Ceton Echo EOL Rumors and Firmware Preservation

Talk with fellow members about Ceton's Media Center Extender.
Forum rules
Ceton no longer participate in this forum. Official support may still be handled via the Ceton Ticket system.
electronrancher

Posts: 17
Joined: Fri Jul 11, 2014 5:07 pm
Location:

HTPC Specs: Show details

Ceton Echo EOL Rumors and Firmware Preservation

#1

Post by electronrancher » Sun Jul 13, 2014 2:15 am

Howdy all,

New Echo user here - seems pretty slick so far, easy plug and play setup and all channels streaming fine (even HBO HD) using WMC7, HDHomeRun Prime and 100baseT ethernet.

But it's a little concerning that Ceton is apparently leaving the Echo to fall into the big heap of defunct MC extenders. Which really isn't a problem as long as it's left in a fairly operable state (which may or may not be satisifed by last year's FW if you read the vitriol here). But what IS a problem is that companies take their firmware servers offline (I'm looking at you, Linksys), meaning that all those future awesome ebay deals CAN'T be upgraded to whatever the "final" FW version was. Boo!

So let's make sure this doesn't happen to the Echo by trying to preserve the firmware in it's "final" state. I have plans to extract the flash if I can find myself a dead echo, but for now I am continuing on with a second (New In Box) device that arrived today.

I slurped the update communications with wireshark, and got both the firmware file as well as a (temporary, I think) link to the proper path on the ceton update server where all the FW's are held. Grabbed all that were available. I dunno if I'll post them here, copyright and all, but if Ceton officially EOL's the device I think it's good to have a backup.

But here's the thing: They're only about 49kB each! Both the captured stream from when my Echo was updating, as well as the .IMAGE file I downloaded were tiny. That ain't firmware that can display the main screen, let alone negotiate an RDP session. So what's up? Is Ceton's "firmware" just a bunch of settings for a pre-packaged MS blob that actually runs on the Echo? That might explain why they can't fix anything. Or maybe they're the most efficient coders I have ever seen.

Or perhaps I got the wrong files, or they have a clever multi-part d/l that tricked both me and wireshark. Hmm

Open for comments on both the firmware itself, as well as the idea of trying to preserve this unit in light of it's possible coming death.

electronrancher

Posts: 17
Joined: Fri Jul 11, 2014 5:07 pm
Location:

HTPC Specs: Show details

#2

Post by electronrancher » Sun Jul 13, 2014 4:51 am

Whoops, missed a whole file section of wireshark. So it looks like the complete FW is around 15-20MB, looking into it a bit more.

User avatar
Crash2009

Posts: 4357
Joined: Thu May 17, 2012 12:38 am
Location: Ann Arbor, Michigan

HTPC Specs: Show details

#3

Post by Crash2009 » Sun Jul 13, 2014 3:21 pm

I'm surprised Echo wasn't sliced, diced, and finely chopped, a long time ago. If you ever figure out a way to extract or backup an existing echo, I'd be up for that. I have a couple over here. One of them is running 2013.320.1349, which works well in my current environment. I wouldn't mind at all sharing 1349.

Thanks for looking into this.

electronrancher

Posts: 17
Joined: Fri Jul 11, 2014 5:07 pm
Location:

HTPC Specs: Show details

#4

Post by electronrancher » Mon Jul 14, 2014 2:30 am

Yeah, I'm also surprised nobody's looked into it either. Usually the linux guys are falling over one another trying to boot linux on anything with a micro in it!

The bottom line is: It's probably simple to open an Echo and read out the flash. I'm doubtful that the onboard flash is encrypted, although it certainly may be. But you can't open one without breaking the case, so if you have a "donor" that you don't mind running with an ugly case, PM me. I'm confident I can desolder and resolder the flash so the unit will work again, but the wife doesn't want our only echo to look ugly. Chicks are weird.

Anyway, it looks like the firmware update server is pretty much open for business. I don't think they're restricting, or signing firmware per device (at least not the big chunks!).

The firmware update process starts with a JSON post to

Code: Select all

http://update-echo.cetoncorp.com/~/echo/aa:bb:cc:dd:ee:ff
where aa:bb.. is the MAC address of the Echo that's phoning home. The JSON payload is
{"mac":"aa:bb:cc:dd:ee:ff","revision":3,"description":"Internal","firmware":"0000.000.0000","include_beta":false}

Where the payload mac must match the URL mac, but the server doesn't seem to care much about what the mac is, or what the reported FW version is. I used Fiddler to generate my request as shown here.
Image

The server spits back a couple of file paths, at least one of which seems to be a temporary link that dies after a while. These files are 49k, and are supposed to be.

