How-To update Home Center 2 from 3.548 to 4.630

[Georg S 7]

I recently bought an old Home Center 2 for the sole purpose of updating my Fibaro modules’ firmware. I didn’t even think about having issues updating the Home Center itself. But as most you of know, this is actually not as easy as one might think. When I received the Home Center it had FW Version 4.1xx (don’t remember exactly). As it was a used device I thought it would be a good idea to perform a complete recovery. Afterwards, it had FW 3.548. It offered me to upgrade to some 4.x FW but always failed with error 5. Apparently it didn't even start downloading anything. By replacing the image.gz on the recovery stick I managed to get FW 4.056 on the HC2 (see

Please login or register to see this link.

). However, it did not offer any upgrades anymore, even after waiting for hours. 

 

Fibaro support told me to install the updates manually through the recovery or, if this is not possible, send it in. The recovery did not offer this option and sending in the device was no option as this somehow defeated the reason I bought a cheap used unit.

 

Using Wireshark I checked the network traffic of the HC2 and saw that it actually contacted the Fibaro update server but for some reason aborted the TLS connection. 

 

My first idea was to somehow log in to the HC2 via ssh and apply the patches manually (they contain a compiled bash script run.sh which looks like it performs the actual update). To get access I had a look at the image.gz from the recovery stick which is flashed to the internal drive of the HC2 during recovery. 

 

To access the image, I unzipped and mounted it in a Linux VM:

Please login or register to see this code.

It has three partitions. The first one obviously contains the main OS, the second one is swap, and the third one some additional files and backups. 

 

To enable logging in without knowing the root password, I copied my ssh public key into the authorized_keys file for root on the first partition:

Please login or register to see this code.

Unmount, compress, and create new checksum

Please login or register to see this code.

Now copy the image.gz and checksum back to the recovery stick (after backup up the old files). Put the stick back to the HC2 and start recovery. It should now successfully write the modified image to the main drive. Reboot and login via ssh. The HC2 uses a depreciated key mechanism so you need to run ssh with additional options:

Please login or register to see this code.

To find out if there is anything I need to consider before running the run.sh script from the patch files, I searched the file system for any usage of this script - with success. There actually is an update script at /usr/bin/update. Running 

Please login or register to see this code.

for the first time failed due to an error in the following command

Please login or register to see this code.

I cannot reproduce the exact message anymore, but it was obviously due to a certificate which could not be verified. Running the same command on my computer worked fine, so the issue must be on the HC2, probably an outdated CA certificate. This also explains why the HC2 aborted the TLS connection when I checked the network traffic. One solution could be updating the certificates on the HC2, the simpler solution was to simply disable certificate validation for wget:

Please login or register to see this code.

And while we’re at it, for one of the following updates which uses curl instead of wget:

Please login or register to see this code.

Now run

Please login or register to see this code.

again and lean back. After a while it will reboot. After the first reboot the HC2 somehow seemed broken, but I could still log in. I waited for a while and when I was sure that nothing is happening anymore, I re-run

Please login or register to see this code.

I repeated this a couple of times and finally ended up with FW 4.630 and was greeted with the request to create a new account to login.

The only downside is that access via ssh not possible anymore, probably one the updates cleared the authorized_keys file.

 

Maybe this helps other people frustrated by the update mechanism but please bear in mind that it could also go wrong — no guarantee from my side.

 

[tinman 1,071]

On 3/7/2025 at 7:36 PM, Georg S said:

I didn’t even think about having issues updating the Home Center itself.

 

that's true, normally most of the HC2s out there should be on 4.5xx already, only few users might be still affected. As one can't officially downgrade from 4.5xx+ to 4.0xx (without reflashing the Button/LED controller and some other fancy steps), there was probably no reason for Fibaro anymore to care about these few users who haven't migrated to 4.5xx years ago.

 

 

On 3/7/2025 at 7:36 PM, Georg S said:

To enable logging in without knowing the root password

 

i created long time go boot stick, which shows the root pwd after boot, but Fibaro took it down. In the older fw update image, there was as well zwave/avr progrmmer, which can read back the root pwd from the AVR controller, one need however boot it from recovery (zwUpdate --password as i remember)

 

 

On 3/7/2025 at 7:36 PM, Georg S said:

 

for the first time failed due to an error in the following command

Please login or register to see this code.

I cannot reproduce the exact message anymore, but it was obviously due to a certificate which could not be verified. Running the same command on my computer worked fine, so the issue must be on the HC2, probably an outdated CA certificate. This also explains why the HC2 aborted the TLS connection when I checked the network traffic.

 

that's right, few days ago i got request from customer with 4,.180 backup, who asked to help restore "smart home" after he broke 4.6x installation and recognized "ups i don't have any cloud backups". The last working backup was the before migration, so 4.180, therefore i had to downngrade my lab HC2 first to 4.056, and then upgrade to 4.180, restore backup, reset password etc. So far easy step, however as you said "for hours no update to 4.5xx". After deeper look i saw these cert errors as well.

 

On 3/7/2025 at 7:36 PM, Georg S said:

One solution could be updating the certificates on the HC2, the simpler solution was to simply disable certificate validation for wget:

Please login or register to see this code.

And while we’re at it, for one of the following updates which uses curl instead of wget:

Please login or register to see this code.

 

having root pwd, i fighted a bit with migration scripts and manually downloaded filles, however gived up as it keeped crashing. I remembered, that the migration is using certificates to create new backup key, for encrypted backups in the cloud, and with outdated certificates this can't work. Without proper migration (well one can dd new image and boot from there ... but that's half solution) there are no cloud keys and no access via App, so i gived up.
 

I think i will give a try with the easy fix above, as i might still have a use for the lab HC2, and now with 4.180 is useless.

EDIT: Yep, that worked, 4.630 on it, backup is working.

 

On 3/7/2025 at 7:36 PM, Georg S said:

Maybe this helps other people frustrated by the update mechanism but please bear in mind that it could also go wrong — no guarantee from my side.

 

for sure there are still some users with under 4.5xx, so yeah thank's for sharing.

 

Btw. check the cloud backup functionality and remove the recovery stick, as it will be not used anymore and it might block from booting (old power supply and usb blocked combination)

Edited March 9, 2025 by tinman