Esp32: new tonie -> owl

ben · February 20, 2025, 2:07pm

Hi,
when i put an new tonie on my esp32 box i get codword owl.
When i put the tonie first on the CC3200 box (and download the content to teddycloud) and then put the tonie on the esp32 box it works.

2025-02-20T11:43:44.236264475Z INFO |server.c:0959:server_init| 2 open HTTPS API connections

2025-02-20T11:43:45.168348230Z INFO |server.c:0430:httpServerRequestCallback| UA=toniebox-esp32-eu/v5.233.0, ESPFW=eu/v5.233.0

2025-02-20T11:43:45.168542874Z INFO |handler_cloud.c:0448:handleCloudContent|  >> client requested content for rUID 74036e1f500304e0, auth 6C0A8EE6...

2025-02-20T11:43:45.168808073Z INFO |handler_cloud.c:0724:handleCloudContent| Serve cloud content from /v2/content/74036e1f500304e0

2025-02-20T11:43:45.168836536Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server prod.de.tbs.toys:443...

2025-02-20T11:43:45.178073685Z INFO |cloud_request.c:0252:web_request|   trying IP: 3.69.182.181

2025-02-20T11:43:45.265248546Z ERROR|cloud_request.c:0262:web_request| Failed to connect to HTTP server! HTTP=Unknown HTTP Status Code error=Unknown certificate authority [537]

2025-02-20T11:44:35.768729815Z INFO |server.c:0959:server_init| 1 open HTTPS API connections

What could i do?

Thanks a lot
Ben

0xbadbee · February 20, 2025, 3:04pm

Please check your logs for warning and errors regarding your certificates of the esp32.
Pretty sure you have the wrong CA for your ESP32 because you extracted them from an already patched box.

ben · February 21, 2025, 8:45am

here the log of the esp32 startup

2025-02-21T07:55:38.491160303Z INFO |server.c:0959:server_init| 1 open HTTPS API connections

2025-02-21T07:55:39.741783154Z INFO |server.c:0959:server_init| 2 open HTTPS API connections

2025-02-21T07:55:40.526647077Z INFO |server.c:0430:httpServerRequestCallback| UA=toniebox-esp32-eu/v5.233.0, ESPFW=eu/v5.233.0

2025-02-21T07:55:40.526715169Z INFO |handler_cloud.c:0092:handleCloudOTA|  >> OTA-Request for 5 with timestamp 1669853893 (2022-12-01 00:18:13)

2025-02-21T07:55:40.526730113Z INFO |handler_cloud.c:0184:handleCloudOTA|  >> Replaced OTA query cv=1669853893 with new OTA query cv=1

2025-02-21T07:55:40.526743131Z INFO |handler_cloud.c:0234:handleCloudOTA|  >> No OTA (newer) found for 5

2025-02-21T07:55:40.648294521Z INFO |server.c:0430:httpServerRequestCallback| UA=toniebox-esp32-eu/v5.233.0, ESPFW=eu/v5.233.0

2025-02-21T07:55:40.648358260Z INFO |handler_cloud.c:0092:handleCloudOTA|  >> OTA-Request for 2 with timestamp 1 (1970-01-01 00:00:01)

2025-02-21T07:55:40.648373038Z INFO |handler_cloud.c:0184:handleCloudOTA|  >> Replaced OTA query cv=1 with new OTA query cv=1

2025-02-21T07:55:40.648413222Z INFO |handler_cloud.c:0234:handleCloudOTA|  >> No OTA (newer) found for 2

2025-02-21T07:55:40.648423296Z WARN |handler_cloud.c:0237:handleCloudOTA|  >> Box tried to enforce firmware delivery, but nothing here to serve!

2025-02-21T07:55:40.770652692Z INFO |server.c:0430:httpServerRequestCallback| UA=toniebox-esp32-eu/v5.233.0, ESPFW=eu/v5.233.0

2025-02-21T07:55:40.770707487Z INFO |handler_cloud.c:0092:handleCloudOTA|  >> OTA-Request for 6 with timestamp 1534781997 (2018-08-20 16:19:57)

2025-02-21T07:55:40.770718302Z INFO |handler_cloud.c:0184:handleCloudOTA|  >> Replaced OTA query cv=1534781997 with new OTA query cv=1

2025-02-21T07:55:40.770727227Z INFO |handler_cloud.c:0234:handleCloudOTA|  >> No OTA (newer) found for 6

2025-02-21T07:55:40.895310025Z INFO |server.c:0430:httpServerRequestCallback| UA=toniebox-esp32-eu/v5.233.0, ESPFW=eu/v5.233.0

2025-02-21T07:55:40.895368431Z INFO |handler_cloud.c:0092:handleCloudOTA|  >> OTA-Request for 3 with timestamp 1715951512 (2024-05-17 13:11:52)

