General NAS-Central Forums

Welcome to the NAS community
It is currently Tue Sep 26, 2017 5:35 am

All times are UTC




Post new topic Reply to topic  [ 37 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: LaCie LaPlug
PostPosted: Fri Nov 18, 2011 10:33 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
Is anyone familiar with the new NAS device from LaCie? It is a small box and the drives it accesses are USB drives you connect. (like the Iomega iConnect)

I'd really like SSH access to the LaPlug. I see many subforums for LaCie products. Any idea if the tips for the other products will work for this one?

Thanks.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sat Nov 19, 2011 12:04 pm 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6039
Partly, maybe. There are big differences between this box, and the other Lacie's. The main one is that the NASses have their firmware on disk, while this one has its firmware in flash, putting more constraints on the size.

Anyway, I downloaded firmware 1.0.4, and had a look at it. binwalk told it's a tar file starting at byte 32. So I extracted it:
Code:
dd if=plug_1.0.4.cluff bs=32 skip=1 | tar x
This gives 2 files:
-rw-r--r-- 1 Mijzelf Mijzelf 2090460 Nov 2 10:46 kernel.uboot
-rw-r--r-- 1 Mijzelf Mijzelf 40369564 Nov 19 11:35 rootfs.jffs2
obviously a kernel and a rootfs. Using the mtd2block kernel module I could mount the rootfs. Some findings so far:
  • The box doesn't use initng, like other Lacie's, but system V init.
  • According to /etc/inittab you can login on a serial port, 115200 baud.
  • This box doesn't use the evil unicorn, instead there is something called 'klaxon'.
  • There is an ssh server, and a start script in /etc/init.d, but it's not started directly by init.
  • There is a telnetd server, and a start script in /etc/init.d, but it's not started directly by init.
  • AjaXplorer is present, so you could try the symlink trick to get access to your rootfs.
  • /etc/shadow contains much more users than /etc/passwd does.
  • I think the box has a RT2860 wireless card.
  • The box runs a 2.6.31.8 kernel


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sat Nov 19, 2011 10:48 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
The update procedure for the firmware is pretty straightforward. I am not skilled in this but my idea was to modify a firmware update and then apply the firmware with ssh enabled - or something similar. I could not figure out what to use to look inside a cluff file though to see if that was even an option.

This may sound naive, but could this be as simple as un-commenting /etc/init.d to allow ssh and/or telnet to start at boot in a firmware update and then apply that firmware update?


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sun Nov 20, 2011 9:26 am 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6039
Sound perfectly reasonable. I found the actual update function (it's in an uncommon place, /init):
Code:
cluff_update() {
        FILE=$1
        FILE_LOCAL=$(basename $FILE)
       
        echo "*** updating with file $FILE_LOCAL ***"
       
        echo "- checking file"
        MD5_HEAD=$(head -c32 $FILE)
        FILE_SIZE=$(stat -c %s $FILE)
        TAR_SIZE=$((FILE_SIZE - 32))
        MD5_TAR=$(tail -c $TAR_SIZE $FILE | md5sum | awk '{print $1}')
       
        if [ "$MD5_HEAD" != "$MD5_TAR" ]; then
                exit_error "MD5 hash mismatch"
        fi
        echo "  => check ok: MD5 = $MD5_TAR"
     
        echo "- extracting files"
        EXTRACT_PATH=/tmp/files
        rm -rf $EXTRACT_PATH
        mkdir -p $EXTRACT_PATH
        tail -c $TAR_SIZE $FILE | tar -x -f - -C $EXTRACT_PATH
       
        if [ ! -f "$EXTRACT_PATH/$UPDATE_KERNEL_FILE" ]; then
                exit_error "missing kernel file"
        fi
       
        if [ ! -f "$EXTRACT_PATH/$UPDATE_ROOTFS_FILE" ]; then
                exit_error "missing rootfs file"
        fi
       
        echo "  => updating kernel"
        flash_write $EXTRACT_PATH/$UPDATE_KERNEL_FILE 2
       
        echo "  => updating rootfs"
        flash_write $EXTRACT_PATH/$UPDATE_ROOTFS_FILE 3
       
        echo "  => cleaning config and data partitions"
        flash_eraseall -q /dev/mtd4
        flash_eraseall -q /dev/mtd5
       
        echo "*** done ***"
        echo "- rebooting device"
        reboot -f
}

So a cluff file is actually a tarfile containing a kernel and a rootfs, preceded by a 32 byte md5sum of the tarfile.

There is a problem, however. the rootfs is a jffs2 image, which is a difficult filesystem. You can't just loopmount it, because it's intended to run from a mtd-blockdevice. With some tricks it can be mounted, but then it's readonly. (At least on my box it is). So the procedure would be copying the contents of the rootfs somewhere else, editing it as you like, and creating a new image from it using mkfs.jffs2. This last function needs a blocksize and an erasesize specified. AFAIK the blocksize isn't really important, but choosing the wrong erasesize could brick your box. So it could be a good idea if you managed to read /proc/mtd.
Maybe it's possible to extract the erasesize from the provided image. I don't know.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Tue Nov 22, 2011 3:41 am 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
Quick update ... The symlink trick worked.

