New Bose Updater fix

[lipov3cz3k]

According to new Bose Updater I prepared third option how to downgrade. Just run reverse proxy on your PC and mock /connected_device endpoint, then you do not have to hex-edit BU software ;).

Here is an example how I did it:

1. install nginx (I used Windows WSL Ubuntu)
2. generate self-signed certificate
3. set new nginx config (see below)
4. mock worldwide.bose.com to 127.0.0.1 in hosts file
5. go to https://worldwide.bose.com, it should have certificate error
6. import that certificate as trusted
7. run Bose Update - it should be without any error in log file
8. same as before

nginx config

server {
    listen 443 default ssl;
    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

    location = /connected_device {
        proxy_buffering off;
        proxy_pass https://raw.githubusercontent.com/bosefirmware/ced/master/lookup.xml;
    }

    location / {
        proxy_ssl_server_name on;
        proxy_buffering off;
        proxy_pass https://worldwide.bose.com/;
    }
}

generating self-signed cert ... sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt set all defaults except Common name - *.bose.com

hosts file in C:\Windows\System32\drivers\etc\hosts 127.0.0.1 worldwide.bose.com

It might be even more elegant, but it works anyway ;) enjoy Lipo

[ltstereo]

where is the nginx config in wsl ubuntu? /etc/nginx/nginx.conf ? I just get the following error message according to the log file when I insert yours. "server" directive is not allowed here in /etc/nginx/nginx.conf Edit: In /etc/nginx/conf.d i create a file called bose.conf that works. nginx -t get no errors now. I import that certificate as trusted (https://worldwide.bose.com). (504 Gateway Time-out nginx/1.16.1) Then i run BoseUpadter and open btu.bose.com? I get the following message: "That didn't work. Refresh your browser or relaunch the Bose Updater, then try again."

[valentin-nasta]

@ltstereo I made it working like this:

• full content of the nginx.conf file is the following:

  
  events {
  }

http { server { listen 443 default ssl; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

location = /connected_device {
    proxy_buffering off;
    proxy_pass https://raw.githubusercontent.com/bosefirmware/ced/master/lookup.xml;
}

location / {
    proxy_ssl_server_name on;
    proxy_buffering off;
    proxy_pass https://worldwide.bose.com/;
}

}

}

- written a docker-compose.yml

bose: image: nginx ports:

• "443:443" volumes:
• ./nginx.conf:/etc/nginx/nginx.conf:ro
• ./nginx-selfsigned.key:/etc/ssl/private/nginx-selfsigned.key:ro
• ./nginx-selfsigned.crt:/etc/ssl/certs/nginx-selfsigned.crt:ro command: [nginx-debug, '-g', 'daemon off;']

  
  - after that on macOS I imported the certificate and marked is as trusted system wide:
  https://tosbourn.com/getting-os-x-to-trust-self-signed-ssl-certificates/

• modified hosts

  $ grep worldwide.bose.com /etc/hosts
  127.0.0.1 worldwide.bose.com

• access the website and launch the updater: https://btu.bose.com/

• press 'a', 'd', 'v', 'arrow up', 'arrow down' to get to advanced mode.

I picked the firmware version 2.5.1 and now it's a big difference between ANC low and ANC high.

This was also confirmed by others: https://community.bose.com/t5/Around-On-Ear-Headphones/Bose-QC-35-ii-firmware-4-5-2/m-p/238997#M47741

[jimtje]

Hey, just letting everyone know that you can simply use Charles or another intercepting proxy and there's no need to run nginx or host a local webserver.

That alone will get Bose Updater to read the xml from the repo as long as Bose Updater is going through the proxy.

[LiaLunar]

I'm getting a 502 bad gateway, and even though I imported the certificate as trusted, the updater keeps telling me "That didn't work. Refresh your browser or relaunch the Bose Updater, then try again." Help?

[LiaLunar]

nvm it works now, thanks!

[bosefirmware]

If anyone wants to make step by step instructions to do this I will add it. https://github.com/bosefirmware/ced/blob/master/README.md

Try to keep it as simple as possible to help those who are not used to coding.

[lmnx]

nvm it works now, thanks!

Mind sharing how you got it to work? I'm in this exact same boat.

[jimtje]

In addition to adding the certificate you should explicitly add "worldwide.bose.com" to the SSL proxy included box, and make sure that's turned on. Also make sure that "MacOS Proxy" (or I guess Windows if you're on Windows) is selected. Then it should work the next time you run the updater. Also try enabling transparent proxying under proxy settings if it's still not working.

[bosefirmware]

Do you have a step by step writeup akin to the "ADVANCED DOWNGRADE PROCESS" so that I can share your method with everyone else?

[lmnx]

In addition to adding the certificate you should explicitly add "worldwide.bose.com" to the SSL proxy included box, and make sure that's turned on. Also make sure that "MacOS Proxy" (or I guess Windows if you're on Windows) is selected. Then it should work the next time you run the updater. Also try enabling transparent proxying under proxy settings if it's still not working.

Can you confirm that the reverse proxy method is still working? I am trying both Charles and Proxyman on MacOS. Visiting _https://worldwide.bose.com/connected_device_ does spit out the correct XML from GitHub but the updater is only showing the latest firmware in dropdown list. Both Proxyman and Charles reports no activity to either worldwide.bose.com or downlaods.bose.com

Do you have a step by step writeup akin to the "ADVANCED DOWNGRADE PROCESS" so that I can share your method with everyone else?

This is exactly what I'm working on. Windows/MacOS guide is coming, assuming this method still works. I've been pulling my hairs because I've done everything right but the updater is not showing the complete firmware list.

[jimtje]

Maybe you forgot the "a" "d" "v" up down code? Still need that to get into the debug options as before.

[lmnx]

Nope... I wish it was that simple... I made a gif so you know exactly what I mean. https://gfycat.com/yellowuniformeland

Can I bother you to test with your known-working setup to see if this still works and I didnt screw up anything?

[jimtje]

Well, the browser doesn't seem to be proxied properly, since it's still redirecting to downloads.bose.com. The Bose Updater app may need a restart before it'll reload the remapped link.

Just to be sure, SSL Proxying:

Remote Mapping:

MacOs Proxy on, with transparent proxying under proxy settings also on, and everything works for me from there.

[bosefirmware]

Can we archive btu.bose.com and have it running here on github?

[lmnx]

+jimtje even though it got redirected to downloads.bose.com/lookup.xml, the xml content was still altered so I don't see the issue here. I've also made that worldwide.bose.com/connected_device doesnt redirect (gif below) and it still doesn't work. I've wasted 2 days now and if BOSE is so determined to make my, a paying customers', life hard, I'll just avoid their product like plague.

https://gfycat.com/marriedadoredgourami

[LiaLunar]

@LMNX I dont know, I didnt change anything and it just started working for no apparent reason, I merely followed the tutorial word for word 😅

[Ranqb]

I tried to downgrade from 2.5.1 to 2.0.1, got a brick, the serial number ends on AE. Any ideas what can be done? Nowhere is there information about how someone managed to reanimate, but I do not believe that you can’t start the new firmware process in any way

[Ranqb]

Here is the log, in the beginning I did a downgrade from 4.5.1 to 2.51, then I tried to 2.0.1, this stage is at the end bose_downgrade.txt

[Ranqb]

There is probably a way to overwrite a memory dump directly, no one has a copy by accident? 😆

[pavel-d]

@lipov3cz3k, thanks for the instructions, it worked for me!

For Mac OS I had to add the generated cert to Keychain and set it to "Always Trust". Also, I had to specify subjectAltName when generating a cert, without that, Bose Updater didn't want to talk to nginx, here is an instruction how to do it.

I would say that I didn't notice much of a difference after downgrading from 4.5.1 to 2.5.1. My new Airpods Pro still cancels mid frequencies (like human voice) much better than Bose.

[rbrussell82]

Hey, just letting everyone know that you can simply use Charles or another intercepting proxy and there's no need to run nginx or host a local webserver.

That alone will get Bose Updater to read the xml from the repo as long as Bose Updater is going through the proxy.

How do you get the Bose updater to go through the proxy?

[jimtje]

Hey, just letting everyone know that you can simply use Charles or another intercepting proxy and there's no need to run nginx or host a local webserver.

That alone will get Bose Updater to read the xml from the repo as long as Bose Updater is going through the proxy.

How do you get the Bose updater to go through the proxy?

Either use a system-wide proxy that proxies everything or use something like Proxifier or Proximac to direct traffic specifically from Bose Updater to the proxy

[wd]

Nope... I wish it was that simple... I made a gif so you know exactly what I mean. https://gfycat.com/yellowuniformeland

Can I bother you to test with your known-working setup to see if this still works and I didnt screw up anything?

I have encounter the same problem as you, just check your video, when you enter 'https://worldwide.bose.com/....' and press enter, the link will redirect to 'https://download.bose.com/.....', that means there still something wrong in your settings, it shouldn't be redirect if you have set correctly.

[lmnx]

@wd not really... https://github.com/bosefirmware/ced/issues/4#issuecomment-548647673 I gave up. Maybe I'll try again some day soon.

[wd]

@LMNX All we need is to make the Bose updater to visit our fake site. Did you add the 127.0.0.1 worldwide.bose.comsettings in your /etc/hosts file?

[lmnx]

@wd yes, sir. I've tried MacOS, Ubuntu 18.04, Windows 10. Nothing works even though I can see that the .xml content is definitely the one from this repo. I'll give it another go when I've got a bit more time this weekend and will report back.

[wd]

@LMNX If you have some knowledge for command line, you can run the update from your terminal, like /Applications/Bose\ Updater.app/Contents/MacOS/Bose\ Updater , it will output some useful information

"Bose Updater startup ver 6.0.0.4454"
"Loading translations"
"Loaded locale: en, suffix: en, result = true"
"Starting web server"
"Listening now"
"Loading settings"
"Creating notification icon"
"Tray available: 1"
"Loaded icon: 1 :/images/favicon.png"
35:67: execution error: System Events got an error: Can’t get login item "Bose Updater". (-1728)
"LOOKUP FILE downloading"
"LOOKUP FILE redirecting"
"LOOKUP FILE successfully downloaded."
Opened USB_05a7_40fe_14540000
"DOWNLOADING INDEX FILE"
"INDEX FILE successfully downloaded."

The LOOKUP FILE and the INDEX FILE must be downloaded successfully.

[jethrolaclass]

It took me several days to make it work... So I decided to make a video tutorial on MacOs, if anyone is interested you can check it here https://youtu.be/Zd5OHzCSt6Q

Good luck!

[paroque28]

It does not work anymore. I encountered this message: New Bose Updater Available Someone save me!!

[maverbuj]

Anyone to save us? How could we downgrade now?! I hope one of the very smart people on this thread can take another look at it.

[bosefirmware]

Checked. Just tested by downgrading using the program on Windows 10 (not method mentioned above). So that works just fine. Bose hasn't updated it for the past few months. If you are using Windows or Mac, make sure you are using the most recent Bose Updater.

[maverbuj]

bosefirmware, thank you for your response. I would appreciate if you could give me a few more details. Are you saying that if I download the latest updater from Bose's website and use the combination of keys shortcut I should be getting the menu to select an older firmware? I couldn't achieve this on Mac. Thank you!

[zhouao0314]

Checked. Just tested by downgrading using the program on Windows 10 (not method mentioned above). So that works just fine. Bose hasn't updated it for the past few months. If you are using Windows or Mac, make sure you are using the most recent Bose Updater.

It's not successful to modify the hex file or nginx. It feels like it's blocked by Bose. What's the specific method you use? If it works, that's great!

[Pavelt0n]

How can I get the firmware back now? From the official site, it turns out to return only firmware 4.3.6, but noise reduction works just as bad

[wd]

How can I get the firmware back now? From the official site, it turns out to return only firmware 4.3.6, but noise reduction works just as bad

just contact BOSE customer service, get your money back, and buy a new one.

[Pavelt0n]

How can I get the firmware back now? From the official site, it turns out to return only firmware 4.3.6, but noise reduction works just as bad

just contact BOSE customer service, get your money back, and buy a new one. the problem is that I have nothing but headphones. There is no box or documents. they were bought in new york and i'm in russia. In general, there is no BOSE customer service in my city. Mission Impossible)

[wd]

the problem is that I have nothing but headphones. There is no box or documents. they were bought in new york and i'm in russia. In general, there is no BOSE customer service in my city. Mission Impossible)

That's to bad. Bose has posted their invetegate results on there website, the conclusion was the did nothing wrong. And during the one year investigation, lots of user said the noise cancelling effect haven't come back even they downgrade the firmware, but Bose still get that conclusion. What should we do? As I observed, the only useful way was return the headphone to Bose and get money back...

[Timone106]

Checked. Just tested by downgrading using the program on Windows 10 (not method mentioned above). So that works just fine. Bose hasn't updated it for the past few months. If you are using Windows or Mac, make sure you are using the most recent Bose Updater.

I beg you to tell me if there is any still working method to downgrade qc 35 to 1.0.6

[VA1DER]

I was just able to revert to firmware 2.5.1 using Charles Web Debugging Proxy. It took a bit of playing around, but I got it to work. I could not get it to work in Firefox, Pale Moon, or any other modern browser. I had to use Internet Explorer.

