Root and update from ANY firmware level (copy/paste code friendly)

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Root and update from ANY firmware level (copy/paste code friendly)

Postby CloneNum3 » Sun Sep 18, 2016 10:41 pm

Yes, ANY firmware level including firmware before the DNS snafu.

To gain root, connect via UART and Ground pin#29 See:http://www.rootwink.com/viewtopic.php?f=4&t=72

Code: Select all

setenv bootargs 'noinitrd console=ttyAM0,115200 rootfstype=ubifs ubi.mtd=5 root=ubi0:rootfs rw gpmi init=/bin/sh';
nand read ${loadaddr} app-kernel 0x00400000 && bootm ${loadaddr}


Enable SSH
Note: the entire blob below should be able to copy/paste at once but suggest copy/pasting line by line.

Code: Select all

mount -a
ubiattach -p /dev/mtd3
mount -t ubifs ubi1:database /database
touch /database/ENABLE_SSH
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2nCGCGeaPSWseFqi/ctWeamK56qlBmIcr0L9K0ZaAq43BHfITtLL7mteZMJYSn8PX3JMKNFJiCvvSW8gla2s4aBqb9F1EjazDKJnWKyzzdgEeUqr0T7t2pltvxxoZ/z/wEVMB5AKD9TjjTXRSoEBF7AJ/OfhjKHQiO5TLWPlUtk= rsa_1024_no-plus' > /database/authorized_keys
chmod 600 /database/authorized_keys
sleep 3
# Optional: enable UART login
sed -i 's/^#ttyAM0/ttyAM0/g' /etc/inittab
# Optional: remove password for UART login (allows you to simply press enter when prompted for root password at root user serial UART login)
sed -i 's/^root.*$/root::0:0:99999:7:::/g' /etc/shadow
# Work-around for update from pre-wink-snafu update level
sed -i 's/\([0-9]\)"$/\1 --insecure"/g' /root/platform/platform.config


Note: For best results, this should be done while phone device is connected to the same 2.4ghz access point the hub will connect to. Also be sure bluetooth is ON.

Power off and back on device

Add device to wink account via wink app and update via app when prompted

At least as of this post, root will persist though standard updates via the app.

At this point, the hub should be at "rootfs" 02.68 and "updater-rootfs" 00.10.

Optional: Update "updater-rootfs" from 00.10 to 00.22 (I am not aware of any negatives... or positives... in doing this)

Code: Select all

cat << EOF > /database/cf_url
sw_pkg_url=https://hub-updates.winkapp.com/00.01/02.68/upgrade_00.01.txt
md5_manifest=346046b0ce311d3b6342fdf033261594
EOF
cat << EOF > /database/cf_cert
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumZE0qsNgtTQNCOhqx8+
+3DQG33HIvgqdPJ9qa4A9rdtuTADJ3FUnO53+EQYFuZaZ8RK76DQddtqCUzRyra7
JI9RTXxYX4VWxTMEfKMoi2R79BFPOXg61Q3ZCZ4RP2gz1Mkso59ULNziLmeSQwSK
udeTSmkcLUql9Ygtx8iro+JiFBr6wwyLFm+KblkRvk7aYjctdJvGOGUfoYKyKQJz
5mXQiHoCqpkqdNL436paQjsxIdcEqu+iRl8n2BIgDqxHg1ZTdiNe6NIyohkaG97r
Rfzv2LZQ9zgfdQfGArwc9B+AGyKFJ4FgW0SdCmZSNrpqoEVCS1Xuw8QLe6oraMuC
MwIDAQAB
-----END PUBLIC KEY-----
EOF
/root/platform/upgrade.sh

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Re: Root and update from ANY firmware level (copy/paste code friendly)

Postby CloneNum3 » Thu Nov 10, 2016 4:29 pm

variable wrote:The RSA key you're using, is that one you generated or did that come out of something already stored on the hub?


One I generated...

History: in the early stages, there was a PHP exploit where you could do a special curl post to write your public key via a post command... the post command wasn't very friendly with the plus character... so I ran a pub/private key generation loop until there was no plus in the public or private key and have been using that key pair for my generic testing ever since.

The current wink 1 firmware should be 02.68

Code: Select all

board_id=00.01
group_id=0
sw_pkg_url=https://hub-updates.winkapp.com/00.01
fparts=4
alt_pkg_url=https://wink-hub-images.s3.amazonaws.com/00.01
fdest0=/dev/mtd1
fver0=00.01
foff0=0
ftype0=0
fsrc0=updater-uImage
md5sum0=11b29593183c2b94a85b333c03a3b52c
fdest1=/dev/mtd2
fver1=00.10
foff1=0
ftype1=1
fsrc1=updater-rootfs.ubi
md5sum1=ee0abbce60690c99656aa41d654cbcc8
fdest2=/dev/mtd4
fver2=00.01
foff2=0
ftype2=0
fsrc2=app-uImage
md5sum2=11b29593183c2b94a85b333c03a3b52c
fdest3=/dev/mtd5
fver3=02.68
foff3=0
ftype3=1
fsrc3=app-rootfs.ubi
md5sum3=cf544fffa033808f06feebf561e9ab55

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Re: Root and update from ANY firmware level (copy/paste code friendly)

Postby CloneNum3 » Thu Nov 10, 2016 8:51 pm

I stand corrected...

Code: Select all

00.01
00.22
00.01
3.3.26

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Re: Root and update from ANY firmware level (copy/paste code friendly)

Postby CloneNum3 » Fri Nov 11, 2016 4:02 pm

variable wrote:Short of it, somehow my 'crontab' file in /etc disappeared and I can't figure out why/where... the one in /usr/bin is still there, but they be not the same :) If you/someone happens to get a chance, I don't suppose I could get a copy/paste of theirs - I imagine the 2.49 + one would work or give me a starting point to try and reconstruct whatever it wants... error below..

Code: Select all

root: Starting crond
crontab: can't open 'root': No such file or directory


I'm hoping I didn't manage to loose any other files too... I hate it when I don't know what I don't know! lol :roll:



hmm, not sure what crontab you're referring to... I am reasonably sure I have a standard load and I don't have any cron files in /etc

Code: Select all

[root@flex-dvt ~]# find / -name crontab
/usr/bin/crontab

[root@flex-dvt ~]# find /etc | grep -i cron
[root@flex-dvt ~]# 

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Re: Root and update from ANY firmware level (copy/paste code friendly)

Postby CloneNum3 » Fri Nov 11, 2016 4:11 pm

variable wrote:Anyway, did you happen to upgrade your Wink1 to the newest firmware? (3.etc)


Yes, my wink hub 1 updated to 3 just fine... I upgraded via the iPhone app.

Code: Select all

[root@flex-dvt ~]# for i in `find /database/cf_*`; do echo "[${i}]"; cat ${i}; done
[/database/cf_build]
00.01
[/database/cf_cert]
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumZE0qsNgtTQNCOhqx8+
+3DQG33HIvgqdPJ9qa4A9rdtuTADJ3FUnO53+EQYFuZaZ8RK76DQddtqCUzRyra7
JI9RTXxYX4VWxTMEfKMoi2R79BFPOXg61Q3ZCZ4RP2gz1Mkso59ULNziLmeSQwSK
udeTSmkcLUql9Ygtx8iro+JiFBr6wwyLFm+KblkRvk7aYjctdJvGOGUfoYKyKQJz
5mXQiHoCqpkqdNL436paQjsxIdcEqu+iRl8n2BIgDqxHg1ZTdiNe6NIyohkaG97r
Rfzv2LZQ9zgfdQfGArwc9B+AGyKFJ4FgW0SdCmZSNrpqoEVCS1Xuw8QLe6oraMuC
MwIDAQAB
-----END PUBLIC KEY-----
[/database/cf_fver0]
00.01
[/database/cf_fver1]
00.22
[/database/cf_fver2]
00.01
[/database/cf_fver3]
3.3.26-0-gf4fa1428f9-hub-app
[/database/cf_url]
sw_pkg_url=https://wink-hub-images.s3.amazonaws.com/wink-hub2/3.3.26-0-gf4fa1428f9-hub2-app-23a625a9-cff4-0686-2215-f80254bdaf0b
[root@flex-dvt ~]#


just a note... if you are unsure of the status of anything, you can force the hub to think it is out of date and have the factory update process blow it away and update it with the latest version...

Force overwrite of the app partition (standard OS)

Code: Select all

echo "00.01" > /database/cf_fver3


Force overwrite of the udpate partition (partition hub boots to in order to update the standard OS)

Code: Select all

echo "00.01" > /database/cf_fver1


In the process of updating, it overwrites the entire partition, not individual files. The /database partition is the only partition shared between both app and updater environments and does not get blown away.

And to date... as long as you have /database/authorized_keys with your public key and /database/ENABLE_SSH exists... you can do updates via the app or however you want maintaining root.

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Re: Root and update from ANY firmware level (copy/paste code friendly)

Postby CloneNum3 » Fri Nov 11, 2016 4:19 pm

variable wrote:I managed to re-create the url/cert from what you'd posted - side note, I used your md5 hash figuring it wouldn't work since it was from the 2.66 firmware, but was worth a try.. I was right, BUT, as part of its checks, it spits out a couple of lines, the first one being the md5 hash provided, and then a line with the correct one. I sighed having spent more time than I care to admit trying to figure out how to get the correct hash (I know nada in that dept - except in principal). If anyone else comes across this, here's what it looked like (I could probably have just put 12345 too):

Code: Select all

md5 non-match...
download: 3e3b2229c4cf28513f61e33ac4d642de
manifest: 346046b0ce311d3b6342fdf033261594
END
Upgrade failed...

Plug the new one in and viola!


The md5sum stuff is a sanity check to make sure it is downloading good code. I have done exactly what you did before to get out of a pickle, works well. Side note, I have backups of various firmware levels however 2.66 is not one of them.

Code: Select all

app-rootfs.ubi]$ ls
00.01  00.33  01.01  02.00  02.11  02.13  02.15  02.17  02.19  02.21  02.23  02.26  02.28  02.31  02.33  02.35  02.37  02.39  02.49  02.68  99.01  00.04  00.86  01.02  02.09  02.12  02.14  02.16  02.18  02.20  02.22  02.25  02.27  02.30  02.32  02.34  02.36  02.38  02.42  02.56  2.53.

updater-rootfs.ubi]$ ls
00.00  00.01  00.04  00.08  00.10  00.11  00.12  00.20  00.22

app-uImage]$ ls
00.01  00.04

updater-uImage]$ ls
00.01  00.04


If you want a particular version, let me know.

shelzmike
Posts: 6
Joined: Tue Aug 09, 2016 10:22 pm

Re: Root and update from ANY firmware level (copy/paste code friendly)

Postby shelzmike » Tue Dec 27, 2016 9:55 pm

I have had my Wink Rooted (using NAND Glitch) for a few months now. I bought it maybe 5 months ago and it still has the following firmware levels:

Code: Select all

[root@flex-dvt database]# for i in `find /database/cf_*`; do echo "[${i}]"; cat
${i}; done
[/database/cf_build]
00.01
[/database/cf_fver0]
00.01
[/database/cf_fver1]
00.12
[/database/cf_fver2]
00.01
[/database/cf_fver3]
01.03


I have never installed the Wink app on my phone (never even installed it on my phone as I was worried to do so, not really knowing the full scope of the rooted wink up do's and don'ts.

I have SSH without issue and use it all the time. As you can see above, I don't have the cf_cert (and don't really know what it is for).

I only use the WH locally and essentially have it as a slave to my OpenHab setup (that sends commands via a bash script that sends aprontest commands via persistent SSH commands. Works well enough.

I am having an issue with a Lightify RGBW Zigbee bulb (where it seems the bulb isn't presenting the attributes for R,G,B, hue, saturation. Not sure if this is an incompatibility issue (though have read other places where these bulbs should present these attributes to the Wink Hub) or if perhaps upgrading would help this issue.

I want to try upgrading, but want to, of course, be sure I preserve root. Your steps seem straight forward enough, but I am missing the importance of the cf_cert and why I don't have it? What should I do to take care of this? Thanks!


Return to “Root and update from any firmware level”

Who is online

Users browsing this forum: No registered users and 1 guest