Manuals/tutorials

Forum about the tweaking of the Eneco Toon.

Moderator: marcelr

Manuals/tutorials

Postby marcelr » Wed Sep 07, 2016 8:50 pm

This thread used to be a single post with all manuals/tutorials we gathered over time.
Recently, we hit the 60,000 character limit in that post, so from now on, the thread will be split into separate (locked) posts on one subject each.
To keep things tidy, it will remain a read-only thread. When you have anything you would like to see added to this thread, just PM me and I'll see to it.

Just to give an overview what's possible with a rooted Toon: check out this list:
Attachments
toon_features.jpg
table with subscription-dependent features
toon_features.jpg (195.57 KiB) Viewed 35472 times
marcelr
Advanced Member
Advanced Member
 
Posts: 840
Joined: May 2012
Location: Ehv

Rooting Toon

Postby marcelr » Thu Jun 01, 2017 4:54 pm

Before you try to contact me on specific issues about rooting toon, please read this post first:

http://domoticaforum.eu/viewtopic.php?f ... 415#p80415
If you still don't feel confident enough to root your toon yourself, forum member TerrorSource will be happy to do it for you, for a small fee. Just PM him and arrange whatever needs arranging.

Now we have that sorted, let's get cracking (Users who prefer Dutch, a translated version is attached at the far end of the code block):

Code: Select all
############################################################################
Rooting Eneco's toon, changelog
############################################################################

20180429:

Added a simplified version to override busybox in newer firmwares
(thanks, TheHogNL).

20171113:

Added rooting workaround for busybox 1.27.2, without getty implementation.
Added link to detailed description of JTAG procedure with raspberry pi.
(thanks, rboers).

20170604:

Added remark about the appearance of the login prompt, after setting the
tty in /etc/inittab. Changed operations for initial reboot, after setting
the tty in inittab.

20170514:

Added remark about the (harmless) tty error message when starting the
initial shell through U-Boot.

20170427:

Fixed error in path to iptables.conf, in the Dutch version. More explanation
about editing/creating /etc/hosts.template (thanks, TechApprentice).

20170225:

Added JTAG wiring and reset instructions for raspberry pi JTAG hardware
(thanks, klaphekje).

20170215:

Added instructions for rooting newer toons (with hashed password).

20170205:

Dutch version added (at the far end of this document).
Nederlandse versie toegevoegd (achter de Engelstalige versie).

20170201:

Added u-boot version number which is not (yet) rootable.
cosmetic changes.

20160320:

Added u-boot version numbers associated with bootloader passwords.
changed text to reflect bootloader versions with certain features,
rather than serial numbers.
cosmetic changes.

20160319:

Added warning about u-boot not echoing the boot password.
Added steps to suppress servicecenter warnings (thanks, al_n).

20160318:

Added u-boot access through the bootloader password.
Added newer ports for iptables.conf
Added newer version number for dropbear
Simplified ping rerouting (thanks, RDNZL).
Cosmetic changes.

20151203:

First release

############################################################################
Before you begin
############################################################################

Make sure toon is not connected to any network that's in contact with
the internet. Eneco (quby) can see every toon connected to its service
center. Big Brother is watching YOU! ;-)

So: disconnect toon from any wireless network (invalidate the
passphrase, remove the SSID from toon, or remove the wifi chipset ;-) ).

In the second step of the rooting process you will need to install an
ssh client/server. I have done this through a small (wired) router,
with no WAN connection, and a private webserver.

############################################################################
Rooting Eneco's toon
############################################################################

Requirements:

1: 3.3V serial-to-USB cable, with separate header connectors for TxD,
   RxD and GND (or a ttl-to-serial-adapter when you are using a native serial
   port).

2: A computer with serial terminal software like putty and a
   free USB port (or a free serial port).

3: A small (metal) screwdriver.
   
4: Eneco (quby) Toon.

5: Proficiency in using vi (the basic text editor, available in all
   UNIX-flavours).

##### Opening the case and connection of the serial interface: #####

Open the casing of toon to access its 14-pin I/O header connector by
carefully dislodging the PCB from the backing shell. Be careful not to
break the flat cables connecting the display.

The white frame is clicked into the grey backing and can be removed by
just lifting it and gently retracting it from the backing. Use your
nails, not tools! The touchscreen/display part can then be lifted and
put (a wee bit) aside. Be careful with the antennas. In newer toons
they are glued to the grey casing, and easily torn.

The PCB holding all the components is kept in place by a
few plastic studs and can be dislodged easily. When done, the back of
the PCB presents two connectors: one 2-pin connector for a 24V power
supply (accessible from the outside), and a 2x7 connector holding a
JTAG interface and a serial port. Logic high being 3.3V.

Connect a 3.3V signal level serial-to-USB adapter to the serial port
of toon and open a serial console (e.g., hyperterminal or putty on
Windows, minicom on Linux, but there are many other options).

Port settings: 115200 baud, 8N1.

(See also domoticaforum.eu for wiring:
http://www.domoticaforum.eu/viewtopic.php?f=17&t=8743)

This is the pinout (not necessarily completely correct, but works for me.
Numbering (left column: toon, right column: standard 20-pin ARM JTAG adapter):

JTAG:

pin 1:  RTCK    brown    11   
pin 2:  TRST    red      3
pin 3:  GND     orange   4
pin 4:  TCK     yellow   9
pin 5:  GND     green    6
pin 6:  TMS     blue     7
pin 7:  SRST    purple   15
pin 8:  TDI     grey     5
pin 9:  Vt      white    1
pin 10: TDO     black    13

Left column: JTAG toon, right column GPIO raspi:

JTAG connector Toon     -->   Rapberry Pi GPIO (signal name)

                1     -->    NC (RTCK)
      2     -->    24 (TRST)
      3     -->    20 (GND)
      4     -->    23 (TCK)
      5     -->    6 or 25  (GND)
      6     -->    22 (TMS)
      7     -->    18 (SRST)
      8     -->    19 (TDI)
      9     -->    NC (Vt)
      10     -->    21 (TDO)


serial port (3.3V logic levels, ttymxc0, 115200 baud, 8N1):

pin 11: RxD
pin 12: ??
pin 13: TxD
pin 14: GND

Make sure the component side of the PCB is accessible. Connect toon
to a power supply (boiler module + power adapter) and power it up.

##### Entering (and editing) the boot loader: #####

## By using the password ##

The bootloader is accessed by entering the bootloader password when
the boot loader is starting, and presents the prompt:

Enter password - autoboot in 2 sec.

Two boot loader passwords have been retrieved so far, and they depend
on the bootloader version of your toon. The bootloader version is
displayed in the serial console immediately after toon (re)boots:

U-Boot 2010.09-R6 (Mar 14 2012 - 11:15:10)

CPU:   Freescale i.MX27 at 400.168 MHz
... etc.

These are the passwords that go with the u-boot versions:

Bootloader version     password

U-Boot 2010.09-R6     f4E9J
U-Boot 2010.09-R8     3BHf2

The password is case-sensitive, so, e.g., f is different from F.
Enter the password (terminated with a <return>-character) by
copy/pasting it into the serial console. U-boot will stop and present
its prompt:

U-Boot>

Note that the password is not shown when you enter it. The (very
basic) serial console of U-Boot only echoes what you enter _after_ the
password has been entered and command has been redirected to the
serial interface.

If, for whatever reason, you cannot enter the password properly, or
you have a toon with yet another (unknown) password, you can revert to
the U-Boot interruption method presented below, or dump the boot
loader image (contact me through PM). It's not hard to find the boot
loader password in the image, but it takes too many steps to describe
here. You will need JTAG hardware and software for this.

## By shorting the NAND chip ##

Enter the u-boot menu by briefly shorting the proper control pins on
the NAND chip early on during boot-up (Short the pins when "checking
crc" or similar is visible) A small metal screwdriver will do nicely
for this purpose.

This causes a flash memory checksum error and drops you to a u-boot
shell. For toon's NAND chip, the pins are 8 and 9 (!CE and !RE, NOT
Chip enable and NOT Read enable, search http://www.hackaday.com for
details). The NAND chip is the (only) samsung chip on the PCB.

##### Newer u-boot version(s) #####

Starting from early 2016, newly produced toons have a new version of the
bootloader. The bootloader version is presented as follows:

U-Boot 2010.09-R10 (Dec 14 2015 - 19:28:18)

This version will also ask for a password, but this is unknown, and
better protected than in earlier versions of the bootloader (SHA256
hash). Typically, toons with a serial number starting with 16 or
higher will have this "feature".  From discussions we had with Quby,
apparently, each newer toon has its own specific password, so probably
it's derived from the hostname (eneco-001-xxxxxxx), the serial number
or other distinct features of an individual toon.

Furthermore, the screwdriver method will not work, instead, when you
successfully interrupt the boot loader, it will present the following
text:

---------------------------------------------------------
Welcome to the bootloader, adventurous adventurer.

We congratulate you on your perseverance and inventivity!

Would you like an easier way in?
Please visit quby.com/open-system for more information.

Game on! :)
---------------------------------------------------------

This link provides an option to allow quby to open your toon. Probably
your VPN keys are removed and the machine is set to be a standalone
thermostat. I have no experience with this.

If you don't want to go down that path, the only way to overcome this
situation is to use a different bootloader, and load it onto toon using
JTAG access. 

##### What you need, besides the already mentioned tools ######

1: JTAG adapter. I used a clone Jlink, bought at ebay, for $15,-- or thereabouts

2: Wiring for toons JTAG interface. You will probably need to build your own,
   according to the pinout data given (way) above.

3: OpenOCD software, version 0.9.0 or later. Get it from
   https://sourceforge.net/projects/openocd/files/openocd/
   and learn how to use it.

4: A telnet client.

5: u-boot image and toon configuration file for OpenOCD
   Get it from the downloads thread at this forum.

##### What you need to do #####

1: Unpack the boot loader image and ed20.cfg file in a convenient spot.

2: Connect the JTAG adapter and the serial interface to toon and your computer.

3: Open a serial tty for the serial interface.

4: Power up toon.

5: Open a (root) shell for OpenOCD, and start it up:

   $ openocd -f <your_interface_config_file> -f ed20.cfg

6: open a telnet session to control openocd:

   telnet localhost 4444

7: Halt the system by issueing the soft_reset_halt command:

  > soft_reset_halt                 
  requesting target halt and executing a soft reset
  target halted in ARM state due to debug-request, current mode: Supervisor
  cpsr: 0x000000d3 pc: 0x00000000
  MMU: disabled, D-Cache: disabled, I-Cache: disabled

7a: For a raspberry pi, issue the command: reset halt
    This step halts the processor using raspi JTAG. 

8: load the u-boot image into memory. The load address is 0xa1f00000:

  > load_image u-boot.bin 0xa1f00000
  166504 bytes written at address 0xa1f00000
  downloaded 166504 bytes in 2.548540s (63.802 KiB/s)

9: restart the processor at the u-boot load address:

  > resume 0xa1f00000               

  This reboots toon, and presents you with a boot loader interruption option.
 
10: Copy/paste the password (toon + <enter>) into the terminal window. This
    interrupts the boot loader and presents the boot loader prompt:

   U-Boot>

Oh, by the way: Game Over ... (at least for now ;-) )

People who want to use a raspberry pi 2 or 3 for the JTAG procedure, a very
detailed description on how to proceed with that hardware is given here:

https://www.domoticaforum.eu/viewtopic.php?f=87&t=11230&start=210#p83745

Thanks, rboers, for sharing.

#### Editing the U-Boot environment #####

After getting the U-Boot prompt (either way), this is what you get
when asking for printenv (bootloader version U-Boot 2010.09-R8, R6 is
very similar):

U-Boot> printenv
bootdelay=2
baudrate=115200
loadaddr=0xA1000000
bootdelay=2
mtdids=nand0=mxc_nand
mtdparts=mtdparts=mxc_nand:1M(u-boot)ro,512K(u-boot-env)ro,1536K(splash-image),3M(kernel),3M(kernel-backup),119M(rootfs)
mtdparts_kernel=mtdparts=mxc_nand:512K@0x00100000(u-boot-env)ro,1536K(splash-image),3M(kernel),3M(kernel-backup),119M(rootfs)
mem=128M
autoload=no
backlight_brightness=50
baudrate=115200
console=ttymxc0
addtty=setenv bootargs ${bootargs} console=${console},${baudrate}
addmtd=setenv bootargs ${bootargs} ${mtdparts_kernel}
nandargs=setenv bootargs ubi.mtd=4 root=ubi0:rootfs rw rootfstype=ubifs
boot_nand=run nandargs addmtd addtty addmisc; nand read ${loadaddr} kernel; bootm ${loadaddr}
boot_nand_backup=run nandargs addmtd addtty addmisc; nand read ${loadaddr} kernel-backup; bootm ${loadaddr}
bootcmd=run boot_nand
splashimage=0x180000
ethact=FEC
sn=xx-xx-xxx-xxx
pn=6500-1400-1200
software_compatibility=0
manufacture_date=2014/04
ethaddr=aa:bb:cc:dd:ee:ff
addmisc=setenv bootargs ${bootargs} mem=${mem} lpj=999424
bootargs=ubi.mtd=4 root=ubi0:rootfs rw rootfstype=ubifs mtdparts=mxc_nand:512K@0x00100000(u-boot-env)ro,1536K(splash-image),3M(kernel),3M(kernel-backup),119M(rootfs) c4
partition=nand0,0
mtddevnum=0
mtddevname=u-boot

Environment size: 1280/131068 bytes
U-Boot>

Edit as follows (redefine addmisc, this is the last part of boot_nand,
by adding init (be sure to properly escape the $ and { }-signs with
backslashes!) ):

setenv addmisc setenv bootargs \$\{bootargs\} mem=\$\{mem\} lpj=999424 init=/bin/sh

Not sure what lpj=999424 means, but in my case it should be there,
otherwise toon won't boot again. In older firmwares, the phrase
lpj=999424 is not present, should be no problem.

Then resume the booting process of Toon by typing:

run boot_nand
and press <enter>.

At the end of the booting process, you will be dropped to a shell, and
you can start editing whatever needs editing. Never mind the warning

/bin/sh: can't access tty; job control turned off                               

it's harmless.

