-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to ota_unlock using curl on Sonoff Basic R3 #45
Comments
I did a complete reset of the device and used the eWelink app to re-configure the device. I was able to flash the latest sonoff-basic firmware. It's all good now. |
Could you please share more information how did you managed to get this work? I could flash one out of four Sonoff-mini with the exact same behavior you described, hanging forever in the OTA_unlock. I tried to link them with eWelink app, all are with latest firmware, put jumper, issue info, OTA is locked, issue ota_unlock and it hangs forever. Thanks |
@jrbenito I have the same issue as you mention. |
Yes, the issue is Sonoff device needs to communicate with Itead cloud during unlock process. I bet that this is to avoid warranty of the device. So, when trying to OTA unlock in a confined SSID network, it fails without explanation. If your SSID (sonoffDIY) has access to the internet, no problem. I built a docker image that uses a WiFi interface to bring up hotspot sonoffDIY, send OTA unlock and firmware to the device (through http requests) while sharing the internet in this Wifi hotspot. Made my life easy. If you want to check: https://github.com/jrbenito/SonoffDIY-tasmotizer But any hotspot able to share internet (your android phone for instance) will do. cheers |
Thanks, |
Kindly Help me how to control SONOFF switch using Curl request. curl -X POST -H 'Content-Type: application/json' -d '{ "deviceid": "1000c85310", "data": { "switch": "on" } }' -i http://192.168.0.155:8081/zeroconf/switch |
Hi So... If anyone wants to give it a go, here's how you do it. What you need to know beforehand; Check
"otaUnlock": false, means its locked You need to run this command to unlock the device:
But when you do it, the device attempts to connect to internet, to IP 52.57.118.192 (double check that when you actually go and do it, but it seems that it has hardcoded IP address and not DNS name). You need to do two things:
Run apache server and create otaFlash.php file with content
use .htaccess for URL redirection;
Now you can run the curl unlock again;
error:0 is the proper response Check to make sure it worked:
If otaUnlock value is 'true', it worked. If anyone is interested in further reading... This is how apache server sees the request 192.168.100.81 - - [24/Dec/2022:23:32:39 +0100] "POST /api/device/otaFlash HTTP/1.1" 200 166 "-" "-" data captured with pcap
|
@navennn Your solution worked for me, thanks! I ran a reverse dns lookup and looks like the device requests this URL Although since my router didn't support spoofing that url directly, I placed that URL into my DNS server(I have one in my local network) to point to the where the server was. Then I was able to make the device download the firmware. |
Could you please help me, i'm a newbie and it's to hard for me |
I'm afraid you won't be able to do it if you do not understand the steps I've provided. It's not easy if you don't know all those technologies. I guess you just need to connect it to internet and let it do its thing. |
EU Mini R2 v3.7.6 calls |
I've written a guide here https://github.com/jrbenito/SonoffDIY-tasmotizer/files/13505183/flashing.sonoffminiR2.it.en.pdf |
Here some additional information. |
I added a small mock server for this problem for all run like Github: https://github.com/DasRed/sonoff-ota_unlock |
Can you please help more in detail how to use your docker container to unlock a sonoff mini with firmware 3.7.6? |
I'm making progress :-) I got it right now http://apid.coolkit.cn:80/v2/d/otaflash is replied with '{"error": 422}'. But jet the ota_unlock is still not working. tcpdump: data link type PKTAP 22:02:09.223732 IP # > mdns.mcast.net: igmp v2 report mdns.mcast.net Any further advice ? |
@dreeti , |
@dreeti |
@3N37 {"seq":6,"error":0,"data":{"switch":"off","startup":"off","pulse":"off","pulseWidth":500,"ssid":"MYSSID","otaUnlock":false,"fwVersion":"3.7.6","deviceid":"1000c3f10d","bssid":"78:44:76:e7:f4:14","signalStrength":-67}}% |
@VeeGit09 I couldn't figure out how to do it on my router but I have a piHole and there I could setup a DNS entry apid.coolkit.cn -> 192.168.1.62 (the ip adress of the computer where the docker image is running). The piHole is my DNS server (configured in my router) |
@dreeti , |
@3N37 |
@3N37 |
@3N37 curl -X POST -d "{"data":{}}" http://192.168.1.23:8081/zeroconf/info Looks like I can flash tasmota. Yet I don't know what I might have done wrong yesterday - after installing wireshark and looking into the trafic it worked. No matter I learned quite a lot. @DasRed Thanks for the image |
|
Thank you for the details. Finally I was able to unlock after learning a lot on running a docker in WSL2 and mapping the IP to pi hole. When I run curl -X POST -d "{"data":{}}" http://192.168.1.xx:8081/zeroconf/info i get the following @3N37 and @dreeti Now I am stuck on how to flash with Tasmota. I followed the instructions in the pdf by @3N37 and used the curl http://10.0.0.118:8081/zeroconf/ota_flash -XPOST --data '{"data":{"downloadUrl": But when I reach the ip address it keeps says unable to connect but checking with curl -X POST -d "{"data":{}}" http://192.168.1.xx:8081/zeroconf/info gives the same info as before that otaUnlock = true. So it seems that I haven't flashed it yet. So, any help on what to do next is appreciated. (Also, I couldn't understand this in the pdf file written by @3N37 "sometimes you have to move the .htaccess file directly to the main directory /var/ww/html and then |
Thank you. I had issues running the PHP script. But I used DasRed Docker to unlock it. So if it unlocks and flashes Tasmota, then I should see the Tasmota access point, which I couldn't see. Running the curlx post command shows that the otaUnlock is true which means all worked. I am puzzled why it didn't flash Tasmota after unlocking. |
unlocking the device is the hardest thing . for flash after downloading the correct firmware version to the mock server, checked and annotated the sha256 , and placed the otaflash.php and .htaccess file in the root directory .there is no more problem. |
@3N37 |
@enricogiordano |
I have ordered some more sonoff minis. I hope they will arrive with an older firmware than 3.7.6. Good luck. Don't stop trying - it's very rewarding when it finally works :-) |
@egio12 @dreeti @VeeGit09 |
@mahipat99 , |
I have finally managed to flash my Sonoff devices. My Sonoffs arrived with firmware version 3.7.3. Since I initially couldn't flash them, I connected one to the EWeLink app and updated it to version 3.7.6. Eventually, I successfully flashed all of them, regardless of whether they had version 3.7.3 or 3.7.6. Here is the procedure I followed to flash my Sonoff Mini R2 devices:
I'd like to add that I ran both the Docker image and the AdGuard server within my Home Assistant instance without any issues or conflicts. |
Thank you @egio12 for a clear step by step instruction. Perfectly put together. It worked like a charm. The only difference is I used Pi-hole to direct the POST to my local dns server. Since Pi-hole runs in port 80 (which I changed it in lighttpd.conf file, but still had issues, may be for me) I was running two different Ubuntu systems (my old PC and a laptop) as the mock server running the container by @DasRed also uses port 80. Used ARC (Advanced Rest Client) in Windows to POST the command http://xxx.xxx.xx.xx/zeroconf/info to check whether my Sonoff Mini Device is connected. Once everything setup, it took just 45 minutes to unlock 8 devices, update and setup Tasmato. Thank you all especially, @dreeti. @3N37 and @mahipat99 for the details that helped to understand the instructions by @egio12. Also, thanks to @DasRed for making this painless. |
@VeeGit09 I got 5 new sonoff minis yesterday - they came with firmware 3.6.0. ![]() |
@mahipat99 Yes, you are right, for me for some reasons without IP, it couldn't find. So I included the IP. If there are many devices in the network it might be difficult to find the IP address, but mostly it would be named either eWelink_1001xxxxxx or ESP_XXXXXX for the SonoffMini device in the network after its connected to the local network through the DIY mode. |
@dreeti @3N37 @mahipat99 @egio12 This is not the topic of discussion. Any one used WSL2 Ubuntu for this process. I spent several days to expose port 80 to run the mock server but couldn't do it, missing something. If so, please let me know, I am interested in learning that. |
@VeeGit09 |
@3N37 |
The problem i have it's i can't run in the same docker same port 80 two
images, one for DNSpoofing and the other for the ota unlock. How do you do
that? I use Windows.
Thank You
El dom, 24 dic 2023 a las 19:44, VeeGit09 ***@***.***>)
escribió:
… @3N37 <https://github.com/3N37>
Great, thanks, thats what I decided after few days experiment with it.
—
Reply to this email directly, view it on GitHub
<#45 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AX5XQON7QLJ5H4U43BUL5R3YLCAZZAVCNFSM4I3QZLIKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBWHA2TQMRZG42A>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
@carlosoboe |
Hi there! After configuring the devices to connect to my local WiFi network, I executed both tcpdump and Wireshark to capture network traffic. Unless I overlooked a step, it appears that my devices are not initiating any connections to external servers. This observation leads me to question the effectiveness of the Docker image in my current understanding. I'd appreciate any insights or guidance on this matter. It's possible that there are additional considerations or steps I should take to ensure a comprehensive analysis of the network behavior of my Sonoff Mini devices. Thank you in advance for your assistance! ==========TCPDUMP========= sudo tcpdump -i wlx00c0ca4ab294 ether host dc:4f:22:be:96:3f tcpdump: verbose output suppressed, use -v[v]... for full protocol decode |
@fr43c0 |
I'm still trying to unlock the device. The command curl -X POST -d "{"data":{}}" http://192.168.13.xx:8081/zeroconf/info always returns "otaUnlock": false. The command curl -X POST -d "{"data":{}}" http://192.168.13.xx:8081/zeroconf/ota_unlock seems not to be working at all and remains indefinitely stuck without a response. I understand that to perform the unlock, the device would attempt to communicate with an external server, which may vary depending on the original firmware version. However, my device doesn't seem to be doing that, unless I am doing something wrong... |
You can send a maximum of 1 request at a time. Make sure no other software/browser is pinging the device. |
@fr43c0 , |
yes the one with the jumper... Jumper is in place already. I also managed to make Wireshark detect the request to api.coolkit.cn ... |
It may a co dolso be stuck when it attempts to connect to internet and fails. Edit: I somehow missed your last message. That's good. Did it go through to your mock server, or internet? You'll see that in tcpdump. Also I recommend using -an parameter for tcpdump. It'll show you IP address instead of hostnames. Should be easier to see what actually happens. |
I made some progress but still can't unlock the device. Initially, I successfully used Wireshark appropriately and verified that the request is made to apid.coolkit.cn as described in the instructions. Instead of using the Docker image kindly provided, I opted to set up a Flask server responding to the POST request at /v2/d/otaflash with a JSON {"error": 422}. However, the response I am getting is "seq":11,"error":422}, and upon checking the info, I still find "otaUnlock":false". I must be doing something wrong... I appreciate any tips or suggestions from anyone who might have insights. $ sudo tcpdump ─[revir@revir]─[ |
It seems you are using API call otaflash. It should be ota_unlock. See my first post in this thread. |
My bad! I ran the correct command this time (ota_unlock) , and it stayed stuck without a response again...otaUnlock remains false ...:(( |
Try and set it's gateway as your machine, where you can do tcpdump to see what it tries to do. I bet you have the wrong NAT/spoof and it still tries internet. |
@navennn $sudo tcpdump -i wlp2s0 -nA '(tcp or udp)' |
error 422 appears when you send an incorrect json( – 422: The operation failed and the request parameters are invalid. For example, the device does not support setting specific device information.) from the command line should be curl -X POST -d "{"data":{}}" etc. |
Upgraded firmware to 3.3.0 using eWelink app.
Added the DIY jumper. Created a sonoffDiy network hotspot on my mobile phone.
I can connect to the device and get details
http://192.168.43.24:8081/zeroconf/info -XPOST --data '{"deviceid":"100090f997","data":{} }'
I can also turn on/off the switch using curl and verify using curl again.
However, I cannot unlock using
When the above command is sent, I do not get any response and it just hangs. I've tried this a few times. Re-running the /zeroconf/info still says device is locked (otaUnlock: false). I've tried powering on/off yet no luck.
This is stopping me from flashing the device with sonoff-basic.bin firmware and then to sonoff.bin.
Any help is appreciated! Does the device need internet access to unlock?
The text was updated successfully, but these errors were encountered: