Unable to ota_unlock using curl on Sonoff Basic R3

[mrcasablr]

Upgraded firmware to 3.3.0 using eWelink app.

Added the DIY jumper. Created a sonoffDiy network hotspot on my mobile phone.

I can connect to the device and get details http://192.168.43.24:8081/zeroconf/info -XPOST --data '{"deviceid":"100090f997","data":{} }'

I can also turn on/off the switch using curl and verify using curl again.

However, I cannot unlock using

http://192.168.43.24:8081/zeroconf/ota_unlock -XPOST --data '{"deviceid":"100090f997","data":{} }'

When the above command is sent, I do not get any response and it just hangs. I've tried this a few times. Re-running the /zeroconf/info still says device is locked (otaUnlock: false). I've tried powering on/off yet no luck.

This is stopping me from flashing the device with sonoff-basic.bin firmware and then to sonoff.bin.

Any help is appreciated! Does the device need internet access to unlock?

[mrcasablr]

I did a complete reset of the device and used the eWelink app to re-configure the device. I was able to flash the latest sonoff-basic firmware. It's all good now.

[jrbenito]

@mrcasablr

Could you please share more information how did you managed to get this work? I could flash one out of four Sonoff-mini with the exact same behavior you described, hanging forever in the OTA_unlock.

I tried to link them with eWelink app, all are with latest firmware, put jumper, issue info, OTA is locked, issue ota_unlock and it hangs forever.

Thanks

[ASL07]

@jrbenito I have the same issue as you mention. Did you find a solution?

[jrbenito]

@ASL07

Yes, the issue is Sonoff device needs to communicate with Itead cloud during unlock process. I bet that this is to avoid warranty of the device. So, when trying to OTA unlock in a confined SSID network, it fails without explanation. If your SSID (sonoffDIY) has access to the internet, no problem.

I built a docker image that uses a WiFi interface to bring up hotspot sonoffDIY, send OTA unlock and firmware to the device (through http requests) while sharing the internet in this Wifi hotspot. Made my life easy. If you want to check: https://github.com/jrbenito/SonoffDIY-tasmotizer

But any hotspot able to share internet (your android phone for instance) will do.

cheers

[ASL07]

Thanks, That looks great, I will have a look into it

[Nytish]

Upgraded firmware to 3.3.0 using eWelink app.

Added the DIY jumper. Created a sonoffDiy network hotspot on my mobile phone.

I can connect to the device and get details http://192.168.43.24:8081/zeroconf/info -XPOST --data '{"deviceid":"100090f997","data":{} }'

I can also turn on/off the switch using curl and verify using curl again.

However, I cannot unlock using

http://192.168.43.24:8081/zeroconf/ota_unlock -XPOST --data '{"deviceid":"100090f997","data":{} }'

When the above command is sent, I do not get any response and it just hangs. I've tried this a few times. Re-running the /zeroconf/info still says device is locked (otaUnlock: false). I've tried powering on/off yet no luck.

This is stopping me from flashing the device with sonoff-basic.bin firmware and then to sonoff.bin.

Any help is appreciated! Does the device need internet access to unlock?

Kindly Help me how to control SONOFF switch using Curl request. I m trying to execute below command but device is not responding.

curl -X POST -H 'Content-Type: application/json' -d '{ "deviceid": "1000c85310", "data": { "switch": "on" } }' -i http://192.168.0.155:8081/zeroconf/switch

[navennn]

@ASL07

Yes, the issue is Sonoff device needs to communicate with Itead cloud during unlock process. I bet that this is to avoid warranty of the device. So, when trying to OTA unlock in a confined SSID network, it fails without explanation. If your SSID (sonoffDIY) has access to the internet, no problem.

Hi I was searching for the answer too. Thanks for pointing out that it attempts to connect to internet! I managed to trick this to work without internet though.

So... If anyone wants to give it a go, here's how you do it.

What you need to know beforehand; It's important to mention that the device can only handle one connection at a time. If you attempt to connect and it is stuck, you will not be able to establish another session (it sends TCP RESET and closes the session immediately)

Check

curl --location --request POST 'http://192.168.100.81:8081/zeroconf/info' --header 'Content-Type: text/plain' --data-raw '{ "deviceid": "", "data": {}}' | python3 -m json.tool
{
    "seq": 6,
    "error": 0,
    "data": {
        "switch": "on",
        "startup": "off",
        "pulse": "off",
        "pulseWidth": 500,
        "ssid": "ssid",
        "otaUnlock": false,
        "fwVersion": "3.6.0",
        "deviceid": "120xx4aa732",
        "bssid": "4e:5e:c:12:1:11",
        "signalStrength": -52
    }
}

"otaUnlock": false, means its locked

You need to run this command to unlock the device:

curl -XPOST --header "Content-Type: application/json" --data-raw '{"deviceid": "", "data": {}}' http://192.168.100.81:8081/zeroconf/ota_unlock

But when you do it, the device attempts to connect to internet, to IP 52.57.118.192 (double check that when you actually go and do it, but it seems that it has hardcoded IP address and not DNS name).

You need to do two things:

1. Spoof or NAT the 52.57.118.192 IP address to some webserver accessible in the subnet
2. Spoof the webserver The endpoint must be http://52.57.118.192/api/device/otaFlash It must return this reply { "error": 422 }

Run apache server and create otaFlash.php file with content

<?php
echo '{
    "error": 422
}';
?>

use .htaccess for URL redirection;

/api/.htaccess 
# Turn on the rewrite engine
RewriteEngine  on
# If the request doesn't end in .php (Case insensitive) continue processing rules
RewriteCond %{REQUEST_URI} !\.php$ [NC]
# If the request doesn't end in a slash continue processing the rules
RewriteCond %{REQUEST_URI} [^/]$
# Rewrite the request with a .php extension. L means this is the 'Last' rule
RewriteRule ^(.*)$ $1.php [L]

Now you can run the curl unlock again;

curl -XPOST --header "Content-Type: application/json" --data-raw '{"deviceid": "", "data": {}}' http://192.168.100.81:8081/zeroconf/ota_unlock
{"seq":8,"error":0}

error:0 is the proper response

Check to make sure it worked:

curl --location --request POST 'http://192.168.100.81:8081/zeroconf/info' --header 'Content-Type: text/plain' --data-raw '{ "deviceid": "", "data": {}}' | python3 -m json.tool
{
    "seq": 6,
    "error": 0,
    "data": {
        "switch": "on",
        "startup": "off",
        "pulse": "off",
        "pulseWidth": 500,
        "ssid": "ssid",
        "otaUnlock": true,
        "fwVersion": "3.6.0",
        "deviceid": "120xx4aa732",
        "bssid": "4e:5e:c:12:1:11",
        "signalStrength": -52
    }
}

If otaUnlock value is 'true', it worked.

If anyone is interested in further reading...

This is how apache server sees the request

192.168.100.81 - - [24/Dec/2022:23:32:39 +0100] "POST /api/device/otaFlash HTTP/1.1" 200 166 "-" "-"

data captured with pcap

POST /api/device/otaFlash HTTP/1.1
Host: api.coolkit.cn:8081
Content-Type: application/json
Authorization: Sign afec0945f48e14995d7449f6f0642e051b2eabac55a545fa2c4dc72987fb3177
Connection: close
Content-Length: 52

{"deviceid":"120xx4aa732","sequence":"9883232126123"}HTTP/1.1 200 OK

[pbassut]

@navennn Your solution worked for me, thanks!

I ran a reverse dns lookup and looks like the device requests this URL http://ec2-52-57-118-192.eu-central-1.compute.amazonaws.com/. This was the one I had to spoof.

Although since my router didn't support spoofing that url directly, I placed that URL into my DNS server(I have one in my local network) to point to the where the server was. Then I was able to make the device download the firmware.

[carlosoboe]

@navennn Your solution worked for me, thanks!

I ran a reverse dns lookup and looks like the device requests this URL http://ec2-52-57-118-192.eu-central-1.compute.amazonaws.com/. This was the one I had to spoof.

