Lost OTA password - recoverable?

coderanger · August 24, 2021, 7:35pm

So, I accidently overwrote a randomly generated OTA password in my .yaml file. Along with the captive portal wifi password. These passwords were already flashed to the device. The .yaml file was new, so the original passwords aren’t in any backups.

Is there any way to gain access to the device without tearing apart the smart switch to flash via serial? It is connected to my wifi and has a valid IP address. Unfortunately web_server was not turned on.

Here is an example of the .yaml that is currently flashed on the device:

esphome:
  name: BrickedDevice
  platform: ESP8266
  board: esp01_1m

# Enable logging
logger:

# Enable Home Assistant API
api:

ota:
  password: "lost_random_ota_password"

wifi:
  ssid: "MyWifi"
  password: "mywifipassword"

  # Enable fallback hotspot (captive portal) in case wifi connection fails
  ap:
    ssid: "Fallback Hotspot"
    password: "lost_random_wifi_password"

captive_portal:

nickrout · August 24, 2021, 9:02pm

No there isn’t

coderanger · August 24, 2021, 9:10pm

Nothing anywhere in any log files, archived configuration files, or database records?

nickrout · August 24, 2021, 9:16pm

You said the yaml was not backed up, what do you mean “archived configuration files”.

As a thought, grep the compile files. If your esp yaml file is device.yaml, the compile fieles are in device/

nickrout · August 24, 2021, 9:21pm

Yes! it seems to be in main.cpp in the source files.

coderanger · August 25, 2021, 5:58pm

It looks like I must have compiled as it’s the new password instead of the lost original. Thank, though, I thought we were on to something there!

tom_l · August 26, 2021, 2:03am

Looks like you are going to have to re-flash it via the serial connection then. This does not require a password.

I suggest you use the secrets file for your passwords in future, so you have a copy of them.

coderanger · August 26, 2021, 2:20pm

Yeah, it looks like I’m going to have to flash via serial… I did get one of them open without damaging the case too much, but I’m going to have to unsolder the a/c prongs to get to the pins on the ESP module (TYWE2S). I might even need to unsolder the module as the GIO0 pin is simply a test pad on the back of the module that is blocked by other components.

I do use the secrets file for my OTA password normally, it’s just that I had created a temporary stub file using the new device command in ESP Home instead of copying my standard yaml. I guess we all (hopefully) learn from our mistakes, right?

salmeister · September 24, 2021, 2:06pm

If you still have the original flash bin that contains the lost password, I was successful with using IDA Pro to decompile and recover it.

coderanger · September 24, 2021, 11:42pm

Wanted to update this thread for anybody who comes across later.

I just managed to save the .bin file from my recycle bin before it was automatically purged the next day. @salmeister helped me extract my OTA and WiFi Fallback passwords using IDA Pro and I was able to get in to my devices again! YAY! I was so sure that I would have to trash the smart plugs as I was having trouble unsoldering them to serial flash them.

As it turns out IPA Pro seems like a pretty pricey application and them I’m sure there is a learning curve to it. So, I got curious and opened the .bin file in a text editor. Now that I knew what I was looking for I was able to search for the key we had recovered. Sure enough down near the end of the file, in plain text, was my WiFi credentials, fallback password, and OTA password.

So, if you ever lose your .yaml but still have your .bin file you can easily extract your OTA password from the .bin file. Just search for your WiFi SSID (or scroll all the way to near end of the file) in a text editor and you will find your OTA password right around there. It is not labeled, but hopefully you will recognize it or be able to try a few of the values you find.

nickrout · September 25, 2021, 12:36am

Excellent news.

The strings commandline should help with that. It is a standard linux utility

strings firmware.bin|less

Clayton · October 23, 2021, 6:19am

Thank you So much, this saved my bacon, I was fooling around trying to get a tuya efun smart switch working in esphome and I pasted over the config not even thinking about the ota password or the fact the paste did not have a fallback.

But I was able to get my OTA password via the bin file.
#tuya brick , ota recovery

SirClip · November 2, 2021, 12:03pm

It’s a shame that once flashed, esphome is a real pain to remove. I tried it and it wasn’t what I wanted to use. All other third party esp* firmware does not make it difficult. My esphome docker crashed and lost its config. There needs to be a far easier way to recover the device as not everybody can solder. webserver should be switch on at default, and at least have a method to upload replacement firmware.

nickrout · November 3, 2021, 8:40am

The webserver component is not a good default as it is quite resource heavy.

Jpsy · November 3, 2021, 11:02am

Why can’t you simply flash another firmware into your ESP? Using a serial connection. Just the way you did with ESPHome. Or am I getting you wrong?

SirClip · November 3, 2021, 11:49am

I initially flashed 2x Sonoff Mini & this was using the OTA method. I then had Tasmota on them, and was curious how esphome worked and if it would work for me. Uploaded esphome firmware on the tasmota web interface and was happy with how it initally ‘just worked’, but YAML and it’s utterly infuriating & pointless pagination/formatting standard created far more issues. I can and eventually will solder on the wires to serial update them, but the cost of the components is less than the time it takes to solder, rendering two perfectly useable devices defunct until I do this. I like a lot of aspects of esphome, I just didn’t realise it did not have an easy way to revert to something else. My Docker container crashed before my nightly backup so I totally understand it’s partially my fault.

I had my initial setup yaml file, but the fallback hotspot would not work for me. Esphome just needs a simple emergency firmware upload method in plain html or an OTA method.

Jpsy · November 3, 2021, 12:22pm

I am sorry for your loss here. But you honestly chose some difficult gadget for your first experiments with ESPHome. AFAIK ESPHome has no way to upload a foreign bin using its own OTA mechanism. You will have to solder.

nickrout · November 4, 2021, 7:57am

For goodness sake, upload the config you have, plus web server. You can upload a new firmware via the webserver interface.

Also if it “just worked” why are you changing it?

coderanger · November 4, 2021, 3:44pm

I think he lost his config when his docker container crashed.

@SirClip Do you still have the ESPHome .bin file you flashed initially via Tasmota? You could extract the OTA key out of it and build a new ESPHome config (with the web option enabled). Flash that via OTA in ESPHome. Then you can put whatever you want back on it via the device web interface.

SirClip · November 4, 2021, 7:32pm

If it was as easy as that, I wouldn’t be here! Recreating the docker changes the OTA password - Rather than searching through stuff looking for the bin file & running string, soldering is a pain but easier. It’s my complete dislike of YAML when I just wanted to change stuff, like adding ws8978 led controller etc, YAML is more interested in getting it’s pagination right than being a decent interface. On tasmota, find the gpio, select ws8978, reboot, and it’s done. Yes, it did just work for stuff which is defined as just a switch, but I like to add & play - I felt that was far more difficult via esphome.