Jump to content
Genetry Solar Forums

Firmware Version 1.1r6


Recommended Posts

9 hours ago, deeezz said:

Thank you Sid. Probably something with the mqtt I will have to check it out tonight. 

Can you confirm from the "Stat" page that you do indeed have a Rev. C control board?  Rev. C didn't start shipping until Fall last year--it was still under development in the summer.

I haven't released 1.1r6 for Rev A.1 / B boards yet.

Link to comment
Share on other sites

I do have the rev c. Board. I was having  trouble charging last fall and we up graded the board. So I have tried everything you said and still can't get the update to appear. I took some pics. Checked the MQTT and it was correct. Also I think we had this problem after the rev. C install and you pushed me the 1.1r5 update through the tech update also thought 1.1r5 was released after my install (later that day). This is kinda strange I usually see the updates (even the ones I not suppose install).

20220305_011301.jpg

20220305_010855.jpg

20220305_011132.jpg

Link to comment
Share on other sites

26 minutes ago, deeezz said:

I do have the rev c. Board. I was having  trouble charging last fall and we up graded the board. So I have tried everything you said and still can't get the update to appear. I took some pics. Checked the MQTT and it was correct. Also I think we had this problem after the rev. C install and you pushed me the 1.1r5 update through the tech update also thought 1.1r5 was released after my install (later that day). This is kinda strange I usually see the updates (even the ones I not suppose install).

Well, turns out the problem was entirely my fault...when I thought I RELEASED the update, I only put it on the TECH channel.

Fixed that--you should see 1.1r6 now 😉.

Link to comment
Share on other sites

Still giving me problems. I've tried switching to a different channel and switching back to rev. When I go to the wifi screen after setting to rev. and after rebooting the inverter the lcd says (up to date), then says new version, then checking file, and then goes back to saying (up to date). 

Link to comment
Share on other sites

2 hours ago, deeezz said:

Still giving me problems. I've tried switching to a different channel and switching back to rev. When I go to the wifi screen after setting to rev. and after rebooting the inverter the lcd says (up to date), then says new version, then checking file, and then goes back to saying (up to date). 

Is it still on "Rev" when you reboot the inverter?

You may need to set it to "Rev", exit the WiFi tab (any other tab), and then restart it.

Link to comment
Share on other sites

It was on rev. To begin with.  I only switched back and forth to see if it would help find the update. Each time I switched I exited out of the wifi to save the settings and rebooted. It acts like it sees the update but then just goes back to saying up to date. 

Link to comment
Share on other sites

17 minutes ago, deeezz said:

It was on rev. To begin with.  I only switched back and forth to see if it would help find the update. Each time I switched I exited out of the wifi to save the settings and rebooted. It acts like it sees the update but then just goes back to saying up to date. 

Sounds like the MQTT part and file path is working correctly.  It's failing on validation of the file--which can sometimes indicate a file access issue.

Does your WiFi router/firewall allow downloading of unsecured files (i.e. regular http, not https), of "unknown" extensions?  Can an Internet device (phone/computer) with the same WiFi access privileges as the inverter download the following file?  [ wifi.genetrysolar.com/U1646490204.gsf ]

Link to comment
Share on other sites

1 hour ago, deeezz said:

Just checked and my android phone downloaded it just fine. I even shut off the cellular data. 

Well, can you confirm whether it downloaded HTTP or HTTPS?

The inverter is only able to do an HTTP access.  If the WiFi system/router (or even ISP) is forcing redirect to HTTPS, it will fail.

We can try a Tech update just to see if that makes a difference (as version control won't apply then).  Unfortunately, I can't "add diagnostics" to this...if we can't get it update in the first place.

 

P.S. I guess I'm expecting that you're pretty technosavvy in the Internet department if your router has DD-WRT in it 😉.  I could be making a very wrong assumption though.

Link to comment
Share on other sites

Id like to think I'm tech savvy know more than most but unfortunately I don't know it all I've worked in communication/ telecommunications since 1998. Ok so I logged into my dsl modem checked settings. I did not see anything that looked off. So i thought maybe I I turn the firewall off. And now I 1.1r6. Thank you Sid. You are the best.

