1 (edited by diamaunt 2017-07-16 10:03:22)

Topic: How to stop the updates.

**********************************************************************************************************
MODERATORS NOTE
We STRONGLY recommend that you do not experiment with the processes here. 
One unfortunate person has already caused his Dash to be unbootable.
Wait, and we will have a working, reliable process soon.
Experiment at your own risk.
**********************************************************************************************************

I have 2 C10's.  I updated one before I found out what the update was about.  From then on it would only boot to a SONY display, essentially bricked.

The 2nd Dash had the update dialog over the display with no way to close the dialog without forcing an update, which I now know will disable my Dash.  Rebooting this Dash only booted to an error, something about an invalid id or something, and it wouldn't proceed.  So it was essentially bricked as well.

*********Remainder deleted by moderator********

Re: How to stop the updates.

DO NOT modify anything outside of the /psp partition.

All of the other partitions are signed with Sony's private key and the kernel checks these signatures when mounting them.  If you mess with any files in RFS1 it will not match the signature, and you will fail to boot the main partitions. Modifying RFS2 will produce an unrecoverable brick.

The kernels are also signed, which the boot loader enforces.  The boot loader is signed, which is enforced by the processor's security module.

Making the wrong change to /psp can also make a brick, since it's used by both the normal and special options modes (it needs it for touchscreen and network settings).

For what it's worth, in my opinion, it's not worth the risk - we already have one user on the forum that has permanently broken their own unit this way.  If you're going to post stuff about this type of hacking, make it very clear that your hack may result in a brick, or only post ones that you know absolutely for sure will work.

Re: How to stop the updates.

I'm withdrawing my 'fix'.  As of this morning my 2 C10's were still running without a forced update prompt.  But this morning I rebooted both to see if that would still hold up, and it didn't. I tried again, this time running the same apps that I did yesterday (not really thinking that would be significant but worth a try anyhow) but still no luck.

At this point I don't know why it ran fine for over 24 hours without issue before but with no such luck now.

Re: How to stop the updates.

One of my dash units has played over 36 hours without a forced update box coming up. Other one did produce update banner after reverting back to 1604. I may try reverting it back again to see what it does

Re: How to stop the updates.

birdman wrote:

I'm withdrawing my 'fix'.  As of this morning my 2 C10's were still running without a forced update prompt.  But this morning I rebooted both to see if that would still hold up, and it didn't. I tried again, this time running the same apps that I did yesterday (not really thinking that would be significant but worth a try anyhow) but still no luck.

At this point I don't know why it ran fine for over 24 hours without issue before but with no such luck now.

Are you able to track back what IP's or FQDN DNS the Dash looks to for updates? Would be simple for me to add a firewall rule on my Router to block access to it...

Re: How to stop the updates.

WoodburyMan wrote:
birdman wrote:

I'm withdrawing my 'fix'.  As of this morning my 2 C10's were still running without a forced update prompt.  But this morning I rebooted both to see if that would still hold up, and it didn't. I tried again, this time running the same apps that I did yesterday (not really thinking that would be significant but worth a try anyhow) but still no luck.

At this point I don't know why it ran fine for over 24 hours without issue before but with no such luck now.

Are you able to track back what IP's or FQDN DNS the Dash looks to for updates? Would be simple for me to add a firewall rule on my Router to block access to it...

I am in the process of doing that and will provide an update tomorrow..

Re: How to stop the updates.

GREAT! I was just going to ask the same thing, just block it on the router! Thanks for your investigation!

8 (edited by drexful 2017-07-16 21:12:02)

Re: How to stop the updates.

From what I understand from Duane and others, blocking the IP's, ports. or apps in your firewall might not do the trick.. I want to test it anyway... If anything, it will give me insight into where it goes and a possible redirect to an internal webserver.. Who knows.. It is all speculation at this point.

One other thing.. If it updates via control panel over 443 then we might not have a choice. Maybe a better option to use the modified controlpanel.swf that Duane posted?

Re: How to stop the updates.

yes, hoping to get addresses on where its connecting. I'll block access to those. Hopefully then i can still use weatherbug and alarm features after i load the earlier firmware.

Re: How to stop the updates.

I'm going to describe a random set-up that seems to have worked to stop updates.    When I first applied the fix, it unbricked the Dash, but I connected it to the internet-- and there was the update prompt.

I have a 2nd wireless network router.  It is plugged in and broadcasting a signal that the Dash picks up, but that router is not connected to my modem, so "technically" it's not broadcasting the internet.   I changed my settings to connect my Dash to that network, the Dash is tricked into thinking it's connected to the internet, but there is no internet, so no annoying prompts for updates.

Any further technical explanation of why this is working is beyond my expertise, but I thought I would share an accidental fix I applied that works for my Dash.   And in addition to the clock and weather, I still have my puppies.   lol


https://photos.google.com/photo/AF1QipPpvZbTLhBAZgvSIp9DTaXFhWEyJ7_gUVmXwuhg

Re: How to stop the updates.

drexful wrote:
WoodburyMan wrote:
birdman wrote:

I'm withdrawing my 'fix'.  As of this morning my 2 C10's were still running without a forced update prompt.  But this morning I rebooted both to see if that would still hold up, and it didn't. I tried again, this time running the same apps that I did yesterday (not really thinking that would be significant but worth a try anyhow) but still no luck.

At this point I don't know why it ran fine for over 24 hours without issue before but with no such luck now.

Are you able to track back what IP's or FQDN DNS the Dash looks to for updates? Would be simple for me to add a firewall rule on my Router to block access to it...

I am in the process of doing that and will provide an update tomorrow..

That was my first attempt to 'fix' this problem.  That unfortunately didn't work for me because then the Dash reported that it wasn't able to connect to the internet during authorization at startup and wouldn't continue past that dialog. Maybe someone else will have better luck.

Re: How to stop the updates.

So I turned on the wifi tethering on my phone, created a new hotspot called Dash, password aaaaaaaa then changed my network to Dash. After it connects, I turned off tethering, no more hotspot, alarm clock still working and no chance of downloading update. I was able to use vol + to cancel the update, so still on the prior version. Just didn't want to risk updating. Will keep the clock going this way until the chumbization of the dash is completed. Hoping it stays up without the network for a while. Thanks for the suggestions in this thread for the tether idea, indirectly. I just didn't want to pull out the backup router, and this was easier, although I found I still needed to enable data to complete the setup, it works fine.

13 (edited by drexful 2017-07-17 20:08:03)

Re: How to stop the updates.

drexful wrote:

From what I understand from Duane and others, blocking the IP's, ports. or apps in your firewall might not do the trick.. I want to test it anyway... If anything, it will give me insight into where it goes and a possible redirect to an internal webserver.. Who knows.. It is all speculation at this point.

One other thing.. If it updates via control panel over 443 then we might not have a choice. Maybe a better option to use the modified controlpanel.swf that Duane posted?


Here are the IPs and ports as promised..

173.230.198.41:443 TCP   Sony Media Software and Services
173.230.198.41:80 TCP   Sony Media Software and Services
72.52.14.26:80   Sony/Chumby


I am guessing that there is a pool of IPs for Sony and here are a few in that list.

1     173.230.198.12     Sony Media Software and Services
2     173.230.198.11     Sony Media Software and Services
3     173.230.198.41     Sony Media Software and Services
4     173.230.196.25     Sony Media Software and Services
5     173.230.217.202     Sony Media Software and Services



DNS Records for 173.230.198.41 resolve to:

    063068848c8d29b3f14f2388ccedbae7.ssm1.internet.sony.tv
    06c285a8190470787ac4e756379b2de3.ssm1.internet.sony.tv
    26c4e004e556a2497878016ddc41f9c2.ssm1.internet.sony.tv
    2810586818667b5731e597213d860557.ssm1.internet.sony.tv
    281fee3641fb64d48f68405e8a2cc509.ssm1.internet.sony.tv
    2cceee455140acb31e4fba9f270439be.ssm1.internet.sony.tv
    427093b025427479d2b6990a25454c54.ssm1.internet.sony.tv
    4552632b02f68b2bd131d82cfc527557.ssm1.internet.sony.tv
    46514fa1fe6df38fce0c4b6a26088d2c.ssm1.internet.sony.tv
    525c35912b41b9712ecb54a68431bd66.ssm1.internet.sony.tv
    6476a5cf9ae27e01a70242861e603792.ssm1.internet.sony.tv
    6a8b3bc2a14b4a17f9d95844ba1066f3.ssm1.internet.sony.tv
    953dab3edb573e64b0dd24acae437e13.ssm1.internet.sony.tv
    a466290e3715f6aae99f0ba85e2fec29.ssm1.internet.sony.tv
    a9a2f880a4b35317dc086293838b9b33.ssm1.internet.sony.tv
    ac31666cee4de315778a95746ff83782.ssm1.internet.sony.tv
    ad8641f3cff742de893d919add74c2bb.ssm1.internet.sony.tv
    b23dadb40f43f894cbb8812842f1bd8d.ssm1.internet.sony.tv
    c53912c870783be706fc00b20e73acbe.ssm1.internet.sony.tv
    ca1d5126ffcaaac334558c27f9c1d6ef.ssm1.internet.sony.tv
    d4906a10b039ea1b09b33e2b132ac77f.ssm1.internet.sony.tv
    e5ff5ca83fbb5bf1691595f36d2d33cb.ssm1.internet.sony.tv
    e6438f6178e24ef638377ddbfdd37206.ssm1.internet.sony.tv
    f6193b6df0a8c1d1330ff8d463a53aea.ssm1.internet.sony.tv
    f6c9a85b36dac25dbb6d834fd83c3d7b.ssm1.internet.sony.tv
    fc69b1ec2e47364ebf9ab082e54d94f6.ssm1.internet.sony.tv


DNS records for 72.52.14.26 resolve to:

dash.chumby.com
dash.dash.sel.sony.com

Re: How to stop the updates.

72.52.14.26 is a Sony server and was their branded fork of www.chumby.com from 2011.

We have a DNS CNAME record for it because there was some documentation out there referring to "dash.chumby.com" and without it, Sony customers were ending up at www.chumby.com and asking for customer support.

I guess I can change that now smile

EDIT: dash.chumby.com now CNAMEs to www.chumby.com

15 (edited by drexful 2017-07-19 14:54:06)

Re: How to stop the updates.

As expected, blocking the IP's and ports doesn't work. The update checker is performed over a ssl socket required for 100% bootable device.

I haven't turned on ssl decryption or url filtering at this point so it still might be feasible..

Re: How to stop the updates.

drexful wrote:

As expected, blocking the IP's and ports doesn't work. The update checker is performed over a ssl socket required for 100% bootable device.

I haven't turned on ssl decryption or url filtering at this point so it still might be feasible..

Have you tested blocking the IPs POST boot?  Leave it open long enough to boot then block after it comes up?

Re: How to stop the updates.

jhonryan wrote:

Have you tested blocking the IPs POST boot?  Leave it open long enough to boot then block after it comes up?

OK, here's what I did which has worked so far (~45 minutes without the update screen):

1) Cold boot of Dash
2) Wait until it passes the network connection and authentication stage and let it load first "widget" screen.
3) Block Dash MAC address at WiFi access point so it is no longer connected.
4) Let Dash run for awhile, putting up blank screens for widgets I run like photos and weather radar, etc., to confirm that it is not "getting out" but is continuing to run.
5) Block 173.230.192.0/19 in router.  This disables access to the relevant Sony network subnet (173.230.192.0 - 173.230.223.255).
6) Unblock Dash MAC address at WiFi access point.

Shortly after I did #6 the widgets regained access to their sources and it's running like nothing has changed.  Prior to this test I was getting the update screen within 5 minutes of plugging in the Dash.  Crossing fingers...will report back later.

Re: How to stop the updates.

riblet2000 wrote:
jhonryan wrote:

Have you tested blocking the IPs POST boot?  Leave it open long enough to boot then block after it comes up?

5) Block 173.230.192.0/19 in router.  This disables access to the relevant Sony network subnet (173.230.192.0 - 173.230.223.255).



Did my info help you from the other post?

Re: How to stop the updates.

jhonryan wrote:

Have you tested blocking the IPs POST boot?  Leave it open long enough to boot then block after it comes up?


No, but the IP range block seems to work post boot according to riblet smile

Re: How to stop the updates.

drexful wrote:

Did my info help you from the other post?

Yes, I used it to help find the Sony media address range to block.  Thanks.

So far so good, three hours later.  Hopefully that'll still be true tomorrow.

Re: How to stop the updates.

riblet2000 wrote:
drexful wrote:

Did my info help you from the other post?

Yes, I used it to help find the Sony media address range to block.  Thanks.

So far so good, three hours later.  Hopefully that'll still be true tomorrow.


Same here.  Mine was already up and running, I'd just been leaving it in "Night Mode" to avoid the update dialog, but if I ever did anything to accidentally end up in regular mode again, the update would occasionally pop up - even in that brief window.
I blocked that 173.230.192.0/19 IP range at the router, and now it's been sitting in "normal" mode now with no update pop-up for a couple of hours - with functional widgets!  It's basically just like it always had been before the update from Hades was thrown at us.

Obviously if it reboots it's going to fail to come up, but that's easily remedied with a quick removal of the IP block, and a re-enable once it's up again.  Thanks for figuring this out!  Now I'm in pretty darn good shape until the Chumbification is unleashed!

22

Re: How to stop the updates.

riblet2000 wrote:
drexful wrote:

Did my info help you from the other post?

Yes, I used it to help find the Sony media address range to block.  Thanks.

So far so good, three hours later.  Hopefully that'll still be true tomorrow.

I blocked the sony IPs post boot as well yesterday.  My Dash has been running normally (with control panel, widgets, pandora, netflix, weather et al.

No nightmode since Wednesday evening.  It's been almost 24 hours and no "UPDATE" message.

If I need to power cycle the dash I just need to "turn off" the block at my router (un-tick a box and 'save'), reboot the Dash, then "re-tick" the box in my router and back in business.  Worst case is I get the "update" message until my dash goes in to night mode at 9pm then I get it back.

Even if it's only for a week or so I'm satisfied.

Re: How to stop the updates.

Still update-free almost 20 hours later. smile