OTA update

[johnypony3]

Thanks for your work. I hate these bulbs, only things that are fiddly af. Could you elaborate on the part about OTA? i saw port 5555 was open and i can build firmware, is there a password?

[yangqian]

Port 5555 is the port that you connect to the bulb locally. All communications are unencrypted.

I also once sniffed the traffic it talks to the cloud server. In the json response, I see that they provide the OTA url via http://. So, in principle, MITM works. But I did not dig further on how to trigger OTA upgrade if you could fake a firmware upgrade. I did not have the soldering tools so I guess if OTA fails I would brick the bulbs permanently.

P.S. Their bussiness looks shady. Before my purchase, they promised that OTA is possible before purchase but they refuse to tell you how to OTA after purchase...

[johnypony3]

Ive been building firmware files for most of my stuff. If you have that url and port i can try deploying what i have. I think 5555 and 80 are open. 80 returns a page that says something stupid, like this site doesn't exist lol. On Aug 30, 2022 at 5:08 PM -0700, yangqian @.***>, wrote:

Port 5555 is the port that you connect to the bulb locally. All communications are unencrypted. I also once sniffed the traffic it talks to the cloud server. In the json response, I see that they provide the OTA url via http://. So, in principle, MITM works. But I did not dig further on how to trigger OTA upgrade if you could fake a firmware upgrade. I did not have the soldering tools so I guess if OTA fails I would brick the bulbs permanently. P.S. Their bussiness looks shady. Before my purchase, they promised that OTA is possible before purchase but they refuse to tell you how to OTA after purchase... — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[johnypony3]

also, i have the soldering equipment to reflash, thats what im planning on doing anyway.

[yangqian]

I received the following flashing tools from the cozylife team. It is a tool under windows. I have not tested them. CozyLife_Assist_V1.0.zip

I received a link for a specific developer board. Not sure if corresponds to the actual hardware they used in the bulbs, smart plugs, etc.

[yangqian]

They were using http://api-us.doiting.com/api/device_product/model for a catalog of their products and http://api-cn.doiting.com/storage/firmware/20210909/885049b40de93efddcb3319dd782ddfc.ota for the ota upgrade on Nov. 2021. But they seems to nolonger using these urls. The ota I downloaded is 885049b40de93efddcb3319dd782ddfc.ota.zip

[johnypony3]

Thanks man! Going to try to put this info to good use. On Sep 1, 2022 at 5:57 PM -0700, yangqian @.***>, wrote:

They were using http://api-us.doiting.com/api/device_product/model for a catalog of their products and http://api-cn.doiting.com/storage/firmware/20210909/885049b40de93efddcb3319dd782ddfc.ota for the ota upgrade on Nov. 2021. But they seems to nolonger using these urls. The ota I downloaded is 885049b40de93efddcb3319dd782ddfc.ota.zip — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>