Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No response after "Wallbox is processing pwnware..." #21

Open
SenorSmartyPants opened this issue Nov 10, 2024 · 2 comments
Open

No response after "Wallbox is processing pwnware..." #21

SenorSmartyPants opened this issue Nov 10, 2024 · 2 comments

Comments

@SenorSmartyPants
Copy link

I've tried this several times, factory reset the WB and with the laptop right next to the WB. This is what usually happens.

WB firmware 5.1.4

WB is detected
bluetooth chip BGX
connect to WB AP
pwnware sent
processing... and then hangs there forever
WB AP disconnects from the laptop almost immediately though

I'm not sure if it is actually pwnd since the final message never comes up. But I do try to ssh to WB and I get
[email protected]: Permission denied (publickey).

Would I get this error if it is not rooted?

Am I possibly correctly rooted, but just having ssh problems?

Here is a verbose output of my ssh connection attempt. (run from windows, I can provide linux version too)

ssh -vvvvvv -i id_rsa [email protected]   -o HostKeyAlgorithms=+ssh-rsa
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\Users\\Danzo/.ssh/config
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 192.168.1.16 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.1.16 [192.168.1.16] port 22.
debug1: Connection established.
debug1: identity file id_rsa type 0
debug3: Failed to open file:C:/Users/Danzo/Downloads/wallbox-pwn-main/wallbox-pwn-main/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/Danzo/Downloads/wallbox-pwn-main/wallbox-pwn-main/id_rsa-cert.pub error:2
debug1: identity file id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version dropbear_2018.76
debug1: no match: dropbear_2018.76
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.16:22 as 'root'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,[email protected]
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,3des-ctr,3des-cbc
debug2: ciphers stoc: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,3des-ctr,3des-cbc
debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-sha2-256
debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-sha2-256
debug2: compression ctos: [email protected],none
debug2: compression stoc: [email protected],none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:KNTPYH++YWtjxKE6LwG/uErpXhfvwiGeArYV7VuLRlQ
debug3: hostkeys_foreach: reading file "C:\\Users\\Danzo/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\Danzo/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys from 192.168.1.16
debug3: Failed to open file:C:/Users/Danzo/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host '192.168.1.16' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\Danzo/.ssh/known_hosts:9
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: id_rsa RSA SHA256:sVuNPbHZ0mLbh7Crc61m4jXzHReAAmmpAQIFg7/cSkY explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_rsa RSA SHA256:sVuNPbHZ0mLbh7Crc61m4jXzHReAAmmpAQIFg7/cSkY explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
@DorianStrasser
Copy link

Did you find a solution to that? My situation is similar except my process aborts even after "Sending pwnware"

@TheMinimaliiiist
Copy link

Restarting the wallbox helped me to get the pwn work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DorianStrasser @SenorSmartyPants @TheMinimaliiiist