Link to comment
Share on other sites

32 minutes ago, deeezz said:

Id like to think I'm tech savvy know more than most but unfortunately I don't know it all I've worked in communication/ telecommunications since 1998. Ok so I logged into my dsl modem checked settings. I did not see anything that looked off. So i thought maybe I I turn the firewall off. And now I 1.1r6. Thank you Sid. You are the best.

Looks like I need to add a feature for 1.1r7 where the inverter will show the HTTP error code in the event it can't access the specified update file.  Make it easier to diagnose this sort of issue in the future.

Link to comment
Share on other sites

14 hours ago, deeezz said:

Id like to think I'm tech savvy know more than most but unfortunately I don't know it all I've worked in communication/ telecommunications since 1998. Ok so I logged into my dsl modem checked settings. I did not see anything that looked off. So i thought maybe I I turn the firewall off. And now I 1.1r6. Thank you Sid. You are the best.

It looks like you have dd-wrt?  If so you can use tcpdump to snoop the GS' traffic since it isn't https.  Look into tcpdump.

Link to comment
Share on other sites

3 hours ago, TheButcher said:

It looks like you have dd-wrt?  If so you can use tcpdump to snoop the GS' traffic since it isn't https.  Look into tcpdump.

Inverter is just trying to do a standard HTTP GET to the URL provided via the update channel.  If the router is forcing an HTTP redirect to HTTPS protocol, the inverter will fail to download the file--as it doesn't support HTTPS.  However, a smart Internet device (phone/tablet/computer/refrigerator) generally supports HTTPS and will accept the redirect and download the file as HTTPS.

I probably should mod the server settings so said files can ONLY be downloaded non-HTTPS.  That would make it easier to diagnose errors of this sort.

Link to comment
Share on other sites

On 3/6/2022 at 7:20 PM, TheButcher said:

The router shouldn't be doing that, pretty terrible if it does.  This sort of thing should be left up to the requesting device alone.  tcpdump would show what is happening in any case.

I agree.
Naturally, that means firewall designers do not.

It is unfortunate that the inverter doesn't support https://. Is that because openssl is impractical to fit? There is wolfssl now, which i think is supposed to be small - but of course small is relative in the embedded world.

Link to comment
Share on other sites

9 hours ago, NotMario said:

It is unfortunate that the inverter doesn't support https://. Is that because openssl is impractical to fit? There is wolfssl now, which i think is supposed to be small - but of course small is relative in the embedded world.

SSL opens up a huge quagmire of dependencies (and yes, lack of space).  Not only does the inverter then have to contact an NTP server (to get date/time) at every system startup (as there is no internal RTC), it also has to be able to download updated SSL certs on a periodic basis--which means that they then have to be hosted somewhere.  And if they're hosted somewhere, then anyone could download them and mimic the GS system--if not outright nullify any supposed security gains. 

And if the inverter can't access BOTH an NTP server AND a cert host, the WiFi connection is basically useless...which I guess might be a pretty lovely SHTF situation.

 

Fitting the current firmware into the WiFi board is being an extreme challenge due to the memory layout in the ESP32 (particularly the 2 RAM banks which are not contiguous).  This is without SSL: the project will fail compilation if I adjust the RAM distribution slightly one way (dynamic allocation vs compile-assign block).  And it'll crash/bootloop (stack fault) if I adjust it too far the other way.

I would expect SSL to be flaky on the ESP32 on a good day with nothing else going on.  Just for reference comparisons, the WiFi board firmware will not fit on an ESP32 with the standard FLASH partition table.  And that's without SSL.  Mind you, I don't have any huge multi-thousand-line bloated "off the shelf" libraries in the firmware either...the ones I am using are extremely small (and I've rewritten them to remove even more bloat).

 

I just don't see any pertinent benefit to SSL when there isn't anything of critical secrecy being downloaded/shared.  At some point here, I plan to be providing firmware update file download links (so remote users can "upload" a fimware file into the inverter from a phone/tablet/laptop if the inverter is installed in a remote location without Internet access)--so there's no "secrecy" point there.  And you can turn off the MQTT control function, removing any remote control access.

Link to comment
Share on other sites

12 hours ago, Sid Genetry Solar said:

SSL opens up a huge quagmire of dependencies (and yes, lack of space).  Not only does the inverter then have to contact an NTP server (to get date/time) at every system startup (as there is no internal RTC), it also has to be able to download updated SSL certs on a periodic basis--which means that they then have to be hosted somewhere.  And if they're hosted somewhere, then anyone could download them and mimic the GS system--if not outright nullify any supposed security gains. 

And if the inverter can't access BOTH an NTP server AND a cert host, the WiFi connection is basically useless...which I guess might be a pretty lovely SHTF situation.

Oh, no integrated RTC... that sucks. Though, i think most routers serve NTP now so default gateway could be used as a fallback as well. On the other hand, you could in that situation just ignore time verification for the SHTF case. Very nasty indeed.

12 hours ago, Sid Genetry Solar said:

I just don't see any pertinent benefit to SSL when there isn't anything of critical secrecy being downloaded/shared.  At some point here, I plan to be providing firmware update file download links (so remote users can "upload" a fimware file into the inverter from a phone/tablet/laptop if the inverter is installed in a remote location without Internet access)--so there's no "secrecy" point there.  And you can turn off the MQTT control function, removing any remote control access.

So, it's not necessarily a matter of secrecy. It's a matter of security.
I make no assumption about how the device validates downloaded firmware, but unless you're using a "shared secret" (or, even better, PK) style crypto to validate the authenticity of the firmware, you could be leaving people open to MITM firmware manipulation. This probably isn't very likely, but if your inverters became very popular, it could become a target. The largest botnet in the world was made up of CCTV IP-cameras with compromised firmware that people didn't properly secure on their networks.

Given your pragmatic situation with SSL, you'd probably be better off with a custom designed solution, which shouldn't be too hard if you're good at type of math involved. The super fast, nasty fix would be a signature based on a hash of the binary with a shared secret. Without knowing the secret, an attacker can't compute the correct signature when they try to inject their modified version. Of course it might be possible to JTAG the device and get the secret off of it, but at least it becomes considerably less trivial.

Wasn't sure if you'd considered this problem. Just some food for thought.

Link to comment
Share on other sites

10 hours ago, NotMario said:

Given your pragmatic situation with SSL, you'd probably be better off with a custom designed solution, which shouldn't be too hard if you're good at type of math involved. The super fast, nasty fix would be a signature based on a hash of the binary with a shared secret. Without knowing the secret, an attacker can't compute the correct signature when they try to inject their modified version. Of course it might be possible to JTAG the device and get the secret off of it, but at least it becomes considerably less trivial.

Let's just say that if a single bit is changed in the entire firmware file, the inverter will fail the update process.  The firmware update file is definitely not a "plain vanilla BIN file", that's for sure--so hacking it to spoof things will be pretty nigh impossible.  There is also no capability to remotely initiate an update--for simple security reasons (not the least being that the inverter has to shut down to install the update...so there goes your power if you aren't prepared!)

 

10 hours ago, NotMario said:

On the other hand, you could in that situation just ignore time verification for the SHTF case. Very nasty indeed.

I'd just as soon ignore time verification...but if the SSL cert is expired, it won't work for decoding the incoming datastream--bringing any communications to a grinding halt.

Link to comment
Share on other sites

3 hours ago, Sid Genetry Solar said:

Let's just say that if a single bit is changed in the entire firmware file, the inverter will fail the update process.  The firmware update file is definitely not a "plain vanilla BIN file", that's for sure--so hacking it to spoof things will be pretty nigh impossible.  There is also no capability to remotely initiate an update--for simple security reasons (not the least being that the inverter has to shut down to install the update...so there goes your power if you aren't prepared!)

That's a pretty good point. At least the attack window is minimized to when the user "hits the big red button." And since i literally can see you tell me there's a new update, that window is pretty darn small.
Hackers are pretty smart though -- if there is enough interest, they'll do it. Even to the point of physical analysis of the hardware to figure out critical details to enable them. Like i said, probably not a problem right now -- but when you sell a few million inverters... that may change.

Basically the only point i'm making is that in the long-run, it may really be worth your time. A CVE posted publicly with your product name on it wouldn't be the greatest thing in the world.

3 hours ago, Sid Genetry Solar said:

I'd just as soon ignore time verification...but if the SSL cert is expired, it won't work for decoding the incoming datastream--bringing any communications to a grinding halt.

