This application roots your Toon from a Raspberry Pi or another device with a JTAG debugger attached.
At the moment, the following is implemented:
- Detection of the U-Boot version
- Loading of modified U-Boot version using JTAG
- Logging in to supported versions of U-Boot
- Setting up the U-Boot environment so the Toon boots into a serial console
- Install and set up dropbear and sftp-server to let root user log in using an ssh key
- Modify the firewall settings to enable remote access to ssh and http server
- Generate SSH keys or let the user supply their own
- Check the output from a few commands so we know if we're successful...
- More fine-grained control of the installation package
I don't know.
You'll probably be fine. We're not overwriting the bootloader or important parts
of the OS, so I don't see it really breaking anything, but you should make sure all wires are connected
correctly, because otherwise you might short out something and break your Pi, Toon or both. If you are
having issues with your Toon, run this application again with the --boot-only flag set. When it's finished
you should be able to access a serial console on the Toon and check out what's wrong. To find some
'usual suspects', look through payload/patch_toon.sh, which is the script that's actually run on the Toon
to enable SSH access. The rest of the application basically just opens an injection vector to make that
possible.
The new Toon 2 isn't rootable using this tool. There are just a few people who can help you root a toon 2. You can take a look at this forum post if you want to have your Toon 2 rooted: https://www.domoticaforum.eu/viewtopic.php?f=101&t=12162
Make sure there's no power going in to either of the devices, and double check the connections before powering up again. Connect your Toon's debugging header to a Raspberry Pi according to the following pin assignments:
| Toon | Signal | Pi |
|---|---|---|
| 1 | RTCK | |
| 2 | TRST | 24 |
| 3 | GND | 25 |
| 4 | TCK | 23 |
| 5 | GND | 20 |
| 6 | TMS | 22 |
| 7 | SRST | 18 |
| 8 | TDI | 19 |
| 9 | Vt | |
| 10 | TDO | 21 |
| 11 | RxD | 8 |
| 12 | ||
| 13 | TxD | 10 |
| 14 | GND | 9 |
If you don't know which pins on the Pi are which, see pinout.xyz. The pins on the Toon are numbered similarly to the Pi, starting at the one marked as 1.
Check if you're running Raspbian Stretch or later. You can check this by running
cat /etc/issue, the response should be Raspbian GNU/Linux 9 \n \l or later.
Then make sure the serial port on the Pi is enabled and the serial console is disabled
using sudo raspi-config and reboot if necessary. Install the dependencies mentioned in the
Dependencies-section.
Then get and clone this application:
sudo apt install python3-serial python3-cryptography
git clone https://github.com/superzilence/ToonRooter.gitrun this application:
cd ToonRooter
sudo python . --jtag-availableThen reset your Toon and let the magic happen :)
INFO:__main__:Starting up...
INFO:__main__:Detected JTAG hardware 'rpi3'
INFO:__main__:Written private and public key pair to ./id_rsa and ./id_rsa.pub, respectively
INFO:rooter:Waiting for Toon to restart
INFO:rooter:Toon has U-Boot version 2010.09-R10
INFO:rooter:Loading new bootloader
INFO:rooter:Starting openocd
INFO:rooter:Waiting for 10 seconds
INFO:rooter:Halting CPU
INFO:rooter:Loading new image to RAM
INFO:rooter:Starting up new image
INFO:rooter:Waiting for Toon to restart
INFO:rooter:Toon has U-Boot version 2010.09
INFO:rooter:Using password to log in
INFO:rooter:Logging in to U-Boot
INFO:rooter:Patching U-Boot
INFO:rooter:Waiting for boot up
INFO:rooter:Transferring payload
INFO:rooter:Patching Toon
INFO:rooter:>>> Enabling root user. Your root password is: toon
INFO:rooter:>>> Opening ports 22, 80 and 10080 on firewall
INFO:rooter:>>> Disable VPN on boot
INFO:rooter:>>> Installing dropbear
INFO:rooter:>>> Installing openssh-sftp-server
INFO:rooter:Cleaning up
INFO:rooter:Rebooting
INFO:rooter:Your Toon is now rooted. Please wait for it to boot up and try to log in using SSHDuring the rooting process, the script will generate a random root password and output it to the console. It will also generate an ssh private key. You can use either to log in to the Toon after it is rooted. The script does not use a generic default password for all Toons because it's considered a security hazard (and there's no easy way to change the password on the Toon itself).
The most secure way of logging in is using the SSH private key (even better if you encrypted
the key using the --private-key-password argument).
After rooting, a file called id_rsa should be present in your working directory (or something
else if you used --output-ssh-key).
Logging in to the Toon can then be done by running:
ssh -i id_rsa root@[TOON IP]If you used the --private-key-password argument, you will now be asked to insert the password
you provided there. If you didn't, it should log in without asking for a password at all.
In the latter case, please consider encrypting it later using the following command:
ssh-keygen -p -f id_rsaIf for some reason you lost both the ssh private key and the password, you'll have to re-root your Toon.
Please re-check your wiring. If you're sure the wiring is correct, try the command with
the --output-level DEBUG flag set and head over to
this friendly forum where the
issue has most likely already been solved. If not, post a reply and the active community
will probably help you out.
You should definitely get a Pi.
