Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Everything about rooting Toons 1 and 2.

Moderators: marcelr, TheHogNL, Toonz

Toonz
Forum Moderator
Forum Moderator
Posts: 1769
Joined: Mon Dec 19, 2016 1:58 pm

Re: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by Toonz »

toonnoot wrote: Fri Apr 15, 2022 3:30 pm They can’t just cut off toons from future updates right..
They did provide a solution for their own customers (with or without subsription) for which firmwares were pushed automatically this week. Maybe missing a few toons which were disconnected this week because people were moving houses or something similar. In those rare cases they can offer a free new Toon I guess.

I can't blame them for not providing an easy upgrade path for rooted Toons which are not on the VPN normally, that's all in the game.
member of the Toon Software Collective
toonnoot
Member
Member
Posts: 63
Joined: Mon Jun 15, 2020 11:22 am

Re: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by toonnoot »

Yeah so technically, i could claim that I was renovating my home this week and missed the upgrade.

Then they would have to give me a new toon, which goes completely against all ESG and sustainability messages they have been putting out on why you should get a toon.

Though i still dont understand why they suddenly decided to move the vpn servers?
Is this a vulnerability on the toon or on the eneco servers?
toonnoot
Member
Member
Posts: 63
Joined: Mon Jun 15, 2020 11:22 am

Re: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by toonnoot »

I think, the least they should have to do is, after someone contacts the helpdesk, temporarily allow the specific device to connect and update.

Though not sure what this would imply for their backend processes.

I'm on a call with helpdesk now, just to see what they will say to justify their actions.
Toonz
Forum Moderator
Forum Moderator
Posts: 1769
Joined: Mon Dec 19, 2016 1:58 pm

Re: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by Toonz »

toonnoot wrote: Fri Apr 15, 2022 3:49 pm Though i still dont understand why they suddenly decided to move the vpn servers?
Is this a vulnerability on the toon or on the eneco servers?
They didn't 'decide' anything. When Toon 1 was produced around 2012 they were shipped with a standard certificate with a validity of 10 years.
Apparently they realized not so long ago about this and sort of rushed this update to keep at least the official customers going.....
member of the Toon Software Collective
toonnoot
Member
Member
Posts: 63
Joined: Mon Jun 15, 2020 11:22 am

Re: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by toonnoot »

Ah I see! That makes sense...
Horrible product management though to 'forget' something like that.


So I just got off the phone with helpdesk.
The last told me that they indeed pushed a version out to all toon subscribers.
I told her I missed this update because my toon was offline.

She then said that I need a subscription so that she can log into my toon and manually push the update.
Not sure if this is true, can the service center access your toon without a working VPN connection?

She also said something interesting, that they were preparing to launch another version of the update for non-toon subscribers and that would be made available to these toons (and the ones that weren't auto updated) somewhere in the next few days / week..

How would this even work technically? Maybe they are creating a bypass server-side for the older toons that haven't been updated to non-vpn'd server?
Like when you access the VPN with a older certificates that it redirects you to some other server, or that you get a notification to call Helpdesk?
Something like that could probably work, but would probably cost a lot of labour hours...

Or, of course, the lady I spoke just made some stuff up haha
Toonz
Forum Moderator
Forum Moderator
Posts: 1769
Joined: Mon Dec 19, 2016 1:58 pm

Re: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by Toonz »

toonnoot wrote: Fri Apr 15, 2022 4:31 pm So I just got off the phone with helpdesk.
The last told me that they indeed pushed a version out to all toon subscribers.
I told her I missed this update because my toon was offline.

She then said that I need a subscription so that she can log into my toon and manually push the update.
This is not correct. You need to be on 5.49.16 on a Toon1 to be able to start a new VPN connection.
Having a subscription or not is not relevant in this case.
A Toon1 on an older firmware cannot connect anymore to the VPN and Eneco therefor cannot access your Toon anymore.
Unless the Toon already has an active VPN connection from last boot time, but those (unrooted) Toons will have received the new firmware automatically anyway (with our without subscription).
In your case, when the Toon was 'offline' this week, Eneco has no option to get into your Toon anymore,
toonnoot wrote: Fri Apr 15, 2022 4:31 pm She also said something interesting, that they were preparing to launch another version of the update for non-toon subscribers and that would be made available to these toons (and the ones that weren't auto updated) somewhere in the next few days / week.
This is not correct either. If you haven't got the new VPN keys earlier this week, Eneco cannot push any updates anymore to your Toon.
Remember, unrooted Toons with or without subscription all have received the new firmware this week automatically.
They can only do something perhaps for Toon 1's which didn't get the update but still do have an active VPN connection from last boot time.
Again, this is not a solution for your case.
toonnoot wrote: Fri Apr 15, 2022 4:31 pm How would this even work technically? Maybe they are creating a bypass server-side for the older toons that haven't been updated to non-vpn'd server?
Like when you access the VPN with a older certificates that it redirects you to some other server, or that you get a notification to call Helpdesk?
Something like that could probably work, but would probably cost a lot of labour hours...
A bypassing server will not work. The openssl application on Toon will refuse to setup a connection with an expired certificate.
Nothing Eneco can do about that remotely in my view, but let them surprise us (for rooted Toons we are investigating workarounds, but unrooted Toons are stuck forever I believe)

Kind regardz,

Toonz
member of the Toon Software Collective
toonnoot
Member
Member
Posts: 63
Joined: Mon Jun 15, 2020 11:22 am

Re: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by toonnoot »

Ah thanks for the extensive reply Toonz!

Well lets wait and see then what happens…
I’ll probably get myself a temporary subscription with an unrooted toon and badger eneco with the question why I can’t update in 1-2 weeks time if they don’t fix it.
Toonz
Forum Moderator
Forum Moderator
Posts: 1769
Joined: Mon Dec 19, 2016 1:58 pm

Re: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by Toonz »

haha, keep us posted on your progress please 😊😊
member of the Toon Software Collective
TheHogNL
Forum Moderator
Forum Moderator
Posts: 2112
Joined: Sun Aug 20, 2017 8:53 pm

Re: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by TheHogNL »

There are a small percentage of toons not using the VPN. They changed months ago to a test which use a direct connection to the AWS-IOT platform. They are usually on a *.100 firmware but they got the 6.0.2 firmware this week.

As far as we know these Toons do need VPN also, but only for the firmware update. There is still no method for subscription Toons to get firmware updates directly over the AWS-IOT connection. But maybe there is a backdoor which we don't know about yet.
Member of the Toon Software Collective
hvxl
Senior Member
Senior Member
Posts: 1756
Joined: Sat Jun 05, 2010 11:59 am
Contact:

Re: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by hvxl »

Oops. I missed the upgrade deadline. :oops:

Ah well, maybe this will turn out to be the incentive I need to finally ditch the horribly slow Qt stuff and put some other kind of GUI on my Toon 1 that will be snappier. I never intended to use the Toon as a thermostat anyway. I only wanted a convenient control panel for my home automation system.

If someone here has already done something like that, I'd love to learn from their experience.
Schelte
michel30
Member
Member
Posts: 274
Joined: Fri Aug 25, 2017 4:42 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by michel30 »

To late ;-(

Unattended selected version 5.49.16
Alright, I will try to upgrade to 5.49.16
Now starting the VPN tunnel and waiting for it to be alive and configured...
TheHogNL
Forum Moderator
Forum Moderator
Posts: 2112
Joined: Sun Aug 20, 2017 8:53 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by TheHogNL »

For a toon2 to still be able to update do this:

Code: Select all

cd /etc/openvpn/certs/
rm ta-ene.key
ln -s /mnt/persist/etc/openvpn/certs/ta.key ta-ene.key
This will then allow the VPN to work again. Then run a normal update of the firmware.
Member of the Toon Software Collective
rene1
Starting Member
Starting Member
Posts: 1
Joined: Fri Dec 21, 2018 1:06 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by rene1 »

Thanks, :D
toonnoot
Member
Member
Posts: 63
Joined: Mon Jun 15, 2020 11:22 am

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by toonnoot »

TheHogNL wrote: Sun Apr 17, 2022 8:18 pm For a toon2 to still be able to update do this:

Code: Select all

cd /etc/openvpn/certs/
rm ta-ene.key
ln -s /mnt/persist/etc/openvpn/certs/ta.key ta-ene.key
This will then allow the VPN to work again. Then run a normal update of the firmware.
Zonet dit geprobeerd op mijn Toon2, en geupdate!

Dit werkt dus niet op Toon1's?
TheHogNL
Forum Moderator
Forum Moderator
Posts: 2112
Joined: Sun Aug 20, 2017 8:53 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by TheHogNL »

toonnoot wrote: Mon Apr 18, 2022 2:54 pm
TheHogNL wrote: Sun Apr 17, 2022 8:18 pm For a toon2 to still be able to update do this:

Code: Select all

cd /etc/openvpn/certs/
rm ta-ene.key
ln -s /mnt/persist/etc/openvpn/certs/ta.key ta-ene.key
This will then allow the VPN to work again. Then run a normal update of the firmware.
Zonet dit geprobeerd op mijn Toon2, en geupdate!

Dit werkt dus niet op Toon1's?
We stick with english here :)
Not this won't work on the toon1 because the toon1 has signed client certificates from the invalidated root CA.
This ta-ene.key is only for the premature tunnel encryption, not for the client authentication.
Luckally the Toon2 had also another ta.key installed which now can be used and the toon2 client certificates where still valid (and the CA also).
The toon1 needs to have new certificates. The toon2 will get them also, once at 5.49.16
Member of the Toon Software Collective
Post Reply

Return to “Toon Rooting”