General NAS-Central Forums

Welcome to the NAS community
It is currently Fri Oct 24, 2014 7:44 am

All times are UTC




Post new topic Reply to topic  [ 37 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
 Post subject: Re: LaCie LaPlug
PostPosted: Sat Dec 03, 2011 7:56 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
(1) I am using a USB stick to use a symlink to get to the LaPlug filesystem

(2) /proc/mtd exists but is blank

(3) I renamed the original /etc/usb/disk/udev_clbk.sh and then uploaded a copy of the file with an extra line below. I then removed and re-plugged my USB stick. I was then able to SSH into the LaPlug with the admin account.
Code:
/etc/init.d/openssh start


(3a) When I rebooted the LaPlug the renamed file was gone, and I cannot SSH again. I suspected the files would be replaced. Is there a way to make this survive a reboot?

(4) I have been unable to successfully modify the /etc/shadow file to reset the root account password the same as my admin account. Before I reset the LaPlug (3a above) I copied the text below for reference.

Do I just replace the text from the admin line mbpEqsa2$RPHO543rkcUijYhtWsKp70 with the text from the admin line ri5o6zUUfwduo?

Here is the contents of /etc/shadow

Code:
root:$1$mbpEqsa2$RPHO543rkcUijYhtWsKp70:10933:0:99999:7:::
nobody:*:10933:0:99999:7:::
admin:ri5o6zUUfwduo:15310:0:99999:7:::
wuala::10933:0:99999:7:::
messagebus::10933:0:99999:7:777
sshd::10933:0:99999:7:777
~
~
- /etc/shadow [Readonly] 1/6 16%


Thanks very much for your help.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sat Dec 03, 2011 7:57 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
Also, do you recognize account wuala ?


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sat Dec 03, 2011 9:24 pm 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 4546
Quote:
I renamed the original /etc/usb/disk/udev_clbk.sh and then uploaded a copy of the file with an extra line below. I then removed and re-plugged my USB stick. I was then able to SSH into the LaPlug with the admin account.
Finally something on this box which acts as expected.
Quote:
When I rebooted the LaPlug the renamed file was gone, and I cannot SSH again. I suspected the files would be replaced. Is there a way to make this survive a reboot?
I *think* somehow a unionfs is used, with a ramdisk as read/write layer. So first more info is needed to change something permanent.
Quote:
Do I just replace the text from the admin line mbpEqsa2$RPHO543rkcUijYhtWsKp70 with the text from the admin line ri5o6zUUfwduo?
Basically yes. But if you are able to read /etc/shadow, I suppose you already have root privileges. So there's no need to become root.

Can you look if the contents of /proc/mounts and /proc/mtd are the same when seen from an ssh shell? (I know, it doesn't make sense. But an almost empty /proc/mounts doesn't make sense either)


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sat Dec 03, 2011 11:40 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
I cannot edit /etc/shadow from an SSH session. I can download the shadow file, modify it, upload the changed version but when I try to SSH as root I get access denied.

I cannot run passwd. I also cannot su ... I get this message
Code:
su: must be suid to work properly


This is strange - the contents of /etc/shadow has changed after the reboot. The passwords for admin are different. The hash was ri5o6zUUfwduo but it is now 1IlwGAR3XpQEU?
Code:
root:$1$mbpEqsa2$RPHO543rkcUijYhtWsKp70:10933:0:99999:7:::
nobody:*:10933:0:99999:7:::
admin:1IlwGAR3XpQEU:15311:0:99999:7:::
wuala::10933:0:99999:7:::
messagebus::10933:0:99999:7:777
sshd::10933:0:99999:7:777

Here is /proc/mounts ...
Code:
~ $ cat /proc/mounts
rootfs / rootfs rw 0 0
/dev/root / jffs2 ro,relatime 0 0
none /proc proc rw,relatime 0 0
none /sys sysfs rw,relatime 0 0
tmpfs /tmp tmpfs rw,relatime,size=512k,mode=777 0 0
tmpfs /etc tmpfs rw,relatime,size=2048k 0 0
tmpfs /var tmpfs rw,relatime,size=4096k 0 0
tmpfs /var/log tmpfs rw,relatime,size=1024k 0 0
none /lacie/var tmpfs rw,relatime,size=1024k 0 0
usbfs /proc/bus/usb usbfs rw,relatime 0 0
udev /dev tmpfs rw,relatime,mode=755 0 0
ubi4:config /lacie/flash/config ubifs rw,relatime 0 0
ubi5:data /lacie/flash/data ubifs rw,relatime 0 0
/dev/sea1 /lacie/var/userPart/share/THIRD tntfs rw,relatime,uid=0,gid=0,umask=00,nls=utf8,reset_journal,errors=continue,mft_zone_multiplier=1 0 0
/dev/seb1 /lacie/var/userPart/share/FIRST tntfs rw,relatime,uid=0,gid=0,umask=00,nls=utf8,errors=continue,mft_zone_multiplier=1 0 0
/dev/sec1 /lacie/var/userPart/share/SECOND tntfs rw,relatime,uid=0,gid=0,umask=00,nls=utf8,reset_journal,errors=continue,mft_zone_multiplier=1 0 0
/dev/see1 /lacie/var/userPart/share/EXT3 ext3 rw,relatime,errors=continue,data=writeback 0 0

Here is /proc/mtd ...
Code:
~ $ cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00100000 00020000 "u-boot"
mtd1: 00800000 00020000 "updater"
mtd2: 00400000 00020000 "system kernel"
mtd3: 03c00000 00020000 "system rootfs"
mtd4: 00800000 00020000 "config"
mtd5: 1af00000 00020000 "data"

Here is /proc/cpuinfo..
Code:
Processor   : Feroceon 88FR131 rev 1 (v5l)
BogoMIPS   : 797.90
Features   : swp half thumb fastmult edsp
CPU implementer   : 0x56
CPU architecture: 5TE
CPU variant   : 0x2
CPU part   : 0x131
CPU revision   : 1

Hardware   : netspace_plug_v2
Revision   : 0001
Serial      : 0000000000000000

Here is /proc/meminfo
Code:
MemTotal:         125748 kB
MemFree:            5064 kB
Buffers:             132 kB
Cached:            96560 kB
SwapCached:            0 kB
Active:            38812 kB
Inactive:          65260 kB
Active(anon):       3292 kB
Inactive(anon):     5624 kB
Active(file):      35520 kB
Inactive(file):    59636 kB
Unevictable:           0 kB
Mlocked:               0 kB
SwapTotal:        131064 kB
SwapFree:         131064 kB
Dirty:                28 kB
Writeback:             0 kB
AnonPages:          7408 kB
Mapped:            10264 kB
Slab:               9796 kB
SReclaimable:       1152 kB
SUnreclaim:         8644 kB
PageTables:          476 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:      193936 kB
Committed_AS:      53248 kB
VmallocTotal:     516096 kB
VmallocUsed:        3540 kB
VmallocChunk:     508924 kB

Here is /proc/version ...
Code:
Linux version 2.6.31.8 (root@ws32.lacie.com) (gcc version 4.2.1) #2 Fri May 20 13:03:24 UTC 2011

Here is /proc/cmdline ...
Code:
root=/dev/mtdblock3 rootfstype=jffs2 ro console=ttyS0,115200

Here is /proc/partitions ...
Code:
major minor  #blocks  name

  31        0       1024 mtdblock0
  31        1       8192 mtdblock1
  31        2       4096 mtdblock2
  31        3      61440 mtdblock3
  31        4       8192 mtdblock4
  31        5     441344 mtdblock5
   8        0  976762584 sea
   8        1  976759808 sea1
   8       16  976762584 seb
   8       17  976760001 seb1
   8       32  976762584 sec
   8       33  976760001 sec1
   8       64    7847935 see
   8       65    7846890 see1

