Generate custom patch for CC3200 hackiebox_ng bootloader

[SciLor]

In some cases, people need a custom IP patch for the CC3200

The following file could be the base:

https://github.com/toniebox-reverse-engineering/hackiebox_cfw_ng/blob/master/sd-bootloader-ng/bootmanager/sd/revvox/boot/patch/altUrl.305.json

target name could be altUrl.custom.305.json

It could be a guide based system like the esp32:

• Ask the user if he really needs a custom IP/Domain (custom DNS or fritzbox)
• If not, user should enter IP or Domain.
• Check max length
• generate patch
• Instructions to put it into the patch dir of the cc3200 microSD and instructions to edit the patch name in ngCfg.json for ofw2

https://github.com/toniebox-reverse-engineering/hackiebox_cfw_ng/blob/master/sd-bootloader-ng/bootmanager/sd/revvox/boot/ngCfg.json

This could be enhanced into a more detailed guide later to install the bootloader itself.

[henryk86]

@SciLor : proposed 5 Steps Dialog

Steps headlines are links, so you can open patch file step directly.

Step 0 - Preparations

Install CC3200 tool and connect to toniebox

Link to guide or even guide itself.

[Button Cancel] [Proceed with custom bootloader] [Proceed without custom bootloader]

(Click on Proceed without custom bootloader will lead to purely cc3200 tool way)

Step 1 - Bootloader

Install Bootloader

Link to guide or even guide itself.

[Button Back] [Button Bootloader installed]

Step 2 - Certificates

Dump Certificates and Flash replacement CA

Link to Guide or even guide itself.

[Button Back] [Button Certificates dumped and C2.der flashed]

Step 3 - Patches

Custom IP/Domain

Some text like do you really need a custom IP/Domain Inputfield for IP / DNS

[Button Back] [Button Create Patch] [Button Next]

(Click on Create) Confirm Dialog

(confirm) Download starts of Patch File as "altUrl.custom.305.json"

Step 4 - Applying Patches

Apply Patch Instruction

Some guideline

Now turn on you box and wait for some seconds.

[Button Back] [Button Check Available Boxes]

(Click Check Available Boxes) API Call GetBoxes, Show found boxes.

[henryk86]

Applying patches guideline

The configuration of the custom Bootloader is done within the configuration file ngCfg.json located on your Toniebox SD card in directory sd://revvox/boot ((you should have already placed all hackiebox NG bootloader files on your Toniebox SD card in step 2).

Collapse: Technical details of the configuration file

Configuration

The configuration for the bootloader is saved within sd:/revvox/boot/ngCfg.json. All sections or keys starting with an underscore "_" are comments and will be ignored.

The configuration file consists of a general section and dedicated sections for the 9 available firmware slots.

General Section

Key	Description	Values	Default
activeImg	Sets the firmware slot to select at startup	ofw1, ofw2, ofw3, cfw1, cfw2, cfw3, add1, add2, add3	ofw1
waitForPress	Waits for an earpress on startup with a blink sequence (blue, green, cyan, black)	true, false	false
waitForBoot	Waits for an earpress on before firmware boot with a blink sequence (blue, green, cyan, black)	true, false	false
waitTimeoutInS	Timeout in seconds for waitForPress if no earpress (hibernation)	1-255	60
minBatteryLevel	Poweroff voltage to protect the battery. Divide through 2785 to get voltage (Standard 3.18V)		8869
ofwFixValue	Magic bytes to be placed into the OFW Image during boot (can be extracted from OFW BL data[-8:-4])	hex array with 4 bytes	["4C", "01", "10", "00"]
ofwFixFlash	Magic bytes read from the ofw bootloader on flash	ex. /sys/pre-img.bin
serialLog	Enable log to UART (TX) @921600 baud. Only works for debug build!	true, false	true
logLevel	Set Log level 0:Trace - 5:Fatal	0-5	DEBUG_LOG_LEVEL
logColor	Enable colored log	true, false	false

Firmware Section

There are nine firmware slots, named ofw1, ofw2, ofw3, cfw1, cfw2, cfw3, add1, add2 and add3.

Key	Description	Values	Default
checkHash	Check hash of firmware	true, false	true
hashFile	Chech hash from ng-XXX?.sha file (true) or from the last 64 byte of the firmware itself (ofw)	true, false	false
watchdog	Keep watchdog enabled when booting firmware (if booting fails, box will restart)	true, false	false
ofwFix	Add magic bytes to the firmware image to make ofw directly boot	true, false	false
ofwSimBL	Read image to boot from flash:/sys/mcubootinfo.bin and load the image from flash:/sys/mcuimgN.bin instead of reading from sd (like the ofw bootloader)	true, false	false
bootFlashImg	Read firmware from file on flash	true, false	false
flashImg	Path to the file on flash	ex. /sys/pre-img.bin
patches	List of patches to load, see patch directory or patch wiki	["noCerts.305", "noPass3.305"]	[]

If you want to use your Toniebox with Teddycloud we recommend using the second firmware slot. So set in the general configuration section the element "activeImg" to "ofw2".

If you have created the altUrl.custom.305 patch, you should copy the patch file onto your Toniebox SD card to sd://revvox/boot/patch. After that you can add the patch in the configuration section of the second firmware slot (ofw2). Be aware, that only one altUrl-Patch is applied. Please remove altUrl.tc.fritz.box and/or altUrl.305 if they are present in the configuration.

Collapse: Example ngCfg.json with altUrl.custom.305 patch using ofw2

    "general": {
        "activeImg": "ofw2",
        "_descWaitForPress": "Waits for an earpress on startup",
        "waitForPress": false,
        "_descWaitForBoot": "Waits for an earpress before firmware boot",
        "waitForBoot": false,
        "waitTimeoutInS": 60,
        "_descMinBatteryLevel": "Divide through 2785 to get voltage",
        "minBatteryLevel": 8869,
        "ofwFixFlash": "/sys/pre-img.bin",
        "_descSerialLog": "Logging only works with the debug build!",
        "serialLog": false,
        "_descLogLevel": "0:Trace - 5:Fatal",
        "logLevel": 0,
        "_descLogColor": "Use colors in log output",
        "logColor": false
    },
    "ofw1": {
        "checkHash": false,
        "hashFile": false,
        "watchdog": true,
        "bootFlashImg": true,
        "flashImg": "/sys/pre-img.bin"
    },
    "ofw2": {
        "checkHash": true,
        "hashFile": false,
        "watchdog": true,
        "ofwFix": true,
        "ofwSimBL": true,
        "patches": ["altCa.305", "altUrl.custom.305"]
    },
    "ofw3": {
        "checkHash": true,
        "hashFile": false,
        "watchdog": true,
        "ofwFix": true,
        "patches": ["altCa.305", "altUrl.tc.fritz.box"]
    },
    "cfw1": {
        "checkHash": false,
        "hashFile": false,
        "watchdog": true
    },
    "cfw2": {
        "checkHash": false,
        "hashFile": false,
        "watchdog": true
    },
    "cfw3": {
        "checkHash": false,
        "hashFile": false,
        "watchdog": true
    },
    "add1": {
        "checkHash": true,
        "hashFile": false,
        "watchdog": true,
        "ofwFix": true,
        "ofwSimBL": false,        
        "patches": ["blockCheck.310", "noCerts.305", "noPass3.310", "noPrivacy.305", "uidCheck.307"]
    },
    "add2": {
        "checkHash": true,
        "hashFile": false,
        "watchdog": true,
        "ofwFix": true,
        "ofwSimBL": false,
        "patches": ["altCa.305", "altUrl.305"]
    },
    "add3": {
        "checkHash": true,
        "hashFile": false,
        "watchdog": true,
        "ofwFix": true,
        "ofwSimBL": false,
        "patches": ["altCa.305", "altUrl.305"]
    }
}

If you have modified the ngCfg.json as instructed, please reassemble your Toniebox and power it on. Do a freschnessccheck, wait a moment, then click 'Show available boxes' to display the available Tonieboxes in your TeddyCloud.

[SciLor]

I suggest removing the .json, as this may result in people appending .json to the ngCfg patches

Please remove the altUrl.tc.fritz.box.json and/or altUrl.305.json if they are present in the configuration.

Please remove the altUrl.tc.fritz.box and/or altUrl.305 if they are present in the configuration.