Although since my router didn't support spoofing that url directly, I placed that URL into my DNS server(I have one in my local network) to point to the where the server was. Then I was able to make the device download the firmware.

Could you please help me, i'm a newbie and it's to hard for me

[navennn]

@navennn Your solution worked for me, thanks! I ran a reverse dns lookup and looks like the device requests this URL http://ec2-52-57-118-192.eu-central-1.compute.amazonaws.com/. This was the one I had to spoof. Although since my router didn't support spoofing that url directly, I placed that URL into my DNS server(I have one in my local network) to point to the where the server was. Then I was able to make the device download the firmware.

Could you please help me, i'm a newbie and it's to hard for me

I'm afraid you won't be able to do it if you do not understand the steps I've provided. It's not easy if you don't know all those technologies.

I guess you just need to connect it to internet and let it do its thing.

[jackun]

Spoof or NAT the 52.57.118.192 IP address to some webserver accessible in the subnet

EU Mini R2 v3.7.6 calls apid.coolkit.cn

[3N37]

I've written a guide here https://github.com/jrbenito/SonoffDIY-tasmotizer/files/13505183/flashing.sonoffminiR2.it.en.pdf

[DasRed]

Here some additional information. I have a Sonoff Mini. FW Version is 3.7.6 I found out, that the request for ota_unlock should go to http://apid.coolkit.cn:80/v2/d/otaflash METHOD post. The response should be '{"error": 422}'. After this, the otaUnlock value is true. If you have your own DNS in your network, just overwrite this domain with a running server and return the response. That's all ;)

[DasRed]

I added a small mock server for this problem for all

run like docker run -d --name sonoff-ota_unlock --restart unless-stopped -p 80:9082 dasred/sonoff-ota_unlock

Github: https://github.com/DasRed/sonoff-ota_unlock Docker Hub: https://hub.docker.com/r/dasred/sonoff-ota_unlock

[dreeti]

@DasRed

Can you please help more in detail how to use your docker container to unlock a sonoff mini with firmware 3.7.6? I have pulled the docker image and its running on my machine, the sonoff is in my local network - but now I am lost ... Thanks

[dreeti]

I'm making progress :-)

I got it right now http://apid.coolkit.cn:80/v2/d/otaflash is replied with '{"error": 422}'. I test it simply by opening the url from a browser in my network. ( the docker container from @DasRed works well - thanks).

But jet the ota_unlock is still not working. Now I am stuck - where can I look further. This is the tcpdump from the sonoff when I run curl -X POST -d "{\"data\":{}}" http://192.168.1.23:8081/zeroconf/ota_unlock.

tcpdump: data link type PKTAP tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes

22:02:09.223732 IP # > mdns.mcast.net: igmp v2 report mdns.mcast.net 22:02:15.209531 IP apid.coolkit.cn.56720 > #.sunproxyadmin: Flags [S], seq 2995609857, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4115325840 ecr 0,sackOK,eol], length 0 22:02:15.257954 IP #.sunproxyadmin > apid.coolkit.cn.56720: Flags [S.], seq 659539, ack 2995609858, win 5840, options [mss 1460], length 0 22:02:15.258024 IP apid.coolkit.cn.56720 > #.sunproxyadmin: Flags [.], ack 1, win 65535, length 0 22:02:15.258130 IP apid.coolkit.cn.56720 > #.sunproxyadmin: Flags [P.], seq 1:181, ack 1, win 65535, length 180 22:02:15.322880 IP #.sunproxyadmin > apid.coolkit.cn.56720: Flags [.], ack 181, win 5660, length 0 22:02:39.348646 IP # > mdns.mcast.net: igmp v2 report mdns.mcast.net 22:03:09.419888 IP # > mdns.mcast.net: igmp v2 report mdns.mcast.net 22:03:15.323857 IP apid.coolkit.cn.56720 > #.sunproxyadmin: Flags [.], ack 1, win 65535, length 0 22:03:15.366796 IP #.sunproxyadmin > apid.coolkit.cn.56720: Flags [.], ack 181, win 5660, length 0 22:03:34.842550 IP # > mdns.mcast.net: igmp v2 report mdns.mcast.net 22:03:37.892639 IP # > mdns.mcast.net: igmp v2 report mdns.mcast.net 22:03:40.791924 IP # > mdns.mcast.net: igmp v2 report mdns.mcast.net 22:03:44.968916 IP # > mdns.mcast.net: igmp v2 report mdns.mcast.net 22:03:51.041161 IP # > mdns.mcast.net: igmp v2 report mdns.mcast.net ^C 15 packets captured 812 packets received by filter 0 packets dropped by kernel

Any further advice ? Thanks.

