Improve the orbic-network installer and make it the default #599
Description
Background
We have been having a few issues with the ADB-based installer for orbic, from memory they fall into these categories:
- rootshell not giving root Install from macOS ARM to Orbic is failing with "rootshell is not giving us root" #597
- various USB driver issues, mostly windows [Bug]: Qmi Send Message Fail! #366
Proposal
So since #531 there is a network-based installer as well, similar to tplink. I believe it should eventually become the default for new installations as it does not use rootshell and does not need drivers:
- rename
orbictoorbic-usb - rename
orbic-networktoorbic - remove windows-specific instructions or demote them into the device page
orbic.md
The ADB dependency will still stick around as other installers use it, and there are many devices where going through ADB and/or serial is the only option to communicate. Building network installers like tplink or orbic-network relies on finding RCE in the admin UI and a lot of luck.
Blockers
Before this swap can happen, we need to be sure that the network installer is actually on-par with the USB installer in terms of functionality.
-
The biggest blocker I see here is that the network-based installer requires interaction from the user to authenticate itself with the device, so there is more manual labor per device. This is going to be really annoying for mass-deployments if not fixed. We should instead take the admin password as CLI parameter, and do the authentication dance ourselves. Unfortunately the login page and auth flow of orbic relies on homemade crypto in JavaScript, so that has to be reimplemented in Rust. It appears to be "best" practice in embedded systems to re-invent TLS but worse (tplink has the same thing)
-
[stretch] Even if the network installer were to become non-interactive, it still needs a password. This password may be different per-device, and so we still have problems with mass-deployments. It would be really nice to find an unauthenticated root RCE in the Orbic admin UI (similar to TP-Link M7350 v3), but I have looked around a lot in Ghidra and wouldn't bet on it.