Sonnet Labs Firmware Poking

A few weeks ago I got the Sonnet Labs, Sonnet One long after we thought the Kickstarter was just dead. A pleasant surprise, until it was missing any instructions, and the setup link didn’t go anywhere. I ended up writing up what I could piece together on the web into an Unofficial manual of sorts, but then decided I wanted to know a bit more about the firmware currently on it.

Finding bits like the FCC manual, which didnt have much (https://fccid.io/2AN8Z-SONNET/Users-Manual/user-manual-4003660). Then someone on a comment back in the Kickstarter’s past mentioned a draft of a manual was put up (https://www.dropbox.com/s/avmes7rhanx2vli/Sonnet%20User%20Manual%20v0.4.pdf) that gave some actual guidance about the device, but then one user wrote on a forum where he was early testing the device that the devs had given him SSH access to control the backend of the device.

Now I was interested! You can get SSH and control the whole device? How does one get that. First I looked at the code of the web app that was running, and just wanted to see if there were any admin pages I could click and just not see. Nothing big stood out, except the code on the device, and the code on the GitHub looked a bit different than each other, and there is not even a README about how to get the repo up and working.

Running nmap against the device just displayed the few ports we knew it had to have open: web server, DNS, DHCP.

That’s when I saw a reference for http://repo-test.sonnetlabs.com(backed up on archive.org), a place where all the different firmware versions has been stored. Some are marked “stable” some are “beta” or “alpha”. With a bit of searching around I found a site that walked through easily extracting OpenWRT firmware. After a quick Brew install on mac, I was able to binwalk the file and open the firmware that I seemed to have on my device, vs one of the beta ones. Looking around, its a fairly standard OpenWRT firmware with some tweaks done for the long range radios. It also has services like dropbear for SSH. In the beta/alpha releases they are missing one line that the stable ones has: “option enable ‘0’” in the /etc/config/dropbear file disabling SSH.

Looking more, there are some init scripts the system starts, one for the app, and another for the radios. The code is actually decently documented,

If we (the internet) had a build of the firmware with SSH enabled, it would make checking and seeing information about the mesh much easier (since the UI seems to have no indication of what is going on with that), there appears to be a backend app for managing the mesh. This is used in the startup of the radios:

    ${MESH_CONTROLLER_CMD} reset
    echo "mesh: using channel ${channel}"
    ${MESH_CONTROLLER_CMD} set NCP:Channel ${channel}
    ${MESH_CONTROLLER_CMD} set Network:Name Sonnet
    ${MESH_CONTROLLER_CMD} set Network:PANID 0x4700

Most of the operations for the app seem to handled by /usr/bin/sonnet_server. And the web part of the app is in /usr/share/sonnet_app where it has all of its node modules setup, and cordova.js for some offline stuff. This code is much different than the one on the Github. Which makes the timeline/code confusing. If they shipped around October, they had to have the firmware more or less finalized a while before that. How do we have this one code base with some stuff from August 30th, then this firmware from 18-Jun-2019.

Anyway that was a bit of playing around with it. What I would like is Sonnet Labs to put a firmware out for us with SSH on, and everything else stock. Then go and add documentation to the repo, perhaps a easy way to iterate on the code and put it on the device. After that, if the community wants to help make the app better and perhaps put a UI on the actual mesh part. Or Sonnet Labs can update their product. The fact that http://repo.sonnetlabs.com has a bunch of 0 byte files last updated May 2018 does not fill me with hope…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s