An expired cert can still decode the datastream... the date is only used for authentication of the cert, not for the actual encryption. This doesn't matter anyway when it's impractical to implement in your hardware, but wasn't sure why you thought the expiration affected the encryption. Here's an example:

owner$ curl -I https://expired.badssl.com/
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
owner$ curl -I https://expired.badssl.com/ -k
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 10 Mar 2022 16:47:03 GMT
Content-Type: text/html
Content-Length: 494
Last-Modified: Thu, 10 Feb 2022 02:30:44 GMT
Connection: keep-alive
ETag: "620478d4-1ee"
Cache-Control: no-store
Accept-Ranges: bytes
Edited by NotMario
Link to comment
Share on other sites

Public SSL used to be something that could be relied upon to guarantee you were talking with the right thing in days past but with the huge increase in signing authorities and even the advent of free certificate services such as letsencrypt that is long gone.  There's now plenty of scope for 'bad people' to obtain certificates that allow them to present themselves as anyone.  Now it's more about encrypting the communications.  If there are other means of verifying or encrypting the payload SSL doesn't really add much these days.

Take a look at nVidia, recently private keys were lifted by crims and that allows them to validate their own malware as far as Windows is concerned and Windows will then happily install it.  Of itself SSL does nothing to prevent that.

  • Like 1
Link to comment
Share on other sites

29 minutes ago, NotMario said:

Hackers are pretty smart though -- if there is enough interest, they'll do it. Even to the point of physical analysis of the hardware to figure out critical details to enable them. Like i said, probably not a problem right now -- but when you sell a few million inverters... that may change.

Yeah, security through obscurity is the greatest thing until the obscurity disappears.

Let's just say that I'm not concerned about the actual "update" binary file getting hacked.

 

38 minutes ago, NotMario said:

but wasn't sure why you thought the expiration affected the encryption

Well, all the examples require an NTP server...and if a computer system clock is way out of date, the HTTPS protocol seems to break down.  I'm not well versed in SSL and the like--but as @TheButcher points out, securing the endpoints is likely a better method in the first place.  SSL is more or less "an easy way to secure" without doing any real work.

  • Like 1
Link to comment
Share on other sites

7 hours ago, Sid Genetry Solar said:

Yeah, security through obscurity is the greatest thing until the obscurity disappears.

Let's just say that I'm not concerned about the actual "update" binary file getting hacked.

Ah, say no more.

7 hours ago, Sid Genetry Solar said:

Well, all the examples require an NTP server...and if a computer system clock is way out of date, the HTTPS protocol seems to break down.  I'm not well versed in SSL and the like--but as @TheButcher points out, securing the endpoints is likely a better method in the first place.  SSL is more or less "an easy way to secure" without doing any real work.

So all the the time does is allow the client to check the date range of the certificate. The cryptography is completely independent of that and functions just fine. In fact, it is a perfectly valid use case to skip the date check in the case of permanent certificates - which are commonly used for situations like firmware updates.

By the way, i finally tried your update. Got the output amperage calibrated, and the Output "off" option now works without having to change the mode.
Adding 1800W of solar tomorrow, inverter works good. Life's good. If i think of something other than the grid-tie idea, i'll let you know.

Link to comment
Share on other sites

14 minutes ago, NotMario said:

By the way, i finally tried your update. Got the output amperage calibrated, and the Output "off" option now works without having to change the mode.
Adding 1800W of solar tomorrow, inverter works good. Life's good. If i think of something other than the grid-tie idea, i'll let you know.

Glad to hear; yes the "output off" not working was a bug I was aware of...actually caused by the Rev. C hardware modifications.

I am aware of an issue with AC input--causing "Xformer Volt Err" during transitions under load.  So far nobody's mentioned it (besides Sean, haha!), but if it becomes problematic, I'll probably drop 1.1r7 just to solve that issue alone.

 

Link to comment
Share on other sites

2 minutes ago, Sid Genetry Solar said:

Glad to hear; yes the "output off" not working was a bug I was aware of...actually caused by the Rev. C hardware modifications.

I am aware of an issue with AC input--causing "Xformer Volt Err" during transitions under load.  So far nobody's mentioned it (besides Sean, haha!), but if it becomes problematic, I'll probably drop 1.1r7 just to solve that issue alone.

I imagine i'm one of many people who do not use the AC-Input.
I would... but i don't want to run 2000$ worth of 6AWG wire to get the mains to it. (main reason grid-tie mode is so attractive to me)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...