Here is df -h ... /dev/sea1, /dev/seb1, /dev/sec1,/dev/see1 are the external drives I have connected, It is weird to me that there is no /dev/sed1 though
Code:
~ $ df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                60.0M     39.1M     20.9M  65% /
tmpfs                   512.0K      4.0K    508.0K   1% /tmp
tmpfs                     2.0M    600.0K      1.4M  29% /etc
tmpfs                     4.0M    560.0K      3.5M  14% /var
tmpfs                     1.0M    140.0K    884.0K  14% /var/log
none                      1.0M    120.0K    904.0K  12% /lacie/var
udev                     61.4M    124.0K     61.3M   0% /dev
ubi4:config               5.0M     32.0K      4.7M   1% /lacie/flash/config
ubi5:data               392.3M     24.0K    387.6M   0% /lacie/flash/data
/dev/sea1               931.5G    694.2G    237.3G  75% /lacie/var/userPart/share/THIRD
/dev/seb1               931.5G    709.9G    221.6G  76% /lacie/var/userPart/share/FIRST
/dev/sec1               931.5G    857.4G     74.1G  92% /lacie/var/userPart/share/SECOND
/dev/see1                 7.4G    145.0M      6.8G   2% /lacie/var/userPart/share/EXT3

Here is the output of ps ...
Code:
  PID USER       VSZ STAT COMMAND
    1 root      1620 S    init [2]
    2 root         0 SW<  [kthreadd]
    3 root         0 SW<  [ksoftirqd/0]
    4 root         0 SW<  [events/0]
    5 root         0 SW<  [khelper]
    8 root         0 SW<  [async/mgr]
   89 root         0 SW<  [kblockd/0]
  122 root         0 SW   [crypto]
  123 root         0 SW   [crypto_ret]
  127 root         0 SW<  [input-watchdog]
  132 root         0 SW   [pdflush]
  133 root         0 SW   [pdflush]
  134 root         0 SW<  [kswapd0]
  135 root         0 SW<  [aio/0]
  137 root         0 SW<  [crypto/0]
  447 root         0 SW<  [scsi_eh_0]
  448 root         0 SW<  [scsi_eh_1]
  463 root         0 SW<  [mtdblockd]
  464 root         0 SW<  [ftld]
  465 root         0 SW<  [nftld]
  498 root         0 SW<  [kondemand/0]
  499 root         0 SW<  [kconservative/0]
  570 root         0 SW<  [khubd]
  595 root      1968 S <  /sbin/udevd --daemon
  943 root         0 SW<  [ubi_bgt4d]
  947 root         0 SW<  [ubifs_bgt4_0]
  951 root         0 SW<  [ubi_bgt5d]
  955 root         0 SW<  [ubifs_bgt5_0]
  986 root      4636 S    klaxonServer -l /dev/null -v --key-create-allowed
 1069 root      2912 S    fsguardiand -c /etc/fsguardiand/fsguardiand.cfg -l /dev/null
 1077 root      2892 S    syslogd
 1082 root      2892 S    crond -c /var/spool/cron/crontabs
 1188 root      3996 S <  /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
 1195 root      2732 S    buttons-manager -l /dev/null
 1196 root      8052 S <  /usr/bin/php-cgi
 1258 root         0 SW<  [scsi_eh_2]
 1259 root         0 SW<  [usb-storage]
 1286 root     15380 S    /usr/sbin/smbd -D -s /etc/smb.conf
 1289 root     15380 S    /usr/sbin/smbd -D -s /etc/smb.conf
 1468 root         0 SW<  [scsi_eh_3]
 1469 root         0 SW<  [usb-storage]
 1476 nobody    2920 S    proftpd: (accepting connections)
 1486 root         0 SW<  [scsi_eh_4]
 1487 root         0 SW<  [usb-storage]
 1503 root      4820 S    /usr/sbin/afpd -F /etc/netatalk/afpd.conf
 1621 root      2692 S    avahi-daemon: running [STORAGE.local]
 1727 root      2896 S    /sbin/getty 115200 ttyS0 vt320
 2735 root         0 SW<  [RtmpCmdQTask]
 2736 root         0 SW<  [RtmpWscTask]
18449 root      3968 S <  /usr/sbin/sshd -f /etc/openssh.conf
19402 root         0 SW<  [scsi_eh_6]
19403 root         0 SW<  [usb-storage]
19729 root         0 SW<  [kjournald]
19970 root      6944 S    /usr/sbin/nmbd -D -s /etc/smb.conf
20099 root      6652 S <  sshd: admin [priv]
20103 admin     6652 S <  sshd: admin@ttyp0
20104 admin     2896 R <  -sh
22807 root     15488 R    /usr/sbin/smbd -D -s /etc/smb.conf
25027 root      8348 S <  /usr/bin/php-cgi
26776 admin     2896 R <  ps


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sun Dec 04, 2011 12:36 pm 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 4546
mushupork wrote:
rootfs / rootfs rw 0 0
/dev/root / jffs2 ro,relatime 0 0
So we have both a filesystem jffs2 ro on /, and a filesystem rootfs rw on /.
From the kernel documentation:
Documentation/filesystems/ramfs-rootfs-initramfs.txt wrote:
What is rootfs?
---------------

Rootfs is a special instance of ramfs (or tmpfs, if that's enabled), which is
always present in 2.6 systems. You can't unmount rootfs for approximately the
same reason you can't kill the init process; rather than having special code
to check for and handle an empty list, it's smaller and simpler for the kernel
to just make sure certain lists can't become empty.

Most systems just mount another filesystem over rootfs and ignore it. The
amount of space an empty instance of ramfs takes up is tiny.
I suppose Lacie somehow put this rootfs on top of the jffs2 fs, in an unionfs.
So it's not possible to change anything in the rootfs, because it will never pass the rw layer.

But you could try to mount the jffs2 partition elsewhere. According to the cmdline (and the mtd list) this is /dev/mtdblock3. So try
Code:
mkdir /tmp/mountpoint
mount -t jffs2 -o relatime,rw /dev/mtdblock3 /tmp/mountpoint


mushupork wrote:
This is strange - the contents of /etc/shadow has changed after the reboot. The passwords for admin are different.
I suppose the admin password is stored in a dedicated flash partition, possibly mtd4. On boot a hash is written to shadow. This is done on each boot, because it's written to a volatile filesystem. And I suppose each time a different salt is used, giving different hashes.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sun Dec 04, 2011 7:07 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
I am not root so I cannot mount it
Code:
mount: permission denied (are you root?)


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sun Dec 04, 2011 7:57 pm 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 4546
Ah, of course.

You can add the line
Code:
/bin/busybox telnetd -l /bin/sh
to /etc/usb/disk/udev_clbk.sh. That will give you a loginless root shell when you connect using telnet.

(BTW, I now have a /etc/usb/disk/udev_clbk.sh, now I mounted using an erase size of 128KiB, as stated in /proc/mtd. So mounting a jffs2 filesystem using the wrong erasesize indeed damages it)


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Tue Dec 06, 2011 5:30 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
Adding that line to /etc/usb/disk/udev_clbk.sh did not allow me to telnet in as root.

I don't know how you are mounting the jffs2 system. I am not very highly skilled in Linux so that does not surprise me though. Since you can mount the drive with the info from /proc/mtd, how hard would it be to modify /etc/usb/disk/udev_clbk.sh to include the line allowing SSH so it survives a reboot?

I am not sure what the next step is. I am just looking around. Do you know what Klaxon is?


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Tue Dec 06, 2011 7:50 pm 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 4546
mushupork wrote:
Adding that line to /etc/usb/disk/udev_clbk.sh did not allow me to telnet in as root.
No? Does running the line in an ssh shell give any errors?
mushupork wrote:
Since you can mount the drive with the info from /proc/mtd, how hard would it be to modify /etc/usb/disk/udev_clbk.sh to include the line allowing SSH so it survives a reboot?
When modifying the rootfs, it makes more sense just to add the S99 symlink, than editing /etc/usb/disk/udev_clbk.sh.
And yes, I can easily make that modification. I can also repack it in a cluff file. The problem is, I'm not 100% sure if the generated jffs2 image is compatible, and I'm afraid it's a one-shot. If it isn't compatible, the box is bricked.
mushupork wrote:
Do you know what Klaxon is?
No. I never heard of it, before I looked at this box. According to the configuration files, it does all management of the box. So I suppose it connects the webinterface configuration to the actual firmware.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Tue Dec 06, 2011 9:01 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
I did try running "/bin/busybox telnetd -l /bin/sh" from the ssh session and the command provides no feedback. I try to telnet to the LaPlug and it fails though, there is nothing "telnet" showing when I try a "ps" command and I don't see it when running "top" either.

I understand the symlink comment and why that makes more sense.

I also understand the risk of bricking the box. The update process (putting firmware on a usb device, holding power button 10 secs then releasing after 2 secs) requires that the software to allow the update is working on the LaPlug. There probably is not a hardware reset button if a flash goes bad.

http://manuals.lacie.com/en/manuals/laplug/update


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Tue Dec 06, 2011 10:03 pm 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 4546
Some thoughts:
  • You could try to use a key pair to login as root.
  • When starting '/bin/busybox telnetd' it's not expected that telnetd will showup in ps. It's an incarnation of busybox.
  • Maybe port 23 is occupied? Try 'netstat -lt'
  • According to /proc/mtd there is a partition 'updater', big enough to contain a dedicated rootfs (or kernel *and* rootfs) which can load a firmware from USB. So maybe your reset procedure works without a functioning 'normal' rootfs.
    Could you provide me a copy?
    Code:
    dd if=/dev/mtdblock1 of=/lacie/var/userPart/share/EXT3/updater
    (And it won't hurt to make a backup of all mtdblocks. When you manage to brick the box you might need them)

    On the other hand, the script /init seems responsible for updating from usb. And that is in the rootfs.
  • After all I don't think there is a unionfs active. The script /etc/init.d/rcS copies the content of /etc to a ramdisk, and then mounts another ramdisk on /etc, after which the content is copied (Did Lacie never hear of mount --move?). So only /etc is writable (and volatile). (And /var, /tmp and /lacie/var)
  • You could also try to mount the rootfs from /etc/usb/disk/udev_clbk.sh


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Wed Dec 07, 2011 4:21 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
"netstat -lt" shows nothing running on port 23.

Code:
/lacie $ netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 (null):afpovertcp       (null):*                LISTEN
tcp        0      0 (null):139              (null):*                LISTEN
tcp        0      0 (null):80               (null):*                LISTEN
tcp        0      0 (null):21               (null):*                LISTEN
tcp        0      0 (null):22               (null):*                LISTEN
tcp        0      0 (null):443              (null):*                LISTEN
tcp        0      0 (null):445              (null):*                LISTEN


"dd if=/dev/mtdblock1 of=/lacie/var/userPart/share/EXT3/updater" gives me a permission denied error ...
Code:
dd: can't open '/dev/mtdblock1': Permission denied


I could mount the root fs *and* run the above command from /etc/usb/disk/udev_clbk.sh I suppose. It would be nice if there were a way to mount and unmount the usb drives from the web interface. You can unmount but you need to physically reconnect it .


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Sun Dec 11, 2011 8:20 pm 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
I added the following lines to /etc/usb/disk/udev_clbk.sh:

Code:
dd if=/dev/mtdblock1 of=/lacie/var/userPart/share/EXT3/updater

Code:
mount -t jffs2 -o relatime,rw /dev/mtdblock3 /tmp/mountpoint


After I unplugged and reconnected the flash drive I do have a file named updater and I do see files/folders in /tmp/mountpoint.

I am trying to post the updater file here as an attachment but have not been successful. I cannot upload it as normal, or as a zip or rar file. How do I post this for you?

I tried to copy S99openssh to /tmp/mountpoint/etc/rc2.d using the file browser but am getting errors since it is a read only file system. I also tried to create a directory as a test and also receive an error.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Mon Dec 12, 2011 8:39 am 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 4546
mushupork wrote:
How do I post this for you?
I'll PM you a ftp account.
Quote:
I tried to copy S99openssh to /tmp/mountpoint/etc/rc2.d using the file browser but am getting errors since it is a read only file system.
It's not supposed to be read only, as it's explicitly mounted rw. But maybe some significant message is printed. You can change the line:
Code:
mount -t jffs2 -o relatime,rw /dev/mtdblock3 /tmp/mountpoint >/lacie/var/userPart/share/EXT3/mount.log 2>&1
This will redirect stdout and stderr to mount.log.


Top
 Profile  
 
 Post subject: Re: LaCie LaPlug
PostPosted: Tue Dec 13, 2011 1:02 am 
Offline

Joined: Fri Nov 18, 2011 10:04 pm
Posts: 20
I FTP'd the file to you.

I used the modified mount string and the single message written to mount.log is
"mount: mounting /dev/mtdblock3 on /tmp/mountpoint failed: Device or resource busy"

The weird part if it does succeed in mounting because I can browse to /tmp/mountpoint and see the jffs file system but I cannot create/modify anything there. I am guessing it is showing the "failure" to mount it as writable.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 37 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group