News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Can the OBi1xx be downgraded?

Started by azrobert, June 25, 2015, 11:48:21 AM

Previous topic - Next topic

azrobert

Awhile ago OBiHai wouldn't allow downgrading firmware on the OBi1xx or the OBi2xx. The last several firmware updates on the OBi2xx allow downgrades. I'm running build 2824 on my OBi110 which can't be downgraded. Does anybody know if build 2872 on the OBi1xx can be downgraded?

Thanks

WelshPaul

No idea but I have loads of OBi's here so I can find out for you in the morning.
For everything VoIP
www.ukvoipforums.com

WelshPaul

I just attempted to downgrade an OBi110 running 2872 and got the dreaded "Firmware downgrading is prohibited " message. So nope you cannot downgrade the firmware if you're running the latest firmware. :(
For everything VoIP
www.ukvoipforums.com

drgeoff

#3
@azrobert
Did you just want to know the answer or do you really want to downgrade the firmware on a 110?

If the latter, a general technique is to open the firmware file with a hex editor and change the version number (usually near the start) to be higher than is on the device. But often there is also a checksum which necessitates a futher tweak to avoid the modified file being rejected.

I haven't tried that technique on an OBi.

WelshPaul

Can you post how to get around the checksum?

Would like to try this myself.
For everything VoIP
www.ukvoipforums.com

azrobert

Quote from: WelshPaul on June 26, 2015, 01:27:37 AM
I just attempted to downgrade an OBi110 running 2872 and got the dreaded "Firmware downgrading is prohibited " message. So nope you cannot downgrade the firmware if you're running the latest firmware. :(
Not what I wanted to hear. Thank you for the answer.

drgeoff asked:
QuoteDid you just want to know the answer or do you really want to downgrade the firmware on a 110?
I was thinking of upgrading, but don't want to unless I can go back to my current level.

drgeoff

#6
Quote from: WelshPaul on June 26, 2015, 03:56:48 AM
Can you post how to get around the checksum?

Would like to try this myself.
There is no standard way of computing a checksum. Variables include which part (if not all) of the file it is calculated from,  its size (usually 8 or 16 bits) and where the expected result is placed.

Simple schemes just XOR every byte or word but others like md5 and sha1 could be used.

Most times the checksum is to provide some protection against the device being flashed with a corrupt file rather than trying to prevent 'hackers' from meddling so the level of obfuscation is frequently low and determined educated guesswork plus trial and error will crack it. Currently, I'm not feeling sufficiently motivated to have a go at it.  :(

If you want to try it, here is one approach which might work. Assuming you can find the bytes which hold the version number, are there two which you can swap (replace each with the other) such that the version number will be higher? The file length will be unchanged and an XOR checksum over bytes will be unchanged.

SteveInWA

This discussion begs the question:  why worry?  The current firmware has been out for a long enough period of time that any serious bugs would have surfaced and been discussed here.  Is there some particular function that you are concerned about?

RFC3261

Quote from: drgeoff on June 26, 2015, 08:31:01 AM
There is no standard way of computing a checksum.
And while I have no idea if this firmware is so validated, SOP by many companies these days is to cryptographically sign the image with their private key (the public key being in the device).  That basically eliminates tampering if combined with a validating boot loader (and while even those can be bypassed, it is beyond the casual user).