[3N37]

@dreeti , once you have enabled the DIY mode of the sonoffmini R2 follow my guide I put above . From the tcpdump it looks like you are not reaching the server on the lan. curl -X POST -d "{"data":{}}" http://192.168.1.23:8081/zeroconf/info what does it return?

[VeeGit09]

@dreeti Hi, I am at the same stage. I pulled the docker image and its running on the local machine. Can you tell more on how you got to the next step of getting the '{"error": 422}', while calling http://apid.coolkit.cn:80/v2/d/otaflash. Thanks

[dreeti]

@3N37 see here: curl -X POST -d "{\"data\":{}}" http://192.168.1.23:8081/zeroconf/info

{"seq":6,"error":0,"data":{"switch":"off","startup":"off","pulse":"off","pulseWidth":500,"ssid":"MYSSID","otaUnlock":false,"fwVersion":"3.7.6","deviceid":"1000c3f10d","bssid":"78:44:76:e7:f4:14","signalStrength":-67}}%

[dreeti]

@VeeGit09 When your docker container is running on port 80 you can open a browser on that machine localhost:80 and the reply would be '{"error": 422}' Next is then to tell your network: when the url apid.coolkit.cn is called to go to your local machine and not out in the internet to china.

I couldn't figure out how to do it on my router but I have a piHole and there I could setup a DNS entry apid.coolkit.cn -> 192.168.1.62 (the ip adress of the computer where the docker image is running). The piHole is my DNS server (configured in my router) As a result now every browser requesting apid.coolkit.cn ends up on the docker image and gets '{"error": 422}'

[3N37]

@dreeti , have you checked that it actually makes a call to apid.coolkit.cn ; because this address can change and so can the subdirectory where the otaflash file resides. i'm attaching the sniffing with wireshark that i did to figure out what exact address the sonoff calls.

[dreeti]

@3N37 thanks. No I haven't - because my knowledge in this regard is limited :-) Ok - let me educate myself about wireshark and see how far I get. Thank you.

[dreeti]

@3N37

It looks like the sonoff not connecting to anywhere. Am I right?

[dreeti]

@3N37 Thanks a lot !! It looks like I got it right. My bad - after getting it right installing wireshark it didn't start my docker image with the webserver. So starting the webserver made a difference :-) As you can see it still wants the /v2/d/otaflash

curl -X POST -d "{\"data\":{}}" http://192.168.1.23:8081/zeroconf/info {"seq":3,"error":0,"data":{"switch":"off","startup":"off","pulse":"off","pulseWidth":500,"ssid":"totolink","otaUnlock":true,"fwVersion":"3.7.6","deviceid":"1000c3f10d","bssid":"78:44:76:e7:f4:14","signalStrength":-67}}%

Looks like I can flash tasmota.

Yet I don't know what I might have done wrong yesterday - after installing wireshark and looking into the trafic it worked. No matter I learned quite a lot. Thanks to all

@DasRed Thanks for the image

[3N37]

@dreeti

• ok i'm glad you succeeded ,
• to listen properly with wireshark you have to place yourself between the router and the device you want to sniff(sonoff), on the mikrotik and similar router there is just a special function for that.
• after unlocking and before flashing you can also make a copy of the original firmware 3.7.6 so you can restore the sonoff as originally( over TTL device https://www.superhouse.tv/33-sonoff-mini-and-s55/ esptool.py --port COMx read_flash 0x00000 0x100000 sonoff376.bin )

[VeeGit09]

