Buffalo NAS-Central Forums

Welcome to the Linkstation Wiki community
It is currently Fri Jul 20, 2018 1:36 pm

All times are UTC+01:00




Post new topic  Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Sun Jul 31, 2011 1:13 pm 
Offline
Total Newbie

Joined: Sun Jul 31, 2011 11:12 am
Posts: 1
Hi all,
this is my first post, I hope to find some help here :D
Since the last week I bought a brand new Linkstation Live 2TB (LS-CHL975) , its firmware is 1.34
I was trying to get root access.
I was able to use ACP commander and I've got telnet access as admin following
http://buffalo.nas-central.org/wiki/Open_Stock_Firmware_LS-XHL

What I did using
Code:
java -jar acp_commander.jar -t 192.168.1.10 -ip 192.168.1.10 -pw secret -s

Code:
  cp /mnt/disk1/share/xhl/usr/local/sbin/telnetd /usr/local/sbin/
  ln -s /usr/local/sbin/telnetd /usr/sbin/telnetd
  cp /mnt/disk1/share/xhl/usr/local/sbin/sshd /usr/local/sbin
  chmod 4555 /bin/su
  echo "telnet stream  tcp     nowait  root    /usr/sbin/telnetd       /usr/sbin/telnetd" >> /etc/inetd.conf
  chmod 644 /etc/profile
  reboot


After reboot I was able to access via telnet as admin
but it still doesn't accept
Code:
su -
, so I followed (without success :( ) everything i found here

Code:
 java -jar acp_commander.jar -t <IP Address> -c "(echo <pass>;echo <pass>)|passwd"


I tried to replace /bin/su as said here
Code:
  java -jar acp_commander.jar -t <XHL IP address> -ip <XHL IP address> -pw <adminPassword> -s
  cp /mnt/disk1/share/xhl/bin/su /bin/
  chmod 4555 /bin/su


But after that I've got the applet warning :
Code:
admin@LS-CHL975:/$ su -: This applet requires root priviledges!


So I gave through ACP Commander command
Code:
java -jar acp_commander.jar -t <XHL IP address> -ip <XHL IP address> -pw <adminPassword> -c "cd /bin; mv su su.ori; ln -s busybox su; chmod 6555 bin/su; chmod 644 etc/profile;"


Now if I put su - as admin (telnet) , it asks me the root password but doesn't accept anyone.
If i try to blank the root password

Code:
java -jar acp_commander.jar  -t 192.168.1.10 -o -d2
ACP_commander out of the nas-central.org (linkstationwiki.net) project.
Used to send ACP-commands to Buffalo linkstation(R) LS-PRO.

WARNING: This is experimental software that might brick your linkstation!


Debug level set to 2
Target parameter -t found
Using parameter -o (openbox)
Command-line parameter -pw given
Using random connID value = 1E94AA2ADF0D
Using target:   LS-CHL975.local/192.168.1.10
Using port:   22936
Using MAC-Address:   FF:FF:FF:FF:FF:FF
Starting authentication procedure...
Sending Discover packet...   
Sending 1/1
received ACP Discovery reply
ACP analysis result: Found:   LS-CHL975 (/192.168.1.10)    LS-CHL(YURYAKU) (ID=00018)    mac: 00:76:B9:B8:CC:99   Firmware=  1.340   Key=7E945D9D
Found:   LS-CHL975 (/192.168.1.10)    LS-CHL(YURYAKU) (ID=00018)    mac: 00:76:B9:B8:CC:99   Firmware=  1.340   Key=7E945D9D
Sending 1/2
received ACP special command reply
ACP analysis result: ACP_STATE_OK
Trying to authenticate EnOneCmd...   ACP_STATE_OK
Sending 1/3
Received packet (CA10) has the error-flag set!
For 'Authenticate' that is (usually) OK as we do send a buggy packet.
received ACPcmd reply
ACP analysis result:
start telnetd...   
Sending 1/3
Received packet (CA10) has the error-flag set!
For 'Authenticate' that is (usually) OK as we do send a buggy packet.
received ACPcmd reply
ACP analysis result:
Reset root pwd...   

You can now telnet to your box as user 'root' providing no / an empty password.


But I still can't telnet as root, only as admin.
If I try to send any command , even the simplest, as whoami throught interactive mode:
Code:
 java -jar acp_commander.jar -t 192.168.1.10 -d2 -s
ACP_commander out of the nas-central.org (linkstationwiki.net) project.
Used to send ACP-commands to Buffalo linkstation(R) LS-PRO.

WARNING: This is experimental software that might brick your linkstation!


Debug level set to 2
Target parameter -t found
Using random connID value = 1116259088AA
Using target:   LS-CHL975.local/192.168.1.10
Using port:   22936
Using MAC-Address:   FF:FF:FF:FF:FF:FF
Starting authentication procedure...
Sending Discover packet...   
Sending 1/1
received ACP Discovery reply
ACP analysis result: Found:   LS-CHL975 (/192.168.1.10)    LS-CHL(YURYAKU) (ID=00018)    mac: 00:76:B9:B8:CC:99   Firmware=  1.340   Key=6D2F39C5
Found:   LS-CHL975 (/192.168.1.10)    LS-CHL(YURYAKU) (ID=00018)    mac: 00:76:B9:B8:CC:99   Firmware=  1.340   Key=6D2F39C5
Sending 1/2
received ACP special command reply
ACP analysis result: ACP_STATE_OK
Trying to authenticate EnOneCmd...   ACP_STATE_OK
Enter telnet commands to LS, enter 'exit' to leave
/root>whoami

Sending 1/1
Received packet (CA10) has the error-flag set!
For 'Authenticate' that is (usually) OK as we do send a buggy packet.
received ACPcmd reply
ACP analysis result:

>

I don't get any response. It stands with the prompt until I enter 'exit' command.


I found into another forum (but I can't remember where.. :? ) to try giving +s privileges to /bin/su
so I entered
Code:
java -jar acp_commander.jar -t 192.168.1.10 -pw <passwd> -d2 -c "chmod +s /bin/su"


Even this one without results.. I can use su - as telnet/admin but no password is accepted

CONCLUSION:
I guess I made some mess replacing /bin/su and now ACP Commander is not able to emulate any command as root, so now I get "Received packet (CA10) has the error-flag set!"

Is there any good soul who can solve the issue? :)

Thanks in advance for any answer!

cheers,
Harlock


Top
   
PostPosted: Mon Aug 01, 2011 7:03 am 
Offline
Moderator

Joined: Fri Jun 29, 2007 10:39 am
Posts: 2604
You read so much, but still mixed old and new firmware stuff.
Buffalo changed the way acp is working with the introduction
of the kirkwood models. Step by step (starting at least with
version 1.10) they cut down the possibilities.
Somewhere around 1.20 they removed the interactive mode.
acp_commanders "-o" was never working for kirkwood models
and all this IS mentioned in the guide you quoted.
It is also mentioned that the "-ip" parameter is mandantory
now.
So the only valuable command of acp_commander working for
all kirkwood models is "-c".

The "su" of Buffalos busybox is a functional reduced one (afaicr).
With one of your steps, you replaced the su binary with the
applet from busybox. This can not work, because the inability to
switch to super user is build into busybox by Buffalo.

Initially there is a unknown root password on the box, so you
have to change the root password first. In addition to this, you
also have to change some configuration file for ftp access (yes
"ftp") to enable root to login via telnet. Or you disable PAM.
Then you can try to connect via root and telnet.
So you somehow started right and then began to introduce stuff
from old firmware guides. That kind of "operating" had to fail, hadn't
it?
If you are not used to do administration jobs on Linux, you should
not try to do this on your own. It is a frustrating way to learn this
kind of stuff.

Btw. why didn't you take the already opened firmware by Shonk?
This one is meant for all the users which are Linux noobs.
According to Shonk, this firmware is "nearly" original, only some
disturbing "features" disabled.
You can ask him for the 1.34 version. Maybe he still has an opened
one of these? Otherwise you have to take one of the more recent
ones.

So it is up to you now to decide, if you want to go the "frustrating"
way or the easy one.

_________________
Please do not use private mail (PN/M) to ask questions. Use the proper forum instead. (me)

If there is no verified backup of a dataset, the dataset, by definition, is unimportant. (c't 2012)

RAID (no matter which level) never ever substitutes a backup. (me)


Top
   
PostPosted: Mon Aug 01, 2011 8:44 am 
Offline
Moderator

Joined: Mon Apr 26, 2010 10:24 am
Posts: 2731
ls series 134 open.zip
http://www.mediafire.com/?s3al98xe6fbvfum


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 3 posts ] 

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited