OpenFrame 2: Recover from 'Upgrade'

Post by **roobarb!** » Mon Aug 13, 2012 4:17 pm

jazzmista wrote:Nice find Buzz! I've created a GitHub repo for our custom App Shop (possibly including our telnet-activating icon). https://github.com/jamiehoyle/openframe-app-shop

If anyone wants to help with this then I will need your Github username (to give you pull/push access). You can do this by leaving a reply in this thread or by sending me a PM.

Happy to help with anything I can - I'm birdslikewires on Github. At least I have some Jogglers that are fully working.

Post by **BuZz** » Mon Aug 13, 2012 4:33 pm

I have hex edited the library to use one of my local machines over http, which will then proxy out to openpeak https. hopefully I can snoop on the traffic and get some more information about update locations etc.

Post by **roobarb!** » Mon Aug 13, 2012 4:43 pm

BuZz wrote:I have hex edited the library to use one of my local machines over http, which will then proxy out to openpeak https. hopefully I can snoop on the traffic and get some more information about update locations etc.

Genius. I'll zap you the MAC address for this OpenFrame2 in case you need it to test anything with. Putting in a 'wrong' MAC address didn't return device IDs for me earlier, so it might come in handy.

Post by **BuZz** » Mon Aug 13, 2012 4:49 pm

what does your os version etc show after yours has updated btw ?

Post by **roobarb!** » Mon Aug 13, 2012 4:58 pm

BuZz wrote:what does your os version etc show after yours has updated btw ?

It says...

Code: Select all

Firmware: 8931.S4 (boardrev: 2)
Software: 30005.S4 (Apr 18 2011:17:27:01)
DECT FT: 8518.20100602.cfg2

Prior to the update it was software 26087 (can't remember the firmware version).

Post by **BuZz** » Mon Aug 13, 2012 5:04 pm

please pm me your mac address. I have another solution.

Post by **BuZz** » Mon Aug 13, 2012 5:35 pm

In regards to disassembling btw - Openpeak have a special tool that has these 2 very long "prongs" that push up through the holes on the bottom of the openframe 2. You lower the OpenFrame 2 onto the prongs, they go into the holes and when deep enough they hit a type of "catch" that pops the front lcd screen off.

But you won't need to do this as I have described a software solution in your mailbox. but useful for anyone who wants to have a go, and make some photos etc for the wiki.

jazzmista · Post by **jazzmista** » Mon Aug 13, 2012 5:50 pm

Seen as you have a solution, I've changed the purpose of the repo slightly - now it's called the OpenFrame Community App Library and split into two parts - openframe-app-library-server (https://github.com/jamiehoyle/openframe ... ary-server) and openframe-app-library-client (https://github.com/jamiehoyle/openframe ... ary-client). If you want to help, please leave your Github username as before - roobarb, I've added you to the two repos.

If you want me to change it back then tell me

Post by **roobarb!** » Mon Aug 13, 2012 5:54 pm

Nope, sounds like a good plan to me!

BuZz, a MAC is on it's way ASAP!

offbeatdave · Post by **offbeatdave** » Fri Aug 31, 2012 6:38 pm

Sorry for the deafening silence from me regarding the OpenFrame 2 stuff - I've been in Florida for the last 3 weeks and so haven't actually had a chance to really look at it until now.

Mine is definitely a Telio boot screen (before the OpenPeak splash) and boots into Firmware 8578 (boardrev 3)
Software 26087 (Jun 2 2010:06:26:31)
I have backed up the image of the machine and the current efi
It currently telnets in and allows me to boot from USB into my Linux Mint

Post by **roobarb!** » Thu Sep 06, 2012 10:02 am

Just a note to say - hooray!

Through the magic of, well, magic, I am back into the OpenFrame 2! All backup files intact, so I'm making backups of everything again.

ilovemyjoggler · Post by **ilovemyjoggler** » Thu Sep 06, 2012 10:21 am

Hallelujah!! well done - you must be delighted! Wanted to ask but didn't want to rub salt in the wounds...

Post by **roobarb!** » Thu Sep 06, 2012 1:03 pm

ilovemyjoggler wrote:Hallelujah!! well done - you must be delighted! Wanted to ask but didn't want to rub salt in the wounds...

Thanks - it has been sat next to me on my desk, looking forlorn, for weeks. Great to have it booting what I want it to again!

Post by **roobarb!** » Thu Sep 06, 2012 1:28 pm

Also, I've just found in the app-telio-30005.8931-S4-f2-reimage.tgz file the component that killed the USB booting in the EFI (and telnet). There's a payload called BIOS-telio-sec.tgz which is very explicitly written to zap the EFI with a locked-down version and disable telnet. There's some commented-out code that even deletes the telnet binary, so it looks to me like Telio were very much of the mindset that nobody should get in.

We're lucky O2 didn't go this route, or we'd not be Joggling like this!

On a side note, it's worth being aware that there's nothing stopping OpenPeak locking down any Jogglers running the native OS using their update system should they wish to, although I can't for the life of me see why they'd bother. I also made a little discovery that might circumvent the security applied to the Telio OpenFrame 2 units, but I haven't confirmed this by delving into the full payload yet. That's for another day, when I have more time.

ilovemyjoggler · Post by **ilovemyjoggler** » Thu Sep 06, 2012 4:00 pm

I didn't understand most of your post - nothing unusal in that. All I could see was blah blah blah

. However, you know that saying about a little bit of knowledge? Well...

roobarb! wrote:On a side note, it's worth being aware that there's nothing stopping OpenPeak locking down any Jogglers running the native OS using their update system should they wish to, although I can't for the life of me see why they'd bother.

...this I got. WHAT!!!! Native os including pnpIII I assume?

Post by **roobarb!** » Fri Sep 07, 2012 11:38 pm

Yes, if OpenPeak really wanted to, they could zap every Joggler running their OS with a non-USB-bootin' EFI and we'd be scuppered.

Actually, that's not true. We could swap out the EFI chip. But it would be jolly inconvenient. It's not going to happen, though. Why would they bother?

On a related note, though, I received some pictures of the insides of an OF2 today. Turns out the EFI chip is soldered, not socketed. So if you get a crappy EFI like I ended up with, it be solder-time.

Post by **BuZz** » Sun Sep 09, 2012 1:17 am

roobarb! wrote: On a related note, though, I received some pictures of the insides of an OF2 today. Turns out the EFI chip is soldered, not socketed. So if you get a crappy EFI like I ended up with, it be solder-time.

interesting. Please could you put them on the wiki ?

Post by **roobarb!** » Fri Sep 14, 2012 12:10 pm

BuZz wrote:
roobarb! wrote: On a related note, though, I received some pictures of the insides of an OF2 today. Turns out the EFI chip is soldered, not socketed. So if you get a crappy EFI like I ended up with, it be solder-time.
interesting. Please could you put them on the wiki ?

Just had a reply from the person who took them to say it's okay to use them. They're up on the wiki now:

http://www.jogglerwiki.com/wiki/OpenFrame_2_Pictures

ayagy · Post by **ayagy** » Mon Feb 10, 2014 4:52 pm

Hi @all,
Found the thread and i hope you can help me with my Openframe 2 with Dect Handset (Swisscom // Telio) in order to get a working device again. I bought the Openframe 2 (Swisscom DaVinci Version) a year ago and made an update directly on the device via telnet. (used the telio img files).
Since that time i have no telnet or ssh/scp access to the device. It's still working and it has network access via WiFi and ethernet.

Do you have an idea or solution how to flash an original openpeak or cisco firmware? Btw, i have already tried the reflashing tool via usb, without success, of course

.

Code: Select all

Firmware: 8961.S5 (boardrev: 3) ID=30025
Software: 30207.S5 (Aug 8 2011:10:16:53)
DECT FT:

Thank you very much in advance.

Post by **pete** » Mon Feb 10, 2014 6:13 pm

You could try breaking out of the EFI boot and manually booting a USB stick. This is a guesstimate based on your description.

Getting into the EFI shell on the device
Requirements: USB stick, keyboard, hub

Make a USB stick with a FAT partition on it first.

Put in the root of the partition, file boot.nsh:

fs1:
cd \efi\screen
screen

And file startup.nsh:

fs1:boot2
fs0:boot

You will then need to make a directory 'efi' and underneath this, directories 'screen' and 'tools'.
>
In the 'screen' directory, put the file screen.efi and under 'tools', put the file 'Shell.efi'. Additional tools can be downloaded here (tools folder). Thanks to TonyHoyle for making these tools available and making them.

Now, because the Joggler does not load the USB keyboard driver automatically, you need to upon boot, to follow the following procedure:

* Plug in keyboard, USB stick into USB hub
* Plug USB hub into the Joggler
* Turn on the Joggler, press ESC several times on the until it is obvious the startup has stalled completely.
* Type blind, without quotes, 'fs1:boot'
* You will now see text, press ESC again, and you'll be in a shell.
* You should then see a shiny EFI shell with keyboard working.

http://jogglerhacks.blogspot.com/2010/0 ... evice.html

O2 Joggler Forum