Doridian
-
Posts
9 -
Joined
-
Last visited
Posts posted by Doridian
-
-
15 minutes ago, BHak said:
i suppose this process will work on other devices (i.e keycroc) as long as we can serial into it? right ?
As long as you can attach to serial and there is a firmware.bin file available from Hak5 it should work, yes.
-
1 minute ago, Nutterr said:
I have a bricked owl (power fail during update), could anyone with a working owl send me a memory dump from the uboot interface so that I can reflash it?
e.g. md.l 0x9f000000 0x01000000
(a quick ''grep ':' DUMPFILE | wc -l" should show 1048576 if it is complete)
I have a way to reflash it but without a dump its a little difficult. Will share the results here.
Thanks for any help.
The update you can download from hak5 is ltieraly a raw binary image (update-1.0.1.bin). So you can just flash that thing. It is what I did. All you do is flash that to $firmware_addr (which should actually be 0x9f000000 IIRC)
-
You can follow Darren Kitchen's post above for getting it hooked up (cracking it open and finding the serial port). Hook that serial port up immediately, but do not plug the Signal Owl's USB cable in to make sure it does not get any power.
Then you get your hands on the update-1.0.1.bin (from the Hak5 downloads site, it is just the latest firmware update)
Then you download my repository and follow the instructions (make sure you have the NodeJS runtime installed)
Then you follow the app's instructions (it will tell you when to plug the Signal Owl into power)
-
I have made a script to flash it with the minimalistic thing as outlined above. Flashing/recovering via this procedure takes roughly 4 HOURS.
Link to GitHub for anyone courious: https://github.com/Doridian/slow-uboot-flasher
-
Also @Darren Kitchen as the Owl comes with a "small" (can only flash, I believe it is referred to as a ledger) firmware at first. Can a link to that be provided? If it is smaller, it'd take less time to flash obviously.
-
Thanks for this topic. I managed to brick my Owl by messing around with sysupgrade (I botched my arming mode config and couldn't connect to it anymore, but I could connect fine by pushing a payload that started sshd). So it erased parts of my flash, whooops (squashfs is corrupted, the kernel still mostly boots via serial console, but most files just don't work at all).
Anyway, I wrote a nodejs script that can now send the image to it via serial using a single "mm" command and its auto-increment feature. Excruciatingly slow, but sadly, despite u-boot claiming there is two eth interfaces for TFTP boot, there is none.
@Darren KitchenIs there any pins/pads you could wire/solder an RJ45 jack to?
P.S.: Can you in future such devices please include the "loadb" command in uboot? At least then flashing takes 15 minutes over serial, not 4 hours which this will probably take. :P
P.P.S.: Also this has prompted me to order an SPI/EEPROM/... programmer so I can fix those things faster in the future.
Recovery / Reset
in Signal Owl
Posted
Well, while console output could possibly be a concern indeed. I don't think it is a major concern comparatively to how slow the serial bus is.
Feel free to remove the console output. I kept it in there mainly so I could follow the process and see if anything bad happens.
The script does evaluate the "echo back" from the uboot shell to make sure it received what was sent, so it should be reasonably safe even with that removed.