1. Install Charles Web Debugging Proxy and run.
2. Click on Tools->Map Remote and add the entry as shown by rbrussel82 above. I also added one without port 443 but still set to https.
3. Click on Proxy->SSL Proxying Settings, check to enable SSL proxying and add worldwide.bose.com on the include side.
4. Make sure Proxy->Windows Proxy is checked, and that you are recording and SSL proxy is turned on (two icons to the right of the broom on the toolbar)
5. Install the Charles root certificate. To get the root certificate, run internet explorer (yes, the actual old internet explorer) and go to http://chls.pro/ssl - when you navigate there internet explorer will ask if you want to open or save the certificate, save it. Then import it as a trusted root certificate as detailed here. This is so that the updater will be able to get proxied over to the github repository properly.
6. Connect your headphones, and in internet explorer navigate to https://btu.bose.com. Use the key sequence "A", "D", "V", Up, Down to get to the advanced and in the dropdown you should see all available firmwares.

Once you are done this, you can delete the Charles root certificate you installed in step 5.

I beg you to tell me if there is any still working method to downgrade qc 35 to 1.0.6

The earliest firmware I see is v2.1.3, it's possible that's because I have the QC 35 II. If you have an original QC 35, it may show firmware before v2.

[rbrussell82]

I was just able to revert to firmware 2.5.1 using Charles Web Debugging Proxy. It took a bit of playing around, but I got it to work. I could not get it to work in Firefox, Pale Moon, or any other modern browser. I had to use Internet Explorer.

1. Install Charles Web Debugging Proxy and run.

2. Click on Tools->Map Remote and add the entry as shown by rbrussel82 above.  I also added one without port 443 but still set to https.

3. Click on Proxy->SSL Proxying Settings, check to enable SSL proxying and add worldwide.bose.com on the include side.

4. Make sure Proxy->Windows Proxy is checked, and that you are recording and SSL proxy is turned on (two icons to the right of the broom on the toolbar)

5. Install the Charles root certificate. To get the root certificate, run internet explorer (yes, the actual old internet explorer) and go to http://chls.pro/ssl - when you navigate there internet explorer will ask if you want to open or save the certificate, save it.  Then import it as a trusted root certificate as [detailed here](https://www.thewindowsclub.com/manage-trusted-root-certificates-windows).  This is so that the updater will be able to get proxied over to the github repository properly.

6. Connect your headphones, and in internet explorer navigate to https://btu.bose.com.  Use the key sequence "A", "D", "V", Up, Down to get to the advanced and in the dropdown you should see all available firmwares.

Once you are done this, you can delete the Charles root certificate you installed in step 5.

I beg you to tell me if there is any still working method to downgrade qc 35 to 1.0.6

The earliest firmware I see is v2.1.3, it's possible that's because I have the QC 35 II. If you have an original QC 35, it may show firmware before v2.

This looks like it works for me as well, but Bose is actually letting you use the normal website to downgrade firmware as of April 2020 - https://gizmodo.com/bose-lets-users-downgrade-qc35-firmware-after-months-of-1842706931

[VA1DER]

This looks like it works for me as well, but Bose is actually letting you use the normal website to downgrade firmware as of April 2020 - https://gizmodo.com/bose-lets-users-downgrade-qc35-firmware-after-months-of-1842706931

The normal method only lets you revert one minor revision to 4.3. There is some evidence this version has the same ANC issues as 4.5.

[GreasyMonkee]

I was just able to revert to firmware 2.5.1 using Charles Web Debugging Proxy. It took a bit of playing around, but I got it to work. I could not get it to work in Firefox, Pale Moon, or any other modern browser. I had to use Internet Explorer.

1. Install Charles Web Debugging Proxy and run.

2. Click on Tools->Map Remote and add the entry as shown by rbrussel82 above.  I also added one without port 443 but still set to https.

3. Click on Proxy->SSL Proxying Settings, check to enable SSL proxying and add worldwide.bose.com on the include side.

4. Make sure Proxy->Windows Proxy is checked, and that you are recording and SSL proxy is turned on (two icons to the right of the broom on the toolbar)

5. Install the Charles root certificate. To get the root certificate, run internet explorer (yes, the actual old internet explorer) and go to http://chls.pro/ssl - when you navigate there internet explorer will ask if you want to open or save the certificate, save it.  Then import it as a trusted root certificate as [detailed here](https://www.thewindowsclub.com/manage-trusted-root-certificates-windows).  This is so that the updater will be able to get proxied over to the github repository properly.