@dreeti

Thank you for the details. Finally I was able to unlock after learning a lot on running a docker in WSL2 and mapping the IP to pi hole. When I run curl -X POST -d "{"data":{}}" http://192.168.1.xx:8081/zeroconf/info i get the following { "seq": 2, "error": 0, "data": { "switch": "off", "startup": "off", "pulse": "off", "pulseWidth": 500, "ssid": "xxxxxxx", "otaUnlock": true, "fwVersion": "3.7.6", "deviceid": "xxxxxxxxxxxxx", "bssid": "xxxxxxxxxx", "signalStrength": -54 } }

@3N37 and @dreeti Now I am stuck on how to flash with Tasmota. I followed the instructions in the pdf by @3N37 and used the curl http://10.0.0.118:8081/zeroconf/ota_flash -XPOST --data '{"data":{"downloadUrl": "http://10.0.0.108/tasmota-lite.bin", "sha256sum": "123a378c9da7f2fdf9a4870ddecb06742cd1ab529b93ec2bb9419b88d6dc6bee"} } and I got the response as {"seq":3,"error":0}.

But when I reach the ip address it keeps says unable to connect but checking with curl -X POST -d "{"data":{}}" http://192.168.1.xx:8081/zeroconf/info gives the same info as before that otaUnlock = true. So it seems that I haven't flashed it yet.

So, any help on what to do next is appreciated. (Also, I couldn't understand this in the pdf file written by @3N37 "sometimes you have to move the .htaccess file directly to the main directory /var/ww/html and then reposition the outlet in v2. This is because you would need to change something in the apache configuration but I don't feel like investigating."), because of my very primitive knowledge.

[3N37]

.htaccess works from the root of the directory. When you do the unblock it must be placed in the root, when you flash it must be placed in v2. of course you have to download tasmota-lite correctly and check the control number you get with sha256sum matches tell me if you can do it .

[dreeti]

@VeeGit09 You said „ So it seems that I haven't flashed it yet.“ Did you reboot your Sonoff and checked for the Tasmota wifi hotspot?

[jmlat]

Hello. I bougth a Sonoff MINI R2 and want to pilote it trougth DIY request. I succed to do it with postman, but i want to ceate a link on my office so i tried to send request with cURL.

the cURL request is: curl -d '{"deviceid":"","data":{}}' -H Content-Type:application/json -X POST http://192.168.1.87:8081/zeroconf/info

then i receive an error: {"seq":10,"error":400}

when i import this command in postman, it works well and i reveive: { "seq": 10, "error": 0, "data": { "switch": "off", "startup": "off", "pulse": "off", "pulseWidth": 500, "ssid": "box JML", "otaUnlock": false, "fwVersion": "3.7.3", "deviceid": "1001e974d4", "bssid": "60:35:c0:b3:33:b5", "signalStrength": -76 } }

What is the problem ? why it doesn't works with cURL ? and what must i do to make it works ?

[3N37]

@jmlat I use this format curl -XPOST --header "Content-Type: application/json" --data-raw '{"data": {}}' http://10.0.0.118:8081/zeroconf/info here is an explanation of how to do it: https://github.com/itead/Sonoff_Devices_DIY_Tools/blob/master/SONOFF%20DIY%20MODE%20Protocol%20Doc%20v2.0%20Doc.pdf

if you use tasmota you can use mqtt and the firmware then allows you to take full advantage of the sonoff.

[jmlat]

what is this adress : 10.0.0.118 ? my sonoff is connected on my box and it IP adress is 192.168.1.87 so i replace my adress in your code curl -XPOST --header "Content-Type: application/json" --data-raw '{"data": {}}' http://10.0.0.118:8081/zeroconf/info

so it is curl -XPOST --header "Content-Type: application/json" --data-raw '{"data":{}}' http://192.168.1.87:8081/zeroconf/info but response is {"seq":10,"error":400}

[mahipat99]

@jmlat

Try this script https://github.com/IBims1NicerTobi/sonoff-ota-flash-cli-devid-fix

./sonoff-ota-flash.sh -i 192.168.1.87

[3N37]

@jmlat strange, if it gives you error 400 it means the format is not correct try this: curl -X POST -d "{"data":{}}" http://192.168.1.87:8081/zeroconf/info @mahipat99 I had tried that script too but it didn't work.

