New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sonoff dropping connection after receiving SSL certificate #58

Open
ratedz opened this Issue Nov 20, 2017 · 103 comments

Comments

Projects
None yet
@ratedz

ratedz commented Nov 20, 2017

  • Operating System: OSX, Linux
  • Python Version: 3.5.3
  • Sonoff model: 1 Channel relay firmware 1.7.0

I have two of these devices, one worked just fine and the other fails all the time. It gets to the point where it connects back to my local network after connecting to the ITEAD network. Then it never downloads the new firmware. It just sits and repeats ( see below) The unit that did work, I never used with ewlink and never upgraded the firmware. The unit that fails I did set up with ewlink first and upgraded the firmware to 1.7.0. When the failed unit is in the phase of starting the webserver on 8080 and 8443, you can browse to 8080 and it just gives a 404. I have tried everything and cant get this thing to work. Ideas ?
I have tried both on OSX and linux.. The successful unit was done on linux.

Using the following configuration:
Server IP Address: 192.168.0.185
WiFi SSID: TP-Link
WiFi Password: ********
Platform: linux
** Now connect via WiFi to your Sonoff device.
** Please change into the ITEAD WiFi network (ITEAD-100001XXXX). The default password is 12345678.
To reset the Sonoff to defaults, press the button for 7 seconds and the light will start flashing rapidly.
** This application should be kept running and will wait until connected to the Sonoff...
...................................................Current IPs: []
..Current IPs: ['10.10.7.2']
~~ Connection attempt

HTTP GET /10.10.7.1/device
<< {
"deviceid": "1000114fee",
"accept": "post",
"apikey": "0a2c5628-a925-4dce-81d9-033715d15f3b"
}
HTTP POST /10.10.7.1/ap
{
"ssid": "TP-Link_1920",
"version": 4,
"password": "********",
"serverName": "192.168.0.185",
"port": 8443
}
<< {
"error": 0
}
~~ Provisioning completed
Starting stage2...
** The IP address of <serve_host> (192.168.0.185) is not assigned to any interface on this machine.
** Please change WiFi network to TP-Link_1920 and make sure 192.168.0.185 is being assigned to your WiFi interface.
** This application should be kept running and will wait until connected to the WiFi...
.........Current IPs: []
..............................Current IPs: ['192.168.0.185']
~~ Starting web server (HTTP port: 8080, HTTPS port 8443)
~~ Waiting for device to connect

*** IMPORTANT! ***
** AFTER the first download is COMPLETE, with in a minute or so you should connect to the new SSID "FinalStage" to finish the process.
** ONLY disconnect when the new "FinalStage" SSID is visible as an available WiFi network.
This server should automatically be allocated the IP address: 192.168.4.2.
If you have successfully connected to "FinalStage" and this is not the IP Address you were allocated, please ensure no other device has connected, and reboot your Sonoff.
......^@........................
*** IMPORTANT! ***
** AFTER the first download is COMPLETE, with in a minute or so you should connect to the new SSID "FinalStage" to finish the process.
** ONLY disconnect when the new "FinalStage" SSID is visible as an available WiFi network.
This server should automatically be allocated the IP address: 192.168.4.2.
If you have successfully connected to "FinalStage" and this is not the IP Address you were allocated, please ensure no other device........... and goes on and one like this forever

@sillyfrog

This comment has been minimized.

Collaborator

sillyfrog commented Nov 20, 2017

Unlikely given it's a brand new release, but can you try running with --legacy, and see what you get? If that does not work, it would also be good to get a tcpdump of the Sonoff IP to see if it's trying at all to hit the server.

@ratedz

This comment has been minimized.

ratedz commented Nov 20, 2017

I had run with legacy and slow stream previously and neither or both worked. IT was the same issue. Running with normal mode and looking at tcpdump it looks like its trying to hit my server/host on 8443 , Is that what your looking for ? If I hit my laptop doing the upgrade on that port it just gives a 404.

08:57:44.639452 IP (tos 0x0, ttl 128, id 876, offset 0, flags [none], proto TCP (6), length 44)
192.168.0.163.6372 > 192.168.0.185.8443: Flags [S], cksum 0x1e88 (correct), seq 632377, win 5840, options [mss 1460], length 0
08:57:44.639559 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44)
192.168.0.185.8443 > 192.168.0.163.6372: Flags [S.], cksum 0xf2ec (correct), seq 313179551, ack 632378, win 29200, options [mss 1460], length 0
08:57:44.649025 IP (tos 0x0, ttl 128, id 877, offset 0, flags [none], proto TCP (6), length 124)
192.168.0.163.6372 > 192.168.0.185.8443: Flags [P.], cksum 0xbe5a (correct), seq 1:85, ack 1, win 5840, length 84
08:57:44.649157 IP (tos 0x0, ttl 64, id 46757, offset 0, flags [DF], proto TCP (6), length 40)
192.168.0.185.8443 > 192.168.0.163.6372: Flags [.], cksum 0x0a56 (correct), seq 1, ack 85, win 29200, length 0
08:57:44.652101 IP (tos 0x0, ttl 64, id 46758, offset 0, flags [DF], proto TCP (6), length 1059)
192.168.0.185.8443 > 192.168.0.163.6372: Flags [P.], cksum 0xa1b7 (correct), seq 1:1020, ack 85, win 29200, length 1019
08:57:44.657903 IP (tos 0x0, ttl 128, id 878, offset 0, flags [none], proto TCP (6), length 40)
192.168.0.163.6372 > 192.168.0.185.8443: Flags [F.], cksum 0x6595 (correct), seq 85, ack 1020, win 4821, length 0
08:57:44.658210 IP (tos 0x0, ttl 64, id 46759, offset 0, flags [DF], proto TCP (6), length 40)
192.168.0.185.8443 > 192.168.0.163.6372: Flags [F.], cksum 0x0659 (correct), seq 1020, ack 86, win 29200, length 0
08:57:44.660330 IP (tos 0x0, ttl 128, id 879, offset 0, flags [none], proto TCP (6), length 40)
192.168.0.163.6372 > 192.168.0.185.8443: Flags [.], cksum 0x6595 (correct), seq 86, ack 1021, win 4820, length 0

@sillyfrog

This comment has been minimized.

Collaborator

sillyfrog commented Nov 20, 2017

It's weird, it appears to drop the connection after making it. Can you please run it with -s0 -w dump .pacp, and send me the resulting file? I'd like to open up in WireShark and see if there is anything happening at the SSL negotiation phase.

You could also try a curl -k against HTTPS port 8443, and make sure you get the 404 page back.

@ratedz

This comment has been minimized.

ratedz commented Nov 20, 2017

Sorry , tcpdump doesnt like a .pacp ?

@ratedz

This comment has been minimized.

ratedz commented Nov 20, 2017

dump.txt
Curl output..
curl -k https://192.168.0.185:8443<title>404: Not Found</title>404: Not Found

I attached a dump file.. its dump.txt

@sillyfrog

This comment has been minimized.

Collaborator

sillyfrog commented Nov 20, 2017

Hmmm, well that's a worry, the Sonoff disconnected after getting the certificate - so they may now be doing certificate verification, which would mean we can't do SonOTA any more :(

I'm planning on buying a basic for testing (and I'll backup the original firmware), so will see if there is a way to work around this... (But that will be a few weeks away).

@ratedz

This comment has been minimized.

ratedz commented Nov 20, 2017

Thats a bummer.. Is there an easy way to back up my firmware on the unit that works and load it on this one.. Without using and ftdi serial interface ? Can you point me to a link or anything that might help me out. Also, thanks a lot for looking into my issue.. Great software .

@sillyfrog

This comment has been minimized.

Collaborator

sillyfrog commented Nov 22, 2017

Unfortunately not as all of the strategies involve breaking apart the SSL connection. I have a Basic on order so it should arrive in the next few weeks and I'll check it out. I'll also keep trying to update my test Dual and see if there is a new release for it with the same issue and let you know.

@sillyfrog sillyfrog changed the title from Sonoff 1 Channel inching relay wont download firmware to Sonoff dropping connection after receiving SSL certificate Nov 22, 2017

@vponomarev

This comment has been minimized.

vponomarev commented Dec 5, 2017

@sillyfrog Do you have any news?
I'm building similar tool (replacement of eWeLink cloud server) and today received Sonoff RF which also don't want to connect to my server - it breaks SSL handshake exactly after receiving server Hello packet with certificate.

I plan to check if new firmware really analyze SSL certificate fingerprint or it only looks into some fields like commonName.
Maybe you already made such investigations?

@ro-76

This comment has been minimized.

ro-76 commented Dec 6, 2017

I'm having the same issue with a TH16. Any likelihood of a fix?

@sillyfrog

This comment has been minimized.

Collaborator

sillyfrog commented Dec 6, 2017

I'm travelling at the moment - I have a new basic to test this - but it was not updating before I left (no idea why!). I'll be giving this a go again next week - hopefully I can get it updated, and try and replicate the issue. I'll then try a number of SSL inspection strategies and see if one works.

@ulab

This comment has been minimized.

ulab commented Dec 7, 2017

Just "subscribing" to this issue with another TH16 that shows the same issues. eWeLink shows Firmware version 2.0.1 with 2.0.4 available.

@ulab

This comment has been minimized.

ulab commented Dec 7, 2017

And I take that back. While fiddling around with it some more (after having tested variations with --legacy and --slowstream earlier) I noticed that it suddenly connected to the sonota.py that was running while I was looking for more info. But it failed, mentioning to try --slowstream again.

And after trying again it suddenly worked without switching back to the itead-Wifi, etc.

Now I am really confused as why it didn't work before?

debug_1512685512.log
debug_1512685748.log

@andyjenkinson

This comment has been minimized.

andyjenkinson commented Dec 7, 2017

Sounds like something different @ulab .

I just did a little more digging, I setup an HTTPS proxy (via cloudflare) which uses a real Comodo signed certificate (and modified the script slightly to relax the hostname-IP checking). Just in case having a proper cert matching the hostname would be enough. This time I don't even see the device attempt to connect via tcpdump.

@vponomarev

This comment has been minimized.

vponomarev commented Dec 8, 2017

@andyjenkinson Can you give me an URL with this certificate?
I issued self-signed certificate with CN='*.coolkit.cc' (the same cert is used for real cloud service) and by Sonoff Basic breaks SSL connection to this cert.

@andyjenkinson

This comment has been minimized.

andyjenkinson commented Dec 8, 2017

Not really, it is on my private network and not accessible externally, but because I own the domain I can use a Cloudflare shared certificate. If you own a domain you can do the same (or if you have your own SSL cert just use that - you could try https://letsencrypt.org/ but it might not be a trusted CA).

I gather that the cloud service was (at least in the past) passing IP addresses as the download URL, which suggests the device doesn't compare the hostname to the cert, but is instead checking for a trusted certificate in a specific domain. Unless the behaviour of the server has changed and it now sends coolkit.cc hostnames in the download URL?

It could be something else though - we don't know at this stage do we?

@neuman1812

This comment has been minimized.

neuman1812 commented Dec 10, 2017

Just commenting to track this. I have purchased 10 devices,. They all have the .1.6 version and I have the same issue.

@mirko

This comment has been minimized.

Owner

mirko commented Dec 11, 2017

Just a shot in the dark: could it be a cert validity issue which might be solved by date/time settings?

@sillyfrog

This comment has been minimized.

Collaborator

sillyfrog commented Dec 12, 2017

I have tried a number of certificate combinations, including using about 100 years into the future (matching the upstream), matching the number of bits (1024 rather than 2048) etc.

I'm also going to try creating a CA that matches upstream and have a signed cert under that, however I have a bad feeling that they are pinning the certificate :(

The next best thing I think we could do is ask Sonoff if they can have an option in the app to downgrade the software to v1.5 for those looking to do this.

@tjmaru

This comment has been minimized.

tjmaru commented Dec 12, 2017

I have sonoff basic with firmware 1.6.0.
I'm sorry, but why are you think the problem is in the ssl?
I'm trying to analyse the traffic on the sonoff. I see the sonoff connecting to the 52.28.157.61 but I didn't see dns request for this address. So I think sonoff doesn't use any domain for it, so they can't use ssl verification. And I think the ip address is hardcode in the firmware.
Unfortunatelly I can't find name to the ip address 52.28.157.61.
The ip address 52.28.157.61 has ssl certificate to *.coolkit.cc by coolkit.cn. But coolkit.cn is verificated root ca, the same we can use self signed ssl. Also the site coolkit.cc use ssl with expired date.
I tryed to use my own domain name with ssl as @andyjenkinson wrote with cloudflare and letsencrypt it doesn't sucsessfull too.
I have a bit of free time to analisy the situation. I trying to use small network with local network 52.28.157.0/24 to trying to cheat and sign 52.28.157.61 network adapter.
Also I don't have any other sonoff devices with sucessfull uprgading firmware to analyse traffic to compare them.

PS sorry for my english, I don't have enough practice. I would be glad if i could help you

@vponomarev

This comment has been minimized.

vponomarev commented Dec 12, 2017

And I think the ip address is hardcode in the firmware.

@tjmaru Here is normal connection procedures for old Sonoff Basic firmware (should be similar for other devices): https://github.com/vponomarev/Sonoff-Server/blob/master/doc/ServerExchange.log.txt
This address should be configured by your eWeLink app, but previous versions of eWeLink configured DNS name eu-disp.coolkit.cc instead of IP address.

So I think sonoff doesn't use any domain for it, so they can't use ssl verification

They can save fingerprint directly into firmware.

@mirko

This comment has been minimized.

Owner

mirko commented Dec 12, 2017

I do not believe they do cert pinning, as as a AWS customer AFAIK you don't have control about the SSL setup. Therewith a cert change would break the entire setup. Different story with a CA though..

@mattlward

This comment has been minimized.

mattlward commented Dec 14, 2017

So... before I buy more of these, is this likely to be a long term deal breaker for the platform?

@sillyfrog

This comment has been minimized.

Collaborator

sillyfrog commented Dec 14, 2017

If we can't figure out how to convince the Sonoff to connect to us, then yes, if you received hardware with v1.6 it won't be able to update this way. However using the traditional serial method will still work. When I get a chance (probably in the New Year), I'll want to try and put in a feature request in with ITEAD to allow downgrading of the devices (no idea if they will listen, but it can't hurt). I do also have some more ideas as to how to generate the certificate, again however I won't have time for a bit to look at it.

@mirko

This comment has been minimized.

Owner

mirko commented Dec 17, 2017

When I was MITM-ing the devices I was generating certificates for each request on the fly to keep the connection flowing and as transparent as possible.
Unfortunately I don't have any Sonoff with original firmware lying around anymore. A dump from an original Sonoff won't help btw, as they are device specific and I don't have any more dumps from back then lying around.
So I won't be able to look into this either before the next order at ITEAD.

@tjmaru

This comment has been minimized.

tjmaru commented Dec 18, 2017

I tried to MITM too and I suppose in Sonoff-device ITEAD check the certificate. Probably they do it by fingerprint or they have CA certificate in it generated by themself. Cause after device turned on it must connect to server ITEAD without it you can not manage device. They send just one package but nobody knows what in it.

@zomars

This comment has been minimized.

zomars commented Jul 5, 2018

I'm having the same issue as @luketoh with my T1 US 1C with 1.8.1 firmware.

@DonnyBahama

This comment has been minimized.

DonnyBahama commented Jul 7, 2018

Could someone please post a link to a noob-friendly procedure for flashing via USB?

@zomars

This comment has been minimized.

zomars commented Jul 7, 2018

@NguyenKhong

This comment has been minimized.

NguyenKhong commented Jul 18, 2018

Hi everyone, Does anyone have Sonoff Basic firmware v1.5.5, I want to download it to study ?

@sillyfrog

This comment has been minimized.

Collaborator

sillyfrog commented Jul 19, 2018

@NguyenKhong See #1 regarding stock firmware

@GeorgeDewar

This comment has been minimized.

GeorgeDewar commented Jul 25, 2018

My brand new Sonoff S22 came with firmware 2.0.4, and SonOTA worked perfectly! Perhaps they have decided to subtly solve the problem for everyone...

@RK1975

This comment has been minimized.

RK1975 commented Jul 25, 2018

@stixpunk

This comment has been minimized.

stixpunk commented Jul 25, 2018

Can't wait while it comes for Sonoff T1. I have last version still 1.8.1

@mirko

This comment has been minimized.

Owner

mirko commented Jul 26, 2018

@GeorgeDewar Oh, that's awesome news! But what's the S22? I only see the S20, S26 and S30/31.
Anyway, I'm curious to see if other - older - devices also get shipped with v2+.
Unfortunately I don't have any device left with original FW on it.

If they did that on purpose, I'd expect a statement, at least in the changelogs. Otherwise I wouldn't get too excited for it to stay.

@GeorgeDewar

This comment has been minimized.

GeorgeDewar commented Jul 26, 2018

The S22 is mentioned in arendst/Sonoff-Tasmota#627. It looks like it used to be on there website here, but that page is gone.

It can be found for sale on Gearbest, Aliexpress, etc.

I agree that it's odd that they would deliberately break the certificate validation after fixing it...

@geekasylum

This comment has been minimized.

geekasylum commented Jul 30, 2018

I recieved two s26's today. Both came with Firmware 1.6 and updated to 1.8.1 (latest). I don't know where that 2.0.4 version comes from - it may be a device-specific branch but it doesnt seem to be available to all devices, and is quite possibly older than the current general release that I flashed today.

As far as aksing ITEAD for assistance (ie: such as a downgraded firmware version) are we asking for what we actually need?

I'd be happy if they just populated the 4 serial 'test points' with pins that we could clip to or press a header on. The real problem that we are all trying to avoid (even with OTA solutions) is having to solder directly to the board. I'd certainly pay extra to cover the cost of those additional pins.

We definately need to be talking to support, but I'd be asking them for those pins. One time serial flash to change firmware, and OTA after that once the device is in place.

Just my thoughts

@zomars

This comment has been minimized.

zomars commented Jul 30, 2018

I'm stuck on 1.8.1 also @geekasylum

@sillyfrog

This comment has been minimized.

Collaborator

sillyfrog commented Jul 30, 2018

I have just updated the README to try and clarify things. For what ever reason, there appears to be a v1 series and a v2 series of firmware for different devices. They do not appear to actually upgrade from v1 to v2, rather some devices run v1.x.x and others run v2.x.x.

So once you are on the latest version of the series for your device, you are stuffed :(

@GeorgeDewar

This comment has been minimized.

GeorgeDewar commented Jul 30, 2018

Based on what others have said earlier, I think the 2.x firmware might be for the TH10/TH16, and the Sonoff S22 is probably hardware-equivalent to that. Thanks for updating the Readme @sillyfrog.

@Edzilla2000

This comment has been minimized.

Edzilla2000 commented Aug 2, 2018

@geekasylum I somewhat agree yet there are people (I for one) who turn to OTA solutions because they are not confortable opening their hardware and flashing a firmware through the mainboard pins.

In the old days of the WRT linksys routers, you could flash them by simply going to the admin interface and uploading the required openwrt or dd-wrt firmware through the official upgrade page.

I for one am happy that they fixed the vulnerability that SonOTA was exploiting to flash the firmware remotely, but I think that what they could offer is a tool or a webinterface that would allow an authorized end-user to safely flash an alternative firmware through the network.

@jack1142

This comment has been minimized.

jack1142 commented Aug 9, 2018

So there's currently no way to flash without soldering Sonoff S26, if I won't be lucky enough (and I probably won't, I'm not even sure, if plug with those 1.6> firmwares are even still on the market) to get 1.6> firmware?

@geekasylum

This comment has been minimized.

geekasylum commented Aug 9, 2018

@jack1142 As I mentioned, the s26 that I bought recently arrived with firmware 1,6. This is already incompatible with sonOTA. I'm not sure how new the s26 is - but they havn't been around all that long - it may be very difficult (if even possible at all) to find them with older firmware.

@Edzilla2000 IF you're not comfortable pressing connectors onto pins, you definately won't be comfortable soldering to the board, so I do still see pins as an advantage, Perhaps asking ITEAD for a web interface where firmware could be uploaded would indeed be an even better solution. I'm not sure how they would respond though - I have already seen a comment in one of the threads linked here, that suggests that they do not support flashing foriegn (ie: not theirs) firmware. A web interface would still be open to OTA attacks so that may not be an option they'd accept.

Perhaps another viable possibility would be for someone with a 3D printer to come up with a jig, similar to what ITEAD use to flash the firmware in the first place, that could simply be clipped on to the board.

There is already something like this on Thingyverse, (Search Sonoff, and look for a thing with pogo pins) but that one will only work with boards that have their pins on a single connector, such as the Sonoff Basic. It may also work with the Slampher (pins in the same order) but that has its own difficulties, since the button is not conencted to GPIO 0 on the Slampher (you have to jumper a pin on the 8266 (or R9 - easier) to ground temporarily).

Unfortunately I don't own a 3D printer.

@jack1142

This comment has been minimized.

jack1142 commented Aug 9, 2018

@geekasylum thought so, what about soldering part, is it needed or is it possible to hold those pins somehow without soldering? I don't have any Sonoffs for now, so I don't have any experience with that.

@geekasylum

This comment has been minimized.

geekasylum commented Aug 9, 2018

@jack1142 I did think about holding a couple of headers to the s26 pads. I was fairly confident that this would be do-able, but my wife and I attempted it for over an hour a few nights ago - many times, with no success.

Itead program the assembled devices in a jig (using solderless contacts - aka: pogo pins), so its definately possible, but with our limited tools, aging eyes, and tiny programming pads in an unusual arrangement, the dexterity required was beyond us.

It can be done by soldering a wire to each pad (I believe the Tasmota wiki shows this method) but Im trying to avoid soldering if at all possible. (See above re pad size and eyesight :p )

I have programmed Basic's and SV's by simply holding a header to the programming pads (no soldering), but the pads on the s26 are much smaller and are seperated into two groups.

@robertklep

This comment has been minimized.

robertklep commented Aug 25, 2018

Anyone taken a look at the LAN mode that's implemented in the latest app versions?

@adrtitan88

This comment has been minimized.

adrtitan88 commented Aug 28, 2018

This simply does not work. On a Mac and I get to the point where I'm waiting for the "Final Stage" ssid crap is supposed to show up and it never does. Complete crap

@zomars

This comment has been minimized.

zomars commented Aug 28, 2018

You don't have to be mean about it @adrtitan88

@A----

This comment has been minimized.

A---- commented Oct 20, 2018

To summarize this extra-long thread/issue. How Sonoff products works is:

  1. when you pair it, it creates a WiFi network that you can connect to and starts a HTTP server;
  2. you can send a request to this server, with an IP/port where the switch/product should connect to;
  3. the dialog always required to use HTTPS.

Now here's the catch. Beforehand, the certificate wasn't validated, even self-signed certificate worked. This allow you to push any kind of commands, or even a new firmware (in the case of SonOTA.) Cool if it's you who's pushing it, not so cool if it's some black-hat whose sole purpose in life is turning your lights on and off in the middle of the night. Spooky. 👻

Starting with [1.6, 2.0[ and [2.6, …[ it seems, it now validates the certificate according to the eu-disp.coolkit.cc certificate chain. Which means that unless the certificate gets reversed or an other flaw is discovered, well, you have a nice paperweight.

Edit: or you'll have to treat yourself with a nice soldering session, obviously. That still works.

@RK1975

This comment has been minimized.

RK1975 commented Oct 20, 2018

Thanks. You'd be helpful on a sinking ship. "Just to recap, we're all gonna die."

@fiddie1987

This comment has been minimized.

fiddie1987 commented Nov 3, 2018

My sonoff basic just got updated from 1.6.0 to 2.6.0 but Sonota just force closes after connecting to the ITEAD SSID

@zehrer zehrer referenced this issue Nov 14, 2018

Open

SonOTA uodate #155

@difelice

This comment has been minimized.

difelice commented Nov 24, 2018

Hi @A----, can't sonOTA somehow use an Authentication "token" to pass certificate validation? Here a guide to retrieve it. Maybe something similar could be done here as a workaround. Not sure if that makes sense. Thanks.

@A----

This comment has been minimized.

A---- commented Nov 24, 2018

I don't believe so. The issue is on the layer underneath, your switch will refuse to even connect to a custom server.

How a SonOff product works, using the default firmware is this:

[ Switch ] <------> [ A Server (probably in China) ] <---- [ eWeLinkApp ]

If you're freaked out to have random appliances connected to “A Server (probably in China)” , that's a perfectly adequate response.

What the mentioned app does is replace the eWeLink app. That probably still works. And that might be an attack vector for another software solution.

What SonOTA does is replacing the weird server in China by its own, and push a new firmware that removes the necessity to connect to a server all-together.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment