Page 2 of 2

Re: Rooting out of the box

Posted: Tue Aug 25, 2015 12:13 pm
by CloneNum3
BuckSinister wrote:Old firmware Images?
Does anybody have copies of the the old firmware images that contained the php expolit? I would like to create a clone of the wink-hub-images.s3.amazonaws.com, but place the old image as the newest and change the checksums in the manifests, with the hope that my wink hub will autodowngrade. Has anyone tried this before?
I created a mini network, where the wink sites resolve to my own web servers. I have hit a bump in the road, since i can't find any rootable images to download to proceed further. Please contact me , send me a copy , or post a link to any old firmware you may be willing to share.


I have some various revisions of older firmware... I however do not see a point in ever going to an older version.

I see no reason why you wouldn't be able to go back to any firmware version you wanted. I can even help you get your wink to update back to whatever version you want with very minimal changes to the hub itself, but again, I don't see the point.

-CloneNum3

Re: Rooting out of the box

Posted: Tue Sep 15, 2015 6:06 pm
by norm258
I purchased a second Wink Hub because I was having issues with my first one. I let it boot up and configured it with the wink app. Then I let it upgrade the firmware like I did with my first one. It upgraded to 2.19.0? My other one was 1... something. I wasn't concerned until I did the nand short to root, and when I went to boot it, the kernel crashes! The hub is dead at that point. Any suggestions on recovery if possible?
Thanks
Norm

Re: Rooting out of the box

Posted: Wed Nov 11, 2015 8:03 am
by BuckSinister
CloneNum3,

I dont know if this would work, I would appreciate your thoughts on this. My thought was to replace the current firmware with an older one that included the php vulnerability. Then poison dns to direct to a cloned firmware site, Thinking that maybe the hub could be tricked into downgrading automatically, and allowing us to gain root access without physically cracking open the box. After gaining root, the firmware could later be upgraded, while maintaining a backdoor. If it was possible, others could point to the same clone site by tricking out dns on thier lan and gain the same root access without using the uart exploit. Is this worth the effort? I have been hesitant to try the uart hack because i am not an electronics guy and am afraid of frying the hub. What are your thoughts?

BS

Re: Rooting out of the box

Posted: Tue Dec 22, 2015 11:46 pm
by CloneNum3
BuckSinister wrote:CloneNum3,

I dont know if this would work, I would appreciate your thoughts on this. My thought was to replace the current firmware with an older one that included the php vulnerability. Then poison dns to direct to a cloned firmware site, Thinking that maybe the hub could be tricked into downgrading automatically, and allowing us to gain root access without physically cracking open the box. After gaining root, the firmware could later be upgraded, while maintaining a backdoor. If it was possible, others could point to the same clone site by tricking out dns on thier lan and gain the same root access without using the uart exploit. Is this worth the effort? I have been hesitant to try the uart hack because i am not an electronics guy and am afraid of frying the hub. What are your thoughts?

BS


I know this is an old post... but no, I don't think this would work because of the SSL used. The update code would require the SSL keys of the downloaded updates to match.

Re: Rooting out of the box

Posted: Thu Sep 01, 2016 6:22 pm
by nepto
Here is a link to old image:

https://wink-hub-images.s3.amazonaws.co ... rootfs.ubi

Directory structure is clear.

Re: Rooting out of the box

Posted: Sun Sep 18, 2016 7:43 pm
by CloneNum3
BuckSinister wrote:Old firmware Images?
Does anybody have copies of the the old firmware images that contained the php expolit? I would like to create a clone of the wink-hub-images.s3.amazonaws.com, but place the old image as the newest and change the checksums in the manifests, with the hope that my wink hub will autodowngrade. Has anyone tried this before?
I created a mini network, where the wink sites resolve to my own web servers. I have hit a bump in the road, since i can't find any rootable images to download to proceed further. Please contact me , send me a copy , or post a link to any old firmware you may be willing to share.


I have the majority of original images however, assuming you are trying to do this with a factory device, I do not see how you would get around the fact that they require matching SSL keys. Something we do not have and will likely never get is the private key.

If you still want the images, PM me and I'll get you a link to about 2gb of various original update images.