[mahipat99]

@3N37 but it didn't work.

It works; I tried it a week back. The original script doesn't work, but this modified one does. P.S. Keep the mock server on, as it will also try to unlock.

[jmlat]

@jmlat strange, if it gives you error 400 it means the format is not correct try this: curl -X POST -d "{"data":{}}" http://192.168.1.87:8081/zeroconf/info @mahipat99 I had tried that script too but it didn't work.

same response: C:\Users\Jml> curl -X POST -d "{"data":{}}" http://192.168.1.87:8081/zeroconf/info {"seq":10,"error":400}

[jmlat]

@jmlat

Try this script https://github.com/IBims1NicerTobi/sonoff-ota-flash-cli-devid-fix

./sonoff-ota-flash.sh -i 192.168.1.87

this what i have to do ? curl -O https://raw.githubusercontent.com/njh/sonoff-ota-flash-cli/main/sonoff-ota-flash.sh -i 192.168.1.87:8081 it seems to do nothing !

[mahipat99]

No, download the file first. Then run ./sonoff-ota-flash.sh -i 192.168.1.87.

Or, you can do it like this: curl -O https://raw.githubusercontent.com/IBims1NicerTobi/sonoff-ota-flash-cli-devid-fix/main/sonoff-ota-flash.sh && chmod +x sonoff-ota-flash.sh && ./sonoff-ota-flash.sh -i 192.168.1.87

I hope your Sonoff device IP is still the same and hasn't changed.

[VeeGit09]

Thank you @dreeti and @3N37 for your immediate response. I very much appreciate it.

Well, I think I need to step back and understand somethings here. So, @dreeti, when I run the docker container created by @DasRed and do the sonoff_ota_unlock, does it both unlock and flash with the Tasmota bin? I followed all the steps that you explained in earlier posts, and I could unlock it (I believe otaUnlock: true means it's unlocked now). What steps did you follow after that to flash Tasmota, can you explain that as well?

@3N37 Thanks for the directory information. I found the issue as my container created using portainer as you mentioned in the guide is itself not working. I am learning portainer to debug it. I think the first step is that I need to run the container.

[mahipat99]

@VeeGit09 Check the above post; it might help.

Make sure the mock server is on, as the above script will try to unlock it even if it's already unlocked

[3N37]

@mahipat99

Check the above post; it might help.

Make sure the mock server is on, as the above script will try to unlock it even if it's already unlocked

I had encountered difficulties with 2 devices with version 3.7.3 it would seem that there are 2 batches the first one working with the mentioned scripts and the second one with the local server procedure . Have you tried with version 3.7.6 ?

[mahipat99]

@3N37

Have you tried with version 3.7.6 ?

Yes, OOB the device was on version 3.3.0, most likely. As I mentioned, I tried it about a week ago, and at that time, the 3.7.6 update was available. That's when I learned about the Mock server, etc. After setting up the mock server, I was able to flash it.

[VeeGit09]

@VeeGit09 You said „ So it seems that I haven't flashed it yet.“ Did you reboot your Sonoff and checked for the Tasmota wifi hotspot?

Sorry @dreeti I missed this to answer. Yes, I did restart the sonoff, but couldn't find the Tasmota wifi hotspot. I could understand this as my Docker (followed @3N37 notes) was not working, but still I have problem running it in the portainer. I used the container by @DasRed (thank you @DasRed) to unlock. How did you flashed Tasmota after unlocking, can you please give the steps? Thanks

[VeeGit09]

@VeeGit09 Check the above post; it might help.

Make sure the mock server is on, as the above script will try to unlock it even if it's already unlocked

Thanks @mahipat99 I will check. When you meant mock server, is it the docker container by @DasRed or directly run the command curl -O https://raw.githubusercontent.com/IBims1NicerTobi/sonoff-ota-flash-cli-devid-fix/main/sonoff-ota-flash.sh && chmod +x sonoff-ota-flash.sh && ./sonoff-ota-flash.sh -i 192.168.1.87 as you mentioned in the earlier post

[mahipat99]

@VeeGit09

The Docker container functions as a mock server since the official API is no longer operational, and we need it to unlock OTA mode. You can use Docker or a local Apache server, then execute the above command. This command is for unlocking and flashing Tasmota.

