NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Firmware update URL?
Does anyone know the URL that Orbi is using to automatically check for firmware updates? Thanks!
GamerHonu wrote:Does anyone know the URL that Orbi is using to automatically check for firmware updates? Thanks!
To my enormous surprise, it doesn't use HTTP. It does a passive anonymous FTP connection to updates1.netgear.com (216.151.177.114) and hits directory "rbr50/us" (which fails). It then tries again (by disconnecting and reconnecting) and hits directory "rbr50/ww", looking at fileinfo.txt to see if an update is available. (I'm already updated, so I'm not sure what it does next - the directories and files are hidden.)
The content of fileinfo.txt appears to be binary, despite the extension, and contains a _lot_ more data than one would expect for a simple version marker (it's currenly 6948 bytes in size and filled with data).
There is a "rbs50/ww" directory as well, which I assume the satellite uses.
You do get a fun scary banner on connect:
230- 230- --------------------------------------------------------------------------- 230- WARNING: This is a restricted access system. If you do not have explicit 230- permission to access this system, please disconnect immediately! 230 ----------------------------------------------------------------------------
I don't know, if as an owner of the device, if I have explicit permission to access, but I'm willing to live dangerously. *laughs*
Note that it will ONLY use unencrypted FTP - there is no HTTP(S) fallback. If you block port 21 outbound, a firmware update check results in "Service unreachable" on the router...take note, outbound firewall lovers!
(I'd really, REALLY like to see this done in a much more secure way - this method is not only ancient and firewall-unfriendly, it's completely insecure and wide-open to MITM injection attacks. HTTPS/TLS with certificate validation would be an infinitely better option.)
Rodney
GamerHonu wrote:Does anyone know the URL that Orbi is using to automatically check for firmware updates? Thanks!
To my enormous surprise, it doesn't use HTTP. It does a passive anonymous FTP connection to updates1.netgear.com (216.151.177.114) and hits directory "rbr50/us" (which fails). It then tries again (by disconnecting and reconnecting) and hits directory "rbr50/ww", looking at fileinfo.txt to see if an update is available. (I'm already updated, so I'm not sure what it does next - the directories and files are hidden.)
The content of fileinfo.txt appears to be binary, despite the extension, and contains a _lot_ more data than one would expect for a simple version marker (it's currenly 6948 bytes in size and filled with data).
There is a "rbs50/ww" directory as well, which I assume the satellite uses.
You do get a fun scary banner on connect:
230- 230- --------------------------------------------------------------------------- 230- WARNING: This is a restricted access system. If you do not have explicit 230- permission to access this system, please disconnect immediately! 230 ----------------------------------------------------------------------------
I don't know, if as an owner of the device, if I have explicit permission to access, but I'm willing to live dangerously. *laughs*
Note that it will ONLY use unencrypted FTP - there is no HTTP(S) fallback. If you block port 21 outbound, a firmware update check results in "Service unreachable" on the router...take note, outbound firewall lovers!
(I'd really, REALLY like to see this done in a much more secure way - this method is not only ancient and firewall-unfriendly, it's completely insecure and wide-open to MITM injection attacks. HTTPS/TLS with certificate validation would be an infinitely better option.)
Rodney
Fantastic information! Thanks a ton! Glad to know someone else was curious and then actually went and figured it out. I know what I need to do now :)