Getting SonOTA to work on Sonoff Wireless Switches

A while back I obtained a couple of Sonoff Basic Wireless switches, which use the ESP8266 wireless SoC. Now I"m trying to use them! But of course I don't want to use the ITEAD CBB (Cloud Based Bollocks) and their doubtless wonderful iOS app... I want to use more open things that all work locally. So now I'm trying to install Sonoff-Tasmota firmware, which does more like what I want. My original plan was to do this the hard way, with an FTDI chip hammered onto the side of the box, and using USB-Serial to upload the new firmware. However, this page suggests that it's possible to do a rebuild using Over The Air (OTA) and thus avoiding the hammering bit. Let's have a go...

Firstly, the instructions require Python3... already installed! I haven't used this for ages, let's hope it all works - I note that when installing pip I should have opted for "clang". Who knows?

Run pip3 install --user -r requirements.txt . Argh, no "clang". Eventually try  pip3 install clang - that works. In the process, I discover pip3 list which conveniently shows I have no "clang".

Now I get xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun

Of course, I haven't re-installed Command Line Tools for Xcode since the High Sierra upgrade last Saturday! Silly me. Do that ... xcode-select --install - launches a GUI window that does the trick just fine. Except I'd already tried to install 5Gb of Xcode bollox, which I am partly way through and don't really want, so I kill the download process, and will later look for the 3Gb already downloaded...

Time for

pip3 install --user -r requirements.txt

Requirement already satisfied: httplib2>=0.10.3 in /Users/john/Library/Python/3.5/lib/python/site-packages (from -r requirements.txt (line 1))

Collecting netifaces>=0.10.6 (from -r requirements.txt (line 2))

  Using cached netifaces-0.10.6.tar.gz

Collecting tornado>=4.5.1 (from -r requirements.txt (line 3))

  Using cached tornado-4.5.3.tar.gz

Installing collected packages: netifaces, tornado

  Running setup.py install for netifaces ... done

  Running setup.py install for tornado ... done

Successfully installed netifaces-0.10.6 tornado-4.5.3

Hurray! Now for the first attempt to make it work... It involves

1. Running sonota.py, which prompts to put the Sonoff into setup mode (push button for 7+ secs)
2. sonota.py gets current IP address, prompts for my SSID and password 
3. Connecting laptop to Sonoff AP (ITEAD-xxxx, password 12345678)
4. sonota.py tells Sonoff which SSID/Password to connect to, and initiates OTA...
5. While starting a web server that will provide the download connection point for the new software OTA

This works fine until...

Macintosh-Gouk:SonOTA-master john$ ./sonota.py

Current IPs: ['10.10.7.2']

Select IP address of the WiFi interface:

    0: 10.10.7.2

Select IP address [0]: ^CQuitting.

Macintosh-Gouk:SonOTA-master john$ 

Macintosh-Gouk:SonOTA-master john$ ./sonota.py

Current IPs: ['192.168.1.23']

Select IP address of the WiFi interface:

    0: 192.168.1.23

Select IP address [0]: 0

WiFi SSID: XXXXXX

WiFi Password: nor265cot

Using the following configuration:

Server IP Address: 192.168.1.23

WiFi SSID: xxxxxx

WiFi Password: *********

Platform: darwin

** Now connect via WiFi to your Sonoff device.

** Please change into the ITEAD WiFi network (ITEAD-100001XXXX). The default password is 12345678.

To reset the Sonoff to defaults, press the button for 7 seconds and the light will start flashing rapidly.

** This application should be kept running and will wait until connected to the Sonoff...

.....Current IPs: ['10.10.7.2']

~~ Connection attempt

>> HTTP GET /10.10.7.1/device

<< {

    "deviceid": "1000154a0a",

    "accept": "post",

    "apikey": "c0565187-232f-4749-8115-532bdc6ccfe1"

}

>> HTTP POST /10.10.7.1/ap

>> {

    "version": 4,

    "serverName": "192.168.1.23",

    "ssid": "xxxxxx",

    "port": 8443,

    "password": "*********"

}

<< {

    "error": 0

}

~~ Provisioning completed

Starting stage2...

** The IP address of <serve_host> (192.168.1.23) is not assigned to any interface on this machine.

** Please change WiFi network to xxxxxx and make sure 192.168.1.23 is being assigned to your WiFi interface.

** This application should be kept running and will wait until connected to the WiFi...

......Current IPs: []

.....Current IPs: ['192.168.1.23']

~~ Starting web server (HTTP port: 8080, HTTPS port 8443)

~~ Waiting for device to connect

*** IMPORTANT! ***

** AFTER the first download is COMPLETE, with in a minute or so you should connect to the new SSID "FinalStage" to finish the process.

** ONLY disconnect when the new "FinalStage" SSID is visible as an available WiFi network.

This server should automatically be allocated the IP address: 192.168.4.2.

If you have successfully connected to "FinalStage" and this is not the IP Address you were allocated, please ensure no other device has connected, and reboot your Sonoff.

...error on read: [SSL: DECRYPTION_FAILED_OR_BAD_RECORD_MAC] decryption failed or bad record mac (_ssl.c:1974)

.........error on read: [SSL: DECRYPTION_FAILED_OR_BAD_RECORD_MAC] decryption failed or bad record mac (_ssl.c:1974)

..........error on read: [SSL: DECRYPTION_FAILED_OR_BAD_RECORD_MAC] decryption failed or bad record mac (_ssl.c:1974)

........

Now the Sonoff does use SSL for this, and the OTA kit includes some dummy certificates, but clearly there is something not good going on. A check on the Github Issues for SonOTA reveals that firmware version 1.6+ probably won't work - I have no idea what firmware version I have, and I'm not going to connect to the CBB to check either. Bugger. Back to the FTDI chip...