SSID and password, pair fail…

    If accept this permission, it’s very easy to pair the device , just 3 step.. Enter the ssid and password of router ; press the button make the device into pairing status ; search and connect – success.

  2. Pingback: New firmware for the Slampher | Tinkerman

  3. teubay


    do you have a procedure on how to flash the S20? I tried by connecting it to raspberry uart and flash it using platformio without any success.


    1. Xose Pérez Post author

      There’s nothing special on the S20 compared to the other Sonoff or ESP8266 modules in general. But I don’t have experience flashing them from a RPi.
      I would check that I’m using 3V3 logic, that my RX and TX lines are crossed and that I power/reset the S20 while pressing the button to enter flash mode.

    1. Xose Pérez Post author

      Well, it says it cannot access /dev/ttyUSB0. Do you pass the port as a parameter or is it autodetected? Things to check:
      – Does the /dev/ttyUSB0 port really exist?
      – Do you have permissions to write to it (probably yes)
      – Have you connected the TX and RX wires correctly?
      – Have you pressed and hold the button while powering the unit to enter flash mode?

    1. Xose Pérez Post author

      GPIO4 and 14 are the rightmost and leftmost pins of the bottom side of the IC. As far as I can see those two pins are not connected to anything…

    1. Xose Pérez Post author

      With the stock firmware of course. With any other firmware not. The eWeLink API is not public, so unless someone had reverse engineered it…

  4. Lisa

    GPIO15 is available, it’s connected to GND. Disconnect the resistor on one end and you have an GPIO extra available…

  5. [email protected]

    hi, great article. Can you please confirm that relay is at GPIO12. I’m not sure if i got it well that blue led and the relay are controlled by GPIO12.

  6. Steve Beaumont

    Great article. I want to hack mine for similar reasons. I am concerned about the security of giving an app made in china my wifi password and my location. Although slightly reassuring to read there is a legitimate reason for this. Also I want to program a true timer function – the button mean come on for 10mins per press plus and at the same time support an API for remote control using a secure pre-shared key. Time to get that soldering iron out…

    1. Xose Pérez Post author

      Cool, hope you have a good time. Also, if you want to share your work it will be very welcome!


Leave a Reply (all comments are moderated, be patient)