The next part is a little hazy. Somehow, the Echo then makes a few more requests (using WGET, which is required to get the whole file). These requests are for a 3MB, 7MB, and 17MB firmware file which come in a file format similar to the two smaller files from above - a couple magic bytes and then high-entropy data with no obvious strings, etc.

While I suspect the first two files are somehow related to the device, the final 3 files seem to be the same for any MAC/version/etc. In fact, I just WGET'd them without ever doing the initial phone-in, the file data was identical to what my Echo got originally.

I'm still thinking about how the Echo knows what filename to request for those last 3 - they're long and random, like a hash output. The obvious idea is that it decodes or unpacks the first files and gets the data from there, but we shall see.

IownFIVEechos

Posts: 696
Joined: Fri Jul 12, 2013 2:29 pm
Location:

HTPC Specs: Show details

#5

Post by IownFIVEechos » Mon Jul 14, 2014 7:27 pm

First, thanks for taking the time to look at this. I have always worried that the servers would go away at some point. You seem to have the knowledge to help keep this going strong.

Do you know if the recovery actually resets the firmware back to the original and then a new update must be done? My experience has been that the echo fall back to the original firmware on a reset. You probably haven't witnessed this yet.

Also how is the file sent? Is it standard TFTP? Or is it via the Microsoft Embedded Update server, or something like that? Meaning if you actually get the files we need will we be able to run a TFTP server and just mascaraed the IP or whatever the term is?

Again thanks for check this out.

cwinfield

Posts: 575
Joined: Tue Feb 12, 2013 1:14 am
Location: Monroe, NC

HTPC Specs: Show details

#6

Post by cwinfield » Mon Jul 14, 2014 8:35 pm

Even if you have the firmware images, how would you manage to update it offline? Too bad there isn't a way to dump an image to USB or I would do it with my android beta version.

electronrancher

Posts: 17
Joined: Fri Jul 11, 2014 5:07 pm
Location:

HTPC Specs: Show details

#7

Post by electronrancher » Mon Jul 14, 2014 11:20 pm

IownFIVEechos wrote: Do you know if the recovery actually resets the firmware back to the original and then a new update must be done? My experience has been that the echo fall back to the original firmware on a reset. You probably haven't witnessed this yet.
Also how is the file sent? Is it standard TFTP? Or is it via the Microsoft Embedded Update server, or something like that? Meaning if you actually get the files we need will we be able to run a TFTP server and just mascaraed the IP or whatever the term is?
I don't know much about recovery. Maybe I will look in to it sometime, but that may be more useful for hacking/repurposing the device than keeping it running "as normal". The regular firmware update seems to do everything over HTTP requests, which we can serve easily as you mentioned.
If you've actually seen it make a TFTP request, that would be cool - it's quite common for bootloaders like UBOOT to use TFTP to grab a new firmware image. Since the bootloader is usually not flashed during a normal FW update, bricking a gadget usually leaves the bootloader alive. It seems like you may know a bit about the recovery, so please fill in any details that you can.
cwinfield wrote:Even if you have the firmware images, how would you manage to update it offline? Too bad there isn't a way to dump an image to USB or I would do it with my android beta version.
We'll need a tool that acts like a server, similar to what IownFIVEechos was describing. In fact, exactly as he was describing - you could impersonate the regular server, or just have your router forward all HTTP requests to a local PC where our server is running. Then once Ceton disconnects their server similar to what Linksys did, you'd use the "fake" server to update any Echos you need to update.

I am currently doubtful there's a way to dump an image over USB, but please - keep that Android beta untouched!! Usually the way these things works is people fetch or read out the firmware, analyze it for hidden features like what you're describing, and then down the road someone makes a nice little "one click backup" tool. So it might come someday, but we're a bit away from that right now.

Of course, Ceton could always admit it's EOL and just give us the backup tools.. ?
But in my experience that usually doesn't happen.

User avatar
Crash2009

Posts: 4357
Joined: Thu May 17, 2012 12:38 am
Location: Ann Arbor, Michigan

HTPC Specs: Show details

#8

Post by Crash2009 » Tue Jul 15, 2014 2:52 am

When the Echo was first released, there were a few that became bricks. Maybe this thread might help with your project. We had to download http://cetoncorp.com/downloads/ctnechorecovery.exe Here are my notes on that project. http://www.thegreenbutton.tv/forums/vie ... 467#p35467 As I recall, we had to register our Macs with Ceton Support so the update server would recognize us.

mini__me

Posts: 52
Joined: Wed Aug 22, 2012 8:02 am
Location:

HTPC Specs: Show details

#9

Post by mini__me » Tue Jul 15, 2014 8:10 am

Out of boredom and despair one day after Xmas I connected one of my echos to my PC set it to recovery mode using the remote and launched a tool for blowing ROMs to the eMMC for other freescale devices and it was picked up but not quite right enough for me to blindly blow another ROM over the top.

