Closed Kanaye closed 1 week ago
Kanaye
commented
2 weeks ago Update on 1️⃣ (the Bluetooth thing) this seems to be a management/developer feature of the LD2410. You can configure it to disable bluetooth (which should probably be done for multiple reasons). See "2.2.12 Bluetooth settings" in the manual.
ranveerkumar
commented
2 weeks ago I've been waiting for this nice feature packed device to arrive (I'm in India). I've just discovered 2 issues upfront:
| roomsenseiq |
Passive Infrared sensor (off = No motion, on = Motion) | |
|---|---|---|
| roomsenseiq |
Presence of a person in the room (pir AND radar) | |
| roomsenseiq |
cm | Distance to an occupant in centimeters |
| roomsenseiq |
ft | Distance to an occupant in feet |
| roomsenseiq |
raw | Light levels |
| roomsenseiq |
Location of the sensor | |
| roomsenseiq |
Direction of walking movement | |
| roomsenseiq |
°C | Temperature in Celsius |
| roomsenseiq |
F | Temperature in Fahrenheit |
roomsenseiq
What I might be missing here?
roomsense
commented
2 weeks ago Hello
Thanks for reaching out.
1- Could you send a screen shot from the firmware update error?
2- You can see the complete list of MQTT entities by adding them to your HA dashboard. Overview tab -> Add card. You may need to restart your HA to get a refresh list.
[image: image.png]
Regards, Sina
On Tue, Aug 27, 2024 at 10:42 PM Ranveer Kumar @.***> wrote:
I've been for this nice feature packed device to arrive (I'm in India). I've just discovered 2 issues upfront:
- Update issue, I've downloaded the latest firmware and when I try to update it via the Web interface, it always shows me !!! Upload Error !!!. I've tried resetting the device a couple of times, and tried different machine/browsers without any luck.
image.png (view on web) https://github.com/user-attachments/assets/b8d35d8c-eabb-4b1d-9bd5-92d46669077e
- MQTT Entities: I was assuming I should see more sensors and entities which will be helpful for me to create automations. However, I can see only 4 entities in my HomeAssistant, whereas I see multiple other entities listed on the manual page: roomsenseiqpir Passive Infrared sensor (off = No motion, on = Motion) roomsenseiqpresence Presence of a person in the room (pir AND radar) roomsenseiqdistance_cm cm Distance to an occupant in centimeters roomsenseiqdistance_ft ft Distance to an occupant in feet roomsenseiqlight raw Light levels roomsenseiqlocation Location of the sensor roomsenseiqmovement_direction Direction of walking movement roomsenseiqtemperature_c °C Temperature in Celsius roomsenseiqtemperature_f F Temperature in Fahrenheit roomsenseiqhumidity image.png (view on web) https://github.com/user-attachments/assets/2296ef7a-09a9-49cf-84ab-939838f2f170 What I might be missing here?
— Reply to this email directly, view it on GitHub https://github.com/roomsense/firmware/issues/1#issuecomment-2314362561, or unsubscribe https://github.com/notifications/unsubscribe-auth/A57BHOTFWBXXIA7OHC4DN2TZTVPLLAVCNFSM6AAAAABNEMNNQSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMJUGM3DENJWGE . You are receiving this because you are subscribed to this thread.Message ID: @.***>
ranveerkumar
commented
2 weeks ago Here's the error while firmware update:
Also, my board seems to stopped booting up. Just showing me dim little red light and no wifi access point in the list, and not connected to my home wifi router (already completed that step earlier).
ranveerkumar
commented
2 weeks ago [image: image.png] I also comment on the repo. Now the board is not booting up - with a very dim red light (no blink) on the board. How to hard reset it and/or do I need to order another unit?
On Wed, Aug 28, 2024 at 11:24 AM RoomSense Labs @.***> wrote:
Hello
Thanks for reaching out.
1- Could you send a screen shot from the firmware update error?
2- You can see the complete list of MQTT entities by adding them to your HA dashboard. Overview tab -> Add card. You may need to restart your HA to get a refresh list.
[image: image.png]
Regards, Sina
On Tue, Aug 27, 2024 at 10:42 PM Ranveer Kumar @.***> wrote:
I've been for this nice feature packed device to arrive (I'm in India). I've just discovered 2 issues upfront:
- Update issue, I've downloaded the latest firmware and when I try to update it via the Web interface, it always shows me !!! Upload Error !!!. I've tried resetting the device a couple of times, and tried different machine/browsers without any luck.
image.png (view on web) < https://github.com/user-attachments/assets/b8d35d8c-eabb-4b1d-9bd5-92d46669077e>
- MQTT Entities: I was assuming I should see more sensors and entities which will be helpful for me to create automations. However, I can see only 4 entities in my HomeAssistant, whereas I see multiple other entities listed on the manual page: roomsenseiqpir Passive Infrared sensor (off = No motion, on = Motion) roomsenseiqpresence Presence of a person in the room (pir AND radar) roomsenseiqdistance_cm cm Distance to an occupant in centimeters roomsenseiqdistance_ft ft Distance to an occupant in feet roomsenseiqlight raw Light levels roomsenseiqlocation Location of the sensor roomsenseiqmovement_direction Direction of walking movement roomsenseiqtemperature_c °C Temperature in Celsius roomsenseiqtemperature_f F Temperature in Fahrenheit roomsenseiqhumidity image.png (view on web) < https://github.com/user-attachments/assets/2296ef7a-09a9-49cf-84ab-939838f2f170>
What I might be missing here?
— Reply to this email directly, view it on GitHub https://github.com/roomsense/firmware/issues/1#issuecomment-2314362561,
or unsubscribe < https://github.com/notifications/unsubscribe-auth/A57BHOTFWBXXIA7OHC4DN2TZTVPLLAVCNFSM6AAAAABNEMNNQSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMJUGM3DENJWGE>
. You are receiving this because you are subscribed to this thread.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/roomsense/firmware/issues/1#issuecomment-2314376286, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABKK424NYZP4CWRNQJ5UBV3ZTVQZVAVCNFSM6AAAAABNEMNNQSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMJUGM3TMMRYGY . You are receiving this because you commented.Message ID: @.***>
Fronty72
commented
2 weeks ago Here's the error while firmware update:
Also, my board seems to stopped booting up. Just showing me dim little red light and no wifi access point in the list, and not connected to my home wifi router (already completed that step earlier).
Looking at the filesize of 167kb it seems your firmware file is downloaded incomplete. Actual size is 1.405kb. Redownload the file to your pc and give it another try. Hope this helps!
tofurky
commented
2 weeks ago To get things back on track for the original issues mentioned regarding security concerns:
I understand that having the AP always enabled makes recovery easier, but it should be pretty straightforward to just reflash over USB with esptool.py to recover a device if it's got bad network settings. A checkbox to disable the AP would be a good start.
For the LD2410 listening on Bluetooth, it seems that examples for esphome show how to make a toggle switch to turn Bluetooth on/off. Taking a look at the code, it looks pretty straightforward: https://github.com/esphome/esphome/blob/5cb5594288f65fe4639e442a0c3772ed7c96e578/esphome/components/ld2410/ld2410.cpp#L512-L518
There's also a way to set BLE password. But for this in particular, I think it should be disabled on first boot and maybe stored in flash to mark it as such.
Kanaye
commented
2 weeks ago Well instead of having an AP always enabled, disabling it when connecting to a network and reenabling it when no network connection is available for a given timeframe (for example a minute) would also be an option. This is also how many other projects in the smart home space are solving this issue. For example new esphome projects are configured like this by default.
tofurky
commented
2 weeks ago Well instead of having an AP always enabled, disabling it when connecting to a network and reenabling it when no network connection is available for a given timeframe (for example a minute) would also be an option.
That'd be a way to do it, however if someone was really motivated to hack your home network (hah) they could just launch a deauth attack or similar to have it start up the AP. So, I think it'd need to be done in conjunction with allowing a new key to be set.
russellmilliner
commented
2 weeks ago Only launch the AP if no network available on boot. That way even a deauth is not going to hack it. You'd have to deauth and powerbump it. Much more difficult. Also means that it would show on first boot and auto disable after that.
How the heck this got out the door like this is concerning.
roomsense
commented
2 weeks ago Here's the error while firmware update:
Also, my board seems to stopped booting up. Just showing me dim little red light and no wifi access point in the list, and not connected to my home wifi router (already completed that step earlier).
Based on the size of the file it seems you flashed the device with a wrong file. You can use reflash over USB with esptool.py. Here the details showing how to use the tool: https://docs.espressif.com/projects/esptool/en/latest/esp32/
roomsense
commented
2 weeks ago Well instead of having an AP always enabled, disabling it when connecting to a network and reenabling it when no network connection is available for a given timeframe (for example a minute) would also be an option.
That'd be a way to do it, however if someone was really motivated to hack your home network (hah) they could just launch a deauth attack or similar to have it start up the AP. So, I think it'd need to be done in conjunction with allowing a new key to be set.
Thank you. We're already working on it and will be releasing new firmware soon.
ranveerkumar
commented
2 weeks ago Here's the error while firmware update:
Based on the size of the file it seems you flashed the device with a wrong file. You can use reflash over USB with esptool.py. Here the details showing how to use the tool: https://docs.espressif.com/projects/esptool/en/latest/esp32/
Hi team,
Thanks for the reply! I'm a novice with these chips and related commands.
Here's the content of latest firmware repo clone:
rw-r--r-- 1 xxxxxxxxxxx staff 1 MiB Thu Aug 29 09:16:50 2024 roomsense-web20240823.bin
I found the serial port via: sudo ls /dev/cu.*
/dev/cu.usbserial-130
And, followed the flashing guide provided by you above. I used following command:
esptool.py -p /dev/cu.usbserial-130 write_flash --flash_size 8MB 0x0 roomsense-web20240823.bin
with following output:
esptool.py v3.3.3
Serial port /dev/cu.usbserial-130
Connecting....
Detecting chip type... ESP32-S3
Chip is ESP32-S3 (revision v0.2)
Features: WiFi, BLE
Crystal is 40MHz
MAC: 80:65:99:a5:00:f4
Uploading stub...
Running stub...
Stub running...
Configuring flash size...
Flash will be erased from 0x00000000 to 0x0015ffff...
Compressed 1438512 bytes to 761986...
Wrote 1438512 bytes (761986 compressed) at 0x00000000 in 67.4 seconds (effective 170.7 kbit/s)...
Hash of data verified.Leaving... Hard resetting via RTS pin...
4. Verified the content using: `esptool.py -p /dev/cu.usbserial-130 verify_flash --diff yes 0x0 roomsense-web20240823.bin`
Output:esptool.py v3.3.3 Serial port /dev/cu.usbserial-130 Connecting.... Detecting chip type... ESP32-S3 Chip is ESP32-S3 (revision v0.2) Features: WiFi, BLE Crystal is 40MHz MAC: 80:65:99:a5:00:f4 Uploading stub... Running stub... Stub running... Configuring flash size... Verifying 0x15f330 (1438512) bytes @ 0x00000000 in flash against roomsense-web20240823.bin... -- verify OK (digest matched) Hard resetting via RTS pin...
5. Tried a power cycle by unplugging and then plugging back the USB power supply.
Still no luck! Sorry for bothering you all. Could I get some suggestion on where I'm going wrong? Do I need to make some changes in the command's parameters?Here's the error while firmware update:
Based on the size of the file it seems you flashed the device with a wrong file. You can use reflash over USB with esptool.py. Here the details showing how to use the tool: https://docs.espressif.com/projects/esptool/en/latest/esp32/
Hi team,
Thanks for the reply! I'm a novice with these chips and related commands.
- Here's the content of latest firmware repo clone:
rw-r--r-- 1 xxxxxxxxxxx staff 1 MiB Thu Aug 29 09:16:50 2024 roomsense-web20240823.bin- I found the serial port via:
sudo ls /dev/cu.*/dev/cu.usbserial-130- And, followed the flashing guide provided by you above. I used following command:
esptool.py -p /dev/cu.usbserial-130 write_flash --flash_size 8MB 0x0 roomsense-web20240823.binwith following output:esptool.py v3.3.3 Serial port /dev/cu.usbserial-130 Connecting.... Detecting chip type... ESP32-S3 Chip is ESP32-S3 (revision v0.2) Features: WiFi, BLE Crystal is 40MHz MAC: 80:65:99:a5:00:f4 Uploading stub... Running stub... Stub running... Configuring flash size... Flash will be erased from 0x00000000 to 0x0015ffff... Compressed 1438512 bytes to 761986... Wrote 1438512 bytes (761986 compressed) at 0x00000000 in 67.4 seconds (effective 170.7 kbit/s)... Hash of data verified. Leaving... Hard resetting via RTS pin...
- Verified the content using:
esptool.py -p /dev/cu.usbserial-130 verify_flash --diff yes 0x0 roomsense-web20240823.binOutput:esptool.py v3.3.3 Serial port /dev/cu.usbserial-130 Connecting.... Detecting chip type... ESP32-S3 Chip is ESP32-S3 (revision v0.2) Features: WiFi, BLE Crystal is 40MHz MAC: 80:65:99:a5:00:f4 Uploading stub... Running stub... Stub running... Configuring flash size... Verifying 0x15f330 (1438512) bytes @ 0x00000000 in flash against roomsense-web20240823.bin... -- verify OK (digest matched) Hard resetting via RTS pin...
- Tried a power cycle by unplugging and then plugging back the USB power supply.
Still no luck! Sorry for bothering you all. Could I get some suggestion on where I'm going wrong? Do I need to make some changes in the flash command such as address etc?
Use the recovery binary and flash it with esptool.py
ranveerkumar
commented
2 weeks ago Here's the error while firmware update:
Based on the size of the file it seems you flashed the device with a wrong file. You can use reflash over USB with esptool.py. Here the details showing how to use the tool: https://docs.espressif.com/projects/esptool/en/latest/esp32/
Hi team, Thanks for the reply! I'm a novice with these chips and related commands.
- Here's the content of latest firmware repo clone:
rw-r--r-- 1 xxxxxxxxxxx staff 1 MiB Thu Aug 29 09:16:50 2024 roomsense-web20240823.bin- I found the serial port via:
sudo ls /dev/cu.*/dev/cu.usbserial-130- And, followed the flashing guide provided by you above. I used following command:
esptool.py -p /dev/cu.usbserial-130 write_flash --flash_size 8MB 0x0 roomsense-web20240823.binwith following output:esptool.py v3.3.3 Serial port /dev/cu.usbserial-130 Connecting.... Detecting chip type... ESP32-S3 Chip is ESP32-S3 (revision v0.2) Features: WiFi, BLE Crystal is 40MHz MAC: 80:65:99:a5:00:f4 Uploading stub... Running stub... Stub running... Configuring flash size... Flash will be erased from 0x00000000 to 0x0015ffff... Compressed 1438512 bytes to 761986... Wrote 1438512 bytes (761986 compressed) at 0x00000000 in 67.4 seconds (effective 170.7 kbit/s)... Hash of data verified. Leaving... Hard resetting via RTS pin...
- Verified the content using:
esptool.py -p /dev/cu.usbserial-130 verify_flash --diff yes 0x0 roomsense-web20240823.binOutput:esptool.py v3.3.3 Serial port /dev/cu.usbserial-130 Connecting.... Detecting chip type... ESP32-S3 Chip is ESP32-S3 (revision v0.2) Features: WiFi, BLE Crystal is 40MHz MAC: 80:65:99:a5:00:f4 Uploading stub... Running stub... Stub running... Configuring flash size... Verifying 0x15f330 (1438512) bytes @ 0x00000000 in flash against roomsense-web20240823.bin... -- verify OK (digest matched) Hard resetting via RTS pin...
- Tried a power cycle by unplugging and then plugging back the USB power supply.
Still no luck! Sorry for bothering you all. Could I get some suggestion on where I'm going wrong? Do I need to make some changes in the flash command such as address etc?
Use the recovery binary and flash it with esptool.py
This worked. Many thanks. I however had already order another unit.
alexcote1
commented
1 week ago @Kanaye dont know why the devs are ignoring you, i was tired of having 2 paper weights so i made a hacky fix so i can at least use the device https://github.com/alexcote1/roomsense-iq-password-fix/tree/main .
russellmilliner
commented
1 week ago @alexcote1 Good temp solution to search/replace the string in the bin file!
Hi 👋 I got a few units from the crowdsuppy campain today. While the hardware is very nice, I quickly discovered a few things I'm not comfortable with:
1️⃣ the devices seem to support some bluetooth standard that enables them to provide some information (like motion and occupancy) without authentication. This is a privacy and security concern for me as a local attacker could (without authentication) check from within bluetooth range (which can be extended greatly with the right hardware) if someone is within a zone. It would be great if this feature could be disabled from within the settings.
2️⃣ The devices web interface doesn't allow to set a password for restricting access. This allows anyone with network access to the device to change settings and to update the firmware. As the firmware isn't open source (btw. will this change ? or will the firmware always be closed source?) I can't verify if this is the case, but if the updater doesn't include some kind of signature verification, an attacker with network access to the device (see 3️⃣ ) would not only be able to do the same as in 1️⃣ but also be able to exchange the firmware with their own. For example to read out the stored wifi password or mqtt authentication data.
3️⃣ The device doesn't disable its build-in access point after connection to a network. It also doesn't allow one to disable it from settings and doesn't allow to change the default password. This is a major flaw as an attacker in wifi-range therefore will always be able to execute the attacks described in 2️⃣ without any sort of protection. An AP with a non-changeable default passwort should be considered an open-access AP.
If you prefer I'm happy to split this one issue into multiple once. This way or another I quite like the devices functionality and hardware wise, but sadly these flaws make them unusable for me, so I hope that they'll be addressed in a future firmware update.
Thanks