You need a mock server even when the device already has OTA mode unlocked because it attempts to unlock OTA mode from the server side without checking whether it's locked or not

Technically, Docker from DasrRed and above PHP script are the same thing, just different approaches. Use whichever you prefer

[VeeGit09]

@mahipat99

Thank you. I had issues running the PHP script. But I used DasRed Docker to unlock it. So if it unlocks and flashes Tasmota, then I should see the Tasmota access point, which I couldn't see. Running the curlx post command shows that the otaUnlock is true which means all worked. I am puzzled why it didn't flash Tasmota after unlocking.

[3N37]

unlocking the device is the hardest thing . for flash after downloading the correct firmware version to the mock server, checked and annotated the sha256 , and placed the otaflash.php and .htaccess file in the root directory .there is no more problem. The DasRed docker image should already have everything ready. Just start it up and give the command curl.... from your computer's terminal

[egio12]

@3N37 I have read all your conversations, and I have made several attempts to unlock my sonoff mini r2 fw. 3.7.6. I tried using both AdGuard with DNS rewrites and Dnsmasq, but unfortunately, I couldn't redirect apid.coolkit.cn to my server where Docker is running with the image created by @DasRed . Do you think that flashing Sonoff Mini R2 devices will be increasingly challenging in the future? I remember when I configured the first ones a few years ago; I only had to run the script, and everything was automatic.

[3N37]

@enricogiordano la procedura secondo me si è semplificata, the procedure in my opinion has simplified, if you can't do the redirect of apid.coolkit.cn it can't work . In adguard you just have to type apid... and then the ip of your server and then make sure that your browser uses adguard and that the cache is clean

[dreeti]

Well, I think I need to step back and understand somethings here. So, @dreeti, when I run the docker container created by @DasRed and do the sonoff_ota_unlock, does it both unlock and flash with the Tasmota bin? I followed all the steps that you explained in earlier posts, and I could unlock it (I believe otaUnlock: true means it's unlocked now). What steps did you follow after that to flash Tasmota, can you explain that as well?

• I made sure the docker image was running
• unlocking and flashing are 2 different steps
• I followed basically the pdf prepared by @3N37 (https://github.com/itead/Sonoff_Devices_DIY_Tools/issues/45#issuecomment-1830529753)
• I found also this article that helped me to understand more details : https://lindevs.com/flash-the-tasmota-firmware-on-sonoff-minir2-switch -- the process did not work with my firmware version 3.7.6 , but helped me to understand more.
• the firmware that I flashed came from : http://sonoff-ota.aelius.com/
• first I got the SHA256 key
• then on linux : HASH='downloaded key'
• IP_ADDRESS=192.169.x.x == your sonoff ip
• and then flash : curl -X POST -d "{\"data\":{\"downloadUrl\":\"http://sonoff-ota.aelius.com/tasmota-latest-lite.bin\",\"sha256sum\":\"$HASH\"}}" http://$IP_ADDRESS:8081/zeroconf/ota_flash
• the flashing takes some time - like 1-2 minutes - then you see the tasmota hotspot

I have ordered some more sonoff minis. I hope they will arrive with an older firmware than 3.7.6. I had some with firmware 3.5.0 and that worked with https://githubhelp.com/njh/sonoff-ota-flash-cli that's the script @mahipat99 (https://github.com/itead/Sonoff_Devices_DIY_Tools/issues/45#issuecomment-1860710658) referred to as "original script".

Good luck. Don't stop trying - it's very rewarding when it finally works :-)

[mahipat99]

@egio12 Here are the steps for AdGuard.

@dreeti Added options for the alternative method, which skips the OTA unlock process in case you have already unlocked it via any other method.

@VeeGit09 You can also try the above method; there's no need for a mock server if you've already unlocked it.