6. Connect your headphones, and in internet explorer navigate to https://btu.bose.com.  Use the key sequence "A", "D", "V", Up, Down to get to the advanced and in the dropdown you should see all available firmwares.

Once you are done this, you can delete the Charles root certificate you installed in step 5.

I beg you to tell me if there is any still working method to downgrade qc 35 to 1.0.6

The earliest firmware I see is v2.1.3, it's possible that's because I have the QC 35 II. If you have an original QC 35, it may show firmware before v2.

I can confirm that this method works.

I downgraded my Bose Revolve from 3.0.4 to 1.1.3 firmware - problem was a persistent dropping/resetting of the Bluetooth connection during music play.

Cheers.

[invi2000]

Hi!

Has anyone successfully downgraded a QC 35 II AZ serial number model and saw noise cancellation improvement?

I have 2 models with AZ serial number which came with 4.3.6 firmware which I have never upgraded but there is not much difference between high and low noise cancellation. I thought about downgrading to 3.1.8 and give it a try via the web proxy method on Windows. But I want to avoid to brick the headphones.

So if anyone has already done it with the AZ serial number models let me know.

Thanks!

[chrisplough]

FYI - on Mac, I was able to use Proxyman (free license works, though I'd invite you to buy a license and support the developer) to get access to older firmwares. I was able to downgrade and get back to stability. ANC performs well, no reboots, no connection issues.

Headphones: Bose NC 700 Firmware downgraded: 1.8.2 => 1.3.1 Bose Updater: 7.0.27.4971 (though should work for any of them)

Here's the Map Remote rule that allowed it all to work.

If you continue to have problems, kill the Bose Updater (you can do this using "ps -ef " in the terminal window or restarting your Mac if you're not comfortable with the terminal and unix commands. If you still have issues, try another browser as well (Chrome was caching some settings that was causing problems, so I used Firefox and it worked perfectly.) Hope this helps!

Thanks again to all the folks here who helped make this available and for providing a solution that Bose support seems to be unwilling to provide.

[jenikm]

FYI - on Mac, I was able to use Proxyman (free license works, though I'd invite you to buy a license and support the developer) to get access to older firmwares. I was able to downgrade and get back to stability. ANC performs well, no reboots, no connection issues.

Headphones: Bose NC 700 Firmware downgraded: 1.8.2 => 1.3.1 Bose Updater: 7.0.27.4971 (though should work for any of them)

Here's the Map Remote rule that allowed it all to work.

If you continue to have problems, kill the Bose Updater (you can do this using "ps -ef " in the terminal window or restarting your Mac if you're not comfortable with the terminal and unix commands. If you still have issues, try another browser as well (Chrome was caching some settings that was causing problems, so I used Firefox and it worked perfectly.) Hope this helps!

Thanks again to all the folks here who helped make this available and for providing a solution that Bose support seems to be unwilling to provide.

Brilliant! To highlight, you have to use original Bose Updater, NOT the one from the patched one from this repo.

[smmadge]

Unfortunately that doesn't seem to work. I am using chrome-extension "redirector" (in windows 10) to redirect the url. If I manually open a tab and try to connect to https://downloads.bose.com/lookup.xml or your url worldwide.bose.com it redirects me to https://raw.githubusercontent.com/bosefirmware/ced/master/lookup.xml

But after pressing the mentioned key combination it doesn't give me the possibility to flash another firmware version. I can only send some diagnostic information to bose. Do you have any idea how to solve this?

[smmadge]

Using Charles Web Debugging Proxy instead of the chrome extension worked fine! Back on good old 1.3.1 again ;-) Thanks!

[Bithub8700]

If anyone is wondering, this still works in October 2021. Followed VA1DER's instructions. For me, it only worked after I added an entry without port 443 as described in Step 2 - hope this helps someone.

[livinitwarrior]

Used this as of 4/11/2022, and unfortunately internet explorer no longer is available BUT it does work with Microsoft Edge

[bonboklat]

Using Charles Web Debugging Proxy instead of the chrome extension worked fine! Back on good old 1.3.1 again ;-) Thanks!

Hi!! I got the exact same problem,i also can only send diagnostics! what did you do? i also use charles and proxyman but cant get past diagnostics sending, i dont really know much about proxy stuff so maybe im doing something wrong