Recently bought a WINK hub on a sale from Homedepot almost for free on the Blackfriday sale. I liked the concept since it supports multiple radios like Zigbee, Z-Wave, Lutron 433, Kidde 433, Bluetooth & Wifi. I already own a Vera 3 and i wanted to use this as a secondary controller by rooting the hub. Vera3 is extremely good and reliable except the UI but it only supports Z-Wave which made me think why can't i hack this free device as my secondary controller and use some of the cheap Zigbee devices available in Lowes like their Door Sensor, Panic Button, etc.
I searched and found very few sites that talks about rooting this hub but the steps were not clear. So i thought of putting my own steps,
#1. Looks like the Wink team has left some of the development debugging pages on the production release, which we will be leveraging to take control on this hub.
#2. After purchasing the hub
DO NOT CONNET to the internet which will make the hub download the latest firmware where they have fixed the issue.
#3. Plugin the hub ( Don't worry it won't connect to the Wink Servers yet). Wait for the flashing pink lights to come up.( green -> flashing pink).
#4. Now connect your laptop to the Wifi SSID name WINKHUB-*
#5. Trying hitting the following url from your browser and make sure sure it works.
http://192.168.0.1
and you should see this "home page". Perform the below steps while you are still connected to the hub.
#6. I am using Mac, so i opened a terminal and issued a curl command as given below to disable the root account's password.
curl "http://192.168.0.1/set_dev_value.php" -d "nodeId=a&attrId=;cp /etc/shadow /etc/shadow.bak;sed -i 's/root:.*:\(.*:.*:.*:.*:::\)/root::\1/' /etc/shadow;cat /etc/shadow;"
This will take a minute so please be patient.
#7. Generate a ssh key now by typing the following commands on a terminal window,
$ssh-keygen -t rsa
press the enter key to accept the default location
Type a passphare when it prompts and confirm it by entering the passphare second time. Now the system generates the ssh key as shown below.
Your identification has been saved in /Users/username/.ssh/id_rsa.
Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
The key fingerprint is:
bf:49:7f:cb:85:da:5a:f4:7c:1f:cc:23:dd:cc:55:f8 username@mac.local
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| A . |
| . . o |
| o . . G . |
| + + o . + |
|. o o = o + |
| o...o + o |
|. oo.o . |
+-----------------+
#8. Now copy all the contents of your id_rsa.pub file(/Users/username/.ssh/id_rsa.pub) and encode the content using any of the online encoder. I used http://meyerweb.com/eric/tools/dencoder/
#9. Copy the encoded content from the website and issue the following curl command from the terminal prompt as below(after replacing the your_encoded_key ) to add your ssh key to the hub.
curl "http://192.168.0.1/set_dev_value.php" -d "nodeId=a&attrId=;echo 'your_encoded_key' >> /root/.ssh/authorized_keys; cat /root/.ssh/authorized_keys;"
If the command is successful, it will list 2 rsa keys including the one that you just added.
#10. Try to ssh into the hub using
root@192.168.0.1.
#11. Now try editing the set_dev_value.php using,
$ vi /var/www/set_dev_value.php
comment the line that starts with $cmd and add a new line as given below
$cmd = 'aprontest -u -m ' . $nodeId . ' -t ' . $attrId . ' -v ' . $v;
if you have done it correctly the file should look like this,
$nodeId = $_POST['nodeId'];
$attrId = $_POST['attrId'];
$v = $_POST['value'];
//$who = exec('whoami');
//echo $who;
//passthru("sudo ls", $retval);
//echo "nodeId=" .$nodeId . " attrId=" . $attrId . " value=" . $v;
//$cmd = 'sudo ' . dirname(__FILE__) . '/php2apron set_value ' . $nodeId . " " .
$cmd = 'aprontest -u -m ' . $nodeId . ' -t ' . $attrId . ' -v ' . $v;
//echo $cmd . " ";
passthru($cmd, $retval);
echo "ret_code=" . $retval;
?>
#12. We want to block the device from getting the new firmware by editing the host file located in
/etc/hosts
and add the following entries in bold.
127.0.0.1 localhost
127.0.0.1 hub-api.winkapp.com
127.0.0.1 hub-updates.winkapp.com
127.0.0.1 wink-hub-images.s3.amazonaws.com
127.0.1.1 flex-dvt
#13. One more last step before we disconnect, edit the following file,
$vi /etc/init.d/S31platform
and look for the following lines,
if [ ! -e /database/oauth ]; then
rm /database/wpa_supplicant.conf
fi
and edit the
rm /database/wpa_supplicant.conf to
rm /database/wpa_supplicant.conf1. I tried commenting the line but ran into issue. So i end up adding a 1 at the end, since the file anyway won't be there.
#13. Disconnect the ssh or open a new terminal and add your Wifi ssid/password using the following curl command by replacing the x's with your wifi's ssid and y's with your wifi's password.
curl "http://192.168.0.1/index.php" -d '{"ssid":"xxxxxxx","pass":"yyyyyyy"}'
#14. Now try rebooting the hub if everything goes well you should see a blue light which confirms that it works and try ssh into the hub and it should work like before.
Also try accessing the device page by visiting
http://your-new-hub-ip/devices.php, which you will be using to add /remove devices.
this
link was very useful when i was rooting my device.
If you brick your device you will see a flashing pink. Still you can access the hub through UART which is little hard and also you need some hardware. I will post the picture and pin configuration shortly. Here is my
Part 2 where you will find information about getting the shell access to the wink hub through the UART using an FTDI board.