I am now browsing the file system looking for default.runlevel so I can uncomment ssh.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Tue Nov 22, 2011 8:36 am 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6039
There is no 'default.runlevel', that's an initng file. This box uses system V init, and you should put a symlink S99sshd in /etc/rc2.d/ which points to /etc/init.d/sshd (or whatever it's name is). If you cannot create symlinks, you can copy the whole script to rc2.d. Rename it so it starts with S99 (The scripts are started in alphabetically order, and you definitely don't want to crash the init system too early.)


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sun Nov 27, 2011 2:18 pm 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6039
When you can read all files in the filesystem, could you post the content of some interesting (pseudo-)files?
/proc/cpuinfo
/proc/meminfo
/proc/mtd
/proc/mounts
/proc/version
/proc/cmdline
/proc/partitions


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Tue Nov 29, 2011 7:12 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
I am away visiting family but will check in once I return.

Before I left I did try copying an openssh script to etc/init.d and was unsuccessful in getting SSH to start. I did not see an "ssh" folder.

I have also been unsuccessful overwriting the password in the shadow password file to be able to login as root rather than admin. I think I overwrote the wrong part of the line for root though.

Again, ran out of time before the holiday to get these things done but will try again soon and post back.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Fri Dec 02, 2011 12:30 am 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
OK - the LaPlug is deleting the script file when I reboot the system.

I copy openssh to etc/rc.2, rename it to S99openssh and after reboot the file is gone.

Can I modify one of the existing files to include this info without corrupting them?

I attached a screenshot of what is in etc/rc2.d.
Attachment:
Laplug-etc-rc2.d.jpg


You do not have the required permissions to view the files attached to this post.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Fri Dec 02, 2011 11:46 am 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6039
I suppose you can edit /etc/init.d/boot for that (Is called as S99bootend). Change
Code:
        bootend)
                /etc/usb/usb_power.sh status | grep 'off' > /dev/null 2>&1
                [ "$?" != "0" ] && /etc/leds solid blue
                ;;
in
Code:
        bootend)
                /etc/init.d/openssh start
                /etc/usb/usb_power.sh status | grep 'off' > /dev/null 2>&1
                [ "$?" != "0" ] && /etc/leds solid blue
                ;;

Make sure you use an editor which handles *nix line ending well.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Fri Dec 02, 2011 3:45 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
Using the web interface I downloaded a copy of the boot file. I then modified it using pspad. I renamed the original boot file on the LaPlug to "boot-original". I then uploaded my modified boot file and rebooted the LaPlug. The renamed boot file "boot-original" is missing and the boot file that remains has the old time stamp that matches all the other files in the directory.

I suspect that the LaPlug is reinstalling the OS kind of like a Live CD when it is restarted. Not sure if that makes sense though - but it would explain what I am seeing. The openssh file I copied before and the boot files I just modified and copied are not being deleted specifically - the whole OS is being refreshed which makes those new files disappear and makes modified files the same as before the modifications. (From a product design or engineering standpoint that would probably be simpler than scanning the disk for changed files and removing or modifying them)


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Fri Dec 02, 2011 7:02 pm 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6039
That is perfectly possible. Actually all Lacie NASses use a unionfs to keep the modifications seperated from the 'real' firmware. This makes it possible to do a factory reset. Just delete the contents of the top layer. On other NASses the top layer is on harddisk, but it could be a ramdisk on the LaPlug.

The contents of /proc/mounts should be able to tell if this is the case.

Maybe there is another way to start ssh. According to /etc/udev/rules.d/external-disks.rules a script /etc/usb/disk/udev_clbk.sh is called when a harddisk is connected or removed. This script doesn't exist. But you can create one, and put
Code:
#!/bin/sh
/etc/init.d/openssh start
inside it. Then, by inserting or removing an usb stick, the ssh server should be started.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Fri Dec 02, 2011 8:09 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
/proc/mounts has a single line that reads:

rootfs / ro


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Fri Dec 02, 2011 8:30 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
/etc/usb/disk/udev_clbk.sh does exist on my LaPLug. It has a date and time stamp like all the other system files of 2011/05/20 07:35.

The contents of the file are:

Code:
#!/bin/sh

flock -x /var/lock/usb-disk.lock sh /etc/usb/disk/core.sh udev "$1" "$2"

#(
#   flock -x 200
#   sh /etc/usb/disk/core.sh udev "$1" "$2"
#) 200>/var/lock/usb-disk.lock


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sat Dec 03, 2011 12:51 pm 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6039
mushupork wrote:
/proc/mounts has a single line that reads:

rootfs / ro
*That* is strange! You read this through a symlink on a USBstick, right? In that case at least the mount of the stick itself should be visible.
Quote:
/etc/usb/disk/udev_clbk.sh does exist on my LaPLug.
Hm. that means that either there are more filesystems than the rootfs alone, or it's create runtime, somehow (why?), or my rootfs is damaged by mounting it with the wrong erasesize. Can you post me /proc/mtd to check out the first and last possibility?
Quote:
The contents of the file are:
Well, you can just add the line
Code:
/etc/init.d/openssh start
at the end. This script is called at each adding/removing of a USB mass storage device.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 37 posts ]  Go to page 1, 2, 3  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group