Closed mihsu81 closed 11 months ago
Well, are you sure the password is correct? This means that the firmware currently running on the device has different OTA password than the one you're trying to upload.
I'm very sure the password is correct. I'm using the same secrets.yaml for both ESPHome and LibreTiny ESPHome, and this is the only device where I have this issue. Also, when i upgraded from libretuya to libretiny OTA worked fine. Also, a wrong ota password wouldn't explain why the device reboots when I try to access its web server or when I toggle the relay.
You're right, it doesn't explain that. I'm afraid your best (only?) option would be to serial-flash it, possibly checking the logs before doing that (to find the cause of these issues). I've just upgraded my RTL8710BN from LibreTuya (built in April) to LibreTiny (built today), and then did a few following OTA updates, with no issues. However, I don't have OTA password set. But the web server (and toggling relays) works just fine, as it did before.
I did flash the uf2 file (the initial one and a recreated one) over serial and the issue persists. Could it have something to do with the bootloader? My device is an EZVIZ plug, not a Tuya one. You previously had to make a few changes to make it flashable.
Did you also flash the LibreTuya one (old version)? The one that you had no problems with (from what I understand).
Yes, flashing over serial the old one works fine, flashing over serial the new one causes the above mentioned issues.
Do this:
Unfortunately I'm not able to get UART logs because it's a power plug on 220V. plug-ezviz_firmware.zip Even setting the logger to VERY-VERBOSE didn't produce any logs that could relate to the issue. logs.txt
Don't grab logs when it's on 220V, do it just like you're flashing it.
Power it from the flasher (or some external power supply), it should work just like it does on 220V (well, maybe the relay won't click, but apart from this there should be no difference).
Thank you for the suggestion :) The error when trying to access the web server is the below after which it reboots:
[11:14:43]RTL8195A[HAL]: Hard Fault Error!!!!
[11:14:43]RTL8195A[HAL]: R0 = 0x1
[11:14:43]RTL8195A[HAL]: R1 = 0x50
[11:14:43]RTL8195A[HAL]: R2 = 0x0
[11:14:43]RTL8195A[HAL]: R3 = 0x10005bbc
[11:14:43]RTL8195A[HAL]: R12 = 0x80000000
[11:14:43]RTL8195A[HAL]: LR = 0x812f30b
[11:14:43]RTL8195A[HAL]: PC = 0x0
[11:14:43]RTL8195A[HAL]: PSR = 0x20000000
[11:14:43]RTL8195A[HAL]: BFAR = 0xe000ed38
[11:14:43]RTL8195A[HAL]: CFSR = 0x20000
[11:14:43]RTL8195A[HAL]: HFSR = 0x40000000
[11:14:43]RTL8195A[HAL]: DFSR = 0x0
[11:14:43]RTL8195A[HAL]: AFSR = 0x0
[11:14:43]RTL8195A[HAL]: PriMask 0x0
[11:14:43]RTL8195A[HAL]: BasePri 0x0
[11:14:43]RTL8195A[HAL]: SVC priority: 0x00
[11:14:43]RTL8195A[HAL]: PendSVC priority: 0xf0
[11:14:43]RTL8195A[HAL]: Systick priority: 0xf0
Here are the full logs. crash_log.txt
Reattaching also the elf and uf2. uf2 + elf.zip
P.S. Removing the OTA password allowed me to flash more firmware OTA.
@kuba2k2 It looks to me like the two Solis S3 stick users with OTA problems did not initially flash the UF2 image (due to the ltchiptool problems for EMW3080) but the individual 0xB000-OTA1 and 0x100000-OTA2 images.
Could it be that in this case one has to zero-out certain memory area (the one for passwords?) so that it is initialised correctly?
There shouldn't be any difference, as the UF2 is really just a wrapper for the underlying OTA1/2 images. However, only one of them is flashed with the UF2, not both (as that would overwrite the currently running binary, in case of OTA). That shouldn't cause any issues, as the OTA1/2 firmware doesn't care about the other region.
There's also no specific memory area for passwords. It's just hardcoded somewhere in the program's code.
Hi @kuba2k2, any ideea how to solve this issue?
Sorry, no idea. It works for me, but I'm not using the OTA password. If you can, try simply removing the password or updating via web_server.
Sorry, no idea. It works for me, but I'm not using the OTA password. If you can, try simply removing the password or updating via web_server.
Yeah, I removed the OTA password. My question was about the crash of the web server when trying to access it. I've posted earlier the crash logs.
The OTA component does challenge-response auth using an MD5 hash of pw-nonce-cnonce.
ESPHome Python CLI log:
DEBUG Auth: Nonce is 9c5b9e83a10ca30fb7daf79ad439cc55
DEBUG Auth: CNonce is f608dd3ff1d7ae65b0541c8f59bdc486
DEBUG Auth: Result is fd4cc756e588ff804e62808cdd895f20
MCU log:
[D][ota:147]: Starting OTA Update ...
[D][ota:178]: OTA features is 0x01
[D][ota:199]: Auth: Nonce is 9c5b9e83a10ca30fb7daf79ad439cc55
[D][ota:209]: Auth: Password is e6d69b938c8b96d8436ef30eb219a7e6 with length 32
[D][ota:220]: Auth: CNonce is f608dd3ff1d7ae65b0541c8f59bdc486
[D][ota:227]: Auth: Result is b1a7a51c425723ddae43a77d33c9f525
[D][ota:235]: Auth: Response is fd4cc756e588ff804e62808cdd895f20
[W][ota:242]: Auth failed! Passwords do not match!
The MCU does not correctly calculate the resulting hash (Result is b1a7a...
is wrong), double checked by small python script:
m = hashlib.md5()
m.update(b"e6d69b938c8b96d8436ef30eb219a7e6") #pw
m.update(b"9c5b9e83a10ca30fb7daf79ad439cc55") #nonce
m.update(b"f608dd3ff1d7ae65b0541c8f59bdc486") #cnonce
r = m.hexdigest()
print(r) # = fd4cc756e588ff804e62808cdd895f20
I traced the md5.add
steps within ota_component.cpp
: The hash of the password is correct (step 1), after the nonce is added (step 2), the hash differs, and of course then step 3 differs as well.
If I use a hammer (don't know how to do it via an configure option) to replace LT_ARD_MD5_POLARSSL
with LT_ARD_MD5_MBEDTLS
in various places, hash calculation and OTA work:
[D][ota:178]: OTA features is 0x01
[D][ota:200]: Auth: Nonce is 4cc9b59675dcc12f450cb02531a70649
[D][ota:210]: Auth: Password is e6d69b938c8b96d8436ef30eb219a7e6 with length 32
[D][ota:225]: Auth: CNonce is f608dd3ff1d7ae65b0541c8f59bdc486
[D][ota:232]: Auth: Result is a20fcc5cbd78886d5517aabd368753f5
[D][ota:240]: Auth: Response is a20fcc5cbd78886d5517aabd368753f5
[D][ota:268]: OTA size is 1263104 bytes
I am still confused why this error occurs. Calculating the hash value of the password or nonce alone seems to work, also different consecutive combinations of md5.add
give a correct result, but the OTA password check does not.
I thought it's a problem with the md5 impl, I haven't had time today to try and fix it. The only place you need to change that define is in lt_defs.h. If changing it there from polarssl to mbedtls works, it's a fix.
It might be caused by memory allocation of the md5 context... I'm not sure how that works exactly.
I pushed https://github.com/hn/ginlong-solis/commit/2b9af93930eaaf06a4d3d1bbe940f7a23969b7d5 as a preliminary fix. Would be nice to know why Polar SSL does not work correctly.
It's probably because parts of it belong in the ROM area (which probably uses an old version or something). In LT, both implementations call the same functions from PolarSSL and mbedTLS, appropriately (polar was renamed to mbed a long time ago).
Since it fixes the issue (we don't want to use polar anyway; everything else like WiFiClientSecure uses mbed already), you can create a PR for that if you'd like.
Thanks, I'll double-check with a clean install and create a PR then.
Fixed in #156. Thanks @hn for the fix!
Hi @kuba2k2,
I'm getting the below error when trying to update OTA from libretiny 2023.5.0-dev to libretiny 2023.5.0-dev:
I've successfully updated OTA from libretuya 2023.1.0-dev to libretiny 2023.5.0-dev. With the libretiny 2023.5.0-dev firmware I'm also not able to access the web server of the device because it resets. I'm also receiving data from it in HA but not able to control the relay.
I'm attaching the working libretuya 2023.1.0-dev firmware and faulty libretiny 2023.5.0-dev firmware. plug-ezviz_2023.1.0-dev.uf2.zip plug-ezviz_2023.5.0-dev.uf2.zip And here is the config file:
I was able to update just fine a CB2S.