Code word Ant after data loss in teddycloud

Nada · April 29, 2025, 7:39pm

Hi all,

my teddycloud and CC3200 box worked perfectly until all my volumes of teddycloud got wiped clean. Now I get a code word Ant from my box.

I reuploaded the client certificates from my backup, but I did not backup the server certs. Teddy cloud did create new server certs, so flashed the new ca.der to the box (as c2.der, and it got successfully replaced). However, I still get code word Ant.

There is nothing in the logs/RTNL of teddy cloud, I can see the box in my FRITZ!Box WLAN, I can access tc.fritz.box, Boxine and Cloud labels are green in the UI.

Can it be something else but the teddy cert on the box? Everything worked perfect until the teddycloud reset.

Any idea and help is much appreciated.

henryk · May 1, 2025, 2:01pm

Are you sure you took the right ca.der? Not the original boxine ca.der?

Can you post the docker logs even if you think they are not suspicious?

Nada · May 2, 2025, 8:11am

I am quite sure, but will try to flash it again. If I want to create new server certs I can just delete the existing ones and restart teddy cloud, right?

Here are the logs after a restart. I did a freshness check twice and see no log activity.

Running teddycloud...
TeddyCloud v0.6.4 (f13703a) - 2025-03-05 08:01:37 +0000 ubuntu linux-armv7l(32)

INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.ini
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY
INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |tls_adapter.c:0390:tls_adapter_init| Loading certificates...
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5235405
INFO |handler_sse.c:0045:handleApiSse| SSE Client connected in slot 0 in total 1 clients
INFO |toniesJson.c:0100:tonies_update| Updating tonies.json from api.revvox.de...
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server api.revvox.de:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 157.90.183.226
INFO |cloud_request.c:0389:web_request| Redirecting to: https://raw.githubusercontent.com/toniebox-reverse-engineering/tonies-json/release/tonies.json
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server raw.githubusercontent.com:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 185.199.111.133
INFO |toniesJson.c:0124:tonies_update| ... success updating tonies.json from api.revvox.de, reloading
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5250327
INFO |toniesJson.c:0211:tonieboxes_update| Updating tonies.json from api.revvox.de...
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server api.revvox.de:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 157.90.183.226
INFO |cloud_request.c:0389:web_request| Redirecting to: https://raw.githubusercontent.com/toniebox-reverse-engineering/tonies-json/release/tonieboxes.json
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server raw.githubusercontent.com:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 185.199.111.133
INFO |toniesJson.c:0238:tonieboxes_update| ... success updating tonieboxes.json from api.revvox.de, reloading
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5250327
INFO |server.c:0931:server_init| 1 open HTTPS Web connections

Nada · May 4, 2025, 11:56am

I just generated new server certs (deleted existing and restart teddy cloud), see logs below. Then I flashed the new ca.der to the Toniebox (I flashed the download from web UI, also checked ´diff´ with my backup server/cert/ca.der), logs below.

Logs teddy clouds

Running teddycloud...
TeddyCloud v0.6.4 (f13703a) - 2025-03-05 08:01:37 +0000 ubuntu linux-armv7l(32)

INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.ini
ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/server/ca-root.pem' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/server/ca-root.pem' failed
INFO |settings.c:1670:settings_load_certs_id| ********************************************
INFO |settings.c:1671:settings_load_certs_id|    No certificates found. Generating.
INFO |settings.c:1672:settings_load_certs_id|    This will take several minutes...
INFO |settings.c:1673:settings_load_certs_id| ********************************************
ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/server/ca-root.pem' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/server/ca-root.pem' failed
ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/server/ca-key.pem' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/server/ca-key.pem' failed
INFO |cert.c:0437:cert_generate_default| Generating CA certificate...
INFO |cert.c:0042:cert_generate_rsa| Generating RSA Key... (slow, very slow!!!)
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/server/teddy-cert.pem' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/server/teddy-cert.pem' failed
INFO |cert.c:0471:cert_generate_default| Generating Server certificate...
INFO |cert.c:0079:cert_load_ca| Load CA certificate...
INFO |cert.c:0103:cert_load_ca| Load CA key...
INFO |cert.c:0042:cert_generate_rsa| Generating RSA Key... (slow, very slow!!!)
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY
INFO |settings.c:1675:settings_load_certs_id| ********************************************
INFO |settings.c:1676:settings_load_certs_id|    FINISHED
INFO |settings.c:1677:settings_load_certs_id| ********************************************
INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |tls_adapter.c:0390:tls_adapter_init| Loading certificates...
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY
==8==ERROR: AddressSanitizer: out of memory: failed to allocate 0xb09000 (11571200) bytes of FakeStack (error code: 12)
ERROR|server.c:0877:server_init| ERROR: Failed to mmap
httpServerStart() for HTTPS failed with code 101
Running teddycloud...
TeddyCloud v0.6.4 (f13703a) - 2025-03-05 08:01:37 +0000 ubuntu linux-armv7l(32)

INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.ini
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY
INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |tls_adapter.c:0390:tls_adapter_init| Loading certificates...
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5250327
INFO |toniesJson.c:0100:tonies_update| Updating tonies.json from api.revvox.de...
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server api.revvox.de:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 157.90.183.226
INFO |cloud_request.c:0389:web_request| Redirecting to: https://raw.githubusercontent.com/toniebox-reverse-engineering/tonies-json/release/tonies.json
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server raw.githubusercontent.com:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 185.199.110.133
INFO |toniesJson.c:0124:tonies_update| ... success updating tonies.json from api.revvox.de, reloading
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5250559
INFO |toniesJson.c:0211:tonieboxes_update| Updating tonies.json from api.revvox.de...
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server api.revvox.de:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 157.90.183.226
INFO |cloud_request.c:0389:web_request| Redirecting to: https://raw.githubusercontent.com/toniebox-reverse-engineering/tonies-json/release/tonieboxes.json
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server raw.githubusercontent.com:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 185.199.110.133
INFO |toniesJson.c:0238:tonieboxes_update| ... success updating tonieboxes.json from api.revvox.de, reloading
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5250559
INFO |server.c:0931:server_init| 1 open HTTPS Web connections
INFO |server.c:0931:server_init| 0 open HTTPS Web connections
INFO |handler_cloud.c:0041:handleCloudTime|  >> respond with current time
INFO |handler_cloud.c:0041:handleCloudTime|  >> respond with current time
INFO |mqtt.c:0690:mqtt_init_box| Skipping client 'Toniebox' (cn: 'default')
INFO |mqtt.c:0690:mqtt_init_box| Skipping client 'Toniebox' (cn: 'default')
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server prod.de.tbs.toys:443...
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server prod.de.tbs.toys:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 18.156.186.144
INFO |cloud_request.c:0252:web_request|   trying IP: 3.69.182.181
INFO |cloud_request.c:0486:web_request| Response: '1746352169'
INFO |cloud_request.c:0486:web_request| Response: '1746352169'

Logs cc3200tool:

cc3200tool % cc3200tool -p /dev/tty.usbserial-BG00Z9SS --reset rts write_file c2.der /cert/c2.der
2025-05-04 13:40:46,264 -- Connecting to target...
2025-05-04 13:40:48,782 -- timed out while waiting for ack
2025-05-04 13:40:49,196 -- Connected, reading version...
2025-05-04 13:40:49,198 -- connected to target
2025-05-04 13:40:49,198 -- Version: CC3x00VersionInfo((0, 4, 1, 2), (0, 0, 0, 0), (0, 0, 0, 0), (0, 0, 0, 0), (16, 0, 0, 0))
2025-05-04 13:40:49,199 -- This is a CC3200 device
2025-05-04 13:40:49,199 -- Switching to NWP bootloader...
2025-05-04 13:40:49,215 -- Switching UART to APPS...
2025-05-04 13:40:49,230 -- Resetting communications ...
2025-05-04 13:40:50,654 -- Uploading rbtl3100s.dll...
2025-05-04 13:40:50,654 -- Reading rbtl3100s.dll from file ***/cc3200tool/.venv/lib/python3.12/site-packages/cc3200tool/dll/rbtl3100s.dll
2025-05-04 13:40:50,656 -- Getting storage list...
2025-05-04 13:40:51,405 -- APPS version: CC3x00VersionInfo((0, 4, 0, 2), (0, 0, 0, 0), (0, 0, 0, 0), (0, 0, 0, 0), (16, 0, 0, 0))
2025-05-04 13:40:51,421 -- File exists on target, erasing
2025-05-04 13:40:51,437 -- Erasing file /cert/c2.der...
2025-05-04 13:40:51,549 -- Uploading file c2.der -> /cert/c2.der [1419, disk=1419]...
.
2025-05-04 13:40:51,773 -- Read file after writing for verification...
2025-05-04 13:40:51,789 -- Reading file /cert/c2.der -> /var/folders/wg/l7g30n5s6818j3vhfmhdj0xh0000gn/T/tmp8_xdvltg
2025-05-04 13:40:51,869 -- File /cert/c2.der verified
2025-05-04 13:40:51,869 -- Getting storage info...
2025-05-04 13:40:51,885 -- storage #2 info bytes: 0x10, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0
2025-05-04 13:40:51,885 -- Getting storage list...
2025-05-04 13:40:51,904 -- Reading raw storage #2 start 0x0, size 0x2000...
..
2025-05-04 13:40:52,031 -- [1] detected a valid FAT revision: 65
2025-05-04 13:40:52,031 -- Getting storage list...
2025-05-04 13:40:52,050 -- Reading raw storage #2 start 0x1774, size 0x2774...
...
2025-05-04 13:40:52,216 -- selected FAT revision: 65 (active)
2025-05-04 13:40:52,216 -- FAT r65, num files: 27, used/free blocks: 933/91
2025-05-04 13:40:52,216 -- All commands done, bye.

Nada · May 4, 2025, 6:09pm

So, I did a freshness check a few hours later and it’s working! Will try to understand what solved the issue - otherwise maybe the Toniebox just needs a few minutes to sort things out…

As a conclusion for know. In theory the only things that need to be done after loosing the server certs is:

(Optional) Create new server certs: Delete the 5 files in teddycloud/certs/server and restart teddy cloud, e.g. via web UI. The new server certs a created during start-up.
(Recommended) Backup the server certs: Copy the 5 files in teddycloud/certs/server to a save location.
Flash the new ca.der to Toniebox: Follow the instructions to flash the new server cert ca.der to the Toniebox. For my CC3200, I just executed one line from the cc3200tool to copy the file teddycloud/certs/server/ca.der (or the download from the web UI) to flash:/cert/c2.der.
After reassembly of the Toniebox, power on and wait 5-10 minutes and do a freshness check.