Merge branch 'develop' of https://github.com/toniebox-reverse-enginee…

…ring/teddy_cloud into develop
toniebox-reverse-engineering · Oct 3, 2023 · ac68bdd · ac68bdd
2 parents 35cc1f1 + 3a7f572
commit ac68bdd
Show file tree

Hide file tree

Showing 7 changed files with 180 additions and 63 deletions.
diff --git a/.github/workflows/publish_docker_matrix.yml b/.github/workflows/publish_docker_matrix.yml
@@ -49,35 +49,60 @@ jobs:
       with:
         images: ${{ env.REGISTRY_IMAGE }}
         tags: |
-          type=sha
+            type=schedule
+            type=schedule,pattern=nightly
+            type=schedule,pattern={{date 'YYYYMMDD'}}
+            type=schedule,pattern={{date 'YYYYMMDD-hhmmss' tz='Germany/Berlin'}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+            type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/tc_v') }}
+            type=raw,value=nightly,enable=${{ startsWith(github.ref, 'refs/tags/tc_nightly') }}
+            type=raw,value=nightly-develop,enable=${{ github.ref == 'refs/heads/develop' }}
+            type=ref,event=tag
+            type=match,pattern=tc_v(\d+),group=1
+            type=match,pattern=tc_v(\d+.\d+),group=1
+            type=match,pattern=tc_v(\d+.\d+.\d+),group=1
+            type=match,pattern=tc_v(\d+.\d+.\d+-\S+),group=1
         flavor: |
-          prefix=arch-,onlatest=true
-          suffix=-${{ matrix.platform }},onlatest=true
+          prefix=arch_,onlatest=true
+          suffix=_${{ matrix.platform }},onlatest=true
 
-    - name: Build docker ${{ matrix.platform }}
+    - name: Build & push digest docker ${{ matrix.platform }}
       id: build
       uses: docker/build-push-action@v2
-      if: ${{ github.event_name != 'pull_request' }}
       with:
         context: .
         platforms: ${{ matrix.platform }}
-        #platforms: linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
+        push: ${{ github.event_name != 'pull_request' }}
         labels: ${{ steps.matrix_meta.outputs.labels }}
-        outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
+        outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true
         cache-from: type=gha
         cache-to: type=gha,mode=max
+
     - name: Export digest
       run: |
-        mkdir -p /tmp/digests
+        mkdir -p /tmp/digests/${{ github.sha }}
         digest="${{ steps.build.outputs.digest }}"
-        touch "/tmp/digests/${digest#sha256:}"          
+        commit_sha="${{ github.sha }}"
+        touch "/tmp/digests/${commit_sha}/${digest#sha256:}"
+
+    - name: Push docker tags ${{ matrix.platform }}
+      id: push_tags
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        platforms: ${{ matrix.platform }}
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.matrix_meta.outputs.tags }}
+        labels: ${{ steps.matrix_meta.outputs.labels }}
+
     - name: Upload digest
       uses: actions/upload-artifact@v3
       with:
         name: digests
-        path: /tmp/digests/*
+        path: /tmp/digests/${{ github.sha }}/*
         if-no-files-found: error
-        retention-days: 1
 
   merge-images:
     runs-on: ubuntu-latest
@@ -88,7 +113,7 @@ jobs:
         uses: actions/download-artifact@v3
         with:
           name: digests
-          path: /tmp/digests
+          path: /tmp/digests/${{ github.sha }}
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Login to GHCR
@@ -123,7 +148,7 @@ jobs:
 
       - name: Create manifest list and push
         if: ${{ github.event_name != 'pull_request' }}
-        working-directory: /tmp/digests
+        working-directory: /tmp/digests/${{ github.sha }}
         run: |
           docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
             $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)     

diff --git a/README.md b/README.md
@@ -34,7 +34,8 @@ This also generates the replacement CA for the toniebox ```certs/server/ca.der``
 If you are using docker, this will happen automatically.
 
 ### Dump certificates of your toniebox
-You'll need the ```flash:/cert/ca.der``` (Boxine CA), ```flash:/cert/client.der``` (Client Cert) and ```flash:/cert/private.der``` (Client private key). Place those files under ```/certs/client/*```
+You'll need the ```flash:/cert/ca.der``` (Boxine CA), ```flash:/cert/client.der``` (Client Cert) and ```flash:/cert/private.der``` (Client private key). Place those files under ```/certs/client/*```. You can either power the box with the battery (be sure it is note empty) or with the power supply. (recommended)
+
 #### CC3200
 You can use the [cc3200tool](https://github.com/toniebox-reverse-engineering/cc3200tool) to dump your certificates over the Tag Connect debug port of the box. If you have installed the HackieboxNG Bootloader you should already have those files in your backup.
 ```
@@ -47,13 +48,31 @@ You can use the [cc3200tool](https://github.com/toniebox-reverse-engineering/cc3
 cc3200tool -if cc32xx-flash.bin -d cc32xx read_all_files extract/
 ```
 #### ESP32
-You can extract the flash memory via the debug port of the box and the esptool. Keep your backup!
+You can extract the flash memory via the debug port of the box and the esptool. Keep your backup! Please use a recent version of esptool. (>v4.4)
 Please connect the jumper J100 (Boot) and reset the box to put it into the required mode. Connect your 3.3V UART to J103 (TxD, RxD, GND).
+If connected with the Boot jumper, the box just start in "DOWNLOAD (USB/UART0)" mode. (Check with a serial monitor). Beware, if the serial monitor is open it will block esptool.py from accessing the esp. If you get a "BROWNOUT_RST" check your power supply / battery. "SPI_FAST_FLASH_BOOT" indicates a boot without the J100 jumper. 
 
+##### Browser based
+You can use the build in ESP32 box flashing tool in the webinterface of teddyCloud to backup your box with "Read ESP32".
+After that you can manually extract them into the ```/certs/client/``` directory.
+```
+# Please check the filename of your backup
+teddycloud ESP32CERT extract data/firmware/ESP32_<mac>.bin certs/client
 ```
+
+##### Legacy
+```
+# extract firmware
 esptool.py -b 921600 read_flash 0x0 0x800000 tb.esp32.bin
+# extract certficates from firmware
 mkdir certs/client/esp32
-bin/teddycloud ESP32CERT extract tb.esp32.bin certs/client/esp32
+teddycloud ESP32CERT extract tb.esp32.bin certs/client/esp32
+# Copy box certificates to teddyCloud
+cp certs/client/esp32/CLIENT.DER  certs/client/client.der
+cp certs/client/esp32/PRIVATE.DER  certs/client/private.der
+cp certs/client/esp32/CA.DER  certs/client/ca.der
+
+# Copy certificates to temporary dir
 mkdir certs/client/esp32-fakeca
 cp certs/client/esp32/CLIENT.DER certs/client/esp32-fakeca/
 cp certs/client/esp32/PRIVATE.DER certs/client/esp32-fakeca/
@@ -75,11 +94,19 @@ cc3200tool -if cc32xx-flash.bin -of cc32xx-flash.customca.bin -d cc32xx customca
 ```
 
 #### ESP32
+##### Browser based
+With teddyCloud you can also write a new image with your custom CA and a DNS/IP so the box connects to teddyCloud.
+If you have a Fritzbox you can set it to tc.fritz.box (see CC3200 how to configure the hostname on your Fritzbox), if not set it to the IP of teddyCloud.
+
+##### Legacy
 Replace the original CA within your flash dump with esptool.
 
 ```
+# copy firmware backup
 cp tb.esp32.bin tb.esp32.fakeca.bin
-bin/teddycloud ESP32CERT inject tb.esp32.fakeca.bin certs/client/esp32-fakeca
+# inject new CA into firmware
+teddycloud ESP32CERT inject tb.esp32.fakeca.bin certs/client/esp32-fakeca
+# flash firmware with new CA
 esptool.py -b 921600 write_flash 0x0 tb.esp32.fakeca.bin
 ```
 
@@ -90,7 +117,7 @@ If you have a fritzbox you can use the [altUrl tc.fritz.box](https://github.com/
 ).
 You may also edit the patch yourself to set the ip-address directly. Please beware, it should not be longer than the original url, which is 12 characters.
 
-#### CC3235 / ESP32
+#### CC3235
 Set the DNS entries for ```prod.de.tbs.toys``` and ```rtnl.bxcl.de``` to the TeddyCloud servers ip-address. Beware, this will cut off the connection of all tonieboxes within your network, which arn't patched with your replacement CA!
 As an alternative you can set the gateway for the tonieboxes to the ip of teddyCloud. With OpenWRT it works this way:
 ```
@@ -106,6 +133,9 @@ uci commit dhcp
 /etc/init.d/dnsmasq restart
 ```
 
+#### ESP32
+You can either set the IP/DNS within the image or you may do it like on the CC3235.
+
 ### Content
 Please put your content into the ```/data/content/default/``` in the same structure as on your toniebox. You can edit ```500304E0.json``` file beside the content files to mark them as live or you can prevent the usage of the Boxine cloud for that tag with the nocloud parameter. By setting a source teddyCloud can stream any content that ffmpeg can decode (urls and files).
 

diff --git a/include/contentJson.h b/include/contentJson.h
@@ -14,15 +14,18 @@ typedef struct
     uint8_t *cloud_auth;
     size_t cloud_auth_len;
     bool_t cloud_valid;
+    char *tonie_model;
 
     bool_t _stream;
     char *_streamFile;
     uint32_t _version;
     bool_t _updated;
 
+    bool_t _valid;
+
 } contentJson_t;
 
-#define CONTENT_JSON_VERSION 3
+#define CONTENT_JSON_VERSION 4
 
 error_t load_content_json(const char *content_path, contentJson_t *content_json);
 error_t save_content_json(const char *content_path, contentJson_t *content_json);

diff --git a/src/contentJson.c b/src/contentJson.c
@@ -128,6 +128,7 @@ error_t load_content_json(const char *content_path, contentJson_t *content_json)
                 content_json->cache = content_jsonGetBool(contentJson, "cache");
                 content_json->cloud_ruid = content_jsonGetString(contentJson, "cloud_ruid");
                 content_json->cloud_auth = content_jsonGetBytes(contentJson, "cloud_auth", &content_json->cloud_auth_len);
+                content_json->tonie_model = content_jsonGetString(contentJson, "tonie_model");
                 content_json->cloud_valid = true;
 
                 // TODO: use checkCustomTonie to validate
@@ -173,6 +174,11 @@ error_t load_content_json(const char *content_path, contentJson_t *content_json)
 
     osFreeMem(jsonPath);
 
+    if (error == NO_ERROR)
+    {
+        content_json->_valid = true;
+    }
+
     return error;
 }
 
@@ -189,6 +195,7 @@ error_t save_content_json(const char *content_path, contentJson_t *content_json)
     cJSON_AddBoolToObject(contentJson, "cache", content_json->cache);
     content_AddStringToObject(contentJson, "cloud_ruid", content_json->cloud_ruid);
     content_AddByteArrayToObject(contentJson, "cloud_auth", content_json->cloud_auth, content_json->cloud_auth_len);
+    content_AddStringToObject(contentJson, "tonie_model", content_json->tonie_model);
     cJSON_AddNumberToObject(contentJson, "_version", CONTENT_JSON_VERSION);
 
     char *jsonRaw = cJSON_Print(contentJson);
@@ -227,6 +234,7 @@ error_t save_content_json(const char *content_path, contentJson_t *content_json)
 
 void free_content_json(contentJson_t *content_json)
 {
+    content_json->_valid = false;
     if (content_json->source)
     {
         osFreeMem(content_json->source);
@@ -242,6 +250,11 @@ void free_content_json(contentJson_t *content_json)
         osFreeMem(content_json->cloud_auth);
         content_json->cloud_auth = NULL;
     }
+    if (content_json->tonie_model)
+    {
+        osFreeMem(content_json->tonie_model);
+        content_json->tonie_model = NULL;
+    }
     if (content_json->_streamFile)
     {
         osFreeMem(content_json->_streamFile);

diff --git a/src/handler.c b/src/handler.c
@@ -1,5 +1,6 @@
 #include "handler.h"
 #include "server_helpers.h"
+#include "toniesJson.h"
 
 req_cbr_t getCloudCbr(HttpConnection *connection, const char_t *uri, const char_t *queryString, cloudapi_t api, cbr_ctx_t *ctx, client_ctx_t *client_ctx)
 {
@@ -243,6 +244,8 @@ tonie_info_t getTonieInfo(const char *contentPath, settings_t *settings)
     tonieInfo.contentConfig.cloud_ruid = NULL;
     tonieInfo.contentConfig.cloud_auth = NULL;
     tonieInfo.contentConfig.cloud_auth_len = 0;
+    tonieInfo.contentConfig.tonie_model = NULL;
+    tonieInfo.contentConfig._valid = false;
 
     if (osStrstr(contentPath, ".json") == NULL)
     {
@@ -272,6 +275,24 @@ tonie_info_t getTonieInfo(const char *contentPath, settings_t *settings)
                         if (tonieInfo.tafHeader)
                         {
                             tonieInfo.valid = true;
+                            toniesJson_item_t *toniesJson = tonies_byAudioId(tonieInfo.tafHeader->audio_id);
+                            if (tonieInfo.contentConfig._valid)
+                            {
+                                if (toniesJson != NULL && osStrcmp(tonieInfo.contentConfig.tonie_model, "") == 0)
+                                {
+                                    if (osStrcmp(tonieInfo.contentConfig.tonie_model, toniesJson->model) != 0)
+                                    {
+                                        osFreeMem(tonieInfo.contentConfig.tonie_model);
+                                        tonieInfo.contentConfig.tonie_model = strdup(toniesJson->model);
+                                        tonieInfo.contentConfig._updated = true;
+                                    }
+                                }
+                                else if (toniesJson == NULL && osStrcmp(tonieInfo.contentConfig.tonie_model, "") != 0)
+                                {
+                                    // TODO add to tonies.custom.json + report
+                                    TRACE_WARNING("Audio-id %08X unknown but previous content known by model %s.\r\n", tonieInfo.tafHeader->audio_id, tonieInfo.contentConfig.tonie_model);
+                                }
+                            }
 
                             if (tonieInfo.tafHeader->num_bytes == TONIE_LENGTH_MAX)
                             {