Hijacking the Sonoff OTA Mechanism

ITEAD’s Sonoff line is a range of Internet-of-Things devices based around the ESP8266. This makes them popular for hacking due to their accessibility. Past projects have figured out how to reflash the Sonoff devices, but for [mirko], that wasn’t enough – it was time to reverse engineer the Sonoff Over-The-Air update protocol.

[mirko]’s motivation is simple enough – a desire for IoT devices that don’t need to phone home to the corporate mothership, combined with wanting to avoid the labor of cracking open every Sonoff device to reflash it with wires like a Neanderthal. The first step involved connecting the Sonoff device to WiFi and capturing the traffic. This quickly turned up an SSL connection to a remote URL. This was easily intercepted as the device doesn’t do any certificate validation – but a lack of security is sadly never a surprise on the Internet of Things.

After capturing the network traffic, [mirko] set about piecing together the protocol used to execute the OTA updates. After a basic handshake between client and server, the server can ask the client to take various actions – such as downloading an updated firmware image.  After determining the messaging format, [mirko] sought to create a webserver in Python to replicate this behaviour.

There are some pitfalls – firmware images need to be formatted slightly differently for OTA updates versus the usual serial upload method, as this process leaves the stock bootloader intact. There’s also the split-partition flash storage system to deal with, which [mirko] is still working on.

Nevertheless, it’s great to see hackers doing what they do best – taking control over hardware and software to serve their own purposes. To learn more, why not check out how to flash your Sonoff devices over serial? They’re just an ESP8266 inside, after all.

HDTV antenna of a different color

We’ve seen our share of commercially available HDTV antennas that work really poorly. For at least four years now we’ve gone without cable television, using a coat hanger antenna we made ourselves to record over-the-air broadcasts. But it’s a pretty ugly beast — we’re lucky enough to have an attic in which it can be hidden. If you’re in need of free television and don’t want an eyesore of a an antenna try building this foil and cardboard version. Even it if doesn’t work at all you’re only out about ten bucks.

The expensive part is the matching transformer which converts screw terminals to a coaxial cable connection so that it may be connected to your HDTV. You’ll need a few nuts and bolts, but we assume you can beg, borrow, or steal the tin foil, cardboard, and glue that round out the parts list. Glue, measure, cut, fold, fasten, finished! You’ll be watching horrible summer TV in no time!

If it doesn’t perform as expected just reuse that connector and try your luck with a fractal antenna.

Stepper Directed HDTV Antenna

Credit: http://www.instructables.com/id/Computer-controlled-OTA-TV-antenna/

Broadcast TV has come a long way from adjusting the rabbit ears on top of the set just to get a fuzzy black and white picture. While nowadays there are often HD signals broadcast in most areas, it can often still be critical to redirect an antenna to get the best possible signal. By harvesting a stepper motor from an old 5 1/2″ floppy drive, and using a PC’s parallel port to control it, this adjustment can be handled automatically. Broadcast tower locations are easily found online, and once you have calibrated your stepper to face North, you are on your way to free HDTV reception.

What we would like to see is this antenna attached to a HTPC, and some kind of script to automatically direct the antenna for the best possible signal for the current channel. If anyone out there makes this happen, be sure to let us know.