Setup and Expected Behavior

[Orca]

I have not done this but I'm curious what the assumed or expected behavior would be and what should I see with the LED's in the following scenario,

What happens if the Owl does not have a payload.txt and if the extensions folder is empty.  What happens when the device is  booted like this and there is no USB device attached.

Will the firmware allow booting back into ARMING mode with a USB device attached and copy the payload and extensions over from it?

Also, what is suppose to happen if an existing firmware is flashed back onto the device?  Will it know that the firmware is already loaded and skip the process or does it just flash it over again?

Would like to know just to avoid any mistakes or accidents and know what to expect.

Thanks

[Darren Kitchen]

If there is no payload present on local storage or external storage and the device boots into attack mode (the default) then it will indicate LED FAIL, which is a slow blinking LED.

Payloads and extensions are copied from external to internal storage only in attack mode, not arming mode.

In arming mode, if an external USB disk is present with an upgrade-x.x.x.bin file for the Owl, it will flash regardless of whether or not it is the currently running version. This process will take 5-10 minutes to complete, overwriting anything stored on the device, and it is important to note that interrupting this process will render the device inoperable so *do not* unplug the power until the firmware flashing process is complete.

Here's a rundown of the functions:


BOOT

1. Initial boot, indicated by a blinking LED
2. USB disk enumeration/mounting, indicated by a solid LED
3. Mode Selection for 3 seconds, indicated by a rapidly blinking LED

ATTACK MODE

If the button is not pressed during the 3 second mode select phase of boot, the device will enter attack mode where:

1. Check to see if a FAT or EXT formatted USB disk is connected, and if so the disk is checked for a payload on the root and an extensions directory
2. If a payload exists on the disks root, it will be copied to the internal storage at /root/payload/ overwriting any existing payload
3. If an extensions directory exists on the disk, the contents will be copied to internal storage at /root/payload/extensions/ overwriting any existing estensions
4. Extensions are sourced and the payload is executed from internal storage
5. If no payload is present on internal storage (either copied from USB in the above steps, or manually loaded from SSH/SCP in arming mode) the device will indicate LED FAIL (slow blinking LED)


ARMING MODE

If the button is pressed during the 3 second mode select phase at boot, the device will enter arming mode where:

1. Check to see if a FAT or EXT formatted USB disk is connected, and if so the disk is checked for a firmware upgrade file named upgrade-x.x.x.bin on the drive root
2. If a firmware upgrade file exists on the disks root, it will be copied to internal storage at /tmp/ and flashed with sysupgrade (standard firmware flashing precautions apply, do not unplug during the 5-10 minute firmware update process as doing so will render the device inoperable) 
3. If no firmware upgrade file exists on a flash disk, an access point will be started and the SSH server will start (on the standard port 22) and the LED will indicate a double blinking pattern.

By default the access point in Arming mode is open with an SSID beginning with Owl_ and ending with the last two octets of the devices MAC address. This may be configured by editing the wireless file in /etc/config. The root password is hak5owl, and of course you are encouraged to change this using the passwd command.

[Orca]

What is going on if the upgrade or the payload is not being copied from the disk to the device?  I'm able to boot the device into arming mode and ssh into it but I can see that the payload on the disk is not being copied and when I try to flash the firmware it looks like it's not happening. 

The Owl looks like it's working or booting but not performing all of the steps it needs to either flash or copy and start a payload from the disk.  It was working but now it's not and I've done nothing but try to load a payload or flash the device.

 

[rylore]

I'm having the same issue. I cannot get the payloads to copy from an external USB to the device. I have added the payloads manually, but still cannot get the wifi payload to work. I even tried to re-flash it waiting the 5-10 minutes, but after all my same configs were still there. So the re-flash didn't work.

[Cap_Sig]

On 8/19/2019 at 9:39 PM, Orca said:

What is going on if the upgrade or the payload is not being copied from the disk to the device?  I'm able to boot the device into arming mode and ssh into it but I can see that the payload on the disk is not being copied and when I try to flash the firmware it looks like it's not happening. 

The Owl looks like it's working or booting but not performing all of the steps it needs to either flash or copy and start a payload from the disk.  It was working but now it's not and I've done nothing but try to load a payload or flash the device.

 

 

8 hours ago, rylore said:

I'm having the same issue. I cannot get the payloads to copy from an external USB to the device. I have added the payloads manually, but still cannot get the wifi payload to work. I even tried to re-flash it waiting the 5-10 minutes, but after all my same configs were still there. So the re-flash didn't work.

Maybe a silly question, but have seen it cause problems like this before.  Are you sure that your USB drive is formatted either FAT or EXT?  This can cause the device to not recognize the drive resulting in issues like yours.  May even try reformatting your USB drives and giving it another go if you haven't already.  Just a suggestion! 

[akmartinez]

Hello everyone,

I ordered a second Signal Owl because I wanted another one even after experiencing a few problems with the first unit.  I had already placed a support ticket with Hak5 and was waiting for information on how to proceed.  While I was waiting I decided to do a few tests to see how things were working with a good or new unit compared to a unit that was giving me problems.

Here are a few expectations based on some of the documentation and conveyed information within this forum.

When flashing a firmware the device will flash and the upgrade-x.x.x.bin file will be removed from the USB device.

When loading a payload the payload will be copied from the USB device to the Signal Owl.

When I received the new Owl (Owl2) I tried to power it on and attempt to SSH into it before flashing the current upgrade.  Owl2 did not look like it was booting up correctly according to the LED sequences.  The LED blinked a few times and then stopped and remained off.  So I flashed the current upgrade-1.0.0.bin file from a SanDisk Fit 16Gb formatted FAT32 and the Owl LED looked to be blinking activity normally.  After a few minutes it looked to be completed and I powered off the Owl and checked the USB flash drive on my laptop and the .bin file was missing/removed (I'm assuming this is done during the firmware flashing sequence).  I was able to reboot the Owl and SSH into it successfuly.

I tried to load the wifi connect payload from the same USB drive to the Owl without success and couldn't understand why with a new Signal Owl.  Then I decided to test both Signal Owls with 3 different USB drives formatted in both FAT32 and Ext4.

I used a SanDisk Fit 16Gb, SanDisk Fit 32Gb, and a Samsung 32Gb USB flash drive.  I formatted all 3 drives as FAT32 and copied upgrade-1.0.0.bin to all 3 of them and attempted to flash the firmware to Owl1 and all 3 attempts did not complete as expected.

I erased the upgrade-1.0.0.bin file and copied the wifi connect payload to all 3 drives to copy and rin the payload and all 3 attempts did not complete as expected.  The payload remained on the USB drive but the payload directory on the Signal Owls remained empty so they did not copy over.

I reformatted the USB drives with Ext4 and attempted the same tests and had the same results.

So now I'm not sure what's going on or how to continue.

I submitted a ticket with this same information and waiting for a response.  I'm open to testing things if anyone has any suggestions.

Let me know...