##### Editing the boot scripts and passwd file: #####

Add a serial tty to /etc/inittab; locate the following line in /etc/inittab:

# HCBv2 static stuff

and edit (software version < 3.0 (shockwave flash GUI), using vi):

# HCBv2 static stuff
ovpn:2345:respawn:/usr/sbin/openvpn --config /etc/openvpn/vpn.conf --verb 0 >/dev/null 2>&1
flas:5:respawn:/usr/bin/startflash >/dev/null 2>&1
# add serial console access: (added, MR!):
gett:235:respawn:/sbin/getty -L 115200 ttymxc0 vt102

or: (toon SW 3.0 and later, qt GUI):

# HCBv2 static stuff
ovpn:2345:respawn:/usr/sbin/openvpn --config /etc/openvpn/vpn.conf --verb 0 >/dev/null 2>&1
qtqt:245:respawn:/usr/bin/startqt >/dev/null 2>&1
# add serial console access: (added, MR!):
gett:235:respawn:/sbin/getty -L 115200 ttymxc0 vt102

NOTE: As of firmware  version 4.9.23, busybox has been replaced and no longer
features getty. So adding the getty line to inittab has no effect. A workaround
for this is described below, in the dropbear installation section. If your
toon has this newer firmware, do not reboot just yet, but read on to the
dropbear installation section.

While you're at it, comment out the openvpn line with a hash mark:

#ovpn:2345:respawn:/usr/sbin/openvpn --config /etc/openvpn/vpn.conf --verb 0 >/dev/null 2>&1

By commenting out the openvpn command, toon no longer connects to the
service center (and won't upload anymore data). If you don't have an
Eneco account, that's probably what you want. Otherwise, leave it as
it is.

(for toon software 3.0 and later only:)
Locate the password file /etc/passwd and edit the line:

root:DISABLED:0:0:root:/root:/bin/sh

to read:

root::0:0:root:/root:/bin/sh

and save. Otherwise you won't get in.

##### Restoring the boot loader and accessing toon through a shell: #####

After completing the addition of the serial tty to /etc/inittab (and
editing the password file), reboot by hitting toon's reset button, and you
return to the normal boot (runlevel 5), now with a login shell, on a serial
console. Since the u-boot environment changes haven't been stored to
flash, the boot sequence proceeds as before (without /bin/sh).

Note that the console output from the networking interfaces and their
configuration tools, plus a lot of framebuffer stuff is still being sent to
the console. So, there's a lot of text being displayed in the serial console,
without you typing anything. The login prompt for the shell is displayed in
between all this networking output. Look for the following:

...
Eneco Toon by Quby

eneco-001-xxxxxx login:
...
(it may be stowed away inside an avalanche of other console output).

As soon as you see this, you're ready for the next step.
To quote Patrick Volkerding, from the Slackware set-up sequence:

You may now login as "root".

(and do set a _strong_ password!, by typing the command: passwd
and following the steps of the passwd-program).

Do not reassemble toon yet, you will need the serial connection to
open the network ports to the outside world.

############################################################################
Making toon accessible from outside
############################################################################

Requirements:

1: private network connection to a web server
2: dropbear installation package
3: serial console connection to toon

To be able to access toon over the network, you should install an ssh
client/server. In embedded systems like toon, this is typically
dropbear. To get a working version of dropbear, you can build the quby
openembedded tree from source. See
http://quby.nl/opensource/openembedded-qb2-toon-2012r1.tar.bz2 for
details. Part of the build is the compilation and packaging of
dropbear. It will end up in a file called

dropbear_0.51-r7.0_qb2.ipk

Put this file (temporarily) on a webserver, in its root, so you don't
have to look for it, and pick it up with wget:

On toon:

wget http://<server_name>/dropbear_0.51-r7.0_qb2.ipk

After download, install dropbear with:

opkg install dropbear_0.51-r7.0_qb2.ipk

Early 2016, the original dropbear package has been replaced with
a newer one:

dropbear_2015.71-r0_qb2.ipk

This version resolves some issues with encryption methods no longer
deemed safe in modern OS'es.  It's available from the "toon as a
domotica controller?"-thread at domoticaforum.eu.

NOTE: toons with firmware 4.9.23 and newer require a different dropbear
installation method.

##### Installation of dropbear on toons with fw 4.9.23 and higher #####

### Method 1: over an ethernet connection      ###
### Thanks, TheHogNL, for this simpler version ###

Requirements:

1: Installation package dropbear_2015.71-r0_qb2.ipk
2: A toon with LAN (UTP) connected

In firmware 4.9.23, busybox has been upgraded, and in that process, getty,
the serial console interface, has been disabled. This is a sorry attempt to
prevent people from entering toon through a serial line.

To install dropbear on such a firmware, the installation package can be
installed over the internet. First connect a LAN/UTP cable to your Toon as the
wifi isn't working during the bootloader forced shell.

Follow the booting process (Entering the bootloader, described above), until
you reach the command prompt:

/bin/sh: can't access tty; job control turned off

/ # 

and type (after you have inserted the LAN/UTP cable):

udhcpc

This will request an IP address configuration from your network using DHCP.
After the Toon received an IP address, you can simply download and install the
busybox version, by entering the following command:

opkg install http://files.domoticaforum.eu/uploads/Toon/apps/busybox-1.27.2-r4/busybox_1.27.2-r4_qb2.ipk

This installs busybox, with getty support, and a lot of other useful extra's.

After this step, you can continue with the rooting process as described earlier.

### Method 2: with serial connection only ###

Requirements:

1: installation package dropbear_2015.71-r0_qb2.ipk
2: a computer with base64 software (any linux machine)
3: a computer with minicom (also any linux machine)

To install dropbear on a firmware with newer busybox, over a serial line,
the installation package has to be
transformed into ASCII text, through the base64 command, available on most
linux machines (not sure about Windows and Mac):

base64 dropbear_2015.71-r0_qb2.ipk > dropbear_2015.71-r0_qb2.ipk.b64

The resulting file (dropbear_2015.71-r0_qb2.ipk.b64) is an ASCII encoded
version of the original binary file. This file can be transferred over the
serial line without hassle. I use minicom for this (I have no other options),
so the manual will discuss that method only.

Follow the booting process (Entering the bootloader, described above), until
you reach the command prompt:

/bin/sh: can't access tty; job control turned off
/ # 

and type

cat > dropbear_2015.71-r0_qb2.ipk.b64

This reroutes ALL console input to the file dropbear_2015.71-r0_qb2.ipk.b64
Leave the serial console untouched until minicom tells you otherwise.

Now change the console mode to sending files by hitting <Ctrl+A> S, and choose
ascii mode:

+-[Upload]--+
| zmodem    |
| ymodem    |
| xmodem    |
| kermit    |
|>ascii<    |
+-----------+

Then choose the file to upload in the minicom menu (this is a bit
old-fashioned, so put the file to upload in a fairly top-level directory,
otherwise you will need to do a lot of typing, I put mine in /home/marcelr).

And hit <enter>.
The ASCII code of the file will scroll by on the screen, and when everything
is uploaded, minicom will ask you to hit <any key>.

Immediately after that, hit <Ctrl+D> in the serial console (and nothing else).

This stops the cat process, and returns command to the keyboard.
Then, unpack the now transferred encoded dropbear package with:

base64 -d dropbear_2015.71-r0_qb2.ipk.b64 > dropbear_2015.71-r0_qb2.ipk

... and install the dropbear package as described above.

### Modification of iptables (the linux firewall) ###

To be able to access Toon through ssh or otherwise, the network ports
associated with these services need to be opened in the firewall.

Edit iptables.conf by issueing the command:

vi /etc/default/iptables.conf

Edit after the part that starts with:

# These are all closed for Quby/Toon:
Make this part look like this:

-A HCB-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 7080 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT

On newer firmware (3.0.32 and later) you will need port 10080 instead of 7080:

-A HCB-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 10080 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT

Explanation of the ports 80 (http) and 7080/10080 (some private
server) will follow in the forum thread on toon.

Test, by opening a secure shell connection to another server:
ssh <user>@<machine>

and verify its functionality. The dropbear package installs an ssh
client (ssh), server (sshd) and secure copy (scp) application on
toon.

If, for some valid reason, you cannot build dropbear and/or put it on
a webserver, contact me and I'll upload the package to my own small
webserver, so you can pick it up there. Building your own version of
the quby openembedded tree is highly recommended, though. It also
builds a bunch of analysis tools like gdb and strace. Handy for
testing all kinds of stuff.

After having installed dropbear and testing its functionality (both
ways: from toon to the outside world, and from the outside world into
toon), you can reassemble toon.

############################################################################
Hardening toon (complete exclusion of Eneco, for non-Eneco users only)
############################################################################

Requirements:

1: toon with dropbear installed
2: connection with private network (no WAN)

When toon is set up completely, in the tab "Internet" toon states to
be connected to the service center. The service center consist of a
bunch of websites and other services, accessed through a VPN tunnel,
managed by Quby, under the flag of Eneco. Each toon connects to the
service center through an OpenVPN tunnel, with TLS security
enhancement. Even if you do not have an Eneco account, toon will send
data to Eneco on a regular basis. According to Eneco, no energy usage
(gas and electricity) data are uploaded --which is true-- but boiler
settings are transmitted every hour. No idea why, by the way. Besides
through the OpenVPN connection mentioned earlier, toon phones home
with ping and the chrony daemon.

##### Disabling OpenVPN: #####

The OpenVPN connection is disabled by simply not starting OpenVPN,
through commenting out the openvpn line in /etc/inittab:

#ovpn:2345:respawn:/usr/sbin/openvpn --config /etc/openvpn/vpn.conf --verb 0 >/dev/null 2>&1

This shuts off openvpn effectively. In the internet tab you will now
get the message "Connected to the internet" or something along these
lines. You will also get a warning message that internet has not been
set up correctly or setup has not yet been completed. You can safely
ignore these warnings.

After toon has been rebooted (don't do that yet!), if you have a toon
with qt-gui, you can suppress the warnings issues by toon, about not
being able to reach the service center, as follows (thank you, al_n!):

Locate the file
/HCBv2/qml/apps/internetSettings/InternetSettingsApp.qml, and look for
the following code (line 365 or thereabouts):

                onNotificationReceived : {
                        var statemachine = message.getArgument("statemachine");
                        if (statemachine) {
                                var prevSmStatus = smStatus;     
                                smStatus = parseInt(statemachine);
// add the following two lines of code:
// added by al_n (20151220):                 
                                if(smStatus == _ST_INTERNET) {
                                    smStatus = _ST_TUNNEL;
                                }
//
// continuation of original file:
                               // Trigger the internetStateChange signal, used by the internet settings overview screen
                                internetStateChange(smStatus);

.... etc.

This will interpret a working internet connection as a connection to
the service center, and thus warnings are suppressed.

##### Disabling the time service access to time.quby.nl: #####

Toon keeps track of time through the chrony daemon. To set the clock
at startup, and to keep it synchronized with the rest of the world,
toon uses the time server of quby: time.quby.nl. This server name is
set in /etc/chrony.conf
Locate the following two lines in chrony.conf:

server time.quby.nl minpoll 8
and
initstepslew 30 time.quby.nl

and replace the server name by another time server. I use

wwv.nist.gov instead of time.quby.nl

since it has the same (short) server name length (you never know if
and how the chrony code was hacked by quby), is accessed by many clients
across the globe, and has proven to have a good level of stability
over many years of service.

Note: the time protocol (tcp/udp port 37) is something else than the
network time protocol (ntp, udp port 123). You will need a time
server, not an ntp-server.

##### Disabling pinging quby.nl: #####

Toon pings the quby ping server every so many seconds. This is done in
/HCBv2/sbin/hcb_netcon. The ping server address is unfortunately
hard-coded in hcb_netcon, so to disable this, you will need to reroute
ping requests to another machine. You can't switch it off easily.

To reroute, edit or create the file /etc/hosts.template and add the line

127.0.0.1 ping.quby.nl

at the end of the file, and save it.

Test whether your rerouting works by pinging quby:

eneco-001-xxxxxx:/# ping ping.quby.nl
PING ping.quby.nl (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=1.108 ms
64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.738 ms
64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.658 ms

This indicates that the ping requests for quby are redirected to
localhost (IP 127.0.0.1). Thanks, RDNZL, for pointing this out!

Reboot toon for good measure. Now you can go edit the service
InternetSettingsApp.qml file, as explained above.

All done. You have now severed all connections between toon and Eneco
(quby), and can safely connect it to your wireless network again.








############################################################################

Rooten van Eneco's toon thermostaat.

############################################################################

Nederlandse versie van het bovenstaande. De wijzigingentabel wordt alleen
in de engelstalige versie bijgehouden.

############################################################################
Een paar dingen vooraf
############################################################################

Zorg ervoor dat je toon niet in een netwerk hangt dat verbonden is met het
internet. Eneco (eigenlijk Quby) ziet en heeft contact met elke toon die
verbonden is met hun Service Center (SC). 1984 van Orwell is nog steeds
actueel ;-).

Dus: ontkoppel je toon van je WiFi netwerk (stel een fout WiFi password in,
verwijder je SSID uit toon's wifi tabel, of demonteer de wifi chipset in
z'n geheel (het laatste is een beetje over-the-top, maar werkt uitstekend)).

In de tweede stap van het rooten wordt ssh (secure shell) server software
geinstalleerd. Ik heb dat gedaan met een ouderwetse bekabelde router, zonder
de WAN aansluiting aangesloten, en een webserver op mijn laptop. Opmerkingen
op het Enecoforum dat de netwerkpoort niet zou werken, zijn schromelijk
overdreven ;-). (De USB poort doet 't overigens ook prima).

Als dat om een of andere reden lastig is, kun je ook je toon wel aan het
internet hangen, en de ssh software van het domoticafoum downloaden.

############################################################################
Toon rooten
############################################################################

Benodigdheden:

1: een 3,3 V serieel-USB interface, met losse, zgn. header, connectoren voor
   de signalen TxD, RxD en GND. Als je computer een echte seriele poort
   heeft, kun je ook een TTL-naar-serieel adapter gebruiken.
   (alleen in industriele of vrij oude PC's vind je nog een echte seriele
   poort, dus waarschijnlijk is de laatste niet nodig).
   Ik gebruik deze:
   https://www.antratek.nl/ftdi-usb-naar-serieel-ttl-kabel-3-3v-ttl
   Niet de goedkoopste, maar wel een goed stuk gereedschap.
   (en nee, ik heb geen aandeel in Antratek of FTDI).

2: Een computer met een vrije USB poort en seriele terminal software,
   bijvoorbeeld putty:
   http://www.putty.org/
   of minicom (op linux systemen).

3: Een kleine (metalen) schroevendraaier.

4: Uiteraard een toon van Eneco, anders valt er weinig te rooten.

5: Enige handigheid in het gebruik van een command line interface (zeg maar
   de oude DOS-prompt in windows) en een ASCII editor. Toon heeft zowel vi als
   nano aan boord.

##### Toon openmaken en de seriele kabel aansluiten #####

Het witte frame rond het scherm van toon is gemakkelijk los te wippen uit
zijn bevestiging. Werk (met je nagels) aan de buitenkant rond het display om
stukje bij beetje het frame van de grijze achterkant te scheiden. Aan de
onderkant zit een (1) clipje dat iets lastiger gaat.
Je kunt nu het display uit toon tillen en een (klein beetje) terzijde leggen.

Ga voorzichtig te werk. Vooral de flatcables van het display en de
antennedraadjes van wifi en z-wave (zeker in latere toons) zijn vrij teer en
makkelijk te beschadigen.

De printplaat met alle componenten zit met vier plastic clipjes vast aan de
grijze achterkant van toon. Duw deze clipjes een beetje opzij en til de
printplaat uit toon.

De achterkant van de printplaat heeft twee sets connectoren: een tweepolige
voor de 24V aansluiting met de ketelmodule (toegankelijk van buitenaf), en
een 14-polige voor JTAG en seriele interface. Het signaalniveau voor de
14-polige connector is 3,3 V.

Dit zijn de pinnummers van de 14-polige connector:

NB: pin 1 staat aangegeven op de printplaat,
nummering is als volgt:

1-2
3-4
5-6
7-8 etc.


JTAG (let niet op de kleuren en cijfers erachter, die zijn specifiek voor
mijn JTAG interface):

Links: JTAG connector Toon, rechts: Standaard 20 pin ARM JTAG interface.

pin 1:  RTCK   bruin   11
pin 2:  TRST   rood    3
pin 3:  GND    oranje  4
pin 4:  TCK    geel    9
pin 5:  GND    groen   6
pin 6:  TMS    blauw   7
pin 7:  SRST   paars   15
pin 8:  TDI    grijs   5
pin 9:  Vt     wit     1
pin 10: TDO    zwart   13


Linker kolom: JTAG toon, rechter kolom GPIO connector raspi:

JTAG connector Toon     -->   Rapberry Pi GPIO (signaal naam)

                  1     -->    NC (RTCK)
      2     -->    24 (TRST)
      3     -->    20 (GND)
      4     -->    23 (TCK)
      5     -->    6 of 25 (GND)
      6     -->    22 (TMS)
      7     -->    18 (SRST)
      8     -->    19 (TDI)
      9     -->    NC (Vt)
      10     -->    21 (TDO)

seriele poort (3,3V signaalniveau, ttymxc0, 115200 baud, 8 databits, No parity,
1 stopbit):

pin 11: RxD
pin 12: ??
pin 13: TxD
pin 14: GND

Zorg dat de componentenzijde van de printplaat goed toegankelijk is.
Koppel de seriele adapter aan toon. (pin 11-13-14). Let op dat RxD en TxD
omgewisseld worden (TxD toon aan RxD adapter, en andersom). Stel je seriele
poort in zoals hierboven aangegeven, en start putty (of minicom). Voor details,
zie de putty manuals.

Verbind toon met een voeding (ketelmodule + adapter) en zet 'm aan.

##### Toegang tot en wijziging van de bootloaderinstellingen #####

## methode 1: via het wachtwoord ##

Je kunt jezelf toegang verschaffen tot de bootloader door het bootloader 
wachtwoord in te geven (via Ctrl+C, Ctrl+V, gewoon typen gaat te traag).

Zodra toon opstart zie je in het putty scherm de output van het bootproces.
Op enig moment volgt dan:

Enter password - autoboot in 2 sec.

Tot nu toe zijn twee bootloaderwachtwoorden gevonden, behorend bij twee versies
van de bootloader. Deze versie wordt weergegeven bij het opstarten van toon:


U-Boot 2010.09-R6 (Mar 14 2012 - 11:15:10)

CPU:   Freescale i.MX27 at 400.168 MHz
... etc.

De wachtwoorden zijn:

Bootloader versie     wachtwoord

U-Boot 2010.09-R6     f4E9J
U-Boot 2010.09-R8     3BHf2

Het wachtwoord is hoofdlettergevoelig, dus bijvoorbeeld f is niet hetzelfde
als F.
Copy/paste het wachtwoord  (met <enter> erachter) in de putty console zodra
erom gevraagd wordt. Dit stopt de bootloader en presenteert de U-Boot prompt:

U-Boot>

Let op dat het wachtwoord niet zichtbaar is als je het ingeeft. Je ziet pas
wat je intikt als U-Boot een seriele console voor je geopend heeft.

Als, om wat voor reden dan ook, je niet in staat bent om het wachtwoord in
te geven, of je hebt een toon met een tot nu toe onbekend wachtwoord, dan
kun je de bootloader onderbreken door de NAND chip kort te sluiten, of
de bootloader software van toon dumpen (met behulp van JTAG hardware en
-software). Zeker het laatste is nogal gedoe, ga ik hier niet op in.

## methode 2: NAND chip tijdelijk kortsluiten ##

Je kunt in het boot-menu terecht komen door op het goede moment tijdens
opstarten een paar verbindingen van de NAND chip kort te sluiten, met een
klein metalen schroevendraaiertje.
Op het moment dat "Checking crc" of woorden van die strekking in je putty
console verschijnen, sluit je pin 8 en 9  (!CE en !RE, NOT chip enable en
NOT read enable) kort. Dit geeft een zgn. crc error in de bootloader, die
reageert met een interactieve prompt (om e.e.a. te kunnen verhelpen).
Handig.

NB: De NAND chip is de enige Samsung chip op de printplaat.

##### Dichtgespijkerde versies van U-Boot #####

Vanaf begin 2016 wordt er een nieuwere versie van de bootloader op toon
geinstalleerd. Deze geeft de volgende versieregel bij het opstarten:

U-Boot 2010.09-R10 (Dec 14 2015 - 19:28:18)

Deze versie vraagt ook om een wachtwoord, maar dat is onbekend en nogal wat
beter versleuteld dan in vorige versies (SHA256 encryptie). Toons met een
serienummer beginnend met 16  (en hoger waarschijnlijk) hebben deze versie.

Uit eerdere discussies met Quby volgde dat elke toon nu z'n eigen wachtwoord
heeft (dus dikke kans  dat het te maken heeft met de naam van je toon
(eneco-001-xxxxxx), de MAC adressen, serienummers of andere individuele
kenmerken van je toon). Leuke info, maar daar heben we dus niks aan.

De schroevendraaiermethode werkt bij deze toons ook niet, als je de
bootloader onderbreekt krijg je het volgende:

---------------------------------------------------------
Welcome to the bootloader, adventurous adventurer.

We congratulate you on your perseverance and inventivity!

Would you like an easier way in?
Please visit quby.com/open-system for more information.

Game on! :)
---------------------------------------------------------

De link geeft je de mogelijkheid om Quby toon voor je te laten rooten,
(waarschijnlijk gooien ze de VPN keys weg, en zetten ze de software in
standalone mode). Heb ik geen ervaring mee. Als je dit niet wilt, rest als
enige mogelijkheid om een ander bootloader te nemen, en die met JTAG
hardware naar je toon te uploaden.

##### Benodigdheden, naast de eerder genoemde spullen #####

1: JTAG interface. Ik gebruik een kloon JLink, gekocht op ebay voor $15,-- of
   daaromtrent.

2: Bekabeling voor de JTAG interface van toon. Zul je waarschijnlijk zelf
   moeten  maken, zie hierboven voor pinbezetting.

3: OpenOCD software, versie 0.9.0 of later. Hier op te halen:
   https://sourceforge.net/projects/openocd/files/openocd/
   (en leer ermee werken!)

4: Een telnet client.

5: U-boot image en een toon configuratiefile, voor openocd.
   Te vinden in de downloads thread van dit forum.

##### Te verrichten handelingen #####

1: Pak de bootloader en ed20.cfg file uit op een handige plek, bij elkaar.

2: Koppel de JTAG interface en de seriele interface aan toon en je PC.

3: Open een terminal programma voor je seriele interface, en eentje voor je
   telnet client.

4: Start toon op.

5: Open een root shell voor OpenOCD en start openocd:

   $ openocd -f <jouw_interface_config_file> -f ed20.cfg

6: Open een telnet sessie om openocd aan te sturen:

   telnet localhost 4444

7: Halt de processor, via het openocd commando soft_reset_halt:

  > soft_reset_halt                 
  requesting target halt and executing a soft reset
  target halted in ARM state due to debug-request, current mode: Supervisor
  cpsr: 0x000000d3 pc: 0x00000000
  MMU: disabled, D-Cache: disabled, I-Cache: disabled

7a: Als je een raspberry pi als JTAG interface gebruikt, voer dan ook nog uit:

  > reset halt

  Dit stopt de processor bij deze JTAG hardware.

8: Upload het u-boot image naar toon's geheugen. Het upload adres is 0xa1f00000:

  > load_image u-boot.bin 0xa1f00000
  166504 bytes written at address 0xa1f00000
  downloaded 166504 bytes in 2.548540s (63.802 KiB/s)

9: Herstart de processor op het u-boot upload adres:

  > resume 0xa1f00000               

  Dit resulteert in een reboot, en geeft de mogelijkheid om de bootloader te
  onderbreken.

10: Knip/plak het wachtwoord (toon + <enter>) in de seriele terminal. Dit stopt
    de bootloader en geeft de u-boot prompt:

    U-Boot>

Ik zou het bijna vergeten: Game over ... (voorlopig, dan toch ;-) )

Voor Mensen die een raspberry pi 2 of 3 willen gebruiken voor de JTAG procedure
heeft rboers een zeer gedetailleerde beschrijving gemaakt.

Die is hier te vinden:

https://www.domoticaforum.eu/viewtopic.php?f=87&t=11230&start=210#p83745

Dank je, rboers, voor deze uitgebreide beschrijving.

##### U-Boot environment aanpassen #####

Zodra je in het U-Boot menu bent aangekomen, kun je een aantal commando's
uitvoeren:
De eerste is printenv, en geeft het volgende (bootloader versie
U-Boot 2010.09-R8, R6 lijkt er veel op):

U-Boot> printenv
bootdelay=2
baudrate=115200
loadaddr=0xA1000000
bootdelay=2
mtdids=nand0=mxc_nand
mtdparts=mtdparts=mxc_nand:1M(u-boot)ro,512K(u-boot-env)ro,1536K(splash-image),3M(kernel),3M(kernel-backup),119M(rootfs)
mtdparts_kernel=mtdparts=mxc_nand:512K@0x00100000(u-boot-env)ro,1536K(splash-image),3M(kernel),3M(kernel-backup),119M(rootfs)
mem=128M
autoload=no
backlight_brightness=50
baudrate=115200
console=ttymxc0
addtty=setenv bootargs ${bootargs} console=${console},${baudrate}
addmtd=setenv bootargs ${bootargs} ${mtdparts_kernel}
nandargs=setenv bootargs ubi.mtd=4 root=ubi0:rootfs rw rootfstype=ubifs
boot_nand=run nandargs addmtd addtty addmisc; nand read ${loadaddr} kernel; bootm ${loadaddr}
boot_nand_backup=run nandargs addmtd addtty addmisc; nand read ${loadaddr} kernel-backup; bootm ${loadaddr}
bootcmd=run boot_nand
splashimage=0x180000
ethact=FEC
sn=xx-xx-xxx-xxx
pn=6500-1400-1200
software_compatibility=0
manufacture_date=2014/04
ethaddr=aa:bb:cc:dd:ee:ff
addmisc=setenv bootargs ${bootargs} mem=${mem} lpj=999424
bootargs=ubi.mtd=4 root=ubi0:rootfs rw rootfstype=ubifs mtdparts=mxc_nand:512K@0x00100000(u-boot-env)ro,1536K(splash-image),3M(kernel),3M(kernel-backup),119M(rootfs) c4
partition=nand0,0
mtddevnum=0
mtddevname=u-boot

Environment size: 1280/131068 bytes
U-Boot>

Het bootloader environment bevat een aantal commando's die bij opstarten
uitgevoerd worden. We passen de laatste aan (addmisc, dat is het laatste
stukje commando van boot_nand, de standaard opstartregel):

Edit addmisc als volgt (letterlijk deze tekst, een tikfout is dodelijk):

setenv addmisc setenv bootargs \$\{bootargs\} mem=\$\{mem\} lpj=999424 init=/bin/sh

Overigens heb ik geen idee wat lpj=999424 betekent, in mijn toon zit het er.
In oudere bootloaderversies zit het niet, zou niks mogen uitmaken, zolang je
maar exact de oorspronkelijke addmisc regel kopieert (en let op de backslashes,
voor de $ en { en } tekens).

Vervolg daarna het bootproces door het volgende in te tikken:

run boot_nand

en druk op <enter>.

Aan het einde van het bootproces opent U-Boot een command shell of cli, of
console, of hoe je 't ook noemen wilt, in putty. Je kunt nu de opstartfiles
van toon gaan editen. Let niet op de foutmelding

/bin/sh: can't access tty; job control turned off

die heeft geen effect.

##### Aanpassen van de boot scripts en passwd bestand #####

Voeg een seriel console toe aan  /etc/inittab; lokaliseer de volgende regel
in /etc/inittab:

# HCBv2 static stuff

en edit (software versie < 3.0 (shockwave flash GUI)) met vi of nano:

# HCBv2 static stuff
ovpn:2345:respawn:/usr/sbin/openvpn --config /etc/openvpn/vpn.conf --verb 0 >/dev/null 2>&1
flas:5:respawn:/usr/bin/startflash >/dev/null 2>&1
# add serial console access: (added, MR!):
gett:235:respawn:/sbin/getty -L 115200 ttymxc0 vt102

of: (toon SW 3.x.y, qt GUI):

# HCBv2 static stuff
ovpn:2345:respawn:/usr/sbin/openvpn --config /etc/openvpn/vpn.conf --verb 0 >/dev/null 2>&1
qtqt:245:respawn:/usr/bin/startqt >/dev/null 2>&1
# add serial console access: (added, MR!):
gett:235:respawn:/sbin/getty -L 115200 ttymxc0 vt102

NOTITIE: Vanaf firmware 4.9.23, is busybox vervangen en heeft getty niet langer
aan boord. Daardoor heeft het toevoegen van de regel voor getty geen effect meer.
Een oplossing voor dit probleempje wordt een stukje verderop gegeven, bij de
installatie van dropbear. Als je toon deze firmware (of nieuwer) heeft, kun je
het beste nog even niet rebooten, maar lees even door tot in de
dropbear-installatie sectie.

Nu je er toch bent, maak van de openVPN regel commentaar, met een hekje (#):

#ovpn:2345:respawn:/usr/sbin/openvpn --config /etc/openvpn/vpn.conf --verb 0 >/dev/null 2>&1

Door deze regel uit te schakelen zoekt toon niet langer verbinding met het SC
(en uploadt geen data meer). Als je geen Eneco abonnement hebt, is dit
waarschijnlijk wat je wilt. In het andere geval: afblijven.

(Voor toon sw 3.0 en later):

Lokaliseer het wachtwoordenbestand /etc/passwd en pas aan:

root:DISABLED:0:0:root:/root:/bin/sh

wordt (DISABLED weg):

root::0:0:root:/root:/bin/sh

en sla op. Anders kom je er later niet in.

##### Terug naar de originele bootloaderconfiguratie en cli toegang #####

Als je /etc/inittab en /etc/passwd aangepast hebt, reboot je toon door op
de reset-knop te drukken.

Wacht een tijdje, en je komt terug in het normale gedrag van toon, nu met een
login shell. Omdat tijdens de U-Boot hack niks definitief opgeslagen is, start
toon weer normaal op (zonder init=/bin/sh).
Let op dat de console output van alle netwerkinterfaces en de framebuffer ook
naar dezelfde console gestuurd wordt. Dat betekent dat er een heleboel tekst in
de console verschijnt zonder dat je wat intikt. De login-prompt voor de shell
wordt er gewoon tussendoor gegooid. Zoek naar het volgende:

...
Eneco Toon by Quby

eneco-001-xxxxxx login:
...

in de console output. Het kan verstopt zitten in een lawine aan andere tekst
die op de console afgedrukt wordt. Zodra je deze tekst (de login prompt) ziet,
kun je doorgaan naar de volgende stap.

Om Patrick Volkerding, lead developer van Slackware te citeren:

You may now login as "root".

Dus tik in:

root

en je bent volledig de baas over je eigen toon.
Stel wel even een STERK wachtwoord in. Tik in:

passwd

en volg de stappen op het scherm.

Zet je toon nog niet in elkaar, we hebben de seriele poort nog nodig om de
netwerkverbindingen met de buitenwereld open te zetten.

############################################################################
Netwerktoegang verschaffen
############################################################################

Benodigdheden:

1: Netwerkverbinding met een (prive)webserver.
2: dropbear installatiepakket
3: seriele toegang tot toon.

Om toon ook over een netwerkbverbinding te kunnen bedienen, heb je een ssh
client/server combinatie nodig. Voor embedded systemen zoals toon wordt vaak
dropbear als server gebruikt. Je kunt dropbear zelf bouwen vanuit de open
source openembedded code die door quby beschikbaar is gesteld
(http://quby.nl/opensource/openembedded-qb2-toon-2012r1.tar.bz2),
maar het is handiger om de laatste versie te downloaden van het domoticaforum:

https://domoticaforum.eu/download/file.php?id=2987

als je toch bezig bent, haal ook meteen openssl-sftp op,

https://domoticaforum.eu/download/file.php?id=3011

scheelt een hoop gedoe met files en data heen en weer schuiven tussen toon en
je computer.

Parkeer deze files op je webserver, zodat toon ze kan vinden en (vanaf toon)
tik in:

wget http://<server_name>/dropbear_2015.71-r0_qb2.ipk

doe iets soortgelijks voor openssl-sftp.

Als je toon wel aan het internet hangt, kun je ze vanaf toon ook rechtstreeks
van het domoticaforum plukken:

wget https://domoticaforum.eu/download/file.php?id=2987

en

wget https://domoticaforum.eu/download/file.php?id=3011

Installeer met:

opkg install dropbear_2015.71-r0_qb2.ipk

en

opkg install openssh-sftp-server_7.3p1-r10.0_qb2.ipk

Dit installeert ssh (een ssh client) sshd (een ssh server), scp (een kopieer
programma via ssh) en sftpd (een secure ftp server).

OPMERKING: Op Toons met firmware 4.9.23 en nieuwer moet dropbear op een andere
manier geinstalleerd worden.

##### dropbear installeren op toons met fw 4.9.23 en hoger #####

### Methode 1: over ethernet                           ###
### Dank je wel, TheHogNL, voor deze simpelere methode ###
Vereisten:

1: installatie pakket dropbear_2015.71-r0_qb2.ipk
2: een toon met LAN (UTP) verbonden.

In firmware 4.9.23 is het basispackage busybox ge-upgrade, en in deze versie
is getty, de interface voor de seriele console, uitgeschakeld. Dit is een
beetje een zielige poging om toegang via een seriele poort te blokkeren, en zo
het rooting proces te bemoeilijken.

Om op toons met deze firmware dropbear te installeren, kan de busybox package
over het internet geinstalleerd worden. Koppel hiervoor eerst een LAN/UTP kabel
aan de Toon (omdat wifi het in de bootloader shell niet doet).

Volg het booting process (het bootloader proces, zoals hierboven besproken), tot
het volgende op het scherm verschijnt:

/bin/sh: can't access tty; job control turned off

/ # 

type vervolgens (nadat de LAN/UTP kabel is aangesloten):

udhcpc

Dit vraagt een IP adres configuratie via DHCP, via de LAN-kabel

Nadat de Toon een IP adres heeft gekregen kan je via het internet het busybox
package installeren. Tik het volgende commando in:

opkg install http://files.domoticaforum.eu/uploads/Toon/apps/busybox-1.27.2-r4/busybox_1.27.2-r4_qb2.ipk

Dit downloadt en installeert busybox, met getty support, en een heleboel andere
handige extra's.

Je kunt nu dropbear en alle andere pakketen installeren zoals beschreven in
deze handleiding.

### Methode 2: via een serele verbinding ###

Benodigdheden:

1: installatie package dropbear_2015.71-r0_qb2.ipk
2: een computer met base64 software (elke linux machine)
3: een computer met minicom (ook elke linux machine)

In firmware 4.9.23 is het basis package busybox ge-upgrade, en in deze versie
is getty, de interface voor de seriele console, uitgeschakeld. Dit is een
beetje een zielige poging om toegang via een seriele poort te blokkeren, en zo
het rooting proces te bemoeilijken.

Om op toons met deze firmware dropbear te installeren, moet het
oorspronkelijke installatiepackage omgezet worden naar ASCII tekst.
Dit kan met het base64 commando, dat op de meest linux machines voorhanden is
(geen idee omtrent windows en Mac):

base64 dropbear_2015.71-r0_qb2.ipk > dropbear_2015.71-r0_qb2.ipk.b64

Dit geeft een ASCII tekstfile (dropbear_2015.71-r0_qb2.ipk.b64), die een
gecodeerde versie van de oorspronkelijke binary is.
Deze file kan gemakkelijk over een seriele verbinding getransporteerd worden.
Ik gebruik daarvoor minicom (geen idee omtrent andere opties), dus dat is
(voor nu) de enige methode die hier beschreven wordt.

Volge het boot proces zoals hierboven beschreven (Bootloader aanpassingen
en verder), tot je bij de initiele command prompt uitkomt:

/bin/sh: can't access tty; job control turned off
/ # 

en tik in:

cat > dropbear_2015.71-r0_qb2.ipk.b64

Dit dirigeert ALLE console input naar de file dropbear_2015.71-r0_qb2.ipk.b64
Blijf dus met je fikken van de seriele console af totdat minicom zegt dat je
weer mag.

Zet de seriele lijn in file transfer mode door <Ctrl+A> S in te tikken, en kies
ascii mode:

+-[Upload]--+
| zmodem    |
| ymodem    |
| xmodem    |
| kermit    |
|>ascii<    |
+-----------+

Kies dan het pad en de file die je wilt uploaden in het minicom menu (dat is een
beetje erg ouderwets, dus zet de file niet te diep weg in een directory boom,
anders tik je je suf. Ik zet e.e.a. in /home/marcelr/).

En tik <enter>

De ASCII tekst van de file scrollt nu over je scherm, en zodra alles is geupload,
mag je van minicom <any key> intikken.

Geef meteen daarna een <Ctrl+D> in de seriele console (en niks anders).
Dit stopt cat, en geeft het commando terug aan het toetsenbord.
Nu kun je de zojuist getransporteerde, gecodeerde dropbear uitpakken met:

base64 -d dropbear_2015.71-r0_qb2.ipk.b64 > dropbear_2015.71-r0_qb2.ipk

Daarna kun je dropbear installeren zoals hierboven beschreven.

##### Aanpassing van iptables (de linux firewall) #####

Voordat je extern toegang hebt tot toon, moeten eerst de netwerkpoorten die
horen bij ssh en http in de firewall opengezet worden.

De firewall voor linux heet iptables, en de configuratie is opgeslagen in
/etc/default/iptables.conf

Lokaliseer deze file en vind het gedeelte dat begint met:

# These are all closed for Quby/Toon:

Pas aan tot het er als volgt uitziet:

-A HCB-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 7080 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT

Bij nieuwere firmware gebruikt de interne webserver poort 10080 in plaats van
7080: (je kunt ook beide regels toevoegen).

-A HCB-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 10080 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT

De betekenis van deze poorten wordt gegeven op het domoticaforum, in de toon
threads.

Herstart de firewall:

/etc/init.d/iptables restart

Test je ssh toegang door (bijvoorbeeld via putty) een ssh verbinding op te
zetten met je toon.

Als dat allemaal werkt (in twee richtingen), kun je je toon weer in elkaar
zetten.

############################################################################
Isolatie van toon (complete ontkoppeling van Quby, voor niet-Eneco klanten)
############################################################################

Benodigdheden:

1: toon met daarop dropbear geinstalleerd.
2: verbinding met prive netwerk.

Als je toon geroot is, en weer volledig werkt, zegt toon in de tab "internet"
dat hij verbonden is met het Service Center. Het SC betsaat uit een stuk of
wat servers die via een heel aantal IP-adressen met alle toons in den lande
communiceren. Toegang tot het SC wordt binnen tooon opgebouwd via een zgn.
VPN tunnel, met een TLS security protocol. Zelfs wanneer je geen abonnement
hebt voor je toon, stuurt-ie met enige regelmaat data naar het SC. Eneco
beweert --terecht-- dat er niet ongevraagd gas-en elektraverbruiksdata naar
het SC gestuurd worden. Maar je ketelinformatie gaat elk uur naar Quby.
Geen idee waarom, overigens. Daarnaast neemt toon regelmatig contact op met
het thuisfront via ping en de chrony daemon.

##### OpenVPN uitschakelen #####

Maak een ssh verbinding met je toon.

Open de file /etc/inittab en (als je dat al niet gedaan hebt een stukje terug)
voorzie de openvpn regel in inittab van een commentaar-hekje:

#ovpn:2345:respawn:/usr/sbin/openvpn --config /etc/openvpn/vpn.conf --verb 0 >/dev/null 2>&1

Dit stopt de werking van openvpn bij de volgende herstart. Vanaf nu krijg je
in de internettab de mededeling "Internetverbinding" of woorden van die
strekking. Bovendien krijg je een waarschuwing dat de internetverbinding
niet goed is opgezet, en dat er geen verbinding is met het SC. Dat klopt,
en deze waarschuwingen kun je dus gerust naast je neer leggen.

Bij een toon met sw versie 3.0.29 en hoger kun je deze waarschuwingen
onderdrukken door de volgende file te editen:

/HCBv2/qml/apps/internetSettings/InternetSettingsApp.qml

Lokaliseer de volgende regels (regel 365 of daar in de buurt):


                onNotificationReceived : {
                        var statemachine = message.getArgument("statemachine");
                        if (statemachine) {
                                var prevSmStatus = smStatus;     
                                smStatus = parseInt(statemachine);
// voeg de volgende twee regels toe:
// al_n (20151220):                 
                                if(smStatus == _ST_INTERNET) {
                                    smStatus = _ST_TUNNEL;
                                }
//
// vervolg van het originele bestand:
                               // Trigger the internetStateChange signal, used by the internet settings overview screen
                                internetStateChange(smStatus);

.... etc.

NB, in qml code wordt commentaar voorafgegaan door //.

Deze aanpassing heeft als gevolg dat een werkende internetverbinding automatisch
geinterpreteerd wordt als een verbinding met het SC, en daardoor ben je van de
waarschuwingen af.

##### Toegang tot time.quby.nl blokkeren #####

Toon houdt de tijd bij via de zgn chrony daemon. Dat is een stuk software dat
verbinding legt met zgn. time servers, verspreid over het internet. Toon
gebruikt de time server van quby: time.quby.nl. De server naam wordt ingesteld
in /etc/chrony.conf:

Lokaliseer de volgende twee regels in chrony.conf:

server time.quby.nl minpoll 8
en
initstepslew 30 time.quby.nl

en vervang de servernaam door een andere. Ik gebruik www.nist.gov in plaats van
time.quby.nl. Is een even lange naam als time.quby.nl. Je weet maar nooit wat
ze in de chrony code hebben zitten hacken, en deze server wordt wereldwijd
door velen gebruikt en als betrouwbaar ervaren.

##### Uitschakelen van ping #####

Toon pingt elke zoveel seconden de quby ping server. Dit wordt gedaan in
/HCBv2/sbin/hcb_netcon. Het ping-server adres is hard gecodeerd in dit
programma, dus om e.e.a. uit te schakelen moet het ping signaal omgeleid worden
naar een andere computer. Je kunt het niet even uitzetten.

Om de ping signalen om te leiden, open of maak de file

/etc/hosts.template
en voeg de regel

127.0.0.1 ping.quby.nl

toe, aan het einde van de file, en sla op.

Test of je routering werkt door quby te pingen:

eneco-001-xxxxxx:/# ping ping.quby.nl
PING ping.quby.nl (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=1.108 ms
64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.738 ms
64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.658 ms

Dit betekent dat je ping signalen teruggeleid worden naar localhost (127.0.0.1)
en je actie dus geslaagd is.

Start je toon opnieuw op. Je hebt nu alle verbindingen tussen toon en Quby
(Eneco) verbroken, en je kunt je toon weer gevoeglijk in je wireless netwerk
hangen.
marcelr
Advanced Member
Advanced Member
 
Posts: 840
Joined: May 2012
Location: Ehv

Remote control of your Toon through VNC

Postby marcelr » Thu Jun 01, 2017 4:57 pm

Without monthly subscription, your toon can be made accessible through VNC, which allows you to control it from any VNC-compatible device (PC, Mac, iOS phone, Android phone, Windows phone, iPad, etc.) This is how it's done:

Code: Select all
###############################################################################

Toon on a remote desktop and/or phone

20180204, marcelr, added new release version number.

20170822, marcelr, added warning on possible race condition in inittab code.

20170514, marcelr, added /etc/inittab entry.

20160601, marcelr, added some credits, removed sleep item from todo list

20160501, marcelr, first release.

###############################################################################

Some time ago, cygnusx raised the question on remote control of toon, at the
domoticaforum. Sounded interesting/nifty. Ierlandfan came up with the idea to
use VNC. Sounded good.

After some googling, x11vnc came out as the best option to run a remote desktop
service: It runs on linux, supports framebuffer devices, touchscreens, and is
open source, therefore possible to implement on toon.

To cut a long story short: I made a stripped-down version of x11vnc for toon,
and a script to start it up.

###############################################################################

What you need

###############################################################################

1: A rooted toon

2: x11vnc installation package for toon: x11vnc_0.9.13-r0_qb2.ipk or
   x11vnc_0.9.13-r3_qb2.ipk
   Newer fw versions (with openssl 1.0.2h) will need r3, older ones use r0.

3: A VNC client for your remote device (PC, phone, iPad, whatever), supporting
   VeNCrypt over SSL. I use TigerVNC on my desktop (linux or windows), and bVNC
   on my android phone.

###############################################################################

What you need to do

###############################################################################

1: Download the two parts of the zipped x11vnc package from the downloads
thread, rename part two to x11vnc.z01, unpack, and upload x11vnc_0.9.13-r0_qb2.ipk
to toon via scp:

$ scp x11vnc_0.9.13-r0_qb2.ipk root@toon:/root/

2: Install the package:

toon:~# opkg install x11vnc_0.9.13-r0_qb2.ipk
Installing x11vnc (0.9.13-r0) to root...
Configuring x11vnc.

3: Check if the script exists (the binary is called x11vnc-bin):

toon:~# which x11vnc
/usr/bin/x11vnc


4: Run x11vnc. The first time, it will ask for a password, to be used with your
VNC client. Make sure to choose a STRONG password. Check out this list if you
want to know what NOT to choose:

http://www.passwordrandom.com/most-popular-passwords

After entering the same password twice, x11vnc will ask you to save the
password. Choose y.
Then, it will create the server and CA certificates for the TLS protocol.

A typical first-time run session looks like this:

toon:~# x11vnc
Enter VNC password:
Verify password:   
Write password to /root/.vnc/passwd?  [y]/n y
Password written to: /root/.vnc/passwd

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            bd:32:02:0b:

...

what follows are several pages of text on the generated certificates.

...

-----END CERTIFICATE-----


The SSL VNC desktop is:  toon:0
PORT=5900
SSLPORT=5900
toon:~#

5: x11vnc serves on tcp port 5900. This has to be opened on your toon's
firewall.
Add the following line to /etc/default/iptables.conf:

-A HCB-INPUT -p tcp -m tcp --dport 5900 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
   
(I like to keep these directives more or less tidy, so in my iptables.conf
this line is in between similar directives for ports 22 and 10080).

Restart the firewall:

$ /etc/init.d/iptables restart

###############################################################################

Accessing toon through VNC

###############################################################################

Install a VNC client (as said already: TigerVNC and bVNC are known to work).

Choose "Secure VNC over SSL tunnel" or something along these lines as
connection type, enter your toon's access data (name, IP, port (default 5900) )
and the password set earlier in the first run of x11vnc.

Connect to toon.

You should now have a working VNC connection, with toon's interactive display
on your remote device.

For connections outside your own subnet, forward some unused high-number port
(typically: 10000 < portnumber < 65535) to toon's port 5900 on your router.
Read your router's manual for more info on port forwarding.

###############################################################################

Make x11vnc persistent over reboots

###############################################################################

BIG FAT WARNING: the following code does not work on all toons, for some reason.
Try it, and if it works, you're lucky. If not, start x11vnc manually.
As of yet, it's unclear why this code does not always work.

Some x11vnc users want x11vnc to start automatically at each reboot. To achieve
this, do the following:

1: Install x11vnc, run it, and set the password as described above.

2: Edit /etc/inittab. Add the following line to /etc/inittab, after the getty
   line (the getty line is there just for reference, in this example):

   # added tty for direct serial access
   gett:235:respawn:/sbin/getty -L 115200 ttymxc0 vt102
   # automatic (re)start of x11vnc:
   x11v:5:respawn:/usr/bin/x11vnc

3: Reboot. During reboot, /etc/inittab is partly rewritten, for an unknown
   reason. x11vnc will not be accessible yet.

4: Reboot again. Everything should now work.

###############################################################################

To do

###############################################################################

Lots of testing :-)

Maybe enhance security with dedicated server/client/root certificates.
marcelr
Advanced Member
Advanced Member
 
Posts: 840
Joined: May 2012
Location: Ehv

Fix 403-Forbidden error

Postby marcelr » Thu Jun 01, 2017 4:59 pm

Some Toons, when you try to reach them through a web browser, throw error 403. This is easily fixed:

Code: Select all
################################################################################

403-error fix

20161203, first draft.

################################################################################

In some firmware versions of toon, http access is not set properly, so remote
access to your data through http (e.g., for Domoticz) is impossible.

Typically, when you try to access your toon through its http server, you will
get the error:

403-Forbidden

Forum member fkruis posted a cure for this problem.

################################################################################

What you need

################################################################################

1: A rooted toon with network connection.

2: Some proficiency in editing with vi.

3: A computer with network connection and an internet browser and an ssh-client.

################################################################################

What you need to do

################################################################################

Log in to your toon, open /HCBv2/config/hcb_project.xml in vi and locate the
tag <hcb_web>:

...

   <hcb_web>
      <!-- Release uses lighttpd; put hcb_web somewhere where its harmless -->
      <port>7080</port>
      <defaultEntry>/hdrv_zwave/</defaultEntry>
      <enforceWhitelist>1</enforceWhitelist>
      <whitelist>
         <item>hdrv_zwave</item>
      </whitelist>
   </hcb_web>
...

Change into:

...
   <hcb_web>
      <!-- Release uses lighttpd; put hcb_web somewhere where its harmless -->
      <port>10080</port>
      <defaultEntry>/HCBv2/www/</defaultEntry>
      <enforceWhitelist>0</enforceWhitelist>
      <whitelist>
         <item>hdrv_zwave</item>
      </whitelist>
   </hcb_web>
...

That's all, reboot and you should have access to your toon's data:

Try

http://<ip-of-your-toon>/happ_thermstat?action=getThermostatInfo

in the address bar of your internet browser, and if all has gone well you
should see something like this:

{"result":"ok", "currentTemp":"1896", "currentSetpoint":"1400", "currentInternalBoilerSetpoint":"6", "programState":"0", "activeState":"2", "nextProgram":"-1", "nextState":"-1", "nextTime":"0","nextSetpoint":"0","randomConfigId":"1804289383","errorFound":"255","connection":"0","burnerInfo":"0","otCommError":"0","currentModulationLevel":"0"}
marcelr
Advanced Member
Advanced Member
 
Posts: 840
Joined: May 2012
Location: Ehv

Installing "afvalwijzer" data download from a secure website

Postby marcelr » Thu Jun 01, 2017 7:04 pm

Toonz made an app called "waste collection", and it needs to download agenda data from waste collection companies. Some of them only support the HTTPS protocol, which is not implemented on toon by default. This manual tells you how to get it to work.
Code: Select all
###############################################################################

How to download "afvalwijzer" data from a https website, using wget and cron

20170513, marcelr, first draft

###############################################################################

Recently, Toonz created an app which displays the waste collection agenda for
a specific address on toon.

From version 1.3 onwards, it also supports cure-afvalbeheer (active in the
Eindhoven area).

The waste collection agenda provided by this company is available as an .ics
file, from their website. The website is served as a https service, offered
through service port 443 (secure http or https).

## getting acccess to files served through https (port 443) ##

Toon has no support for this protocol, by default. So, to gain access to this
site, the following is required:

1: (Access to) a rooted toon, with working ssh and (preferably) sftp servers.

2: Install package for wget, with ssl support. Available from the Downloads
   thread on this forum.

3: Some proficiency in using vi.

What to do:

1: Upload wget with ssl support (wget_1.12-r8.2_qb2.ipk) to toon and install:
   opkg install wget_1.12-r8.2_qb2.ipk

2: Open port 443 in the firewall:
   Locate the file  /etc/default/iptables.conf and add the following line:
   
   -A HCB-INPUT -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT

3: Restart iptables by issueing the command:

   /etc/init.d/iptables restart

## Find the right URL for your waste agenda and adapt the download script ##

1: The agenda for the waste collection is given in the cure website:
   
   Fill in your address details (post code, house number) and click
   NAAR MAAND- EN JAARKALENDER > -> ZET INZAMELDATA IN UW AGENDA

   Locate the link to your agenda and copy it into the
   "get_waste_calendar_data.sh" script (it has the following shape):

   https://afvalkalender.cure-afvalbeheer.nl/ical/0yyyy000000xxxxx


#! /bin/sh
#
# get_waste_calendar_data.sh
#
# script to download calendar data from waste management company Cure
# (Eindhoven area, NL), and others.
#
# call: get_waste_calendar_data.sh
#
# The address code is found at the cure website.
# fill in your address details (post code, house number) and click
# NAAR MAAND- EN JAARKALENDER > -> ZET INZAMELDATA IN UW AGENDA
#
# At this page, copy the link
# https://afvalkalender.cure-afvalbeheer.nl/ical/<whatever-your-number-is
# to the command line after the call to this script:
# get_data_from_cure.sh <address code>
#
# Hit <enter> and your personal calender is downloaded to the directory
# defined in $DIR_OUT.
# The address code is linked to your address, not to a time, and thus remains
# the same, so you can repeat downloads from the same URL, and get updates for
# your calendar.
#
# another option is to paste the URL into this script, replacing the first
# argument ($1) of this script, in the definition of $URL below.

WGET=/usr/bin/wget
FILE_OUT=waste_calendar.ics
DIR_OUT=~/waste/
URL=<paste_calendar_URL_here>

mkdir -p $DIR_OUT

$WGET --no-check-certificate -O /$DIR_OUT/$FILE_OUT $URL &> /dev/null


2: On toon, create the directory /root/bin:

   mkdir -p /root/bin

3: Upload the "get_waste_calendar_data.sh" script to toon, put it in /root/bin, and
   make sure it is executable:

   chmod 755 /root/bin/get_waste_calendar_data.sh

4: Test by issueing the command /root/bin/get_waste_calendar_data.sh
   This should give you a file called waste_calendar.ics, in the directory
   /root/waste

## Automation of the calendar download ##

To automate regular execution of programs, unix systems (like toon) use a
utility called cron. Cron is a daemon process which runs in the background,
and checks every minute whether something from the crontab file needs to be
done. The crontab file is a file which sets the rules for cron, what to
execute, and when. It is edited with the program crontab.

To automate waste agenda download, do the following:

1: Download and install cron_3.0pl1-r8_qb2.ipk

2: Edit the crontab for user root, by issueing the following command:

   crontab -e

This opens an editor (typically vi), paste the following into the file:

# crontab for root
#      The time and date fields are:
#
#             field          allowed values
#             -----          --------------
#             minute         0-59
#             hour           0-23
#             day of month   1-31
#             month          1-12 (or names, see below)
#             day of week    0-7 (0 or 7 is Sunday, or use names)
#
SHELL=/bin/sh
# download .ics file for "afvalwijzer" app, every third day of the month,
# at 4:13 in the morning:                           
13 4 3 * * /root/bin/get_waste_calendar_data.sh

and save. You may omit the lines starting with a hash mark (#).

3: Start the cron daemon, by issueing:

   /etc/init.d/cron start

## Getting the information on toon ##

1: Install the app wastecollection v1.3 or later.

2: Edit the file WastecollectionApp.qml, to have the property wasteCollector
   reflect your waste collector:

   property string wasteCollector : "cure-afvalbeheer.nl"
   
   (or another provider) and save.

3: Add the wastecollection app to the file /HCBv2/qml/qb/base/Globals.qml.

4: Restart qt with killall qt-gui

5: All done, you should now be able to install a tile with your waste
   collection data from toon's tile selection menu.
Attachments
waste_calendar_scripts.zip
scripts for waste calendar download; get_waste_calendar_data.sh and crontab
(1.21 KiB) Downloaded 129 times
marcelr
Advanced Member
Advanced Member
 
Posts: 840
Joined: May 2012
Location: Ehv

Installation of custom apps

Postby marcelr » Mon Jun 05, 2017 9:38 pm

Lately, the development of custom apps is really taking off. This has created the need for an app installation manual.
This small tutorial shows how to install a custom app. As an example, Toonz's buienradar is chosen, but other apps are installed in very much the same way.

Code: Select all
###############################################################################
#
# Installation of the buienradar app for toon, developed by Toonz.
#
# 20170203 Toonz, update to v6
#
# 20170108 Toonz, marcelr, first draft
#
###############################################################################

This manual describes the installation process of the buienradar app, as made
by forum member Toonz. It has been tested on fw 3.1.22 and 3.5.4.

###############################################################################
# What you need:
###############################################################################

1: Rooted toon with internet access

2: buienradar install package (ToonBuienradar-Vx.y.z.zip

3: Basic knowledge of file editing

###############################################################################
# What you need to do:
###############################################################################

1: Unpack the contents of the buienradar package and transfer the directory

./buienradar/

and all of its contents to

/HCBv2/qml/app/

on your toon, such that everything ends up in /HCBv2/qml/apps/buienradar/

2: Locate the file /HCBv2/qml/qb/base/Globals.qml, open it in an editor and
add "buienradar", to the appsToLoad array (line 93 or thereabouts), like this:

...

// Base set of apps that is available on all displays
                                var appsToLoad = [
                                                        "homescreen",
                                                        "systray",
                                                        "thermostat",
                                                        "buienradar",
                                                        "clock",
                                                        "systemSettings",
                                                        "thermostatSettings",
                                                        "internetSettings",
                                                        "eMetersSettings",
                                                        "settings",
                                                        "graph"]

...

Position in the array is not really relevant.

3: Save the file and close the editor.

4: Restart toon's user interface by issueing:

killall qt-gui
Toon's user interface will restart, and now you can pick the tile "Buienradar"
and install it as a new tile.

5: When installed, click on the tile, click "Weerstation" and choose your
nearest weather station. Click "Opslaan" to save your choice. The data in the
buienradar app will now reflect your weather station's data.

6: By clicking on the buienradar icon in the system tray, you will get a
full-screen buienradar.

7: All done.
marcelr
Advanced Member
Advanced Member
 
Posts: 840
Joined: May 2012
Location: Ehv

Guidelines for submitting apps for the ToonStore

Postby marcelr » Sun Aug 27, 2017 11:03 am

Recently, we launched the ToonStore app, and now more forum members are designing apps and asked to have them published via the ToonStore. This is a very welcome development. However, to avoid disappointments on the developer side and the ToonStore maintenance side, some guidelines need to be followed for successful and fast publication of your apps.

So, if you intend to submit apps to the ToonStore, please stick to the following (Dutch version in the second half of the text):

Code: Select all
###############################################################################
#
# Toon apps, requirements for having them published via the ToonStore
#
# (Toon apps, richtlijnen voor publicatie via de ToonStore) 
#
###############################################################################

20170831: marcelr, added section on testing.

20170827: Toonz,marcelr, First draft.

Dutch text below (Nederlandse versie onderaan)

Requirements for applications to be distributed via de ToonStore

1: Makes sure the app is functional, so: test, test and test

2: Make sure the application can be fully operated from the GUI.
   All configurable parameters must be set via the application.
   Required manual edits of code by the user are not acceptable.

3: Make your code readable: use the right indentation, us meaningful names for
   variables and functions.

4: Make abundant use of comments. When you stop developing your app, others
   should be able to continue.

5: Naming conventions: The packaging environment (openembedded for toon) puts
   strict requirements on names of files and folders.

   In the end an installed application will be placed in the toon software tree
   like this:

   /qmf/qml/apps +
                 /myapp-x.y.z +
                              /drawables
                              /lang
                              Changelog.txt
                              version.txt
                              MyappApp.qml
                              MyappScreen.qml
                              MyappTile.qml
                              qmldir
                              ...
   and

   /qmf/qml/apps/myapp -> /qmf/qml/apps/myapp-x.y.x
 
   the last one is a symbolic link to the directory with all code (myapp-x.y.z).

   The packaging environment cannot handle packages when the package name of a
   package differs from the folder name where it is stored.

   The qt-gui is looking for apps named as the link/folder (in this case myapp).
   The installation method is chosen such that Globals.qml needs to be edited only once per app.
   Later versions of the app can therefore be easily installed.
   
   These are the characters which are allowed in the app names:
   0 1 2 3 4 5 6 7 8 9
   a b c d e f g h i j k l m n o p q r s t u v w x y z
   . - +

   In other words: numerals, lower case characters, dot, plus and minus
   character.

   Example: myapp+384.2 is ok, Myapp_3.4.5 is not.

6: Folder structure for submission to ToonStore
 
   /myapp +
          /drawables
          /lang
          /screenshots
          /description
          Changelog.txt
          version.txt
          MyappApp.qml
          MyappScreen.qml
          MyappTile.qml
          qmldir
          ...

   These files must be packed in a zip file, named after the application with
   version number, in this case:
   myapp-x.y.z.zip

   Myapp must be supplied in a folder myapp/

   Compulsory in each application:

   - Changelog.txt (containing information about changes in this and previous
     releases.
   
   Look for samples in other apps in the ToonStore.

   - version.txt.  This file only contains the version number of your app.
   (x.y.z in this case, no trailing line feed).

   - /description This directory should contain a plain text file, briefly
   explaining  the steps to be taken after the app has been installed. This
   text appears in the message box of Toon after installation.
 
7: Packages which do not comply to the rules above will not be accepted.
   Corrective changes must be made by the author before resubmission, we are
   not going to do this for you.

8: If you want to supply screenshots as well for display in ToonStore note the
   following:

   supply images in the .png format, maximum size 800x600 (800x480 preferred)
   filenames: <appname>_screenshot_x.png  where x is a sequence number
   starting with 1

   Example: toonstore_screenshot_1

   Store these screenshots inside the /screenshots subdir of your app.

9: After submitting your app, it will be packaged and returned to you (if the
   packaging procedure is completed successfully). You will then be asked to
   verify that the packaged app installs and works as it should, and that
   subsequent installations cause no errors, and removal indeed removes
   everything related to your app.
   After successful completion of ths step, the package is signed and submitted
   to the ToonStore.

10: Good luck with developing apps, and have fun !!!!!!


Dutch version below.

###############################################################################
Nederlandse versie:
###############################################################################

Richtlijnen voor het aanleveren van apps voor de ToonStore

1: Zorg ervoor dat de app werkt. Dus: testen, testen, testen.

2: Zorg ervoor dat de app vanuit de GUI volledig te bedienen is.
   Benodigde edits van code door de eindgebruiker, na installatie, worden niet
   geaccepteerd.

3: Zorg voor code die leesbaar is. Indentatie zoals het hoort, kies zinvolle
   naamgeving van routines en subroutines.

4: Voorzie je code ruim van commentaar, zodat ook nadat je er zelf geen zin
   meer in hebt, iemand anders kan begrijpen wat je code doet of beoogt te
   doen, en er eventueel mee verder kan.

5: Naamgeving: De packaging omgeving (openembedded voor toon) stelt vrij strikte
   eisen aan de naamgeving van files en directories.

   Uiteindelijk komt een geinstalleerde app als volgt in de software-boom van
   Toon terecht:

   /qmf/qml/apps +
                 /myapp-x.y.z +
                              /drawables
                              /lang
                              Changelog.txt
                              version.txt
                              MyappApp.qml
                              MyappScreen.qml
                              MyappTile.qml
                              qmldir
                              ...
   en

   /qmf/qml/apps/myapp -> /qmf/qml/apps/myapp-x.y.x
 
   waarbij de laatste een symbolic link is naar de directory waarin alle code
   staat (myapp-x.y.z).

   De packaging omgeving kan niet omgaan met packages waarvan de naam van het
   package anders is dan de directorynaam waar dat package in staat.

   De qt-gui zoekt in de apps naar de naam van de link (myapp in dit geval).
   De installatiemethode is
   zo gekozen dat Globals.qml maar een keer ge-edit hoeft te worden per app.
   Latere versies van dezelfde app kunnen dan zonder meer geinstalleerd worden.
   
   Dit zijn de karakters die in de naam mogen voorkomen:
   0 1 2 3 4 5 6 7 8 9
   a b c d e f g h i j k l m n o p q r s t u v w x y z
   . - +

   Oftewel: cijfers, kleine letters, en punt, plusteken en minteken.

   Bijvoorbeeld: myapp+384.2 mag formeel, Myapp_3.4.5 is verboden.

6: Structurering van files voor aanlevering
 
   Wat je aanlevert moet deze structuur hebben:

   /myapp +
          /drawables
          /lang
          Changelog.txt
          version.txt
          MyappApp.qml
          MyappScreen.qml
          MyappTile.qml
          qmldir
          ...

   Dit alles ingepakt in een zip file, met de naam+versie van de app, in dit
   geval:

   myapp-x.y.z.zip

   Dus myapp moet aangeleverd worden in een directory myapp/. Het versienummer
   voor de uiteindelijke installatie wordt er door de packager aangeplakt.

   VERPLICHT in elke app zijn:

   Changelog.txt (met informatie over wat er veranderd is per versie). Kijk
   voor voorbeelden in de apps die tot nu toe gepubliceerd zijn.

   version.txt.  Deze file bevat ALLEEN het versienummer van de app.
   (x.y.z in dit geval). Zie gepubliceerde apps voor voorbeelden.

   /description Deze directory bevat een korte tekst die beschrijft wat je
   moet doen na installatie, om je app aan de praat te krijgen. Deze tekst
   verschijnt in het bericht dat je krijgt na installatie. 
 
7: Aangezien filenamen en identifiers in qml-code gedeeltelijk overeenkomen, is
   het ondoenlijk om afwijkingen van deze eisen "effe snel" te wijzigen.
   Dat gaat dus ook niet gebeuren.
   Packages die aangeleverd worden en niet aan de eisen voldoen, worden niet in
   behandeling genomen.


8: Als je screenshots wilt meeleveren dan moeten het .png images zijn met de
   maximale afmetingen: 800 x 600 pixels, voorkeur 800x480.
   De filena(a)m(en) moet(en) zijn:
   <appnaam>_screenshot_x.png  waarbij x een volgnummer is, nummerend vanaf 1

   Voorbeeld: toonstore_screenshot_1

   Lever deze screenshots aan in de subdirectory /screenshots in je app.

9: Nadat je de app hebt ingediend als zipfile, wordt-ie ingepakt voor de
   software installer van Toon. Als deze procedure goed verloopt, krijg je je
   app terug en word je vriendelijk verzocht om de ingepakte app als nieuw te
   installeren op Toon, om te zien of alles werkt zoals je verwacht. Daarna
   moet je dat  nog een keer te herhalen, over een bestaande installatie, en
   tenslotte verwijder je je app, om te zien of inderdaad alles wat ermee te
   maken heeft goed verwijderd wordt.
   Als deze stappen allemaal goed verlopen, wordt je app gesigneerd en in de
   ToonStore geplaatst.

10: Succes met het ontwikkelen van mooie, zinvolle apps. En geniet ervan.




... and keep those apps coming, happy coding to you all!
marcelr
Advanced Member
Advanced Member
 
Posts: 840
Joined: May 2012
Location: Ehv

Useful files explained

Postby TerrorSource » Thu Sep 07, 2017 1:44 pm

This is a post to inform about some important files you might want to edit after rooting.

Please reply if you think that more info or files should be added to this topic or if you have any questions about the files.

Folder: /HCBv2/config or /mnt/data/qmf/config
File: config_happ_scsync.xml


Code: Select all
<internalAddress>agreementDetail</internalAddress>
<visibility>0</visibility>
"0" or "1",
<StartDate>1234567890</StartDate>
Linux timestamp, timestamp of initial activation.
<EndDate>-1</EndDate>
Linux timestamp (seconds since the epoch; jan 1, 1970, UTC), an expired timestamp will disable the "full menu" options. value "-1" can be set for "unlimited" time.
<ProductVariant>Toon</ProductVariant>
"Standalone" or "Toon", value "Standalone" will disable the "full menu" options. Value "Toon" + valid EndDate activates "full menu" options.
<activated>1</activated>
"0" or "1", activation of the Toon
<wizardDone>1</wizardDone>
"0" or "1", value "0" will activate the "initial setup" screens after a reboot. recommended to use when Toon is sold.
<SortwareUpdates>1</SortwareUpdates>
"0" or "1", value "1" will activate firmware updates.
<BoilerManagement activated="0">0</BoilerManagement>
"0" or "1",
<ElectricityDisplay>1</ElectricityDisplay>
"0" or "1", displays electricity usage, graphs and options.
<GasDisplay>1</GasDisplay>
"0" or "1", displays gas usage, graphs and options.
<HeatDisplay>0</HeatDisplay>
"0" or "1",
<SolarDisplay>1</SolarDisplay>
"0" or "1", value "1" enables the ZonOpToon widgets.
<SolarActivated>1</SolarActivated>
"0" or "1", value "1" enables the ZonOpToon options.
<OtherProviderElec>0</OtherProviderElec>
"0" or "1",
<OtherProviderGas>0</OtherProviderGas>
"0" or "1",
<SME>0</SME>
"0" or "1",
<HeatWinner>0</HeatWinner>
"0" or "1",
<ContentApps>1</ContentApps>
"0" or "1",
<TelmiEnabled>0</TelmiEnabled>
"0" or "1",
<mobileAccess>0</mobileAccess>
"0" or "1", value "1" enables the "Toon op Afstand" app, can only be used when there's a Toon subscription.
<supportEnabled>0</supportEnabled>
"0" or "1", value "1" enables the possibility to have remote support from the Eneco/Toon helpdesk. Recommended value is "0".
<supportEnabledStart>0</supportEnabledStart>
"0" or "1", value "1" enables the possibility to have remote support from the Eneco/Toon helpdesk. Recommended value is "0".
<researchEnabled>0</researchEnabled>
"0" or "1",
<doSolarWhatsnew>0</doSolarWhatsnew>
"0" or "1", value "1" enables "Wat is Zon op Toon" welcome screens.
<latestWhatsnewVersion>qt-gui - 1.6755-ene-release-ene-3.7</latestWhatsnewVersion>
Firmware version when the "WizardDone" was finished.
<statusUsageFirstUse>0</statusUsageFirstUse>
"0" or "1",
<scStatusFlags>0</scStatusFlags>
"0" or "1",
<commissionState>0</commissionState>
"0" or "1",


Folder: /HCBv2/config or /mnt/data/qmf/config
File: config_hdrv_hue.xml


You can use this file to "force" Toon to find the HA-bridge/Hue-bridge.
backup your current file, make a new empty file with the same name, copy the content below and edit the IP-address(2x) and mac address(internalAddress and serialNumber).
Code: Select all
<Config packageRevision="167">
  <sysConfig>
   <locale>nl_NL</locale>
   <timezone>Europe/Amsterdam</timezone>
   <currency>EUR</currency></sysConfig>
    <hue_bridge>
     <package>hdrv_hue</package>
     <uuid>daa9c3e9-549d-4c7f-a9a9-fda64b17d0e6</uuid>
     <type>hue_bridge</type>
     <name>Philips hue (192.168.1.2)</name>
     <internalAddress>abcdefgh1234</internalAddress>
     <visibility>1</visibility>
     <profile>ConnectedState</profile><ipAddr>192.168.1.2</ipAddr><modelName>Philips hue bridge 2015</modelName><serialNumber>abcdefgh1234</serialNumber><cfgName>Philips hue</cfgName><swversion>1705121051</swversion><apiVersion>1.19.0</apiVersion><port>80</port><modelNumber>0</modelNumber><linkState>3</linkState></hue_bridge>
  </Config>
TerrorSource
Member
Member
 
Posts: 108
Joined: May 2017

Updating your toon without losing ssh access

Postby marcelr » Sat Nov 18, 2017 10:12 am

By popular demand, a short manual for updating a toon without losing ssh access.

Code: Select all
###############################################################################

Updating your toon without losing ssh access

20171118: first draft

###############################################################################

Every update, the firewall configuration file gets overwritten, thus locking
you out of your toon, and forcing you to open it again. This is just childish
behaviour of Quby, the contents of the firewall configuration script hasn't
changed in 4 years, so there's no need to reinstall it at every update.

Anyway, if you can resist the temptation to hit the update button as soon as
it shows, the installation can be made such, that reopening your toon is not
necessary.


Requirements:

1: Rooted toon with ssh access (dropbear installed), AND a pending update.

2: Proficiency in vi, and the cli.

To do:

1: Locate the installation files for the update. From FW version 4.x.y
   onwards, they are located in

   /mnt/data/update

   Earlier versions (< 4.x.y) have the installation packages stored in

   /HCBv2/tmp/opkg-cache

2: Find the file base-qb2-ene_<whatever>_qb2.ipk,
   with <whatever> the version number of the upgrade. E.g., the upgrade to
   version 4.9.23 has the following number:

   4.9.23-1183-1, so the firmware version, build number and a revision level.

   The complete filename in this case is base-qb2-ene_4.9.23-1183-1_qb2.ipk.
   This is a normal, gzipped, tar archive, and holds the firewall
   configuration script.

3: Unpack the package by issueing the following:

   tar -zxvf base-qb2-ene_<whatever>_qb2.ipk

   This gives three files in the current directory:

   control.tar.gz
   data.tar.gz
   debian-binary
   
4: Unpack data.tar.gz by issueing:
   
   tar -zxvf data.tar.gz
   
   This renders two directories within the current directory:

   HCBv2/
   etc/

   or

   qmf/
   etc/

   depending on the firmware version.

