Start a new topic

Ability to downgrade firmware


I'm one of the maintainers of the opensource project , however with the latest release there appears to be certificate pinning (or similar) happening. This means that users can only upgrade the firmware in the Sonoff devices if they open it up, and solder in headers.

Using this OTA method users could get all of the benefits of an open platform, without the the need to open up the device and solder etc.

To allow customers to still do this, it would be great if you could either, provide a way of having an alternative update server (with no certificate pinning), or allow using to downgrade to previous versions of firmware that did allow SonOTA to work.

Your help is appreciated to allow every to benefit from the open platform.

Thank you.

98 people like this idea

I want this ! ... And I will but more sonoff product it is done !

any news of this?
Just purchased 4 test devices running firmware 1.8.1. Based in what I've read, we cannot upgrade / downgrade fw in order to be able to add custom fw OTA and there doesn't seem to be a fix coming.  It's a little disappointing as we'll now have to look for an alternative brand.

Can you please tell what "other brand" you guys are looking at?  I'd love to have a look myself and what else it out there that's a basic switch and meets the price point Sonoff offers.

I will admit that the lack of OTA upgrade sucks.  But you can upgrade the firmware very easily using the 4 exposed pin holes on the device.  Once you stick another firmware on the unit, then you can OTA update to your hearts content.

You have to realize that the current situation results in a much more secure Sonoff.  If they add the ability to downgrade firmware, then a hacker could also use that method to downgrade firmware to one without certificate pinning and then flash whatever they want on it.

If you wan to put custom firmware on these things, then you need to open it up.  I'm sure there are lots of people that don't want a custom firmware.  And they need the most secure firmware possible on here, so they don't become victims of a malware takeover.

What Sonoff should do is offer two different switches for sale.  One with the locked down firmware, and one with a hackable firmware that SonOTA works on.  That would be the best of both worlds.

Honestly, I just purchased a USB to ttl adapter this second. In my case, I would need a process 30 units so they would not take that much time, but I can understand other peoples concerns who need implement these units in larger numbers.
Login or Signup to post a comment