[Announce] Jac3 Alternate Firmware for NAS200

Discussion in 'Cisco/Linksys Network Storage Devices' started by jac_goudsmit, Jul 23, 2009.

  1. jac_goudsmit

    jac_goudsmit Super Moderator Staff Member Member

    This version is now obsolete.

    Please click here for the latest version


    Announcing Jac3!
    Telnet, SSH Dropbear, Custom startup scripts, ability to update Twonky server.

    (Note, the text of this posting is mostly copied from the Jac2b posting. The most important difference between Jac2b and Jac3 is that Jac3 is based on the V34R79 firmware)

    Regardless of any text in this article or any other posts in this forum (or interpretation thereof), I will not take responsability for anything that happens with your NAS200 or any other hardware as a result of the use (or inability to use) this firmware. By initiating a download of any part of my firmware in any form, you acknowledge that you understand that this firmware was developed for my own use, that any support is based on "best effort" (which may vary depending on how busy I am in real life) and that there is no warranty of any kind, not even the warranty that your NAS200 or any other system on your network will keep working or can be restored to working order. If you disagree with this, or if it's illegal to limit my responsibility this way in your area, then you are hereby forbidden to download or use any of the files that I make available.

    The firmware is redistributed under the GPL License v2. Source code is available for free (gratis) download upon request (just send an email to jac at goudsm dot it).

    I'm still working on porting OpenWRT, but I decided that an updated version of the Jac firmware for the NAS200, based on version 3.4R79 of the Linksys source tarball, would be something that would be quick and easy to do, and would benefit a lot of people. It also gave me the opportunity to fix some small bugs such as the script bug in my Twonky server startup script.

    Features and changes
    The Jac3 firmware for NAS200 has the same features as Jac2b:
    • Telnet server (ported from Jac0)
    • Dropbear (ported from Jac0)
    • Kernel enhancements (ported from Jac0 and Linksys R79)
    • Based on Linksys firmware V3.4 R79, i.e. many bugfixes and full web GUI support for non-journaled (ext2) file system
    • Support for custom startup scripts
    • Support for easy installation of updated Twonky media server
    • Fixes the bug (hopefully) in Jac2b's twonkyserver startup script that prevented it from running correctly on RAID configurations

    This makes the Jac0, Jac2, Jac2a and Jac2b firmware obsolete, but you can still refer to the Jac0 thread if you want to know what I did to build it. I attempted to make the Jac3 instructions a little more user-friendly than Jac0 although this is still not intended for those who have no Linux knowledge at all.

    Downloading and installing

    You can download the firmware here.

    File size is 8388608 bytes, MD5SUM is 0526b215254e480299b96541fe322c70. If you want a copy of the source code, send me an email at jac at goudsm dot it.

    Use the Firmware Update page of the NAS200 web GUI to install it; you can always go back to any other firmware version by downloading and installing them the same way (but remember, once you format your disks in non-journaled mode there's no way back to R62 or Jac0!)

    SECURITY ALERT! After you install Jac3 for the first time, the telnet network port is enabled; anyone on your network who knows how to connect via Telnet will have full access to your NAS and your files. Unless you trust all the people who might ever be on your network, you should disable Telnet; see the next section for more information.

    The first time you restart the NAS200 after you first install Jac3, the NAS200 will take more than 5 minutes before it comes online (unless your NAS200 previously had any version of my firmware installed on it). This is because Dropbear has to generate encryption keys which takes a while. It stores the keys on the hard disk, so the next time it skips the process and the NAS200 will start normally again.

    If you are interested in additional filesystem modules, you can download them here. File size is 9847247, md5sum is 9cac696dbbec60b04995db51e003e046. Note, these are just the kernel modules for extra filesystems (such as cifs, iso9660 and NFS), you can load them using the insmod command (modprobe won't work) but you will probably need more software to actually use these.

    The Telnet daemon is enabled by default, and no password is required to connect through telnet. This backdoor is necessary because you will need to set the root password before you can log in through SSH.
    The Admin password is not the same as the root password, and only Linksys knows the root password that gets set by the original firmware.

    To disable Telnet, create a file no_telnetd in one of the config partitions on your system (e.g. you can enter the command touch /harddisk/volume_1/conf/no_telnetd from a Telnet or SSH prompt). Be careful, if you lose the root password (or you forgot to set it in the first place), you won't be able to log in through SSH to erase the file again; you'll have to use a custom script to do it or you'll have to use the web interface or the reset button to reset the user accounts...