5: Go to etc/default/, and edit iptables.conf:

   Original:

##############################################################################
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
##############################################################################
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:HCB-INPUT - [0:0]
-A INPUT -j HCB-INPUT
-A FORWARD -j HCB-INPUT
-A HCB-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# These are all closed for Quby/Toon:
#-A HCB-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
#-A HCB-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
#-A HCB-INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
#-A HCB-INPUT -p udp -m udp --dport 137:138 -j ACCEPT
-A HCB-INPUT -i lo -j ACCEPT
-A HCB-INPUT -i tap+ -j ACCEPT
-A HCB-INPUT -i tun+ -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j DROP
-A HCB-INPUT -p udp -m udp -j DROP
COMMIT
##############################################################################

   and make it look like this:

##############################################################################
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
##############################################################################
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:HCB-INPUT - [0:0]
-A INPUT -j HCB-INPUT
-A FORWARD -j HCB-INPUT
-A HCB-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# These are all closed for Quby/Toon:
-A HCB-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 5900 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 7080 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --dport 10080 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
#-A HCB-INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
#-A HCB-INPUT -p udp -m udp --dport 137:138 -j ACCEPT
-A HCB-INPUT -i lo -j ACCEPT
-A HCB-INPUT -i tap+ -j ACCEPT
-A HCB-INPUT -i tun+ -j ACCEPT
-A HCB-INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j DROP
-A HCB-INPUT -p udp -m udp -j DROP
COMMIT
##############################################################################

  While you're at it, you may also want to edit /qmf/etc/qmf_project.xml, to
  redirect the webroot to /qmf/www.

6: Return to the directory holding the installation packages to repack
   data.tar.gz by issueing:

   tar -zcvf data.tar.gz etc/ HCBv2/

   or
   
   tar -zcvf data.tar.gz etc/ qmf/

   depending on the firmware version.

7: Repack the installation file by issueing:

   tar -zcvf base-qb2-ene_<whatever>_qb2.ipk control.tar.gz data.tar.gz debian-binary

8: Proceed with installation of the update.
   The simplest way is to just type

   opkg install *.ipk

   in the directory holding the installation packages.
marcelr
Advanced Member
Advanced Member
 
Posts: 840
Joined: May 2012
Location: Ehv

Repairing a toon with a corrupted rootfs or missing busybox.

Postby marcelr » Sun Mar 04, 2018 12:07 pm

Recently, some forum members have tried to upgrade their toon's busybox, and failed for various reasons, leading to an essentially bricked toon. This manual adresses one way to solve issues like this.

Code: Select all
20180304 marcelr
    added info for repairing a non-corrupt rootfs

20160402 marcelr
    added ubifs construction info for newer toons


20160313 marcelr
    first release

######################################################################
#
# 0: How to use this manual
#
######################################################################

Initially, this manual was written to elucidate the inner workings of
the UBI filesystem which makes up the root filesystem of toon. With
the revision of busybox, late 2017, which blocked serial access, some
people have tried to upgrade their busybox, and failed, leading to an
essentially bricked toon. To show how to repair a toon which was
bricked in this way, a few lines have been added to the manual.

The manual covers four major topics:

1: Setting up an NFS server with all images in place (sections 1-3)
   and booting toon over NFS (sections 4 and 7).

2: Setting up a linux kernel and rootfs for use with NFS (sections 5
   and 6)

3: Repairing a corrupted rootfs on toon (sections 8 and 9).

4: Repairing stuff on a non-corrupted rootfs, on a bricked toon
   (section 10).

######################################################################
#
# 1: Repairing a corrupted root filesystem on toon.
#
######################################################################

Some time ago I woke up in a cold house. The boiler that should have
started up at 6.00 in the morning wasn't running. I checked the
thermostat (toon) and it turned out to be dead.

It was a friday morning and I had to go to work, so I replaced it with
another toon that I had lying around (flash version, not the fancy qt
gui). Problem solved, at least for the moment.

That evening I opened up the dead toon, hooked it up to a
serial-to-USB adapter and booted up. The boot loader got stuck at
loading the kernel, and posted a warning that the splash screen could
not be loaded. The flash partitions holding the splash image and the
kernel (and probably the others too) were most likely
corrupted. Badly. I had no backup of these partitions. Stupid me.

I dumped the kernel partition of my still working toon and the dead
one to look for differences. There was no resemblance between the two,
from the corrupted kernel it was clear that it was bad. Normally, the
kernel version is stated in human-readable text in the first few bytes
of the kernel image, in this case it was only gibberish. This toon was
dead as brown bread.

What to do? Years ago I built my own router from an old headless and
diskless 486 with a network adapter with boot ROM. The thing booted
over the network, getting all its information, kernel, initrd, ramdisk
image etc., from another machine. Toon's boot loader, U-Boot,
supports network booting as well. That could be my way out. The plan
was simple: build a kernel capable of mounting a root filesystem over
NFS, load this kernel into toon through TFTP, boot, repair the flash
partitions and flash everything onto toon.

Problem solved. Easy-peasy. Yeah, right ...

######################################################################
#
# 2: Prerequisites
#
######################################################################

To repair a corrupted toon, with a working bootloader, this is what
you need:

A computer running a DHCP server, an NFS server, a TFTP server, and a
serial client. Typically, you will find all of these services in a
linux box. You will need root access to this machine. Furthermore, you
will need to have the mtd-utils package installed and working.

A serial-to-USB converter with 3.3V signal level. If you need to buy
one, go for a version with separate female header connectors at the
serial side. These are the easiest for connecting with toon.

A wired (ethernet) router to connect toon to your computer.

The quby openembedded tree for toon. Not just the tarball, but a
working installation of it. You will need to be able to build a
working, modified linux kernel for your toon.

A copy of a (recent) root filesystem for toon. Dump your own rootfs
while you still can. You may need it later. See the script
'dump_rootfs.sh' on domoticaforum.eu

Working knowledge of:

1: linux kernel configuration. 

2: dhcp, nfs, tftp configuration, including firewalls to pass the
   services through.

3: entering commands through a CLI.

4: toon rooting. If you have no clue how to open toon and attach a
   serial interface to it, stop here, go and do something else.

######################################################################
#
# 3: Configuration of services
#
######################################################################

The following description is not carved in stone, there are many ways
to properly configure a DHCP, NFS and TFTP server. This is just how I
did it. My linux host is a CentOS 6 machine, with the old school
SysVinit startup system. Newer machines may have systemd. Can't help
you there, if yours is one like that. The location of scripts may vary
from one distro to another. Nevertheless, everything will be located
somewhere in /etc or its subdirectories.

##  TFTP  ##

TFTP (trivial file transfer protocol) is a simple protocol to
automatically upload files from one computer to another, typically at
boot time. In this case we need it to load a kernel image directly
into toon's memory.

On my linux box, the TFTP server requires a simple configuration
script, and a running xinetd. This is the configuration script for my
TFTP server, it resides in /etc/xinet.d/tftp:


# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        disable = no
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -p -svv /tftpboot
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

Important are the disable flag (no) and the server args. /tftpboot is
the directory from which clients can download their stuff.

The tftp server is started by running xinetd:

service xinetd start
or similar.

## DHCP ##

DHCP (dynamic host configuration protocol) configures computers on a
network, based on their MAC address alone. U-Boot supports host
configuration via DHCP, so a DHCP server is needed to assign an IP
address to toon. Simultaneously, a DHCP server can be configured to
enable automatic uploading of stuff to a remote host. In cheap routers
for residential use, this option is generally not available. So we
need to set up our own. Since for home use, computers hardly run DHCP
servers. That's normally handled by your router. Because of the
network boot of toon, you will need your own DHCP service. I
configured my (separate) router to hand out one IP address only (for
my CentOS box) and let the linux machine do all the rest.

This is the config script I used for dhcpd:

# dhcpd.conf
#

# global parameters...

option domain-name "toontest.org";
ddns-update-style none;
not authoritative;
default-lease-time 600;
max-lease-time 7200;
option broadcast-address 10.1.0.255;
option routers 10.1.0.100;

subnet 10.1.0.0 netmask 255.255.255.0 {

#  subnet-specific parameters...

  range 10.1.0.202 10.1.0.210;
}

host toon {
  hardware ethernet 00:11:22:33:44:55;
  fixed-address 10.1.0.201;
  next-server 10.1.0.10;
  filename "/tftpboot/toon/uImage-nfs";
}

# end of dhcpd.conf

This way, toon gets a static IP, and has an idea where to find its kernel.
Start the service (as root) as follows:

dhcpd -cf dhcpd.conf

## NFS ##

NFS (network file system) is a protocol to share block devices over a
network. Typically, an NFS server can give other hosts access to
(parts of) its disk space. NFS clients can mount NFS exports from a
server, and then use these disks as if they were part of the native
disk space of the client. When configured properly, a diskless host
can mount ALL of its disk space via NFS.

To be able to mount an NFS volume, it needs to be exported to your
client by the server. This is taken care of in the exports file:

/etc/exports: (two lines)

/tftpboot/toon/rootfs    10.1.0.201(rw,sync,no_root_squash,no_subtree_check)
/tftpboot/toon           10.1.0.201(rw,sync,no_root_squash,no_subtree_check)

Edit this file according to your needs, and (re)start the nfs server:

service nfsd restart

This command starts a host of services (rpcbind, mountd, nfsd and some
others), which need to be able to penetrate the firewall of your
server.

## IPTABLES ##

On modern linux boxes, the firewall is called iptables, and is
switched on by default. This firewall has a configuration script,
/etc/sysconfig/iptables, and you need to edit this script to hold the
following lines (edit IP addresses according to your needs):

-A INPUT -s 10.1.0.0/24 -p udp -m state --state NEW -m multiport --dports 111,892,2049,32769 -j ACCEPT
-A INPUT -s 10.1.0.0/24 -p tcp -m state --state NEW -m multiport --dports 111,892,2049,32803 -j ACCEPT

This opens all ports required to export NFS mounts.

Similarly, for TFTP, port 69 needs to be opened:

-A INPUT -p udp -m state --state NEW -m udp --dport 69 -j ACCEPT

Edit again, and restart iptables. You may have to restart nfsd as
well.  A second option is to switch off your firewall, and don't
bother with the ports. It's up to you.

######################################################################
#
# 4: Booting toon over the network
#
######################################################################

When you are lucky enough that only the kernel image partition is
corrupted, you can now boot your toon over the network. (You even
don't need NFS support for that).

Put the kernel image you want to boot (the original kernel image made
in the open embedded tree will do) in /tftpboot/toon/, on your tftp
server.

If you haven't done so already, connect the serial I/O interface to
toon, and open a terminal. Serial port settings should be 115200 baud,
8N1.

Verify that your U-Boot hangs; it will present the U-Boot prompt: U-Boot>
This is what my toon says at start-up:

U-Boot 2010.09-R6 (Mar 14 2012 - 11:15:10)                                     

CPU:   Freescale i.MX27 at 400.168 MHz

Prodrive B.V. ED2.0
DRAM:  128 MiB
NAND:  128 MiB
LCD: Initializing LCD frambuffer at a1400000
LCD: 800x480, pbb 4
LCD: Drawing the logo...
In:    serial
Out:   serial
Err:   serial
Error: no valid bmp image at a1d214a8 (signature 0xbe 0xda)
Net:   FEC
Warning: FEC MAC addresses don't match:
Address in SROM is         1f:56:1d:17:ee:22
Address in environment is  00:0f:11:01:9b:49


Enter password - autoboot in 2 sec...

AND read: device 0 offset 0x300000, size 0x300000
3145728 bytes read: OK
Wrong Image Format for bootm command
ERROR: can't get kernel image!
U-Boot>

Make sure to have your toon wired to an ethernet router, connected to
your dhcp server, supplying your toon with a static IP.

At the U-Boot prompt, sequentially type the following lines:

dhcp
tftpboot 0xA1000000 toon/uImage-xxxx
bootm

with uImage-xxxx the actual name of your kernel image.

This connects toon to your server, with a static IP, loads the kernel
into toon's memory, and boots it. The default U-Boot environment
available on toon is used. If that partition is corrupted, you will
find out fairly quickly.
Essentially, three things can happen:

First option: After bootm, nothing seems to happen, the terminal no
longer responds. In this case, the U-Boot environment is probably
corrupted.  Check by typing: printenv at the U-Boot prompt. You should
see something like this:

bootdelay=2
loadaddr=0xA1000000
bootdelay=2
mtdids=nand0=mxc_nand
mtdparts=mtdparts=mxc_nand:1M(u-boot)ro,512K(u-boot-env)ro,1536K(splash-image),3M(kernel),3M(kernel-backup),119M(rootfs)
mtdparts_kernel=mtdparts=mxc_nand:512K@0x00100000(u-boot-env)ro,1536K(splash-image),3M(kernel),3M(kernel-backup),119M(rootfs)
mem=128M
autoload=no
backlight_brightness=50
baudrate=115200
console=ttymxc0
addtty=setenv bootargs ${bootargs} console=${console},${baudrate}
addmtd=setenv bootargs ${bootargs} ${mtdparts_kernel}
nandargs=setenv bootargs ubi.mtd=4 root=ubi0:rootfs rw rootfstype=ubifs
boot_nand=run nandargs addmtd addtty addmisc; nand read ${loadaddr} kernel; bootm ${loadaddr}
boot_nand_backup=run nandargs addmtd addtty addmisc; nand read ${loadaddr} kernel-backup; bootm ${loadaddr}
bootcmd=run boot_nand
splashimage=0x180000
ethact=FEC
baudrate=9600
sn=12-37-023-641
pn=6500-1102-0301
software_compatibility=0
manufacture_date=2012/10
ethaddr=00:0F:11:01:9B:49
bootargs=ubi.mtd=4 root=ubi0:rootfs rw rootfstype=ubifs mtdparts=mxc_nand:512K@0x00100000(u-boot-env)ro,1536K(splash-image),3M(kernel),3M(kernel-backup),119M(rootfs) console=ttymxc0,115200 mem=128M init=/bin/sh
partition=nand0,0
mtddevnum=0
mtddevname=u-boot
addmisc=setenv bootargs ${bootargs} mem=${mem}

name=u-boot

If you don't see such information, you will have to rebuild the U-Boot
environment with mkenvimage (or ask me for an image of it).

Second option: The kernel boots, and when it tries to mount the root
filesystem, the kernel panics:

.....
ip_tables: (C) 2000-2006 Netfilter Core Team                                   
TCP cubic registered                                                           
NET: Registered protocol family 10                                             
ip6_tables: (C) 2000-2006 Netfilter Core Team                                   
NET: Registered protocol family 17                                             
lib80211: common routines for IEEE802.11 drivers                               
rtc-isl1208 1-006f: setting system clock to 2016-02-20 20:01:37 UTC (1455998497)
UBIFS error (pid 1): ubifs_get_sb: cannot open "ubi0:rootfs", error -19         
VFS: Cannot open root device "ubi0:rootfs" or unknown-block(0,0)               
Please append a correct "root=" boot option; here are the available partitions:
1f00             512 mtdblock0 (driver?)                                       
1f01            1536 mtdblock1 (driver?)                                       
1f02            3072 mtdblock2 (driver?)                                       
1f03            3072 mtdblock3 (driver?)                                       
1f04          121856 mtdblock4 (driver?)                                       
Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[<c00293d0>] (unwind_backtrace+0x0/0xf0) from [<c0326da4>] (panic+0x60/0x190)   
[<c0326da4>] (panic+0x60/0x190) from [<c0008ea0>] (mount_block_root+0x15c/0x20c)
[<c0008ea0>] (mount_block_root+0x15c/0x20c) from [<c00090d0>] (prepare_namespac)
[<c00090d0>] (prepare_namespace+0x8c/0x178) from [<c0008b50>] (kernel_init+0x10)
[<c0008b50>] (kernel_init+0x10c/0x14c) from [<c00258ec>] (kernel_thread_exit+0x)

This means that also the rootfs partition is corrupted. You will have
to mount another rootfs, over NFS. You will also need a kernel with
rootfs on NFS support.

Third option: the kernel boots, mounts the root filesystem, and you
end up with a login prompt. You're lucky, just the kernel partition is
corrupted.

######################################################################
#
# 5: Building a kernel with NFS support
#
######################################################################

To configure the kernel, I extracted the kernel source from the quby
openembedded tree and unpacked it in a separate directory, outside the
openembedded tree. The top-level kernel source directory is called
linux_r07/.
In this directory, I put the following script:

#! /bin/sh
make CROSS_COMPILE=arm-linux-gnueabi- ARCH=arm menuconfig

This starts kernel configuration, using the correct compiler (I happen
to have arm-linux-gnueabi- around), for the right processor type
(arm). You can also use the cross-compiler from the openembedded tree,
just make sure it's in your search path.

Run the script, and edit the kernel configuration (the default .config
for toon is loaded by starting the script). 

Under Filesystems, enter the submenu "Network file systems", tick the
boxes "root file system on NFS" and all NFS client options. Make sure
the tick boxes are marked with a * (built-in) and not an M
(module). Under "Enable loadable module support" untick the box
"Module versioning support".

Save the kernel configuration to a separate file (default is .config).

Copy the configuration file to the openembedded tree, in the subdirectory
~/oe/homeautomationeurope/recipes/linux/linux-quby2/

(~/ is the directory where you unpacked the openembedded tree)

Name it defconfig-2.6.36-R07-h11, this replaces the original
configuration file by quby. If you want to keep the old configuration,
back it up before you overwrite with the new kernel config file.

Now got to ~/oe/qb2, set the bitbake environment:

. ../bb_env.sh

and build the kernel:

bitbake linux-quby2

If you have built the linux kernel before, you may need to clean up first:

bitbake -c clean linux-quby2

The freshly built kernel ends up in
~/oe/qb2/tmp/deploy/images/uImage-qb2-hae-2.6.36-R07-h11-yyyymmddHHMMss.bin

with yyyymmddHHMMss the manufacturing timestamp.

Copy this image to /tftpboot/toon/uImage-nfs.

Your kernel is all set for booting toon over the network.

######################################################################
#
# 6: Preparing the root file system
#
######################################################################

If you have previously backed up your root filesystem (as a tarball),
now is a good time to unpack it.  Put the full contents of the rootfs
in /tftpboot/toon/rootfs. 

If you have not made a back-up of your rootfs, you can use the
barebones rootfs that's made when the quby openembedded tree is built
according to the README file in that tree. This rootfs resides in
~/oe/qb2/tmp/rootfs/image-base-qb2. Copy the full contents of this
directory to /tftpboot/toon/rootfs, including links etc.

In the case that you need to flash the kernel, rootfs etc. onto toon
(typically images made with dd, or brand new ubifs images), place them
somewhere in the root filesystem where you can find them. /root is not
a bad place.

######################################################################
#
# 7: Booting toon over the network, with NFS root file system
#
######################################################################

At the U-Boot prompt, sequentially type the following lines: (I had
them ready in a script, copied them one by one to the U-Boot terminal)

dhcp
tftpboot 0xa1000000 toon/uImage-nfs
setenv bootargs root=/dev/nfs rw nfsroot=10.1.0.10:/tftpboot/toon/rootfs,nfsvers=3,nolock,tcp console=ttymxc0,115200 loglevel=8
setenv bootargs ${bootargs} mtdparts=mxc_nand:512K@0x00100000(u-boot-env)ro,1536K(splash-image),3M(kernel),3M(kernel-backup),119M(rootfs)
setenv bootargs ${bootargs} ip=10.1.0.201:10.1.0.10:10.1.0.100:255.255.255.0:toon::off panic=1
bootm

This, sequentially, gets toon an ip adress, loads the kernel from the
TFTP server into memory, at address 0xA1000000, defines the root
filesystem as an NFS mount, read-write enabled, sets the URL of
the root file system, configures a terminal, configures mtd devices on
toon, and sets the network IP adress, NFS server, gateway, netmask,
hostname, and automated reboot when something fails. You need all of
this ;-).

The final line (bootm) starts the actual booting process.

If all goes well, you end up with a login prompt on toon. You may now
login as root.

######################################################################
#
# 8: Recovery of the mtd partitions.
#
######################################################################

## splash screen ##

If you feel a bit uncomfortable flashing your toon, you can start with
the splash screen. The worst that can happen is that toon no longer
presents one. Screwing up the splash screen has no further
implications.

Before you can write to flash, old stuff has to be erased first. Just
start with erasing /dev/mtd1 (that's where the splash image resides):

flash_eraseall /dev/mtd1

and then, find a nice image, having the _EXACT_ size of 800x480
pixels, 24 bit colourdepth, and uncompressed windows .BMP format.

Flash it onto /dev/mtd1 with:

nandwrite -a -p /dev/mtd1 <whatever_its_name_is.bmp>

Reboot and enjoy your personalised toon splash screen.

## kernel ##

If only the kernel, u-boot environment, or splash image partitions are
corrupted, and you have managed to boot toon through tftpboot, you can
copy the images for the respective partitions to toon, through e.g.,
wget. If your images were ripped off the very same toon you now want
to put them back on, this is the way to do it:
(this will in general not work for a root filesystem image, will get
to that later).

Erase the partition you want to recover, in this example
/dev/mtd2. At the shell prompt, type:

flash_eraseall /dev/mtd2

then, if you made the rip with dd, dd is the tool to put it back:

dd if=ripped_partition_image_of_mtd2.img of=/dev/mtd2

This writes the kernel image back to the exact position where it came
from, including bad blocks.

If you only have an image file, made elsewhere, flash it onto the nand
by:

nandwrite -a -p /dev/mtd2 /path/to/image/file

This writes the image straight to the flash, skipping bad blocks if
they exist. In this example /dev/mtd2 was used, this method can be
applied to any partition (except the root filesystem).

CAUTION: write the kernel image ONLY after you have verified that all
the rest of your toon is in working order. Once the kernel is flashed
to NAND flash, you will have to go through the whole rooting process
again to stop it from booting (and subsequent panicking). If your root
filesystem is still corrupted, your toon will have kernel panics
during booting, and will be quite useless. It can always be fixed, but
it's no fun to do.

SO: TEST THE QUALITY OF YOUR ACTIONS EVERY STEP OF THE WAY.

And remember the second rule of sudo:

Think before you type.

######################################################################
#
# 9: Installation of the root filesystem
#
######################################################################

Toon uses ubifs for its root file system. UBI stands for Unsorted
Block Image, specifically designed for flash memory, and is quite
different from other file systems. One of the differences is that it
is not connected to a block device, and therefore, ubi images cannot
be loopback mounted. Quite annoying if you need to change things, or
have a corrupted filesystem. Even if you made an image of your rootfs,
there's no simple way to mount that image on another computer and work
with it. So, to install a UBIFS filesystem on your toon, you will need
the contents of that filesystem, on another computer, with a
filesystem that you can read and write. Contents means: all contents,
so this includes symlinks, pipes, and normal files. Device special
files aren't necessary, since these are made on the fly by udev.

UBIFS images typically are made from (sub) directory trees,
and subsequently written to flash.

If you already unpacked a rootfs tarball (section 6), tested it as an
nfs-mount, and are happy with it, to serve as toon's native root
filesystem, you can convert it to a ubi image, and reformat toon's
rootfs partition with it. If not, go back to section 6 and start
there.

## creating the ubifs image ##

Creating the image is done in two steps. Depending on the firmware
version, the ubifs parameters have different values.

## step 1 ##
When toon boots, it spits out information on the flash parameters of
the ubifs image. In earlier toons it looks like this:

...
0x000000600000-0x000000900000 : "kernel-backup"
0x000000900000-0x000008000000 : "rootfs"
UBI: attaching mtd4 to ubi0
UBI: physical eraseblock size:   131072 bytes (128 KiB)
UBI: logical eraseblock size:    129024 bytes
UBI: smallest flash I/O unit:    2048
UBI: sub-page size:              512
UBI: VID header offset:          512 (aligned 512)
UBI: data offset:                2048
...

in later versions, this has changed into:

...
0x000000600000-0x000000900000 : "kernel-backup"                                 
0x000000900000-0x000008000000 : "rootfs"                                       
UBI: attaching mtd4 to ubi0                                                     
UBI: physical eraseblock size:   131072 bytes (128 KiB)                         
UBI: logical eraseblock size:    126976 bytes                                   
UBI: smallest flash I/O unit:    2048                                           
UBI: VID header offset:          2048 (aligned 2048)                           
UBI: data offset:                4096                                           
...

As you can see, the LEB (logical eraseblock) size, VID header offset, and data
offset have changed. This influences the way the rootfs image should be made.

The ubi filesystem is made with mkfs.ubifs.

This program has (among others) the minimum sub page size (-m
option), and LEB size (-e option) as arguments.

For the older versions (approximately first number in the serial
number < 15, check with bootstrap data) this is:

mkfs.ubifs -r ./rootfs/ -m 512 -e 129024 -c 954 -o toon_rootfs_ubifs.img

Newer versions should use:

mkfs.ubifs -r ./rootfs/ -m 2048 -e 126976 -c 954 -o toon_rootfs_ubifs.img

This creates a ubifs image from the contents of ./rootfs/ (without
rootfs/ as the top-level directory). The image is stored in the
current directory, with the name toon_rootfs_ubifs.img.

The arguments for mkfs.ubifs were copied from toon bootstrap data. The
numbers are connected to the physical flash chip, and should be kept
as they are, for your version of toon, otherwise the flashed rootfs
will not be bootable.

## step 2 ##
The second step of the image building involves the preparation of the
raw flash image. this is done with the ubinize command. Again,
depending on your toons version, two variants exist:

older:

ubinize -vv -o rootfs.ubi -m 2048 -s 512 -p 128KiB ubinize.ini

newer (SN 15- and (possibly) later):

ubinize -vv -o rootfs.ubi -m 2048 -p 128KiB ubinize.ini

Ubinize adds physical flash chip information to the image (physical
eraseblock size and some others). Besides some cli arguments, most
settings are done in a configuration file, having .ini style
formatting. For this example, the file is called ubinize.ini, and is
the same for the two variants of toon:

Contents of ubinize.ini:

[ubifs]
mode=ubi
image=toon_rootfs_ubifs.img
vol_id=0
vol_type=dynamic
vol_name=rootfs
vol_flags=autoresize

Again, keep the arguments as they are, you can change names, but do
not change volume id, eraseblock sizes etc. After completion of the
ubinize command, the file rootfs.ubi contains a rootfs image, ready to
be written to flash.

## writing the image to flash ##

Transfer the ubi image to the nfs-mounted root filesystem of your
toon. Then, flash the image to the rootfs device with ubiformat:

ubiformat /dev/mtd4 -f rootfs.ubi

Try the new filesystem, by rebooting according to section 4. If all is
well, your toon should boot normally.

TETS THOROUGHLY IF EVERYTHING WORKS AS PLANNED, and then, as a last
step, flash the kernel image of choice to /dev/mtd2.

If all went well, you now have a working toon again.

######################################################################
#
# 10: Repairing stuff on a bricked toon.
#
######################################################################

Since the update of busybox to 1.27.2-r1, some people have tried to
upgrade to 1.27.2-r4, and failed, for various reasons. This resulted
in a non-available /bin/sh, which is quite lethal for a unix-style OS.

To fix this, the following is required:

1: Set up an NFS server and TFTP server as described in sections 1-4
   of this manual. There's no need to build the kernel image and
   rootfs from scratch, instead you can download them from:

   http://files.domoticaforum.eu/uploads/Toon/images/uImage-nfs.zip
   http://files.domoticaforum.eu/uploads/Toon/images/image-base-qb2.tar.gz

   Unzip, and put them somewhere where toon can find them. In this
   example in /tftpboot/toon/uImages-nfs and /tftpboot/toon/rootfs,
   respectively.

2: Boot the bricked toon according to the steps in section 4, using
   the kernel and rootfs from the forum. Login as root. No password
   required.

3: Make sure to have all installation packages you need, available in
   the nfs-mounted filesystem. Put them in /root, for this example.

4: Mount the native root filesystem by executing the following:
   
   a: Attach the ubi rootfs to a device descriptor:
     
      ubiattach -p /dev/mtd4 -O 2048

      depending on the version of your rootfs, you may need to omit the
      -O 2048 option. ubiattach will give an error if it's needed.

   b: Check the device node number for this ubi:
     
      cat /proc/devices | grep ubi0

      This gives output like this (example):

      252 ubi0

   c: Create the device special file for the rootfs, according to the
      node number found in the previous step:
   
      mknod /dev/ubi0 c 252 0

   d: Mount the native rootfs of your toon (on older toons, /mnt can
      be used as mount point, on newer ones, this is already in
      use. In that case, create another one).

      mount -t ubifs ubi0:rootfs /mnt

   e: Your rootfs is now mounted on /mnt. Make sure to have a working
      busybox in /mnt/bin/busybox, by copying the one from the
      nfs-rootfs to /mnt/bin/busybox

      cp /bin/busybox /mnt/bin/busysbox

   f: Copy install packages from /root to /mnt/root

   g: Change the root to /mnt:

      chroot /mnt

      Your system now behaves as if the native rootfs is the root
      filesystem again.

   h: Install the stuff you put in /mnt/root. You can find it now in
      /root.

   i: When you are satisfied with the result, you can reboot your toon
      normally, and everything should be working.

######################################################################
# # 11: What if the bootloader is corrupted?  #
######################################################################

Then you have a different problem. Without a working boot loader, the
only access to your toon is through JTAG. JTAG is quite another kettle
of fish than the stuff presented here. I have accessed my toon through
JTAG, so if you end up in these parts, you can contact me through
domoticaforum.eu. Not sure if I can help you, though.
marcelr
Advanced Member
Advanced Member
 
Posts: 840
Joined: May 2012
Location: Ehv


Return to Eneco Toon as Domotica controller

Who is online

Users browsing this forum: No registered users and 1 guest