2025-02-21T07:55:40.895378542Z INFO |handler_cloud.c:0184:handleCloudOTA|  >> Replaced OTA query cv=1715951512 with new OTA query cv=1

2025-02-21T07:55:40.895387246Z INFO |handler_cloud.c:0234:handleCloudOTA|  >> No OTA (newer) found for 3

2025-02-21T07:55:42.292117838Z INFO |server.c:0430:httpServerRequestCallback| UA=toniebox-esp32-eu/v5.233.0, ESPFW=eu/v5.233.0

2025-02-21T07:55:42.341052285Z INFO |handler_cloud.c:0817:handleCloudFreshnessCheck| Content (960 of 960)

2025-02-21T07:55:42.341143413Z INFO |handler_cloud.c:0825:handleCloudFreshnessCheck| Found 60 tonies:

2025-02-21T07:55:42.341157023Z INFO |handler_cloud.c:0885:handleCloudFreshnessCheck|   
...

2025-02-21T07:55:42.371849949Z ERROR|handler.c:0524:readTrackPositions| Invalid OggS header at 2605056

2025-02-21T07:55:42.376678250Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server prod.de.tbs.toys:443...

2025-02-21T07:55:42.386773493Z INFO |cloud_request.c:0252:web_request|   trying IP: 3.69.182.181

2025-02-21T07:55:42.474473977Z ERROR|cloud_request.c:0262:web_request| Failed to connect to HTTP server! HTTP=Unknown HTTP Status Code error=Unknown certificate authority [537]

2025-02-21T07:55:42.474553495Z INFO |handler_cloud.c:0941:handleCloudFreshnessCheck| Freshness check response: size=23, content=	p  P 

2025-02-21T07:55:42.915874866Z INFO |server.c:0430:httpServerRequestCallback| UA=toniebox-esp32-eu/v5.233.0, ESPFW=eu/v5.233.0

2025-02-21T07:55:42.937613880Z INFO |handler_cloud.c:0817:handleCloudFreshnessCheck| Content (272 of 272)

2025-02-21T07:55:42.937641953Z INFO |handler_cloud.c:0825:handleCloudFreshnessCheck| Found 17 tonies:

...

2025-02-21T07:55:42.947517719Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server prod.de.tbs.toys:443...

2025-02-21T07:55:42.950145782Z INFO |cloud_request.c:0252:web_request|   trying IP: 3.69.182.181

2025-02-21T07:55:43.038216575Z ERROR|cloud_request.c:0262:web_request| Failed to connect to HTTP server! HTTP=Unknown HTTP Status Code error=Unknown certificate authority [537]

2025-02-21T07:55:43.038279148Z INFO |handler_cloud.c:0941:handleCloudFreshnessCheck| Freshness check response: size=14, content=

2025-02-21T07:57:33.306966308Z INFO |server.c:0959:server_init| 1 open HTTPS API connections

a ERROR:

2025-02-21T07:55:42.474473977Z ERROR|cloud_request.c:0262:web_request| Failed to connect to HTTP server! HTTP=Unknown HTTP Status Code error=Unknown certificate authority [537]

Thats possible, because i flashed it a second and a third time after i changed the ip of the teddycloud host.

Last time flashing, i extraced .der certificates from teddycloud. I think that are wrong certificates.
What should i do next? Extract the certificates with esptool.py from the first ESP32_.bin with the legacy method mentioned here ?
Or simply copy the working CC3200 certificates?

0xbadbee · February 21, 2025, 9:00am

Please check the logs during teddyCloud startup. It should mark the ESP32 ca.der as wrong there.

ben · February 21, 2025, 9:47am

2025-02-21T09:20:46.219152571Z TeddyCloud v0.6.2 (203f12d) - 2024-10-26 18:14:34 +0000 ubuntu linux-aarch64(64)

2025-02-21T09:20:46.219271884Z 

2025-02-21T09:20:46.222736950Z INFO |settings.c:0848:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini

2025-02-21T09:20:46.226296904Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style

2025-02-21T09:20:46.226950837Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.227842358Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style

2025-02-21T09:20:46.228531882Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.229843673Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/f0..../ca.der' detected as DER style CERTIFICATE

2025-02-21T09:20:46.230068373Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/f0..../client.der' detected as DER style CERTIFICATE

2025-02-21T09:20:46.230851247Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/f0..../private.der' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.231095243Z WARN |settings.c:1690:test_boxine_ca| Client CA does not match Boxine

2025-02-21T09:20:46.231247425Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style

2025-02-21T09:20:46.231387367Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.231709343Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style

2025-02-21T09:20:46.231838026Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.231977838Z ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/20d77892772f/ca.der' for cert type detection

2025-02-21T09:20:46.231996393Z ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/20...../ca.der' failed

2025-02-21T09:20:46.232034485Z ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/20...../client.der' for cert type detection

2025-02-21T09:20:46.232046540Z ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/20...../client.der' failed

2025-02-21T09:20:46.232055411Z ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/20...../private.der' for cert type detection

2025-02-21T09:20:46.232076781Z ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/20...../private.der' failed

2025-02-21T09:20:46.232815064Z INFO |settings.c:0848:settings_load_ovl| Load settings from /teddycloud/config/config.ini

2025-02-21T09:20:46.234021912Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style

2025-02-21T09:20:46.234160650Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.234431886Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style

2025-02-21T09:20:46.234655863Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.234891933Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE

2025-02-21T09:20:46.235270871Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE

2025-02-21T09:20:46.236087671Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.236783621Z INFO |settings.c:0848:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini

2025-02-21T09:20:46.240760123Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style

2025-02-21T09:20:46.240899546Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.241247095Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style

2025-02-21T09:20:46.241440240Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.241669384Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/f0..../ca.der' detected as DER style CERTIFICATE

2025-02-21T09:20:46.241935139Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/f0..../client.der' detected as DER style CERTIFICATE

2025-02-21T09:20:46.242134320Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/f0..../private.der' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.242326391Z WARN |settings.c:1690:test_boxine_ca| Client CA does not match Boxine

2025-02-21T09:20:46.242511073Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style

2025-02-21T09:20:46.242664755Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.242850492Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style

2025-02-21T09:20:46.242986286Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.243111284Z ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/20...../ca.der' for cert type detection

2025-02-21T09:20:46.243123784Z ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/20..../ca.der' failed

2025-02-21T09:20:46.243184597Z ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/20...../client.der' for cert type detection

2025-02-21T09:20:46.243198282Z ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/20...../client.der' failed

2025-02-21T09:20:46.243267318Z ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/20...../private.der' for cert type detection

2025-02-21T09:20:46.243280614Z ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/20...../private.der' failed

2025-02-21T09:20:46.243950620Z INFO |tls_adapter.c:0390:tls_adapter_init| Loading certificates...

2025-02-21T09:20:46.244032693Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style

2025-02-21T09:20:46.244235300Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.244486666Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style

2025-02-21T09:20:46.244678533Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.244951491Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE

2025-02-21T09:20:46.245201690Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE

2025-02-21T09:20:46.245431075Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY

2025-02-21T09:20:46.274901947Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2

2025-02-21T09:20:46.275114128Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5149044

2025-02-21T09:20:47.246288738Z INFO |toniesJson.c:0100:tonies_update| Updating tonies.json from api.revvox.de...

2025-02-21T09:20:47.246428717Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server api.revvox.de:443...

2025-02-21T09:20:47.249444106Z INFO |cloud_request.c:0252:web_request|   trying IP: 157.90.183.226

2025-02-21T09:20:47.460345718Z INFO |cloud_request.c:0382:web_request| Redirecting to: https://raw.githubusercontent.com/toniebox-reverse-engineering/tonies-json/release/tonies.json

2025-02-21T09:20:47.460522363Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server raw.githubusercontent.com:443...

2025-02-21T09:20:47.463091576Z INFO |cloud_request.c:0252:web_request|   trying IP: 185.199.109.133

2025-02-21T09:20:50.149185945Z INFO |toniesJson.c:0124:tonies_update| ... success updating tonies.json from api.revvox.de, reloading

2025-02-21T09:20:50.223141379Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2

2025-02-21T09:20:50.223254340Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5149044

2025-02-21T09:20:51.141646705Z INFO |toniesJson.c:0211:tonieboxes_update| Updating tonies.json from api.revvox.de...

2025-02-21T09:20:51.141854090Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server api.revvox.de:443...

2025-02-21T09:20:51.143962107Z INFO |cloud_request.c:0252:web_request|   trying IP: 157.90.183.226

2025-02-21T09:20:51.347383948Z INFO |cloud_request.c:0382:web_request| Redirecting to: https://raw.githubusercontent.com/toniebox-reverse-engineering/tonies-json/release/tonieboxes.json

2025-02-21T09:20:51.347531538Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server raw.githubusercontent.com:443...

2025-02-21T09:20:51.349964067Z INFO |cloud_request.c:0252:web_request|   trying IP: 185.199.109.133

2025-02-21T09:20:51.504771106Z INFO |toniesJson.c:0238:tonieboxes_update| ... success updating tonieboxes.json from api.revvox.de, reloading

2025-02-21T09:20:51.578574153Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2

2025-02-21T09:20:51.578677966Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5149044

i think i found the mentioned errors. What could i do?

0xbadbee · February 21, 2025, 11:06am

copy over the original! ca.der of your cc3200 to your esp32 client cert dir.

I hope you have a backup of your UNMODIFIED ESP32 flash somewhere.
Otherwise it will be a hassle if you want to go back to stock some time, as you’ll have to put the boxine ca.der into the flash and revert the domains in the flash by hand with a hex editor.

ben · February 23, 2025, 5:05am

it works
thanks a lot 0xbadbee