    Dropbear SSH server (and client)
    SSH is a secure protocol that is (relatively) safe to expose to the Internet, unlike Telnet which you should never expose to the Internet. I used Gentoo to build Dropbear 0.49 in "multi" mode (the binary file is a copy of the dropbearmulti file in Jac0). It not only supports incoming SSH connections (on port 22) but it will also let you make outgoing SSH connections once you're logged in to the NAS200.

    Your NAS supports FTP for downloading and uploading files from and to the NAS200 (and an HTML interface for downloading only). However, due to limitations in the FTP protocol and in the implementations of most NAT routers, it is usually impossible or at least very difficult to get an FTP server such as the one on the NAS200 to work behind a NAT router/firewall; see e.g. here for an explanation. Furthermore, all data transfers including user ID and password are unencrypted with FTP and can easily be intercepted.

    Dropbear allows you to use the SCP protocol to securely download and upload files from and to the NAS200 over the Internet through an encrypted connection that uses just one port: port 22, the same as the one used for SSH login. All you have to do is configure your router to forward that port to your NAS200 and use a program such as WinSCP on the client side. In WinSCP (or any other file transfer program that supports SCP) you enter the address of your NAS200 (or if it's behind a NAT router, the Internet address of the router), use root as user ID and your root password (see next section) as password. Make sure you select the SCP protocol; other protocols such as SFTP are not supported.

    As mentioned before, Dropbear will generate the private encryption keys at startup and will store them on the configuration partition of the first hard disk, if they're not already there. This takes a few minutes and slows down the first boot after the install, but it only needs to be done once. It may be necessary to regenerate the keys if you change the host name, but I'm not sure about that.

    Changing the root password
    [Edit]In order to log in through SSH, you have to know the root password. Unfortunately, the root password that Linksys initialized your NAS with, is unknown to anyone outside Linksys. And when you upgrade to this firmware, the Linksys upgrade software will keep all the accounts including the root account. So, we need to set it in another way.

    [Edit]The telnet daemon is configured so that it doesn't require a user ID or password, so that we can get into the system without knowing the root password. Normally you would do this with the "passwd" command but this unfortunately is not enough: In the Linksys configuration, root's home directory is set to /root but this directory does not exist.

    [Edit]The Linksys software has a fallback passwd file which is used whenever for some reason all account information is lost, or when you reset all user accounts from the Web GUI. I changed the default passwd file so that it contains a valid home directory and shell for root; also I changed the default root password to "root" (without the quotes). That means the easiest way to change the root password to something that's known is to use the Web GUI. However this also resets all other accounts in the system.

    [Edit]To reset the root password to "root" without changing any other accounts, connect via Telnet and paste the following commands:

    # Enter following commands in Telnet to reset the root password to "root"
    egrep "^root:" /etc.default/passwd >/etc/x
    egrep -v "^root:" /etc/passwd >>/etc/x
    mv /etc/x /etc/passwd
    for x in /harddisk/volume_*/conf;do cp /etc/passwd $x;done
    # Don't forget to use the passwd command to change the password after this!
    # After you do that, remember to copy /etc/passwd to all conf partitions
    #   using the "for" command shown above, or your password won't survive reboot.
    [Edit]After this, you can use the passwd command in the telnet session to change the password to something else, but you have to remember to copy the /etc/passwd directory to all configuration partitions using the "for" command from the code block above. The /etc/passwd file is normally a symlink to the file on one of the configuration partitions, but the "passwd" command changes the /etc/passwd file to a regular file and doesn't update the backup copy, from where it is restored at the next system startup. In other words, if you don't copy /etc/passwd to your configuration partitions using the "for" command, your new password won't survive a reboot.

    Optional: Creating extra shell user ID's
    [Edit]You will not be able to log in under any other user ID except root. Not even "ourtelnetrescueuser" (which is one of the users in the /etc/passwd file) will work, because the home directory for that user doesn't exist. If you added any other users via the Web GUI, you won't be able to log in as any of them either: the web GUI deliberately puts an illegal shell string "/dev/null0" (for users without admin access) or "/dev/null1" (for users with admin access) in the /etc/passwd file. If you change the shell of an existing line, the user won't show up in the web GUI anymore.

    [Edit]If you want, you can add shell users manually: let's say you have one user "jac" and you want to create a shell login "jacssh" for that user so he can log in via SSH, you can use an editor to copy (duplicate) the "jac" line in /etc/passwd so that both users have the same password and user/group ID, but different home directories and shells.

    jacssh:ePnAcSrSyWpOtReDd:2000:501:Jac Goudsmit:/harddisk/volume_1/data:/bin/sh
    Again, remember to copy the /etc/passwd file to all conf partitions or your changes may not survive a reboot. (note, the encrypted password shown above is simply the words "encrypted" and "password" mangled up, they are not my real password in case you're wondering :) )

    Custom startup scripts
    During startup, the Jac3 firmware will search for any custom startup scripts in the rc.d directory on any of your harddisks. The filenames of the scripts have to match rc.* to be started. If you create a script file, make sure you use an editor that supports Unix style line endings (LF only) and start the scripts with "#!/bin/sh". The firmware will make the files executable (it will change the owner of all files to root and will change the access rights to 777) and will simply try to run all scripts in alphabetical order. Note that the 777 access rights allows anyone to modify the files so you may want to disable access to the "DISK 1" and/or "DISK 2" shares for people you don't trust. Alternatively you can change the locations where scripts are searched; more about this in a minute.

    If something goes wrong with any of your custom scripts, the startup shell will quit with an error message which you can't see unless you have a serial port console. When this happens, your NAS200 won't finish booting so you won't have access to it, not even to correct the problem. That would be bad. So there is a fail safe mechanism: before the Jac3 firmware starts running your startup scripts, it creates a file "failskip" in the rc.d directory, and after it runs your scripts it deletes this file again. If the file is found on the next startup, the firmware will skip all custom scripts under the assumption that something must have gone wrong that prevented the system from finishing the startup procedure. So if something goes wrong during execution of your scripts and the box doesn't come up after a while, simply unplug it, re-plug it and power up again to make it boot without executing your scripts. Note, it may take longer to boot because the file system may need to be checked (power and disk lights blink alternately).

    Besides these scripts that get started after the harddisks are mounted and the network is online, you can also create a script that gets run before the harddisks would normally get mounted. This script is called early.sh and can be stored in the configuration partition of any of your harddisks (this is different from Jac0 where the early.sh was also on the data partition -- this change was necessary to prevent data loss on RAID configurations). There is a fail safe mechanism for the early.sh script too; in that case the fail safe file is called earlyfail and is stored on the same partition as your early.sh. Because early.sh is on a configuration partition, you will have to copy or move it there by using shell commands via Telnet, SSH or the serial port. Make sure you know what you're doing! Normally you should not need early.sh.

    By default, all harddisks are searched for script directories (rc.d), but you can override this by editing the file scriptdirs.txt on the first configuration partition that can be found. If the Jac3 firmware can't find any file /harddisk/volume_*/conf/scriptdirs.txt file, it will create one and will fill it with the list of all directories "/harddisk/volume_*/data/rc.d" including the ones that aren't normally in use on your system. You can edit the scriptdirs.txt file to limit, expand or completely change the locations where scripts are searched. You can even make it empty to completely disable custom scripts. If you delete the scriptdirs.txt file, a new one will get generated on the next startup.

    The default of searching all harddisks means that, theoretically, startup scripts and updated Twonky servers can also be stored on USB devices that are plugged in at boot time (I didn't test this). If you don't want this, you may want to remove the /harddisk/volume_5/data and /harddisk/volume_6/data lines from the scriptdirs.txt file using vi.

    Installing an updated Twonky Media Server
    The Twonky Media Server in the R79 and Jac3 firmware is version Supposedly it fixes a number of problems with the XBox and PS/3, but Jac3 gives you the option to run a later version instead. You can either run it with the INI file that gets generated by the Linksys/Sercomm web GUI, or with your own INI file if it suits you.

    NOTE: any Twonky servers that you download from the TwonkyVision/PacketVideo website are covered by the license that is published on that website, not by the license that covers the Twonky that is included in the firmware. You are responsible for meeting the license requirements, which means that after 30 days you should pay TwonkyVision for a license, even though technically you already have one. As far as I know, the built-in Twonky is a special embedded-platform version that was built to run without license key so there is no license key in the on-board INI file or elsewhere and any updated Twonky servers that you download from the Internet won't find a legal license key unless you buy one.

    You can download the latest TwonkyVision server from this location. You need the X86 Linux version for manual installation.

    The Jac3 firmware will search for the first file that matches /harddisk/volume_*/data/rc.d/twonky*/twonkymediaserver as seen from a Telnet or SSH session, or DISK ?/rc.d/twonky*/twonkymediaserver as seen from a Samba or FTP session (by default -- any changes to the scriptdirs.txt file will also have an effect on the search for a Twonky update). This means you should create an rc.d directory in the root of your first hard disk, then create a subdirectory from there called anything that starts with "twonky" (e.g. "twonky50"), and unpack all files in the ZIP there. Make sure you retain the directory structure of the files in the zip file. This has been tested with Twonky 5.0 which is the latest version at the time of this writing.

    You can then use the Linksys web GUI to configure and control the Twonky server; the media server gets started when you enable it and click "Save". You will have to either modify the access rights via a shell, or reboot the NAS200 before you start the updated Twonky for the first time, otherwise the script won't find an executable and the built-in Twonky will get used instead of the one you installed. You can use "ps ax" in a shell to verify that twonkymediaserver is started from your directory, instead of /etc.

    By default, the web interface to the Twonky server on port 9000 is disabled. If you want to enable it, simply create a subdirectory and move all files from the zip file there, then create a script named twonkymediaserver that adds any required parameters. Note, because the killall command is used to stop the Twonky server, you have to move it without renaming it, and because the Twonky server expects all files to be in the directory from where it starts, you have to move all files. Use a Unix-compatible editor such as Notepad++ to create the script. Example:
    # Save this file as e.g. "\\NAS200\DISK 1\rc.d\twonky\twonkymediaserver"
    # after moving all files from the twonky zip file to a new subdirectoy "actual".
    # Make sure you use a Unix compatible editor such as Notepad++ to save
    # linefeed-only line endings.
    $(dirname "$0")/actual/twonkymediaserver $* -enableweb 2
    You can use the same method to override anything else that's in the INI file in /etc (which gets generated by the Linksys software every time it starts the Twonky server); you can even use the script to tell the server to use a different INI file from the one that gets passed to it by the Jac3 script.

    The TwonkyMedia server reduces the speed of the NAS200 significantly especially while it's scanning folders. You will be happy to know that Jac3 frees up about 100KB of memory compared to earlier releases, by symlinking instead of copying many files in the /etc directory.

    Tips, missing features, known issues and workarounds
    Regrettably, there still is no Torrent client, no NFS or RSync and no other features built in to this firmware (some of them are available elsewhere). I decided to go for a minimalist approach to keep changes to a minimum so that I could release this quickly and get back to OpenWRT. I am considering making another version that will copy the ROM to the hard disk and will pivot_root to it; that way it'll be possible to do things like replace busybox.

    I use WinSCP to upload and download files to and from the NAS200 via a secure connection. There are two problems with this: first of all, you will get a warning when it tries to get a list of groups; this is not supported on the NAS200. To eliminate the warning, enable Advanced Options, then select the Environment->SCP/Shell option and disable "lookup user groups".

    Secondly, when you navigate to a directory with large files with WinSCP, it will get confused because when the Busybox shell shows a directory listing on a hard disk that has one or more large files, it doesn't separate the group name from the file size (e.g. it shows "everyone12345678901") and WinSCP gets confused about that. You can work around this by using the vi editor on the NAS200 to edit the /etc/group file: simply rename the "everyone" group (501) to e.g. "all". I did this myself and encountered no problems.

    A nice feature of WinSCP is the built-in editor, which will let you edit scripts remotely without the need to download them -- it automatically downloads and uploads the file and properly translates to and from the Linux text format.

    [Edit]If WinSCP gives you a vague error about "skipping the login message" and recommends using Bash as shell, it means your login shell and/or home directory may not be set correctly in the /etc/passwd file. Use the instructions from the "Changing the root password" section above to change them.

  2. beppes

    beppes Addicted to LI Member

    Thanks jac! Great!!!
  3. jackito

    jackito LI Guru Member

    Thanks a lot Jac! :)
    After the upgrade I will check my addons (Torrent, iSCSI, AoE, Busybox, aMule, etc) and post back the results.

  4. DJ Soulfly

    DJ Soulfly Addicted to LI Member

    Thank you very much for this new version of Jac this meet exactly my needs keep u the good work :thumbup:
  5. Pa0l0ne

    Pa0l0ne Addicted to LI Member

    Thanks a lot for your time and your work!
  6. jackito

    jackito LI Guru Member

    Hi all,

    after some "sanity" testing, Torrent support (DCTCS+ctorrent) and Busybox v1.13.3 are running smoothly with the new Jac3 firmware. Also rsync from dcs68.
    Tomorrow I´m planning to test iSCSI (kernel modulo envolved), AoE and aMule.

  7. DJ Soulfly

    DJ Soulfly Addicted to LI Member

    mmm i've got some startup scripts issue's.

    by default it searches for rc.d dir on the harddisk. I've put two rc.xxxx on the volume_3 disk named rc.shells (whichs copies shells to /etc/shells) that runs perfectly only rc.amule doesn't startup on booting it runs manualy but that is not what i want.

    A copy from rc.amule :

    cd amule
    ./amuled -f -c=/harddisk/volume_3/conf/root/.aMule/
    ./amuleweb -f=/harddisk/volume_3/conf/root/.aMule/remote.conf &
  8. Poulpi06

    Poulpi06 Addicted to LI Member

  9. jac_goudsmit

    jac_goudsmit Super Moderator Staff Member Member

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice