Buffalo NAS-Central Forums

Welcome to the Linkstation Wiki community
It is currently Thu Jul 31, 2014 8:49 pm

All times are UTC [ DST ]




Post new topic Reply to topic  [ 158 posts ]  Go to page Previous  1 ... 7, 8, 9, 10, 11
Author Message
PostPosted: Thu Oct 11, 2007 6:12 pm 
Offline
Developer

Joined: Wed Oct 25, 2006 6:05 pm
Posts: 613
Location: Germany
At the end it was easier than I thought: :biglol:
Code:
    public byte[] encryptACPpassword(String password, byte [] key) {
        //
        // mimmicks route from LSUpdater.exe, starting at 0x00401700
        // key is a 4 byte array (changed order, key 6ae2ad78 => (0x6a, 0xe2, 0xad, 0x78)
        // password = ap_servd, key= 6ae2ad78 gives encrypted 19:A4:F7:9B:AF:7B:C4:DD
        //
        byte[] new_key = new byte[8];
        byte[] result = new byte[8];

        // first generate initial encryption key (new_key) from key
        for (int i = 0; i <4; i++) {
            new_key[3-i] = (byte) (key[i]);                         // lower 4 bytes
            new_key[4+i] = (byte) ((key[i] ^ key[3-i]) * key[3-i]); // higher 4 bytes
        }
        // use new_key to generate scrambled (xor) password, new_key is regularly altered
        int j = 0;
        int n;
        for (int i = 0; i <4; i++) {
            // encryption of first char, first alter new_key
            new_key[0] = (byte) (password.getBytes()[j] ^ new_key[0]);

            n = 2;
            for (int k = 0; k < i; k++) { // only executed if i > 1
                new_key [n] = (byte) (new_key [n] ^ new_key [n-2]);
                n = n + 2;
            }

            result[i] = new_key[j];

            // above is repeated (more or less) for 2nd char, first alter new_key
            new_key[1] = (byte) (password.getBytes()[j+1] ^ new_key[1]);

            n = 3;
            for (int k = 0; k < i; k++) { // only executed if i > 1
                new_key [n] = (byte) (new_key [n] ^ new_key [n-2]);
                n = n + 2;
            }

            result[7-i] = new_key[j+1];
            j = j +2;
        }

        return (result);
    }

It works correctly for passwords with 8 bytes, there should be special handling for shorter passwords, but in LSUpdater.exe this would be done in the calling routine.
Goint to work it into the acp_commander.

_________________
acp_commander users note: from ver. 0.4 on the correct ACP authentication method is used, avoiding possible side effects.
Download: http://sourceforge.net/project/showfile ... _id=167037


Top
 Profile  
 
PostPosted: Mon Oct 22, 2007 8:38 pm 
Offline
Developer

Joined: Wed Oct 25, 2006 6:05 pm
Posts: 613
Location: Germany
OK, acp_commander 0.4.0 (beta) has been released to sourceforge.
Note: This is a beta release! Before bricking your boxes let the developers/testers do their work!

Changes: 0.4.0 (beta), 21. Okt 2007
*) added correct password encryption
*) addons, install addons.tar from local or linkstationwiki
*) emmode, normmode, reboot, shutdown
*) gui, switch webGUI language
*) better handling of incoming packets (still a lot to do ;) )
*) added some infos and hints on Exceptions to assist users
*) worked on help/usage, new order of parameters

The first point is the most important one, as we don't have to use the buffer overflow anymore (the method is still available with the -ba switch). This also allows to implement the new features emmode, normmode, reboot, shutdown and gui.

gui switching might help those users not able to read Japanese properly. ;)

addons creates a acp_commander folder on the share /share, copies the addons file (local or linkstationwiki) into it and finally untars it.

In "find" I'm now removing identical answers. Especially mindbender had the phenomenon that his box showed up four times (please test!)

I'd also need some response on the password query: Does the code hiding the password works properly, or does it flood the console?

_________________
acp_commander users note: from ver. 0.4 on the correct ACP authentication method is used, avoiding possible side effects.
Download: http://sourceforge.net/project/showfile ... _id=167037


Top
 Profile  
 
PostPosted: Thu Nov 15, 2007 11:15 pm 
Offline
Developer

Joined: Wed Oct 25, 2006 6:05 pm
Posts: 613
Location: Germany
I just released version 0.4.1 (beta) of the acp_commander to sourceforge
http://sourceforge.net/project/showfile ... _id=167037

The only minor change is that
- the password query pops up and
- the ACP_Authent packet is sent
only if necessary (change ip). Makes life somewhat easier again.

For all other used packets it seems sufficient to be sufficient to send the EnOneCmd packet with the encrypted standard password.

Please also note that the change ip feature is still very limited, as only the IP is set to the given, fixed IP and the network mask is set to 255.255.255.0. Gateways, dns are not set, dhcp is still not possible. But if e.g. it reverts to 192.168.11.150 that should be sufficient to set it to an IP in your subnet and make the remaining settings via WebGUI without the need to change your PC's IP.

While the version is still labeled beta the changes to the previous version in the code are minor. And according to sourceforge that had nearly 40 downloads in the past weeks ...

... without any complaints?!

_________________
acp_commander users note: from ver. 0.4 on the correct ACP authentication method is used, avoiding possible side effects.
Download: http://sourceforge.net/project/showfile ... _id=167037


Top
 Profile  
 
PostPosted: Tue Jul 08, 2008 11:14 pm 
Offline
Total Newbie

Joined: Tue Jul 08, 2008 11:04 pm
Posts: 3
Location: Wiesbaden / Germany
Hi, using @version 0.4.1 (beta), works fine, I did it twice.

But now I have a very important question.

I need do disable this funktion on a running server for security reasons.
I have disabled telnet and enabled ssh. If somebody including myself is
running ACP-Commander, I am kicked out forever.

So I need to block udp and/or all the unused ports.

How can this be done on a LS live.

(I am familiar with Suse 10.3 and below, configuring the firewalls there.)

thanks from Gert Redlich / Wiesbaden / Germany


Top
 Profile  
 
PostPosted: Thu Jul 10, 2008 9:05 pm 
Offline
Developer

Joined: Wed Oct 25, 2006 6:05 pm
Posts: 613
Location: Germany
The procedure is the same on all arm9 - models. Remove the call of clientUtil_servd.sh from /etc/init.d/rcS and /etc/daemonwatch.conf

Read e.g. the current thread Terastation SECURITY HOLE! (Am I the first?)

Georg

_________________
acp_commander users note: from ver. 0.4 on the correct ACP authentication method is used, avoiding possible side effects.
Download: http://sourceforge.net/project/showfile ... _id=167037


Top
 Profile  
 
PostPosted: Mon Aug 10, 2009 9:55 pm 
Offline
Developer

Joined: Wed Oct 25, 2006 6:05 pm
Posts: 613
Location: Germany
Hi, seems to be time to open this old thread again.

If you look through the active threads of the past days you'll see that in there are several users complaining that the acp_commander isn't working anymore. It seems that recently buffalo has changed something to the implementation of the ACP-protocoll.

You can try to retreive a listing of the root dir using
-c "ls /"
as options to the acp_commander. If this returns nothing the acp_commander doesn't connect properly.

I'm just downloading the LS-CHL firmware and will try to look into the changes. That might take some time as I'm quite busy the next weeks and I've "only" a LS-Pro v1 to play with (no updates for ages).

_________________
acp_commander users note: from ver. 0.4 on the correct ACP authentication method is used, avoiding possible side effects.
Download: http://sourceforge.net/project/showfile ... _id=167037


Top
 Profile  
 
PostPosted: Tue Aug 11, 2009 10:37 pm 
Offline
Developer

Joined: Wed Oct 25, 2006 6:05 pm
Posts: 613
Location: Germany
*Maybe* I've good news. After running the updater of the new firmwares against wireshark I'd say the main difference in the ACP discover packet is a new main version number 09 instead of 08.

*If* this is really the issue of the current problems. That should be really no problem to fix. :D
So keep your fingers crossed.

My linkstation just went to bed when I started editing the sources. Signal for me to head the same direction, but wanted to leave the maybe good news to you.

_________________
acp_commander users note: from ver. 0.4 on the correct ACP authentication method is used, avoiding possible side effects.
Download: http://sourceforge.net/project/showfile ... _id=167037


Top
 Profile  
 
PostPosted: Wed Aug 12, 2009 11:01 pm 
Offline
Developer

Joined: Wed Oct 25, 2006 6:05 pm
Posts: 613
Location: Germany
First progress as described in another thread - here again for documentation of the acp_commander....

I think the main thing buffalo has changed is that now the authentication using the admin password is required. The current clientUtil_server versions I tested (2.37 from the LS-XHL FW and 2.41 from the LS-CHL) do respond with a root folder listing on the command
Code:
java -jar acp_commander.jar -t <yourbox> -pw <adminpasswd> -c "ls /" -ip <newip>

The difference is that for changing the IP even in the past authentication using the admin password has been required. This was not the case for most other commands. By the -ip option we enforce this authentication also for the -c command.

:!: However I cannot suggest this method at the moment as both clientUtil_server versions crash upon this command at the moment. :p

_________________
acp_commander users note: from ver. 0.4 on the correct ACP authentication method is used, avoiding possible side effects.
Download: http://sourceforge.net/project/showfile ... _id=167037


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 158 posts ]  Go to page Previous  1 ... 7, 8, 9, 10, 11

All times are UTC [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:

Protected by Anti-Spam ACP
Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group