I'm sure it's possible to pull the current ROM from the device, and a copy of the Ceton Android ROM would be great, if nothing else to have a play with how it was intended to run before all the issues with Gibson etc (which I still like to think are one of the reasons behind the abrupt stop in most development from Ceton).

As you say, even if Ceton aren't going to do anything else with them, it would be nice to have the tools released for us to blow other ROMs over the top for Android/Linux manually ourselves as the devices (despite their age now) still are not badly spec'd really so should run some kind of Android or Linux XMBC quite nicely.

IownFIVEechos

Posts: 696
Joined: Fri Jul 12, 2013 2:29 pm
Location:

HTPC Specs: Show details

#10

Post by IownFIVEechos » Tue Jul 15, 2014 12:55 pm

The only experience I have with the 'recovery' is just by living through it. I have one echo that it happens to on a regular basis. The last time it happened I did not have to hold down the '1' button to upgrade it. But that does not mean someone else in the house did not do it. No one at Ceton will even talk about the echo. It is like a taboo topic I guess. I wish Ceton could at least tell us if we are bound to the upgrade service or if we have updated it to the latest and the upgrade servers get taken down we will be on the latest flavor.

I have zero knowledge of a TFTP server working, I was just asking if that's how you saw it happening. The HTTP wrapper communication may involve a MSFT Embedded update server to exist (not sure).

I know people talked about the 'PLAY READY' license being a big deal as far as Ceton ever allowing users to physically posses the firmware. So I too doubt they would help us (plus they don't even talk to us). The most I ever see from Ceton on here is 'Open a Ticket'!

So Welcome to the Party!

cwinfield

Posts: 575
Joined: Tue Feb 12, 2013 1:14 am
Location: Monroe, NC

HTPC Specs: Show details

#11

Post by cwinfield » Tue Jul 15, 2014 1:35 pm

I can't crucify Ceton for the echo as they have been trying to get Freescale and Microsoft to fix the problems but neither have helped them. The main problems I had with Ceton was getting the echo plug in to work which took a few months. The echos do everything they promised except support win 8 and DTS audio. I can get MKVs to play as long as they aren't too high bitrate. I think they would have been much better off had they selected a NVidia tegra 3 SOC. I worked with Freescale iMX21 when I worked at Harris RF and they are a POS (Echo has a iMX6) and it's annoying when it crashes and you lose cable, more important if your in the military and your tactical radio crashes. We all know about the state of Microsoft and WMC which is what it is. What Google and Silicondust is doing with the android TV looks real promising and looks like the future of HTPC if it ever materializes. It would have been interesting if Ceton developed a echo 2.0 with a more reliable SOC but that is unlikely after the blunder that was the echo.

electronrancher

Posts: 17
Joined: Fri Jul 11, 2014 5:07 pm
Location:

HTPC Specs: Show details

#12

Post by electronrancher » Tue Jul 15, 2014 2:37 pm

Definitely a lot of interesting info, I may try the recovery tool on the first echo I got from my friend. I'd have to go digging for the mac, its pretty catatonic.

I agree about playready, and wouldn't touch it with a 10 foot pole. But the idea of running xbmc is a neat one - I'm not really a linux guy, so I'm already cringing at the thought of trying to bring up linux on an unknown and undocumented device, though.

Frankly, I think the echo is a pretty good device, but I didn't have to live with all the bugs and stuff you guys did, coming in so late in the game. But I am concerned that its going obsolete, and its really bothersome to me when a device is simply dropped from support, wasting everybody's investment.

So well see - first job is still to make sure we have a way to keep the box alive in its present state, then if someone more linux-y than me wants to jump in - maybe some repurposing is an option in the future!

erkotz

Posts: 1378
Joined: Mon Aug 22, 2011 9:23 pm
Location:

HTPC Specs: Show details

#13

Post by erkotz » Wed Jul 16, 2014 12:28 am

Ceton is still selling Echo and does not consider it an EOL product. Additionally, we use the same update infrastructure for other Ceton products and have no plans to shut the infrastructure down. Regarding putting other firmware on the Echo (and the companion question of running Echo firmware on other hardware) the firmware is encrypted and signed with a Ceton-specific key, and the Freescale chip in Echo will only boot firmware with our signature, so the short version is Echos will only run Echo firmware and Echo firmware will only run on Echos. We can not share this key for licensing reasons.
Quality Assurance Manager, Ceton Corporation

