Open gerardwr opened 6 years ago
Hi, you are absolutely right. I have used much of their work to implement this. (as mentioned in the readme I used => http://blog.nanl.de/2017/05/sonota-flashing-itead-sonoff-devices-via-original-ota-mechanism/ as a source)
So the problem descriped in mirko/SonOTA#58 will also affect this tool. Currently I am not able to do anything more than making a note in the readme and follow their Issue, if they find a solution (I am not a too good at security-breaking-hacks)
Hi,
Thanks for the confirmation.
Increased security is in principle a good thing, but for us "hackers" is not always a blessing :-(
Let hope this issue is sorted out eventually.
Agree, but Security could also be implemented in a way, that allows hacking. Specially as the first setup needs user interaction. And before I forget to mention => Thanks for the hint. I guess this will be a deal breaker for a lot of sonoff users. But as long as updating the firmware is possible we still have a way (even thought not an none-in-versive way)
Did anyone had this problem? Today I received two switches and I was able to connect to my local server without any problems. Maybe they still use old firmware and I also didn't connect them to WeLink app to prevent any OTA firmware updates.
@mdopp I'm afraid that Itead has shown little interest in providing information on the "hacker" use of their stock firmware. Closing the SSL gap in newer firmware seems another step to tie their devices down to their own services.
Many users will stick to the stock firmware i.c.w. the Ewelink App so closing the SSL gap it's not a problem for them.
Most hackers will probably ditch the stock firmware anyway so it's also not a problem or them.
It's a pity for guys like us who like to extend default behaviour of devices in a way the supplier has not foreseen. Oh well, on to the next challenging device ;-)
@pevecyan I saw a list of reported working and affected devices here: https://github.com/mirko/SonOTA/wiki
How can I get the current firmware version? I have just bought a Sonoff RF Bridge and seems to be not working with this hacking.
I would like to try it with valid certs generated by letsenrypt.
I am not sure, but I guess it would be updated by using the original app
@mdopp a few questions, if I may:
Assuming the first 2 questions would have yes as an answer, I must be doing something wrong because after sending data to 10.10.7.1 nothing else happens on server side. The device exits the AP mode and joins the LAN but there is no connection to the server ( at least the server doesn't output any log about it ). Also, in sonoff.server.module.js line #150 I see the websockets should log the start of the server but that never shows up in my logs ( only the http and https servers starts ). Any idea why? Maybe this is why the device is never connecting to the server? Thanks!
@xyboox
About the websocket log => this will only show, if anything is connecting to the websocket. Not seeing this log is normal. The devices should try to connect to "/dispatch/device", and get the ip + websocket-port from there first. Not seeing this in your log- means, that they are expecting another certificate or something.
It makes sense @mdopp what you're saying. Must be something with the SSL cert, although it is a valid one ( using it for another API that requires SSL ). I'll start digging about this. Thanks for the answer!
@xyboox also an hint => https://disqus.com/home/discussion/itead/sonoff_wifi_wireless_smart_switch_for_smart_home/newest/
Jack Liu Jon • 3 days ago
We will release new firmware that support LAN control in the future.
looks like they make it happen some time in the future!
@mdopp good news, as most of us will use the devices with an onLAN server. However, this doesn't exclude the Sonoff device connectivity to their clouds. Hopefully, when their servers are down ( like a couple of days ago ) the devices won't be affected.
Today I've got an update for the ewelink app ( ios) but not a new firmware yet.
I see a new firmware update (1.6.2 to 1.7.0) in ewelink app.
Hi,
I read here that some Sonoff switches with newer firmware (1.6.x?) fail to work with the SonOTA software. It seems that the newer firmware intruduces "real" SSL verification: https://github.com/mirko/SonOTA/issues/58
As far as I can see the SonOTA software uses the same Sonoff mechanism as your server, so your server could be affected too.
Or am I mistaken?