Greenwave Reality Bulbs
"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."
This page will be dedicated to a general overview, descriptions, and information related to the Greenwave Reality TCP Connected Bulbs.
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the Greenwave Reality TCP Connected Bulbs at Amazon
By default this device spawns an sshd server upon boot.
The default root credentials to the Greenwave Reality TCP Connected Smart Lighting system are:
The pin-out for UART can be found on the image below.
This is patched as of 3.0.74
This device ships with an open U-boot installation meaning that with a UART adapter hooked up we have access to modify the default boot parameters. This opens the device to an technique called "Kernel Init Hijacking". This technique involves modifying the "init" boot argument which when passed to the kernel specifies which script will handle the boot-up process after the kernel is loaded. By defining this variable as "/bin/sh" we tell the kernel after booting to drop to a shell over UART. This allows us temporary root access to the file system.
With the Greenwave Reality TCP Connected Lighting System, we only had to use this mode to crack the root password. This is because by default the device runs an sshd server which allows us to login if the correct credentials are known.
The credentials originally retrieved were:
Updates can be pulled with the following URL: