Recovery

[hanshaze]

My WHID Injector was formatted.....and i have no idea wtf i have to do to get this nice little tool back to life again......wish it would be easy as the rubberducky fw-flash was back in the days....so heres the question ---> how can i restore to the default Settings to be able to use all functions?

Please explain how to do with Arduino IDE and the FlashingTool-exe....

Flasher

Arduino IDE

Do i have to flash fw twice? if yes, go further into details please......

Why are in this FlashingTool under the Tab "Configuration" a few empty boxes for bin-files to use? Do i have to add more than one bin? If yes, please tell me which one i have to choose?

And whats the point of the adresses of the bin files e.g. 0x0000, 0x01000 and so one? I think it starts with 0x0000 and goes upon with every bin file, right?

[exploitagency]

Formatted? Formatting SPIFFS through the web interface is safe and if cancelled before completion simply restores the default config, if you wait it saves current config. I hope this is what you mean.

Otherwise follow the flashing instructions and videos.

[exploitagency]

Also here are serial recovery instructions if you have not literally flashed your device.

https://github.com/exploitagency/ESPloitV2

[hanshaze]

ok......my mistake was to select the Connect-to-my-WLAN-option via web-interface without setting up creds.....after reboot the stick wasnt available via browser......and 200 "flashed" ino files later im here......at least, after i followed the readme the ide gave me something like "enjoy it" as message in the console.....but still no connection to 192.168.1.1........hope you can help me......if not.....well, nice looking usb-stick-dummy :-D

by the way, thats the exact message in console ---> `C:\Program Files (x86)\Arduino\arduino-builder -dump-prefs -logger=machine -hardware C:\Program Files (x86)\Arduino\hardware -hardware C:\Users\dakra\AppData\Local\Arduino15\packages -tools C:\Program Files (x86)\Arduino\tools-builder -tools C:\Program Files (x86)\Arduino\hardware\tools\avr -tools C:\Users\dakra\AppData\Local\Arduino15\packages -built-in-libraries C:\Program Files (x86)\Arduino\libraries -libraries C:\Users\dakra\Documents\Arduino\libraries -fqbn=arduino:avr:LilyPadUSB -vid-pid=0X1B4F_0X9208 -ide-version=10805 -build-path C:\Users\dakra\AppData\Local\Temp\arduino_build_839061 -warnings=none -build-cache C:\Users\dakra\AppData\Local\Temp\arduino_cache_823071 -prefs=build.warn_data_percentage=75 -prefs=runtime.tools.avr-gcc.path=C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avr-gcc\4.9.2-atmel3.5.4-arduino2 -prefs=runtime.tools.avrdude.path=C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avrdude\6.3.0-arduino9 -prefs=runtime.tools.arduinoOTA.path=C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\arduinoOTA\1.1.1 -verbose C:\Users\dakra\AppData\Local\Temp\untitled889894694.tmp\sketch_apr05a\sketch_apr05a.ino C:\Program Files (x86)\Arduino\arduino-builder -compile -logger=machine -hardware C:\Program Files (x86)\Arduino\hardware -hardware C:\Users\dakra\AppData\Local\Arduino15\packages -tools C:\Program Files (x86)\Arduino\tools-builder -tools C:\Program Files (x86)\Arduino\hardware\tools\avr -tools C:\Users\dakra\AppData\Local\Arduino15\packages -built-in-libraries C:\Program Files (x86)\Arduino\libraries -libraries C:\Users\dakra\Documents\Arduino\libraries -fqbn=arduino:avr:LilyPadUSB -vid-pid=0X1B4F_0X9208 -ide-version=10805 -build-path C:\Users\dakra\AppData\Local\Temp\arduino_build_839061 -warnings=none -build-cache C:\Users\dakra\AppData\Local\Temp\arduino_cache_823071 -prefs=build.warn_data_percentage=75 -prefs=runtime.tools.avr-gcc.path=C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avr-gcc\4.9.2-atmel3.5.4-arduino2 -prefs=runtime.tools.avrdude.path=C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avrdude\6.3.0-arduino9 -prefs=runtime.tools.arduinoOTA.path=C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\arduinoOTA\1.1.1 -verbose C:\Users\dakra\AppData\Local\Temp\untitled889894694.tmp\sketch_apr05a\sketch_apr05a.ino Using board 'LilyPadUSB' from platform in folder: C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\hardware\avr\1.6.21 Using core 'arduino' from platform in folder: C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\hardware\avr\1.6.21 Detecting libraries used... "C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avr-gcc\4.9.2-atmel3.5.4-arduino2/bin/avr-g++" -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -flto -w -x c++ -E -CC -mmcu=atmega32u4 -DF_CPU=8000000L -DARDUINO=10805 -DARDUINO_AVR_LILYPAD_USB -DARDUINO_ARCH_AVR -DUSB_VID=0x1B4F -DUSB_PID=0x9208 '-DUSB_MANUFACTURER="Unknown"' '-DUSB_PRODUCT="LilyPad USB"' "-IC:\Users\dakra\AppData\Local\Arduino15\packages\arduino\hardware\avr\1.6.21\cores\arduino" "-IC:\Users\dakra\AppData\Local\Arduino15\packages\arduino\hardware\avr\1.6.21\variants\leonardo" "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061\sketch\sketch_apr05a.ino.cpp" -o "nul" Generating function prototypes... "C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avr-gcc\4.9.2-atmel3.5.4-arduino2/bin/avr-g++" -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -flto -w -x c++ -E -CC -mmcu=atmega32u4 -DF_CPU=8000000L -DARDUINO=10805 -DARDUINO_AVR_LILYPAD_USB -DARDUINO_ARCH_AVR -DUSB_VID=0x1B4F -DUSB_PID=0x9208 '-DUSB_MANUFACTURER="Unknown"' '-DUSB_PRODUCT="LilyPad USB"' "-IC:\Users\dakra\AppData\Local\Arduino15\packages\arduino\hardware\avr\1.6.21\cores\arduino" "-IC:\Users\dakra\AppData\Local\Arduino15\packages\arduino\hardware\avr\1.6.21\variants\leonardo" "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061\sketch\sketch_apr05a.ino.cpp" -o "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061\preproc\ctags_target_for_gcc_minus_e.cpp" "C:\Program Files (x86)\Arduino\tools-builder\ctags\5.8-arduino11/ctags" -u --language-force=c++ -f - --c++-kinds=svpf --fields=KSTtzns --line-directives "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061\preproc\ctags_target_for_gcc_minus_e.cpp" Sketch wird kompiliert... "C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avr-gcc\4.9.2-atmel3.5.4-arduino2/bin/avr-g++" -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -MMD -flto -mmcu=atmega32u4 -DF_CPU=8000000L -DARDUINO=10805 -DARDUINO_AVR_LILYPAD_USB -DARDUINO_ARCH_AVR -DUSB_VID=0x1B4F -DUSB_PID=0x9208 '-DUSB_MANUFACTURER="Unknown"' '-DUSB_PRODUCT="LilyPad USB"' "-IC:\Users\dakra\AppData\Local\Arduino15\packages\arduino\hardware\avr\1.6.21\cores\arduino" "-IC:\Users\dakra\AppData\Local\Arduino15\packages\arduino\hardware\avr\1.6.21\variants\leonardo" "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061\sketch\sketch_apr05a.ino.cpp" -o "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061\sketch\sketch_apr05a.ino.cpp.o" Compiling libraries... Compiling core... Using precompiled core Linking everything together... "C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avr-gcc\4.9.2-atmel3.5.4-arduino2/bin/avr-gcc" -w -Os -g -flto -fuse-linker-plugin -Wl,--gc-sections -mmcu=atmega32u4 -o "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/sketch_apr05a.ino.elf" "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061\sketch\sketch_apr05a.ino.cpp.o" "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/..\arduino_cache_823071\core\core_arduino_avr_LilyPadUSB_443f730033043e9a5e9af5c700e5cfb6.a" "-LC:\Users\dakra\AppData\Local\Temp\arduino_build_839061" -lm "C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avr-gcc\4.9.2-atmel3.5.4-arduino2/bin/avr-objcopy" -O ihex -j .eeprom --set-section-flags=.eeprom=alloc,load --no-change-warnings --change-section-lma .eeprom=0 "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/sketch_apr05a.ino.elf" "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/sketch_apr05a.ino.eep" "C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avr-gcc\4.9.2-atmel3.5.4-arduino2/bin/avr-objcopy" -O ihex -R .eeprom "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/sketch_apr05a.ino.elf" "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/sketch_apr05a.ino.hex" Der Sketch verwendet 3610 Bytes (12%) des Programmspeicherplatzes. Das Maximum sind 28672 Bytes. Globale Variablen verwenden 149 Bytes (5%) des dynamischen Speichers, 2411 Bytes für lokale Variablen verbleiben. Das Maximum sind 2560 Bytes. Erzwinge Reset durch öffnen/schließen mit 1200 bps auf dem Port COM10 PORTS {COM10, } / {} => {} PORTS {} / {COM9, } => {COM9, } Found upload port: COM9 C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avrdude\6.3.0-arduino9/bin/avrdude -CC:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avrdude\6.3.0-arduino9/etc/avrdude.conf -v -patmega32u4 -cavr109 -PCOM9 -b57600 -D -Uflash:w:C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/sketch_apr05a.ino.hex:i

avrdude: Version 6.3, compiled on Jan 17 2017 at 12:00:53 Copyright (c) 2000-2005 Brian Dean, http://www.bdmicro.com/ Copyright (c) 2007-2014 Joerg Wunsch

     System wide configuration file is "C:\Users\dakra\AppData\Local\Arduino15\packages\arduino\tools\avrdude\6.3.0-arduino9/etc/avrdude.conf"

     Using Port                    : COM9
     Using Programmer              : avr109
     Overriding Baud Rate          : 57600
     AVR Part                      : ATmega32U4
     Chip Erase delay              : 9000 us
     PAGEL                         : PD7
     BS2                           : PA0
     RESET disposition             : dedicated
     RETRY pulse                   : SCK
     serial program mode           : yes
     parallel program mode         : yes
     Timeout                       : 200
     StabDelay                     : 100
     CmdexeDelay                   : 25
     SyncLoops                     : 32
     ByteDelay                     : 0
     PollIndex                     : 3
     PollValue                     : 0x53
     Memory Detail                 :

                              Block Poll               Page                       Polled
       Memory Type Mode Delay Size  Indx Paged  Size   Size #Pages MinW  MaxW   ReadBack
       ----------- ---- ----- ----- ---- ------ ------ ---- ------ ----- ----- ---------
       eeprom        65    20     4    0 no       1024    4      0  9000  9000 0x00 0x00
       flash         65     6   128    0 yes     32768  128    256  4500  4500 0x00 0x00
       lfuse          0     0     0    0 no          1    0      0  9000  9000 0x00 0x00
       hfuse          0     0     0    0 no          1    0      0  9000  9000 0x00 0x00
       efuse          0     0     0    0 no          1    0      0  9000  9000 0x00 0x00
       lock           0     0     0    0 no          1    0      0  9000  9000 0x00 0x00
       calibration    0     0     0    0 no          1    0      0     0     0 0x00 0x00
       signature      0     0     0    0 no          3    0      0     0     0 0x00 0x00

     Programmer Type : butterfly
     Description     : Atmel AppNote AVR109 Boot Loader

Connecting to programmer: . Found programmer: Id = "CATERIN"; type = S Software Version = 1.0; No Hardware Version given. Programmer supports auto addr increment. Programmer supports buffered memory access with buffersize=128 bytes.

Programmer supports the following devices: Device code: 0x44

avrdude: devcode selected: 0x44 avrdude: AVR device initialized and ready to accept instructions

Reading | ################################################## | 100% -0.00s

avrdude: Device signature = 0x1e9587 (probably m32u4) avrdude: reading input file "C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/sketch_apr05a.ino.hex" avrdude: writing flash (3610 bytes):

Writing | ################################################## | 100% 0.30s

avrdude: 3610 bytes of flash written avrdude: verifying flash memory against C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/sketch_apr05a.ino.hex: avrdude: load data flash data from input file C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/sketch_apr05a.ino.hex: avrdude: input file C:\Users\dakra\AppData\Local\Temp\arduino_build_839061/sketch_apr05a.ino.hex contains 3610 bytes avrdude: reading on-chip flash data:

Reading | ################################################## | 100% 0.05s

avrdude: verifying ... avrdude: 3610 bytes of flash verified

avrdude done. Thank you. `

and then --->

[exploitagency]

You could have sent a simple command over serial to recover in that situation. Should have read the docs...

[exploitagency]

Flash the 32u4 sketch and follow serial recovery instructions. I bet you havent actually flashed the esp module.

[exploitagency]

https://github.com/exploitagency/ESPloitV2/blob/master/README.md#resetting-to-default-configurationrecovering-device

[exploitagency]

Either way it will be easy to recover. Please be sure to update us.

[whid-injector]

[whid-injector]

Looong time ago I also recorded a video... which is mentioned in the wiki you probably didn't read (carefully)... https://github.com/whid-injector/WHID/wiki#how-to-configure-whid-software-windows

https://www.youtube.com/watch?v=MRGUSPW-Cr0

[hanshaze]

Words of wisdom.... Thanks for help anyway ^^

[whid-injector]

Sorry if I sounded too sarcastic! It is friday!

[hanshaze]

ok.....stopped 5mins ago tweaking for today............

heres what ive done so far

• doubleclick the first ino file ( WHID --> Tools --> ESP Programmer)

• add JSON package...whatever -build and upload to the dongle

• unplug dongle, close all windows

• use terminal to type in this command --> "sudo python esptool.py -p COMxx erase_flash"

• now i doubleclicked the 2nd fw and compiled it to a bin file, exported it and closed the arduino ide

• next step was to open the flashtool.exe as admin, browse to the bin file, checked the other settings like port and stuff like that,

• finally just push the button #plugnpray

......im done for 2day.....

[hanshaze]

"Chapter 2: Find the not yet bound in sketches and librarys, add them to the NOW KNOWN working inos, recompile and retry" IM COMING!!!!!

[exploitagency]

Did you even try my suggestion before you went and erased the esp? It could have been saved via a serial command.

Why are you trying to flash 3 different firmware onto the ESP?

BE SURE TO FLASH BACK THE 32U4 SKETCH BEFORE TESTING THE ESP!

The 32u4 sketch literally turns on the esp enable pin.

[exploitagency]

There are precompiled binaries in the ESPloit repo I linked. I suggest you use the latest one from the releases page.

[exploitagency]

Luca can you add the serial recovery instructions I linked earlier to somewhere obvious in your wiki page in case someone locks themselves out of the web interface again. This should have been a 5 second fix and not a flashing tutorial.

[hanshaze]

I stop now with the shit, would be more productive to sort logfiles .... have to take an hour or two to count sheep ^ ^

[hanshaze]

If someone is interested, thats a quick description ---->

Step 1: Open Arduino IDE, Insert dongle, Open ESploit esp8826-programmer-ino, compile and upload to dongle

Step 2: Open ESP-Sketch-ino, compile to bin via IDE and upload somehow (flasher, esptool, ...) to dongle

Step 3: Open 32u4-ino via IDE, compile and upload.......

Step 4: Check for WLAN "Exploit" with pw "DotAgency"

Where do i edit the password in the ino file? Because i think i have to edit before i compile......

If i try to connect with this wlan windows says "not possible".........WTF?

[whid-injector]

in ESPLOITV2 you can change in the settings. No need to modify any .ino...

Read esploitv2 readme!

Best Regards, Luca

On 10 Apr 2018, at 19:01, Hans Haze notifications@github.com wrote:

If someone is interested, thats a quick description ---->

Step 1: Open Arduino IDE, Insert dongle, Open ESploit esp8826-programmer-ino, compile and upload to dongle

Step 2: Open ESP-Sketch-ino, compile to bin via IDE and upload somehow (flasher, esptool, ...) to dongle

Step 3: Open 32u4-ino via IDE, compile and upload.......

Step 4: Check for WLAN "Exploit" with pw "DotAgency"

Where do i edit the password in the ino file? Because i think i have to edit before i compile......

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

[exploitagency]

Stop ignoring my advice... I wrote ESPloitv1/v2 software so I think I have some credibility when it comes to giving it. The link I sent you previously even takes you to the relevant section of the readme.

Read the below and issue ResetDefaultConfig:OpenNetwork via serial.

Resetting to default configuration/Recovering device Plug the device into your computer. Open the Arduino IDE. Select Tools - Board - "LilyPad Arduino USB". Select Tools - Port and the port the device is connected to. Select Tools - "Serial Monitor". Select "38400 baud". Now type in "ResetDefaultConfig:". Without the quotes but be sure to include the colon symbol. Click Send. You should now receive the following reply "Resetting configuration files back to default settings." Wait about 15 seconds or until the LED blinks and unplug and replug in the device. The device has now been reset back to default settings. Connect to the Access Point with the SSID "Exploit" with a password of "DotAgency". Open a web browser pointed to "http://192.168.1.1" The default administration username is "admin" and password "hacktheplanet".

NOTE: Certain devices seem to have trouble connecting to a password protected ESP8266 access point. The symptoms of this involve repeatedly being prompted to enter the password and being unable to connect to the ESP8266 via WiFi. This can be solved by following the above instructions but instead issuing the command "ResetDefaultConfig:OpenNetwork" via serial. The device will be restored to the factory defaults(with the exception of now being an unsecured network). The device will reboot and you may now connect to it as an unsecured WiFi access point with an SSID of "Exploit". You should now be able to establish a connection.

[exploitagency]

Like I said before the serial recovery command is all you EVER need to do if you get locked out of the web interface and there is no need to flash the device except for updates and those are made easy with the ESP portion being updated via the web interface and the 32u4 being updated via Arduino IDE. Please once you get in to the web interface, click on Update Firmware, then flash the latest precompiled binary from https://github.com/exploitagency/esploitv2/releases because I am unsure what versions of libraries or SDK you used to compile.

[exploitagency]

Now the latest ESP SDK does have some bug fixes and I plan on making sure everything is backwards compatible soon with the latest SDK and then also perhaps trying to run the ESP at 160MHz but that will take some time to test as ESPloit has a ton of different features and advanced settings. But when you get more comfortable with things perhaps you should give it a shot as well.

[hanshaze]

@all THANKS....and sorry that I am not yet in the matter.......never had to do anything with arduino ide

[hanshaze]

man, how stupid I have been ..... 3 days of my life wasted for a matter of not even a minute :-D knew how to save well known energy ..... lol

[exploitagency]

You finally did the serial recovery and now your problem is solved right?

[hanshaze]

yes, but somehow the last few times i became no output back in the serial mon console......maybe the reason for this is somehow connected to the devices in my other ports.......and i dont mean wrong port conf......but anyway, now i could start a timeattack challenge in reflashing ^^

[exploitagency]

Next time do not reflash, all that is needed is to perform the serial recovery methods in the event of setting an inproper configuration.

[hanshaze]

ok ^^