A question just popped up in my head when I was trying to re-flash my box with a different cloud-name:
When I read an already patched ESP32 flash and patch it again, will TeddyCloud know that the certs are not the original certs anymore?
After all TeddyCloud will have to use the original certs in order to communicate with Boxine Cloud. In fact the original firmware dump should be preserved in a very safe place. Losing the original cert will cut off Boxine communication forever, wouldn’t it?
That brought me to my next question; if there are two boxes behind TeddyCloud, is there any way that each can use it’s own original client cert? This is if there are two accounts set up on Boxine - I don’t even know if this makes sense. Probably only for creative Tonies. But then why would you not upload that content to TeddyCloud directly, right?
Finally I reflashed my box with a different cloud name, but reading the serial output it looks like it’s pointing to tc.fritz.box which I had set as the server URI in TeddyCloud at some point…
It’s there an easier way to only patch the cloud name, other than downloading the flash and patching it again?
Yes and yes. You should store the original certificates in a safe place, backup them on another system than the teddycloud.
There is a config.overlay.ini file in teddycloud/config. Have a look there. You can add for each box the details which Mac, which name, which certificates shall be used. In future this could be also supported in the gui, first ideas are already discussed.
That’s a good question, but if you can you could do maybe because you want to share some content with others who are not using your teddycloud ( I am not sure if I can enable my creative tonies to be played on other tonieboxes in other households)
Weird. Are you sure the flashing worked? But here I can not help you.
As far as I know not yet, but also here there are already first seeds planted to support an easier way to patch the box. There is the idea to cache the firmware on teddycloud and patch them on that stage before deliverer them to the box. At least this is what I understand from some discussions and pull requests. @0xbadbee has prepared some things regards this in the latest versions.
The box has three different certificate parts.
The CA, which is the same for all boxes is replaced so the box can connect to teddyCloud.
The other two parts are the client cert and the private keys for it. Those are individual for each box, but not touched by teddyCloud (don’t lose them). Those are only copied to teddyCloud to be able to connect to the boxine cloud.
If you have used the webgui for flashing, you’ll have a backup in your firmware volume.
You can just redo the process to change the hostname.
Alternatively, you can use the legacy way.
It’s been a while since I flashed my first box. Maybe I don’t remember correctly. I was under the impression that TeddyCloud extracted the certificates automatically. That’s why I was wondering how it determined when to dump the certs. Rereading the documentation I now see that I can extract the certs of a second box manually.
That’s the easier way I had been looking for - and I believed to have read all the documentation
Thank you!
Für what it’s worth, I just found out that replacing the cloud name only works on the original image.
Changing it on an already patched image gives 0 occurrences changed
Thanks for clearing up the confusion about the certificates openssl x509 -inform der -text -in <certificate.der> also helps when putting the pieces together.
You’ll have to provide the current hostname within your modified image, otherwise indeed, there will be nothing to replace (as it searched for the original hostnames)
maybe because you want to share some content with others who are not using your teddycloud ( I am not sure if I can enable my creative tonies to be played on other tonieboxes in other households)