Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Needed to change Firebase Fingerprint #236

Closed
ChrisAlphabet opened this issue Dec 14, 2016 · 49 comments
Closed

Needed to change Firebase Fingerprint #236

ChrisAlphabet opened this issue Dec 14, 2016 · 49 comments

Comments

@ChrisAlphabet
Copy link

Hi all,

I had to change the Firebase Fingerprint in FirebaseHttpClient.h

Any idea why the fingerprint would have changed overnight?

Cheers
@tomeryehu
Copy link

to what you change it ? I have the same problem too

@ChrisAlphabet
Copy link
Author

See if you can get the fingerprint from firebase.com. Will check the real value you need when I get home in about 45min

@ChrisAlphabet
Copy link
Author

In the file FirebaseHttpClient.h, change

static const char kFirebaseFingerprint[] = "7A 54 06 9B DC 7A 25 B3 86 8D 66 53 48 2C 0B 96 42 C7 B3 0A";

to

static const char kFirebaseFingerprint[] = "9A E1 A3 B7 88 E0 C9 A3 3F 13 72 4E B5 CB C7 27 41 B2 0F 6A";

@ChrisAlphabet ChrisAlphabet mentioned this issue Dec 14, 2016
Closed
@tomeryehu
Copy link

tomeryehu commented Dec 14, 2016 via email

@ChrisAlphabet
Copy link
Author

No idea why it changed. Firebase updated their SDK, maybe that changed something? Maybe one of the devs know more?

I found the new fingerprint by accident, to be honest. I was on the hunt for a memory leak that is occurring when Firebase pushes fail (story for another thread, probably post in the next few days) and had alot of debug information being dumped to Serial. You can enable this in Arduino IDE using this or in PlatformIO (big fan) by adding some build flags.

I think I used

build_flags = -DDEBUG_ESP_SSL -DDEBUG_ESP_CORE -DDEBUG_TLS_MEM -DDEBUG_LOG_LEVEL=6

but could have included any of

-DDEBUG_ESP_CORE -DDEBUG_ESP_SSL -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP_CLIENT -DDEBUG_ESP_HTTP_UPDATE -DDEBUG_ESP_HTTP_SERVER -DDEBUG_ESP_UPDATER -DDEBUG_ESP_OTA -DDEBUG_TLS_MEM

With those defined I saw a print of the test fingerprint and the real fingerprint which didn't match, seen in the debug snippet below.

cert FP: 9A E1 A3 B7 88 E0 C9 A3 3F 13 72 4E B5 CB C7 27 41 B2 0F 6A 
test FP: 7A 54 06 9B DC 7A 25 B3 86 8D 66 53 48 2C 0B 96 42 C7 B3 0A 
fingerprint doesn't match

Did changing the fingerprint work for you?

@tomeryehu
Copy link

In the serial its throw Exception (29):
epc1=0x4000e1b2 epc2=0x00000000 epc3=0x00000000 excvaddr=0x00000004 depc=0x00000000

After i change to the new fingerprint its work !!!!!!!!!!!

Thank You !

@Jozarco
Copy link

Jozarco commented Dec 14, 2016

Also work for me. Thanks

@jtwalters
Copy link

This probably means their SSL certificate was updated. Seems a bit odd to me that fingerprints are stored in code. I've seen it in other arduino code examples.

@ed7coyne
Copy link
Collaborator

It was the only thing the ESP8266 https library supported when this was written. Looks like that was fixed back in august though (esp8266/Arduino@b412660) so if I am understanding it correctly we could (and should) update to be more resilient using a CA root cert.

@proppy proppy mentioned this issue Dec 14, 2016
Merged
@proppy proppy mentioned this issue Dec 15, 2016
Open
@lenguyenvu007
Copy link

lenguyenvu007 commented Aug 18, 2017
edited
Loading

Last night Firebase Fingerprint was changed again, crazy !
from old: "9A E1 A3 B7 88 E0 C9 A3 3F 13 72 4E B5 CB C7 27 41 B2 0F 6A"
to new: "B8 4F 40 70 0C 63 90 E0 07 E8 7D BD B4 11 D0 4A EA 9C 90 F6"

@proppy Can we change the lib FirebaseHttpClient can detect the Firebase Fingerprint automatically?

@willkazan
Copy link

Same issue. Last night my ESP8266 stopped to update on Firebase.
@lenguyenvu007 thanks for the new Fingerprint. Its working again.

@alvintwking
Copy link

@lenguyenvu007 thanks for the updates.
May i know where did you get the new fingerprint

@lenguyenvu007
Copy link

lenguyenvu007 commented Aug 20, 2017
edited
Loading

@alvintwking I just follow the method of this topic owner @ChrisAlphabet as above mention. Thanks for him !

@ffgiraldez
Copy link

thank you @lenguyenvu007 you save me, I was wondering why my production ready IoT service stop working.

@proppy
Copy link
Collaborator

proppy commented Aug 21, 2017
edited
Loading

Should be fixed with #277. Thanks @RaemondBW !

@mikrodunya
Copy link

mikrodunya commented Sep 7, 2017
edited
Loading

If fingerprint changes again you can find new fingerprint by this site.
Just enter your firebase host adress (xxxxxxxx.firebaseio.com) to the textbox on that site and you will see fingerprint.

@tomeryehu
Copy link

tomeryehu commented Sep 7, 2017 via email

@mikrodunya
Copy link

mikrodunya commented Sep 7, 2017
edited
Loading

Hi. I solved this problem by changing wificlientsecure.cpp file in Arduino ESP8266 libraries.
If you use "#define SKIP_FP_CONTROL" line fingerprint changes will no more be a problem.
If you comment the line fingerprint will be questioned. So fp control will be an optional codeblock.

Path of file is :"C:\Users(Your_user_name)\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\libraries\ESP8266WiFi\src"

You can download modified wificlientsecure.cpp here: https://github.com/mikrodunya/Firebase-Arduino-Skip-fingerprint-Verification

@proppy
Copy link
Collaborator

proppy commented Sep 8, 2017

The fingerprint is still SHA-1 Fingerprint B8 4F 40 70 0C 63 90 E0 07 E8 7D BD B4 11 D0 4A EA 9C 90 F6 for me.

@lenguyenvu007
Copy link

Fingerprint B8 4F 40.. is already new @proppy
Thanks for your effective solution @mikrodunya , but any security risk when we bypass the SHA-1 Fingerprint verification? (always return true)

@mikrodunya
Copy link

I dont know much about security if we bypass verification.

@proppy
Copy link
Collaborator

proppy commented Sep 8, 2017
edited
Loading

@lenguyenvu007 I believe #277 already updated the finger bring to B8 4F 40 ...

@mikrodunya
Copy link

mikrodunya commented Sep 8, 2017
edited
Loading

They may change fingerprint later. Lets think we make a product and sold it. Then firebaseio fingerprint changed. Our product wont work for a period of time until we modify FirebaseHttpClient.h file . Our customers will be unpleased.
If you bypass fingerprint verification, fingerprint changes wont be problem anymore.

@lenguyenvu007
Copy link

@mikrodunya you are absolutely right. Thanks a lot for your method.
As I understand fingerprint checking just for prevent imitation web address of firebase, or re-direct attack. It is low risk incase of firebase from Google :-)

@proppy
Copy link
Collaborator

proppy commented Sep 11, 2017

Related:
esp8266/Arduino#1851
esp8266/Arduino#3417
esp8266/Arduino#3176

Something like this could allow us to remove the hardcoded fingerprint from the library.

@bizmike
Copy link

bizmike commented Mar 20, 2018

I attempted to adopt mikrodunya's solution above in hopes of bypassing the Firebase Fingerprint. I swapped my cpp file but it is unclear what other steps are required. I tested whether or not it worked by changing the Firebase Fingerprint to an incorrect value and my data stopped flowing so I know the file swap was either ineffective or there is something else I need to do. Any ideas? Thank you.

@mikrodunya
Copy link

Hi @bizmike .
You haven't to do anything else if you changed the .cpp file. It should work.

@bizmike
Copy link

bizmike commented Mar 21, 2018
edited
Loading

Thanks for the reply, @mikrodunya. Tested it again this morning and it hasn't worked for me. I am wondering if the library needs to be updated or something. I swapped to your cpp file and tried the current key B8 4F 40 70 0C 63 90 E0 07 E8 7D BD B4 11 D0 4A EA 9C 90 F6 and data went into Firebase. Then I changed the key to start B9 instead of B8 which is incorrect. If the cpp file worked then data should've still flowed into Firebase but it didn't.

@bizmike
Copy link

bizmike commented Mar 23, 2018

Instead of trying to bypass the key (haven't been successful getting that to work) is it possible to have the code reference a URL where it can find an updated key instead of the key in line? So instead of "B8 4F 40 70 0C 63 90 E0 07 E8 7D BD B4 11 D0 4A EA 9C 90 F6" it sees "Go here to the fancy secure URL and find the updated key" so that I can update all of my hardware's fingerprints remote at once?

@proppy
Copy link
Collaborator

proppy commented Mar 23, 2018

@bizmike maybe we should make the fingerprint an optional argument of the Firebase.begin object? That way it each sketch can find their own way to update it.

@ArsamHashmi ArsamHashmi mentioned this issue Jul 31, 2018
Closed
@bharat9828
Copy link

#315
yaa man...can u find the solution of this problem...please help..:-(

@milinddhanke
Copy link

Hi guys please find the permanent solution for this problem.

@mesut25
Copy link

mesut25 commented Sep 22, 2018
edited
Loading

parmak izi kontrolü disable yaptım parmak izi sorgulama devam ediyor çözüm bulmak zor olmalı yoksa bir çözüm bulurdu ögretmenler...

@mesut25
Copy link

mesut25 commented Sep 22, 2018

Merhaba @bizmike .
.Cpp dosyasını değiştirdiyseniz başka bir şey yapamazsınız. İşe yaramalı.

mikrodünya yı burda görmek güzel...

@mikrodunya
Copy link

Yukarida nasil cozulecegini detayli bir sekilde anlattim ve hala kullaniyorum. Buradakiler anlayamadi ne yaptigimi aval aval konusuyolar.

@mesut25
Copy link

mesut25 commented Sep 23, 2018 via email

@mikrodunya
Copy link

Esp8266 nin yeni versiyonunu yiklediyseniz cpp dosyasini degistirmisler. Onu yeniden modifiye etmek lazim. Bi ara atarim buraya musait olunca

@mesut25
Copy link

mesut25 commented Sep 23, 2018 via email

@mikrodunya
Copy link

mikrodunya commented Sep 24, 2018
edited
Loading

Solution
Skip control fp for esp8266 arduino release 2.4.2 ;
If you use "#define SKIP_FP_CONTROL" line fingerprint changes will no more be a problem. If you comment the line fingerprint will be questioned. So fp control will be an optional codeblock.
Path of file is :"C:\Users(Your_user_name)\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.4.2\libraries\ESP8266WiFi\src"

You can find necessary file here ;
https://github.com/mikrodunya/Firebase-Arduino-Skip-fingerprint-Verification

@mesut25
Copy link

mesut25 commented Sep 25, 2018 via email

@PSKAdam
Copy link

PSKAdam commented Mar 4, 2019
edited
Loading

Firebase fingerprint was updated yesterday AGAIN!!

file to change: FirebaseHttpClient.h

static const char kFirebaseFingerprint[] =
"E2 34 53 7A 1E D9 7D B8 C5 02 36 0D B2 77 9E 5E 0F 32 71 17"; // changed on 03-Mar-2019
//"6F D0 9A 52 C0 E9 E4 CD A0 D3 02 A4 B7 A1 92 38 2D CA 2F 26"; //change on 02-Aug-2018
//"B8 4F 40 70 0C 63 90 E0 07 E8 7D BD B4 11 D0 4A EA 9C 90 F6"; //change on 18-Aug-2017
//"9A E1 A3 B7 88 E0 C9 A3 3F 13 72 4E B5 CB C7 27 41 B2 0F 6A";//change on 14-Dec-2016

@mikrodunya thanks for your solution. I tried to use your code to replace my current wificlientsecure.cpp file, unfortunately it doesn't work. One interesting thing is, you asked us to modify the wificlientsecure.cpp file, but in the github link you provided, you named the file as wificlientsecureAxTLS.cpp file which is a totally different file in the Arduino package. Which one are we supposed to change actually? Did you just point us to the correct file? Look forwawrd to your or anyone's reply :)

@henriQLima
Copy link

Hi everyone, I had this same issue with my application a couple days ago and i figured out a way to solve it. Basically if we host this fingerprint somewhere else than in the hardware it will make things easier to change next time we had a fingerprint change. I am sending below my FirebaseHttpClient_Esp8266.cpp code where I've changed the FirebaseHttpClientEsp8266 class, I added some Serial.println to check the get request and also some string manipulation(because my-json-server.typicode adds some spaces and characters to the getString.

class FirebaseHttpClientEsp8266 : public FirebaseHttpClient {

public:
String fingerprint;
FirebaseHttpClientEsp8266() {
//first create a db.json in a github repo and use it at typicode.com
//this path will be pasted below in order to retrieve your fingerprint
//IT SHOULD BE HTTP, somehow http.begin does not work with HTTPS
http_.begin("https://my-json-server.typicode.com/<your-username>/<your-repo>");

int httpCode = http_.GET();
Serial.println(httpCode);
if (httpCode > 0) //== HTTP_CODE_OK)
//This code gets the fingerprint stored on an array at my-json-server.typicode.com and
//returns this array as a string, with some string manipulation we remove the array brackets and
//quotation marks ending with the fingerprint only.
Serial.println("--------------------");
fingerprint = http_.getString();
fingerprint.remove(0, 5);
fingerprint.remove(fingerprint.length() - 3);
Serial.println(fingerprint);
Serial.println("--------------------");
http_.end();
}

void setReuseConnection(bool reuse) override {
http_.setReuse(reuse);
http_.forceReuse(reuse);
}
void begin(const std::string& url) override {
http_.begin(url.c_str(), fingerprint);
}
void begin(const std::string& host, const std::string& path) override {
http_.begin(host.c_str(), kFirebasePort, path.c_str(), fingerprint);
}

Feel free to comment and add suggestions to this solution!! Cheers !@

@kiralikbeyin
Copy link

kiralikbeyin commented Mar 7, 2019
edited
Loading

@henriQLima
Please can you publish your setup and loop ?
I am getting streaming error: -1

if (Firebase.failed()) {
    Serial.print("streaming error:");  Serial.println(Firebase.error());
  }

@henriQLima
Copy link

Hey @kiralikbeyin!

The error -1 is probably due to your http get request. Did you set up your db.json at my-json-server.typicode.com properly? Are you able to access your fingerprint inside an array?

@mostafaHammad
Copy link

@ChrisAlphabet
Can you help me how to change fingerprint

@FrankAndYoung FrankAndYoung mentioned this issue Apr 19, 2019
Closed
@danilomna
Copy link

If fingerprint changes again you can find new fingerprint by this site.
Just enter your firebase host adress (xxxxxxxx.firebaseio.com) to the textbox on that site and you will see fingerprint.

@mikrodunya please explain, if I get fingerprint to my firebase project will it also change after some time? Or using fingerprint of my own firebase project address it is permanent?

@milinddhanke
Copy link

milinddhanke commented Mar 2, 2020 via email

@danilomna
Copy link

danilomna commented Mar 2, 2020
edited
Loading

Guys,

Problems solved for good!!! Forget about firebase fingetprint changes issue forever!!!

Use this and only this library avaliable on arduino library manager: Firebase ESP8266 Client.

It is an amazing library project with new approach not fingerprint dependant provided by @mobizt

https://github.com/mobizt/Firebase-ESP8266

This was referenced Jul 13, 2021
Open
Open
@Pavithra-cj
Copy link

Is there have any online fingerprint generators for this problem??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests