Rooting out of the box

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Re: Rooting out of the box

Postby CloneNum3 » Tue Aug 25, 2015 12:13 pm

BuckSinister wrote:Old firmware Images?
Does anybody have copies of the the old firmware images that contained the php expolit? I would like to create a clone of the wink-hub-images.s3.amazonaws.com, but place the old image as the newest and change the checksums in the manifests, with the hope that my wink hub will autodowngrade. Has anyone tried this before?
I created a mini network, where the wink sites resolve to my own web servers. I have hit a bump in the road, since i can't find any rootable images to download to proceed further. Please contact me , send me a copy , or post a link to any old firmware you may be willing to share.


I have some various revisions of older firmware... I however do not see a point in ever going to an older version.

I see no reason why you wouldn't be able to go back to any firmware version you wanted. I can even help you get your wink to update back to whatever version you want with very minimal changes to the hub itself, but again, I don't see the point.

-CloneNum3

norm258
Posts: 3
Joined: Tue Sep 15, 2015 5:59 pm

Re: Rooting out of the box

Postby norm258 » Tue Sep 15, 2015 6:06 pm

I purchased a second Wink Hub because I was having issues with my first one. I let it boot up and configured it with the wink app. Then I let it upgrade the firmware like I did with my first one. It upgraded to 2.19.0? My other one was 1... something. I wasn't concerned until I did the nand short to root, and when I went to boot it, the kernel crashes! The hub is dead at that point. Any suggestions on recovery if possible?
Thanks
Norm

BuckSinister
Posts: 2
Joined: Mon Aug 03, 2015 6:51 am

Re: Rooting out of the box

Postby BuckSinister » Wed Nov 11, 2015 8:03 am

CloneNum3,

I dont know if this would work, I would appreciate your thoughts on this. My thought was to replace the current firmware with an older one that included the php vulnerability. Then poison dns to direct to a cloned firmware site, Thinking that maybe the hub could be tricked into downgrading automatically, and allowing us to gain root access without physically cracking open the box. After gaining root, the firmware could later be upgraded, while maintaining a backdoor. If it was possible, others could point to the same clone site by tricking out dns on thier lan and gain the same root access without using the uart exploit. Is this worth the effort? I have been hesitant to try the uart hack because i am not an electronics guy and am afraid of frying the hub. What are your thoughts?

BS

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Re: Rooting out of the box

Postby CloneNum3 » Tue Dec 22, 2015 11:46 pm

BuckSinister wrote:CloneNum3,

I dont know if this would work, I would appreciate your thoughts on this. My thought was to replace the current firmware with an older one that included the php vulnerability. Then poison dns to direct to a cloned firmware site, Thinking that maybe the hub could be tricked into downgrading automatically, and allowing us to gain root access without physically cracking open the box. After gaining root, the firmware could later be upgraded, while maintaining a backdoor. If it was possible, others could point to the same clone site by tricking out dns on thier lan and gain the same root access without using the uart exploit. Is this worth the effort? I have been hesitant to try the uart hack because i am not an electronics guy and am afraid of frying the hub. What are your thoughts?

BS


I know this is an old post... but no, I don't think this would work because of the SSL used. The update code would require the SSL keys of the downloaded updates to match.

nepto
Posts: 6
Joined: Thu Sep 01, 2016 2:07 am

Re: Rooting out of the box

Postby nepto » Thu Sep 01, 2016 6:22 pm

Here is a link to old image:

https://wink-hub-images.s3.amazonaws.co ... rootfs.ubi

Directory structure is clear.

CloneNum3
Site Admin
Posts: 107
Joined: Wed Jan 07, 2015 10:02 am

Re: Rooting out of the box

Postby CloneNum3 » Sun Sep 18, 2016 7:43 pm

BuckSinister wrote:Old firmware Images?
Does anybody have copies of the the old firmware images that contained the php expolit? I would like to create a clone of the wink-hub-images.s3.amazonaws.com, but place the old image as the newest and change the checksums in the manifests, with the hope that my wink hub will autodowngrade. Has anyone tried this before?
I created a mini network, where the wink sites resolve to my own web servers. I have hit a bump in the road, since i can't find any rootable images to download to proceed further. Please contact me , send me a copy , or post a link to any old firmware you may be willing to share.


I have the majority of original images however, assuming you are trying to do this with a factory device, I do not see how you would get around the fact that they require matching SSL keys. Something we do not have and will likely never get is the private key.

If you still want the images, PM me and I'll get you a link to about 2gb of various original update images.


Return to “Root a new out of the box Wink”

Who is online

Users browsing this forum: No registered users and 2 guests