Welcome to The Tech 
Guide
Google
 
Web www.thetechguide.com
Geeks with attitude
Navigation
  • Home
  • How-To's
  • Tweaks
  • Hardware
  • Software
  • Games
  • Our Picks
  • Downloads
  • FAQ's
  • Forum
  • Chat
  • Tech Deals
  • Links
  • Email

  • Site News
    Our Black Friday section is now online! Click here to check it out.

    Active Discussions
    - Looks good so far.
    - Know any good books on C or C++?
    - Sig Test & Hi!
    - Welcome!
    - Beach Ball!
    - Title name for everyone
    - Mail advise?
    - Spell Checker!
    - Just taking a look
    - Athlon overclocking
    - Next up....
    - Why can't I get this to work?????
    - Title name
    - chat
    - Suggestion


      

    Rooting the Sandman Doppler


    Caution, work in progress, not responsible for damage, bricking, etc. Don't pass this around until I delete this message. If you have issues feel free to message me on Discord, I will try to help you through it and make any necessary changes to the howto before I release it to a broad audience.

    Step 1, setup the Sandman Doppler so it connects on your wifi network. Yes, this can (probably) be bypassed with some manual configuration, but that is currently outside the scope of this howto. That said...

    Currently you will need either an iPhone that is on a version LOWER than 26 (I am currently on 18.7.1), or sideload the Sandman Doppler apk for Android (can be downloaded here).

    To connect to the Doppler, you will need a usb to serial device like this one: www.amazon.com/dp/B00LZV1G6K. If you've ever flashed a smart plug before, you likely have one already.

    Once it is setup and gets an ip on your local network, flip it upside down and gently pry off the left (to you) speaker grill, exposing the speaker and the four screws holding it in.









    Take out all four screws. Note, the screws are different sizes, during reassembly simply put back in the shorter screws...if they don't grab onto any threads, then try the other screw holes instead. FYI with the Doppler upside-down the "top" (bottom of the unit with the label) has the short screws, and the "bottom" has the long screws.

    Toward the front of the Doppler you will see the three pads we're interested in, RXD TXD and GND.



    Connect them using the cables on your usb to serial device (note that TXD on the usb device goes to RXD on the Doppler; one device's transmit goes to the other device's receive and vice versa). Start up a terminal and connect to the usb device; in Linux I use minicom and the command would look like:

    minicom -b 115200 -D /dev/ttyUSB0

    The "-b 115200" sets the baud rate (likely the default so probably not necessary) and the "-D /dev/ttyUSB0" specifies what device to use (this may work as-is for you, unless you have multiple usb to serial devices; check your distro's documentation to see how to both install minicom and see what device your usb to serial device is on).

    Connect the TXD on the usb device to RXD on the Doppler (what is transmitted from the usb device is received on the Doppler, and vice versa), RXD on the usb device to TXD on the Doppler, and GND to GND. I use some electrical tape to hold the ends together (disregard how sloppy it looks in the non-existent photo, for another device I needed four wires instead of three), carefully placed them in the holes on the Doppler, fired up minicom, then hit enter to see the login prompt. We can't actually login yet, this just lets us know our setup works (albeit temporarily, feel free to solder to the Doppler if you want but it shouldn't be necessary).



    There is one setting in minicom we need to change, and that's to enable line wrap. For me I pressed CTRL-A, then W (you can also CTRL-A and Z to bring up the help menu, and there's an option called "lineWrap on/off" that says to press W to toggle). If you see that lines aren't wrapping, toggle this.

    Now that everything is setup and we've verified communication, we need to boot the Doppler and interrupt its boot process so we can access uboot. Unfortunately the Doppler detects if it's connected to serial on boot and refuses to boot, so we need to be very quick. There is a green light that lights up as soon as it starts booting, if it's not on you know it's paused. My method is to make sure it's all connected, unplug then replug the Doppler from power and ensure the green light is off (thus meaning it's paused the boot process), then on the usb device quickly disconnect and reconnect the GND wire while pressing the enter key repeatedly, if you time it right you'll see something like this on minicom:



    You may not get it the first time or five; until I learned the trick it worked about one out of ten times, but eventually you should get the uboot screen. Now, we need to edit the bootcmd. If you search how-tos for other devices they will instruct you to edit bootargs, however the bootargs for the Doppler are embedded in the bootcmd, so we edit that instead. We need to edit the bootargs (which is in bootcmd) to have "init=/bin/sh" at the end. This is the tricky part, because to see the whole line we need line wrap on (else it goes way off the screen and you'll never see it all), but we need to paste it back as one line. So copy what "printenv bootcmd" gives you...



    minus the "bootcmd=" at the beginning, and put it in a text editor with word wrap OFF (so you know that it's definitely all one line when you go to copy/paste it back). You also need to surround it with SINGLE quotes (not double because those are parsed). The end result should look something like this:

    'run mender_setup; setenv bootargs root=${mender_kernel_root} ${bootargs} init=/bin/sh; if test "${fdt_addr_r}" != ""; then load ${mender_uboot_root} ${fdt_addr_r} /boot/${mender_dtb_name}; fi; load ${mender_uboot_root} ${kernel_addr_r} /boot/${mender_kernel_name}; ${mender_boot_kernel_type} ${kernel_addr_r} - ${fdt_addr_r}; run mender_try_to_recover'

    We copy that (make sure it's one line), then carefully paste it in minicom after typing "setenv bootcmd " (note the space after bootcmd), so the whole command should look like (on one line):

    setenv bootcmd 'run mender_setup; setenv bootargs root=${mender_kernel_root} ${bootargs} init=/bin/sh; if test "${fdt_addr_r}" != ""; then load ${mender_uboot_root} ${fdt_addr_r} /boot/${mender_dtb_name}; fi; load ${mender_uboot_root} ${kernel_addr_r} /boot/${mender_kernel_name}; ${mender_boot_kernel_type} ${kernel_addr_r} - ${fdt_addr_r}; run mender_try_to_recover'



    Press the enter key to save. Now type "boot" and enter, and cross your fingers.



    You do NOT need to mess with the GND cable, as it's doing a warm boot. You should see it boot into a single user shell as root.



    You need to remount / to be writable, so we issue this command:

    mount -o remount,rw /



    Now issue the passwd command and give it a password. Note that for this howto I'm using 4545 as the root password, it will complain that it's insecure hence it makes you type it three times instead of the normal two (after first it warns you, second it takes it seriously, then third is to confirm; a more secure password would just ask you to confirm). Yes, I tried to set the root password before mounting the partition rewritable, oops.



    Now reboot by unplugging the Doppler, waiting a few seconds, then plugging it back in. You will need to disconnect the usb serial device again, but you do NOT need to worry about timing or pressing enter; we want it to boot normally. It may automatically drop itself in the uboot prompt. If so, type "boot" and enter, and you should see it boot normally.



    Another oddity, during boot it starts to display garbage characters while starting the doppler process. This isn't an issue once we can login using telnet or ssh, for the moment just wait a bit, once the Doppler is fully booted (the time is displayed with no progress bar going back and forth) it should be good to go, possibly a CTRL-Z and enter, that should bring you back to the command line or login prompt.



    You will get sporadic garbage characters until we can login via telnet, so let's get that done next.

    We need to download a more fully-featured busybox, luckily I've done the hard work and you can download a custom version here. Assuming your Doppler can access the internet, we can download it directly to it using this command:

    curl -o busybox http://www.thetechguide.com/files/doppler/busybox



    Again, garbage characters, but that's just cosmetic; the file should be downloaded correctly. Press enter in the terminal program to clear out whatever it thinks was typed in, and type this command:

    chmod 755 busybox

    Almost there! Now we start the telnet server manually using this command:

    ./busybox telnetd -p 23 -l /bin/login &



    Ideally we can run "ip addr" to get the ip address, but I only get garbled text, so try to find the ip address some other way, and telnet directly into the Doppler. Login as root, password 4545



    Now we are logged in, let's make this a bit more permanent. First, nano acts a bit weird unless we export a variable, so type:

    export TERM=linux

    Let's also add it to our .profile.

    echo 'export TERM=linux' >> .profile



    Now we can edit /etc/rc.local to automatically start our telnet server. Type

    nano /etc/rc.local

    to edit the file in nano. Add this line between the "echo 30000...." and the "exit 0" lines:

    /home/root/busybox telnetd -p 23 -l /bin/login &



    Now CTRL-X to exit, type Y when asked to save, and enter to keep the filename (standard nano procedure if you're familiar). Now type the "reboot" command and have your fingers crossed. Don't be too alarmed if it doesn't boot all the way up right away, every so often it just wants to do an fsck, and you'll freak out when it does thinking it's because of some changes you did. If it doesn't boot up completely after ~5 minutes, then start troubleshooting (check to see if it's stuck at uboot prompt again).

    Once booted, ping to make sure it's online (if not responding, check and see if it got a different ip address, you probably want to set a static ip at some point), then telnet in; it should work (if not, you need to connect via serial and run the command to start the telnetd server, now login via telnet and see if you perhaps typed the command in /etc/rc.local incorrectly).

    Once you verified that it boots correctly and automatically starts the telnet server, I like to completely disconnect the serial port from the Doppler, unplug it, wait 30 seconds and plug it back in. This ensures that EVERYTHING was done properly and there's no gotchas. Again, it's possible that the boot might take longer than usual, don't freak out until you've given it at least five minutes (or more).

    Now let's get the ssh server going. First, we download dropbear from here using this command on the doppler:

    curl -o dropbearmulti http://www.thetechguide.com/files/doppler/dropbearmulti

    Now, as before let's set the executable bit:

    chmod 755 dropbearmulti

    This time we'll copy it to /usr/sbin

    cp dropbearmulti /usr/sbin/

    Make sure it still has the executable bit set:

    chmod 755 /usr/sbin/dropbearmulti

    We now need to make some symlinks to dropbearmulti (much as busybox does).

    ln -s /usr/sbin/dropbearmulti /usr/sbin/dropbear
    ln -s /usr/sbin/dropbearmulti /usr/sbin/dropbearconvert
    ln -s /usr/sbin/dropbearmulti /usr/sbin/dropbearkey

    Before we can start the dropbear server, we need to generate some keys. Run these three commands:

    mkdir /etc/dropbear
    dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
    dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key



    Note that if you're also writing a howto, delete that key then rerun the dropbearkey command after you take a screenshot, so you don't give would-be hackers sensitive info. Now start the dropbear server:

    /usr/sbin/dropbear

    You should be able to connect to the ssh server (make sure that you connect as root and not your current user, on Debian 13 my command is "ssh 192.168.1.62 -l root" to login to the Doppler with ip 192.168.1.62 as the root user).

    Assuming all works well, we can add the line to start the dropbear server in /etc/rc.local like so:

    nano /etc/rc.local

    Add this right after your telnetd line:

    /usr/sbin/dropbear &

    Should look something like this:



    Make sure to save (CTRL-X, then Y, then enter). Reboot the Doppler (can just type the reboot command in the terminal), and verify that both telnet and ssh logins work. Now you can feel free to mess with one OR the other, only one at a time in case it breaks (thus you have the other as a backup).

    Notes: This is currently on version 1214 on the Doppler. Very rough howto, may have serious obvious mistakes. Nothing here should leave it in an unbootable mode, but no guarantees, these are early days. Please don't pass around the url for the howto while this message exists; I want to see a few others follow the directions and make necessary changes before releasing it into the wild.


    Questions? Ask in the forum or email me.

    For the Privacy Policy, click here.
      
    Past Articles
  • Build your own Apple Clone
  • AllofMP3 Review
  • Tutorial to Basic Windows 2000 DOS
  • Extracting and joining MPG2 files from SVCD
  • Modifying your Windows XP Boot Logo
  • Unlocking WinXP's setupp.ini
  • Making a Full Screen Bios Logo
  • Making your WinMe CD bootable
  • Auto-insert your Win9x serial
  • Auto-insert your Office2kserial
  • Why FedEx Sucks