Sonoff Original Firmware #1
Comments
|
The device adds some CGI params to get URL before issuing the GET request. |
|
Thank you for your reply, please do not know where can i find the original firmware for sonoff device ?. |
|
You will need the following HTTP-Headers to download the files: deviceid: "10000xxxxx" |
|
Hi I have read some pages as it works well it is described in the attached link https://wiki.almeroth.com/doku.php?id=projects:sonoff but I could not correctly build the link for the download firmware please can you write me the correct wording http line to get the firmware put downloaded thank you |
|
You can not construct a link for this. It requires the usage of a tool like curl or a script, where you can define HTTP-Headers. Also, the sign-parameter is based on your deviceid. You can re-use it to download other firmware as well, but I will not share my credentials. :) |
Actually I think I did so. If I remember right I used a longish URL containing the the CGI params you mentioned and just set it up as a GET request. The original firmware also contains the according string:
|
|
|
|
You're right, it seems this changed since my investigation. 👍 @mirko: Do you have an idea what the sign-parameter consists of? It is slightly different from what the app does: def signature(self, message, secret=PROD_SECRET):
logger.debug(message)
message = bytes(message.encode('utf-8'))
secret = bytes(secret.encode('utf-8'))
signature = base64.b64encode(
hmac.new(secret, message, digestmod=hashlib.sha256).digest())
return signature.decode("utf-8") |
|
No idea, I just quick-checked if it's the sha256sum of the image (which is provided to the device beforehand via its WebSocket connection) but it doesn't seem to be. |
|
Thank you, Mirko I do not know where the problem is but when I opened a link so downloading the file does not work, so I want to ask or you would not get it and did not add bin files to your Github I would be grateful to you. |
|
I'm pretty sure I'm not allowed to redistribute those binary files. |
|
I know this is old, but I'm trying to restore the firmware so I can do testing of some updates to SonOTA (without having to buy more Sonoff's). From my initial debugging I already had a backup of my Many combinations give me something such that the LED blinks 5 times, with a brief pause, 5 blinks etc. (This is from the end of https://wiki.almeroth.com/doku.php?id=projects:sonoff ) I have seen this with a stock device, and simply holding down the bottom puts it into AP mode (sometimes you need to hold it for 7 seconds a 2nd time). But with this after flashing, that's all I get 5 blinks, pause, 5 blinks. If anyone happens to have any further ideas, please let me know and I'll give it a crack. Cheers. |
|
After further searching, the solution appears to be right under my nose at https://github.com/khcnz/Espressif2Arduino#flashing--running Specifically, to backup: And to restore: Unfortunately I have already flashed all my devices, so can't do the initial backup, if someone does have a full backup they are willing to share with me, please let me know. |
|
Sorry - the original firmware is locked to each device (there is a mac address check!). See details on the original tasmota thread (linked to from the sonta readme) |
|
I have two Sonoff Basic-units with the good ol' 1.5 firmware. I've dumped them both, and there are only one or two places where they differ when compared with a hex-editor. Their SSID is one of the things that are different. I suspect that, given some more time to look at it, we should be able to figure out what values need to be changed to make it work on a different device. Personally, I suspect that it's only the MAC and maybe a byte for checksum. I also have ONE older TH-10, but no other device to dump and compare with. Based on what I've seen in the dumps, they do contain the wifi settings that the device is configured with, so that might be something to think about before distribution. |
|
First of all thank you very much for your efforts creating this very useful repository for "upgrading" Sonoff's over the air! I have successfully flashed two basic Sonoff's with 1.55. My question is, if I buy some new devices they most likely will have >= 1.6 firmware version and there is no chance to downgrade the firmware to a lower version because it is bound to the individual mac address, right? They only way to upgrade those will be the hardware flashing method? Many thanks in advance, just wanted to get the most recent statement on this. |
|
Yes, until someone is willing to do the work needed to figure out how to edit the firmwaredumps so that the MAC can be corrected before flashing, you're out of luck. I was thinking about doing that, but ended up flashing Tasmota firmware instead. Can't really say I regret that... |
|
@usamer The issue now is, even if you have the firmware, there is no way in the app to tell it to downgrade to it (because if we could, we would just use that method to install SonOTA). So the only way is to flash it using serial, so if doing that, it's easiest to just flash Tasmota right away and not even worry about this :( |
|
Anyone could write another device original firmware into any other device? I have the same problem. 1 Sonoff with custom firmware without backup. I want to get back to Sonoff ecosystem. |
|
@gsalvati It's not the flashing part that's hard, but it's the content. Imagine that the firmware has some code like this at its begining: This means that any firmware you copy from one device to another, won't work (as seen from the users point of view). Personally, I don't suspect it's too much work, but I also believe that most people capable of doing this will be the same people who would want to use a custom FW anyway. This results in very few people who actually have any incentive to give it a go. |
|
Hi, I want to flash my devices back to the stock firmware. But it seems impossible... The problem: I have no backup of the original firmware. For comparison, I have backed up three sonoff devices. Someone interested in reverse engineering? |
Great start! Have you compared the varying data against the MAC-addresses of the devices? |
Hi, yes. But cannot find a correlation. There are two more bytes with different content. But I think this is something like running time or boot count. Here are some more data. From left to right (in the picture): |
|
PS: I can dump another 7 devices. Would that be helpful? |
|
I’m interested in putting oem firmware from a sonoff th10/th16 to a sonoff sv :) as I want to install it in a 12v environment :) |
Have you considered the
Yes |
Hi, ok. I will check the ChipID next weekend... Then I also dump the other seven devices. |
|
Hey any further finding on this :) |
|
Hi, no sry... I flashed Tasmota. After some trouble with the official ITEAD server (disconnected and so on). |
|
any progress? |
share binary, i've loaded sonoff binary to nodemcu, it connects to wifi and able to control from ewelink app over LAN, but issue with server connection, maybe some ID issue, can you please share binaries? |
Hi, I deleted the files... sry. |
Have you used binary from other Sonoff device or did you try to edit it? I wonder if the the highlighted sequence isn't just identifier which is logged to server once it tries to connect (binded to MAC address of the device). |
I have not done anything. Just power on and dump binary. No setup process, no wifi connection, no button usage. This may be a boot counter or something else. |
no editing, just uploaded one i got from internet. attached two LEDs and there is already a push button. |
with this , did you also send any parameter for authentication? , i got my sign with dev id and ts, just shows as 401 error |
|
here are sonoff binaries that i tested with nodemcu, i can use eWeLink app in LAN mode. |
|
@programmer131 have you patched somehow the original bin? |
Hi
Is it possible to download the original firmware for sonoff with these links ?.
http://52.28.103.75:8088/ota/rom/xpiAOwgVUJaRMqFkRBsoI4AVtnozgwp1/user1.1024.new.2.bin
http://52.28.103.75:8088/ota/rom/xpiAOwgVUJaRMqFkRBsoI4AVtnozgwp1/user2.1024.new.2.bin
The text was updated successfully, but these errors were encountered: