-
-
Notifications
You must be signed in to change notification settings - Fork 3
Rooting the Gardena Smart Gateway 19000 & 19005
Depending on the software stage of the gateway, there is no password for the UART root user at all. But you will have to get in via UART, because ssh is disabled or set to key login only. Currently you need to root the 19000 gateway, the 19005 is already prerooted by factory.
First of all you'll need to open the device. Therefore you have to remove the 4 feets on the bottom of the gateway that are glued over the screws (Torx T10). After that you can easily remove the top part and you will have access to the PCB.
Between the WiFi-Module on the left and the main processor in the middle you can find the UART in following order (top to bottom) on the 19000 gateway. The UART on the 19005 gateway is right of the RJ45 connector.
- GND (Round)
- TX (Round)
- RX (Square, Marked with 1 on the PCB)
Then attach you favorite serial-usb converter
As it is a standard UART with 115200 8N1 you can easily take minicom or any other tty tool you want.
If you hard reset the device via the reset button, it will copy a recovery partition over the root filesystem. After that the device will boot up, load its settings from the uboot enviroment, generating ssh-keys and then setting a random root password. If we manage to quickly login before the password is set, we are in.
- Remove the power plug
- Press and hold the hard reset button on the back of the device to reset it to factory
- Insert the power plug.
- Wait a while and release the hard reset button, when you see the device reading / writing from nand
- Wait a while for a login prompt
- Quickly enter the username "root"
- Enter the top command and wait until the ssh-key generation is done.
- Set your desired root password
- You are in ;)
On earlier version, there was no firewall (iptables) used on the device. A newer update installed it and blocked ssh access. If you want to reconfigure it, you can fix it yourself within ip tables or you can edit the "/usr/lib/seluxit/scripts/firewall" script and run it after modifing it. In version 1.7.1 doesn't exist anymore, so any need to disable the firewall.
- Open "/usr/lib/seluxit/scripts/firewall" with vi
- Search for "# allow ssh only if password is not set (sic!)"
- Comment out the if statement, so it is added to the configuration.
- Run the firewall script
- SSH should be accessable now
Dear customer You can login to your GARDENA smart Gateway with user 'root' without a password. Please understand that by doing so, you will void your warranty. If anything breaks, you can try to do a factory reset (hold the reset button while powering on the gateway); however if that does not resolve the problem, customer support will not be able to help. Please refrain from contacting customer support as this will cause us to lock down future devices in the long run. For questions regarding open source, please contact [email protected].
GARDENA smart Gateway 3.3.1 GARDENA- ttyS0
GARDENA- login: root
You can find the open source parts of the software for this product on GitHub [1] (this does not include the proprietary packages, which are needed to operate the gateway in the GARDENA smart system).
Please be aware that any modification to your gateway, in particular a modification of U-Boot, may permanently brick your device and is not covered by warranty.
Happy hacking!
P.S. Interested in tinkering with GARDENA products full-time? Get in touch with us at [email protected] to find out about currently open developer positions!