Not working on firmware version 6+

[igoraj]

Hej @jagheterfredrik, interesting work you did in this repo. I own a Pulsar Max and although on the outside it seems to be supporting the same mechanics in regards to BLE updates (same service-id, etc), it does however appear that the same method of pwning doesn't work on this model.

Do you mind sharing more details how did you came to construct the original pwn method for Pulsar Plus that I could use maybe to try and adapt for Max?

[jagheterfredrik]

I'm surprised it doesn't work. What do you get when trying?

[igoraj]

The procedure goes through smoothly, but the SSH still does not accept the key afterwards. I think they changed a designed a bit went with some other compute module than rpi, so it might be that at least paths have changed if not also for something else.

[jagheterfredrik]

What's your firmware version?

[igoraj]

6.1.13, I guess if I perform factory reset it might get rolled back to something earlier, but not sure whether that would be 5.17.44 or something older.

[jagheterfredrik]

Interesting. Wallbox promised to fix it in v6 so try rollback through restore. V6 is not yet available for Pulsar Plus

[tronikos]

Fix what?

[jagheterfredrik]

The rooting procedure

[tronikos]

Thanks. Good to know to not install any updates. It would be good to mention it in the readme.

[ReTaec]

Are there any updates if your PulsarPlus is now running on 6.1.19? Do you think it could run on v6+ also?

[jagheterfredrik]

I’ve heard it runs fine if you root on 5 then upgrade. To root, do a restore to 5 then upgrade again. For now.

[ReTaec]

Thanks for the quick answer. How can i restore / downgrade the wallbox to v5? Havent found anything jet online :S Online is still also available after rooting?

[jagheterfredrik]

Wallbox app, advanced -> restore. What version you get depends on what box you have

[jagheterfredrik]

Cloud is unaffected by rooting

[ReTaec]

Awesome, thank you very much! As info for everyone reading this. Currently resetting a Pulsar Plus Wallbox from version 6.1.19 brings the version down to 4.7.6 Will try to root it tomorrow but i expect no issues ;) Highly apprechiated your effort

[jagheterfredrik]

Oh cool didn't even realize they released v6 for Pulsar Plus, happend Jan 10 👍

Do note that different Wallboxes will end up on different versions when restoring, i.e. the latest at time of their manufacturing. Mine restores to 5.x.x.

[ReTaec]

Tried today to root the Wallbox, but it stucks on "Wallbox is processing pwnware..." - When checking the hup_data.get('st') it has the value 'fail'. Do you have any idea how to debug any further?

[jagheterfredrik]

It is supposed to fail

edit: hm, or maybe not.. did you try ssh?

[ReTaec]

yep tried but looks wrong to me :S

[jagheterfredrik]

The error is on your computer. You need to fix the invalid format. A failure to pwn would look like “key denied”

[jagheterfredrik]

See #3

[ReTaec]

i think you got me wrong :) when i try to root my Wallbox i only get:

python wallbox-pwn.py Please choose Wallbox: 0) WB421337 (XX:XX:X:XX:XX:XX) '> 0 Identified Bluetooth chip: Zentri Setting Wallbox to AP mode Wallbox AP is ready, connect to WB421337-Hotspot using password XXXPassXXX, then press return '> Sending pwnware Pwnware was received by Wallbox

And thats all :S It never comes to "pwnd successfully" I restored the Wallbox several times today,

I also added some more output as you can see in the following image:

[jagheterfredrik]

I understand and would still like to see if ssh works. If the connection is rejected you’ll get “ Permission denied (publickey)”. If you get another error the rooting might’ve worked but your ssh client is not behaving.

[ReTaec]

I' now getting exact this

[jagheterfredrik]

Please include the command 🙏

[ReTaec]

ssh -i id_rsa root@192.168.178.146 root@192.168.178.146: Permission denied (publickey).

Or

ssh -i id_rsa root@192.168.178.146 -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa command-line: line 0: Bad configuration option: pubkeyacceptedalgorithms

[jagheterfredrik]

And this is after a rooting attempt? How did you fix the “invalid format” issue you had previously?

[ReTaec]

yep this is afer the rooting attempt where i did the screenshot (with the red arrows) i reloaded the repo once again from git and now it has no format issue. The code etc is also brand new, expect for those two additional "print" statements

[jagheterfredrik]

I think next step would be to try upgrade to v5, I have dumps but don’t want to publish them. DM me here perhaps https://community.home-assistant.io/t/wallbox-pulsar-plus-integration/200339/1036

[igoraj]

I parked this for a while since it didn't work at the time of pwning, but I recently tried connecting again and was able to ssh just fine. I suspect some powercycle must have sorted out situation. Pulsar Max, version is still at 6.1.13

From my perspective this ticket can be closed.

[lostOzone]

I parked this for a while since it didn't work at the time of pwning, but I recently tried connecting again and was able to ssh just fine. I suspect some powercycle must have sorted out situation. Pulsar Max, version is still at 6.1.13

From my perspective this ticket can be closed.

So it worked with version 6.1.13?

[igoraj]

Interesting update. It seems it again stopped working for me, I'm getting public key denied errors again. So I'm wondering if this version implements some kind of security measures on firewall that get triggered by failed auth attempts. Restarting Wallbox did not help.