However, if you're adamant that you want to root your Toon from another device and
you have a JTAG debugger lying around that works with OpenOCD, you should be able to
use this script without issue. Just put the configuration file for your debugger in the
assets/adapters directory (make sure it has a .cfg extension) and pass the name
of the file (without extension) to the script using the --jtag-hardware argument.
I'm pretty sure Windows is not going to work though, so you should use a Linux
(virtual) machine.
usage: sudo python . [-h] [--serial-port PATH] [--ssh-public-key PATH]
[--output-ssh-key PATH] [--private-key-password PASSWORD]
[--output-level INFO|DEBUG] [--jtag-available]
[--dont-check-uboot] [--dont-cleanup-payload]
[--dont-reboot-after] [--boot-only]
Root your Toon.
optional arguments:
-h, --help show this help message and exit
--serial-port PATH The path of the serial port to use
--ssh-public-key PATH
The path to an RSA public key which should be an
allowed key on the Toon after rooting it. If not
supplied, a key pair is generated
--output-ssh-key PATH
The path to output a generated key pair (the public
key will have a .pub suffix). Default is to write
id_rsa and id_rsa.pub in the current directory.
Ignored if you've used --ssh-public-key
--private-key-password PASSWORD
The password that should be used to encrypt the
private key when it's generated. Default is to use no
encryption. Ignored if you've used --ssh-public-key
--output-level INFO|DEBUG
The level of output to print to the console
--jtag-available Indicates you have a JTAG debugger connected to your
Toon's JTAG headers
--jtag-hardware TYPE The JTAG debugger type that we're working with. The
default is to autodetect the JTAG debugger (which
currently only works on Raspberry Pi). Supported
values are: auto, rpi1, rpi2, rpi3
--dont-check-uboot Don't check whether we can access the installer
version of U-Boot before using JTAG to start up the
custom one.
--dont-cleanup-payload
Leave the payload in /payload. Use this if you want to
include more files and do something with them.
--dont-reboot-after Don't reboot the Toon after rooting it. Use this if
you want to use the serial console after rooting
--uboot-only Only boot to the u-boot environment for manual control
--boot-only Don't install the payload, just boot into the serial
console
- Raspbian Stretch (or later) if you're using a Pi
- Python 2.7
- pySerial 3.4 (or later)
- OpenOCD from git (for newer Toons) (see instructions)
If your Toon has a newer U-Boot version than 2010-R8, a JTAG interface is required to upload a bootloader that we have access to through the serial console. To do this, you need to build a version of OpenOCD (at the time of writing the version in apt doesn't support using the Pi's headers as JTAG debugger).
#!/usr/bin/env bash
set -euo pipefail
# OpenOCD build script for Raspberry Pi OS 64-bit (Pi 3)
# - installs all common deps (incl. libjim-dev for jimtcl)
# - uses tmux so build survives PuTTY disconnects
# - logs build output
# - uses a safer parallelism for Pi 3
REPO_URL="https://git.code.sf.net/p/openocd/code"
DIR="$HOME/openocd"
LOG="$HOME/openocd_build.log"
JOBS="${JOBS:-2}"
echo "[1/6] System update + dependencies"
sudo apt update
sudo apt install -y \
git \
build-essential \
autoconf automake libtool libtool-bin \
pkg-config \
texinfo \
libusb-1.0-0-dev \
libftdi1-dev \
libhidapi-dev \
libjim-dev \
tmux
echo "[2/6] Quick health check (power/undervoltage flags)"
if command -v vcgencmd >/dev/null 2>&1; then
echo "vcgencmd get_throttled: $(vcgencmd get_throttled || true)"
else
echo "vcgencmd not found (ok, continuing)"
fi
echo "[3/6] Clone/update OpenOCD repo"
if [[ -d "$DIR/.git" ]]; then
cd "$DIR"
git fetch --all --prune
git pull --rebase
git submodule update --init --recursive
else
git clone --recursive "$REPO_URL" "$DIR"
cd "$DIR"
fi
echo "[4/6] Start build inside tmux (survives PuTTY disconnects)"
SESSION="openocd-build"
if tmux has-session -t "$SESSION" 2>/dev/null; then
echo "tmux session '$SESSION' already exists."
echo "Attach with: tmux attach -t $SESSION"
exit 0
fi
tmux new -d -s "$SESSION" "bash -lc '
set -euo pipefail
cd \"$DIR\"
echo \"== OpenOCD build started: \$(date) ==\" | tee \"$LOG\"
echo \"Repo: $REPO_URL\" | tee -a \"$LOG\"
echo \"Jobs: $JOBS\" | tee -a \"$LOG\"
# Clean if previously configured
make distclean >/dev/null 2>&1 || true
./bootstrap 2>&1 | tee -a \"$LOG\"
./configure --prefix=/usr --enable-sysfsgpio --enable-bcm2835gpio 2>&1 | tee -a \"$LOG\"
make -j\"$JOBS\" 2>&1 | tee -a \"$LOG\"
echo \"== Build finished: \$(date) ==\" | tee -a \"$LOG\"
echo \"Run: sudo make install\" | tee -a \"$LOG\"
'"
echo
echo "Build is running in tmux session: $SESSION"
echo "Attach to watch: tmux attach -t $SESSION"
echo "Log file: $LOG"
echo
echo "When build is done, install with:"
echo " cd \"$DIR\" && sudo make install"these instructions were based on the instructions posted here by rboers
This application is based on instructions and software written by:
- marcelr
- klaphekje
- rboers
- other domoticaforum.eu users