User avatar
Crash2009

Posts: 4357
Joined: Thu May 17, 2012 12:38 am
Location: Ann Arbor, Michigan

HTPC Specs: Show details

#14

Post by Crash2009 » Wed Jul 16, 2014 2:31 am

erkotz wrote:Ceton is still selling Echo and does not consider it an EOL product. Additionally, we use the same update infrastructure for other Ceton products and have no plans to shut the infrastructure down. Regarding putting other firmware on the Echo (and the companion question of running Echo firmware on other hardware) the firmware is encrypted and signed with a Ceton-specific key, and the Freescale chip in Echo will only boot firmware with our signature, so the short version is Echos will only run Echo firmware and Echo firmware will only run on Echos. We can not share this key for licensing reasons.
What is so wrong with having the same firmware "1349" on both the Echo's that I own?

electronrancher

Posts: 17
Joined: Fri Jul 11, 2014 5:07 pm
Location:

HTPC Specs: Show details

#15

Post by electronrancher » Wed Jul 16, 2014 3:59 am

erkotz wrote:Ceton is still selling Echo and does not consider it an EOL product. Additionally, we use the same update infrastructure for other Ceton products and have no plans to shut the infrastructure down. Regarding putting other firmware on the Echo (and the companion question of running Echo firmware on other hardware) the firmware is encrypted and signed with a Ceton-specific key, and the Freescale chip in Echo will only boot firmware with our signature, so the short version is Echos will only run Echo firmware and Echo firmware will only run on Echos. We can not share this key for licensing reasons.
Thank you for your frank and insightful post. It's good to know that Ceton will continue to support this device, at least as far as the update infrastructure goes. Would you be willing to give a definitive answer on whether Echo development is dead, and more specifically whether the Android port will become a release candidate, or whether that branch has died?

Thanks, your information is greatly appreciated!

IownFIVEechos

Posts: 696
Joined: Fri Jul 12, 2013 2:29 pm
Location:

HTPC Specs: Show details

#16

Post by IownFIVEechos » Wed Jul 16, 2014 12:46 pm

erkotz wrote:Ceton is still selling Echo and does not consider it an EOL product. Additionally, we use the same update infrastructure for other Ceton products and have no plans to shut the infrastructure down.
Am I correct in that when the echo goes into the 'recovery mode' the firmware is reset back to the way it was shipped to us? And then we must re-update them? This whole issue goes away if the echo would just hold its latest firmware.

IownFIVEechos

Posts: 696
Joined: Fri Jul 12, 2013 2:29 pm
Location:

HTPC Specs: Show details

#17

Post by IownFIVEechos » Wed Jul 16, 2014 1:03 pm

electronrancher wrote: Would you be willing to give a definitive answer on whether Echo development is dead, and more specifically whether the Android port will become a release candidate, or whether that branch has died?
This was a dark day for many readers here. This should answer your question.

http://www.thegreenbutton.tv/forums/vie ... 494#p59494

User avatar
Crash2009

Posts: 4357
Joined: Thu May 17, 2012 12:38 am
Location: Ann Arbor, Michigan

HTPC Specs: Show details

#18

Post by Crash2009 » Wed Jul 16, 2014 1:37 pm

IownFIVEechos wrote:This whole issue goes away if the echo would just hold its latest firmware.
Just curious, in the http settings/update channel, are you set to stable or beta?

IownFIVEechos

Posts: 696
Joined: Fri Jul 12, 2013 2:29 pm
Location:

HTPC Specs: Show details

#19

Post by IownFIVEechos » Wed Jul 16, 2014 1:39 pm

Crash2009 wrote:
IownFIVEechos wrote:This whole issue goes away if the echo would just hold its latest firmware.
Just curious, in the http settings/update channel, are you set to stable or beta?
Stable. But that's an interesting question. One would imagine the beta would do what I describe and stable would leave it alone. I have one on the version you like and I cross my fingers each time I turn it on that it does not recover. I had one recover and I lost that version.

User avatar
Crash2009

Posts: 4357
Joined: Thu May 17, 2012 12:38 am
Location: Ann Arbor, Michigan

HTPC Specs: Show details

#20

Post by Crash2009 » Wed Jul 16, 2014 2:47 pm

I don't understand what the big secret is. If the Echo firmware will only work on an Echo, why does it have to be guarded? Seems to me, based upon complaints about every other version, 1349 is the only one that's any good for me. When I received my pair of Echo's, I held one back using the stable button, if the beta Echo tested OK, I allowed the stable to beta-then hit the stable button. I leap frogged through all the firmware versions. My 2nd Echo, the beta one, was never quite right after moving up from 1349.

Post Reply