LaCie has a wonderful little NAS box called the “Ethernet Big Disk” that comes in a 1TB size, supports USB and gigabyte ethernet, and is reasonably priced. The NAS part supports smb, afs, ftp, and http, which makes it pretty darned useful out of the box.
Even better, it sports a version of embedded Linux on an ARM CPU:
Linux version 2.6.12.6-arm1-lacie5a (root@lacie) (gcc version 3.4.4 (release) (CodeSourcery ARM 2005q3-2)) #1 Tue Oct 31 11:26:21 CET 2006CPU: ARM926EJ-Sid(wb) [41069260] revision 0 (ARMv5TEJ)
Naturally, it’s a prime target for hacking in some useful things. This can be accomplished in several easy steps:
- Open it up and pull out the drives
- Mount the SATA drives on another Linux box
- Add an exploit to the web server (which runs as root, making the rest easy)
- Put it back together
- Make yourself a root account
- Cross compile some binaries and copy them useful places
- Give yourself a command line
Okay, so up until step 5, it’s pretty straightforward, and documented here and here. Actually, even making a root account is pretty straightforward; using the web exploit, you can copy passwd and shadow to the NAS share, edit them, and copy them back. I chose to add an account called “myroot” and leave the default root account’s password alone, just in case it’s needed for … something.
Building a cross-compiler is, frankly, a major pain. However, once I got it built properly (in my case, using a handy port for the MacIntosh) it was fairly straightforward to cross-compile utelnetd and rsync. utelnetd can actually be launched from the web exploit, and it’s possible then to log in directly as root.
For those who appreciate a kick start, here are the compiled binaries that run on the LaCie. (Naturally, these are without any warranty of any kind, and whatever happens to your NAS is your own fault, etc.)
I can’t think of much more one could want than telnet, rsync, and nfs. Well, maybe ssh, but it’s been done, and I don’t really need it.
Mexcellent!
Excellent write-up, thanks for the heads up on these resources.
Hi,
I downloaded your lacie.tar.gz, but maybe the archive is corrupted or the download mangles the bytes. Could you please verify the lacie.tar.gz archive on this blog page? Thanks, woud love to mod my V2 mini without the recompile hassle.
Greetings,
Fred.
I confirmed via wget that it downloads and unpacks properly — MD5 (lacie.tar.gz) = 8897f33f790a7ac232e0abb328bbde2f
MD5 (rsync) = a14847036aad01a37d67b35b75564ba4
MD5 (utelnetd) = 538d41b2a3aa7ef27390157dc9dd4ca8
MD5 (unfsd) = be0af98285973d14761143c53037369b
MD5 (portmap) = 6d631531af6f9a9994f6f7895e00a2f3
Thanks for the write up. Could you supply somewhat more information on how you setup your crosscompile environment? I am running in a lot of issues. Is it correct that it is a big endian system? Interesting is that is running glibc 2.3.6 with nptl but that should not be supported on this platform for this version :-). So I am wondering how you actually got everthing to compile. Now if you could tar up your build environment that would be absolutely fabulous.
thanks in advance!
Got it to work! But why o why did they mix big endian libraries with little endian versions :S. That took me a long time to figure out.
Hi, I am trying to recover a broken LaCie Big Ethernet Disk,it will cost us a lot to send it back to LaCie for repairs,there is a way for you to provide us with the images of the original partitions of the boot drive? Thanks in advance from Venezuela!
I wish someone would post a modded setup with a sleepmode or inactivity timer.
What kind of sleepmode or inactivity timer?
What exactly do you have in mind?
Just something to spin down the drives on weekends or at night. But LaCie doesnt seem to think its a problem. I just want to extend the life of the product.
It looks like LaCie has hdparm compiled into busybox. So once you get to a command line…
hdparm -S 10 /dev/sdc1
/dev/sdc1:
hdparm: operation not supported on SCSI disks
Well, I suppose that makes sense, although it looks possible to tweak things other than the spindown. I think I’ll work on compiling hd-idle — let me know if there’s a better way to do it.
Ahhh, hd-idle appears to work. You can pick up just the binary here:
http://www.houseofqueued.com/hd-idle.tar.gz
(The unpacked binary should be MD5 (hd-idle) = 3ea6d32da11de8400759005a8883591e for verification)
and source code, instructions, etc., are here:
http://hd-idle.sourceforge.net/
not sure how the update packages work on this, is it possible to package utelnetd et al into a file that can be uploaded via the web interface?
I’ve done a little research, and update packages are essentially bundles of tar archives and shell scripts, wrapped in a single tar archive, which then gets a header, and then gets encrypted and signed using gpg.
It doesn’t seem unreasonable to hack one together, if it’s possible to get past the “signed by gpg” requirement.
Wow – Cool Queued!!! – I’ll go take a look at the Hd-Idle –
Hey Guys,
I am not a Linux guy. But I would like to know if anyone could let me know how I can recover some I deleted by mistake on my Lacie 1TB,
I was rolling back an update and bingo selected the original setup by mistake… the data is still there, becouse I can see the stats about used capacity. So I was wondering if I can get back the share directories, it seems they were logically deleted. Any chance that it can be done? Lacie support is useless…. and info is much appreciated.
Is this http://www.codesourcery.com/gnu_toolchains proper pack to build cross-compiler?
@Queued: is it possible to change RAID type (to RAID 1) after hacking the box?
I went back to an older version of the toolchain, after unsuccessfully trying to get that one to work.
Meanwhile, mdadm appears to work, but I don’t know if mirroring is on in the kernel.
Thank you for your answers!
Older version – you mean – older from Code Sourcery or from a diffrent source? Like: http://www.yagarto.de/ or http://www.gnuarm.com/ ? Sorry for this question, but using compilers isn’t my strong attribute:(.
Hi all,
I’m trying to get into Lacie Big Disk via decoding signed updates available from ther site. These update are pgp signed.
>> gpg –verify Ethernet_Disk_update-1.1.2.1.signed
Of course, the public key is not available.
But I guess it has to exist somewhere in the system (which is able to decode these updates)
Can you have a glance at it, as you had openned the box ?
Thanks
I’m having hassles getting the hd-idle binary from houseofqueued to work on an ethernet bigdisk (1TB), running Lacie’s 1.1.2.1 software. I get the following error:
spindown: sdb
error: SCSI command failed with status 0x01
Could it be that the binary is compiled against different shared libs, and there is thus an incompatibility?
Geoff.
No, there’s a simpler explanation. Unfortunately, it appears that the on-board driver stack/kernel doesn’t properly support spindown, which is hugely disappointing. (That error indicates that the drive doesn’t support it, but it’s being relayed up the driver stack.)
Hmm, so that would possibly mean that it would need a kernel that has the spindown support properly compiled in. I wonder if it will be worth trying to build a more up to date kernel….
Hi all!
Is there anyone still working on build an linux fore this box?
I think it is nice to hack into this peace but if you realy need it, you have to controll it.
Please let me know if you plan to do so.
Dieter
I am trying to have ssh service running on my edmini but with no success, any ideas or tuts to help? Do I need to cross-compile for arm or what U think about it?
Any help it’s really appreciated.
mmosx
To add ssh support which should work as well for the 1TB edmini v2, go to
http://lacie.nas-central.org/wiki/SuccessStories
and to
http://jebimony.com/blog/content/add-ssh-lacie-edmini-v2
It would be nice to run a print server accepting jobs over ethernet and pumping them out to a usb printer.