rc.bootbin question

Discussion in 'Cisco/Linksys Network Storage Devices' started by jackito, Jan 24, 2010.

  1. jackito

    jackito LI Guru Member

    Does anybody have any idea of what exactly /usr/sbin/rc.bootbin do?
    In another thread I saw that it is taking care of mounting the data partition.
    But is it doing anything else?
    I guess that maybe is also loading the config.bin (at least this is how it´s called when you do a backup of the configuration from Linksys web gui) file with the configuration for the device.
    Any comments?


  2. jac_goudsmit

    jac_goudsmit Super Moderator Staff Member Member

    The configuration is loaded and stored in flash. To be exact it is stored in /dev/mtd2 which is a 128KB block (way too big for the configuration file but the flash can only be written in blocks of 128KB). The configuration there is stored as one DWORD indicating the size of the configuration file, followed by the actual configuration text, followed by 0xFF bytes. The configuration is copied to /etc/CGI_ds.conf where it's a normal text file.

    rc.bootbin mounts all partitions including swap, depending on the configuration. It's not possible to override the file system (e.g. to mount a data partition in ext3 instead of ext2). I tried that when I had formatted my second hard disk with ext2 using the R72 Beta firmware and then went back to R69 based Jac0 which didn't support ext2; the program only tries to mount the partition with the file system that it knows, if that doesn't work the partition won't get mounted and it won't get shared either. Many files in /etc (including are written (and edited) by rc.bootbin.

    The program also sets up Samba shares by writing the configuration files in /etc and other directories. Furthermore if you have an FTP server set up, it adds an entry to /etc/inetd.conf.

    The program sets the system clock from the hardware clock (if I recall correctly but I may be wrong), and it also sets up the network: host name, IP address, etc.

    All this info is from memory and is based on what I learned over 2 years of hacking this box. I don't know in which order all this happens, and my list may not be complete; None of the info is guaranteed to be correct. If you want to know exactly what the program does, use a good disassembler that's able to analyze ELF executables such as IDA Pro. By the way, a hexdump will also show quite a few things it does because many of the program's actions are done by running system(3).

  3. jackito

    jackito LI Guru Member

    Hi Jac, thanks a lot for the information!
    It´s a pity that we don´t get the source code for this binaries so we can change them....:frown:
  4. morgan_greywolf

    morgan_greywolf Addicted to LI Member

    It's easy to see what it does

    To see what the file does, just copy it somewhere to your data partition, then under Linux or another Unix, or Cygwin do 'strings rc.bootbin'

    Here's the interesting part:

    /bin/mv -f %s %s &>/dev/null
    %d %d %d %d :%d %d %d %d
    /sbin/swapon %s3 2>/dev/null
    /sbin/mkswap %s3 2>/dev/null
    telnet	stream	tcp	nowait	root	/usr/sbin/telnetd
    /etc/rc.d/rc.xinetd &>/dev/null
    /usr/sbin/stunnel /etc/stunnel.conf &
    Fail to initialize the config file into flash.
    Fail to read the config file from flash.
    /etc/rc.d/rc.rstimezone 2>/dev/null
    /usr/bin/Set_Led status1_on 2>/dev/null
    /usr/bin/Set_Led status1_off 2>/dev/null
    /usr/bin/Set_Led status2_on 2>/dev/null
    /usr/bin/Set_Led status2_off 2>/dev/null
    /bin/mkdir -p /harddisk/volume_%d/conf/samba 2>/dev/null
    /bin/mkdir -p /harddisk/volume_%d/conf/tmp 2>/dev/null
    /bin/mkdir -p /harddisk/volume_%d/conf/log 2>/dev/null
    /bin/mkdir -p /harddisk/volume_%d/conf/share 2>/dev/null
    /bin/mkdir -p /harddisk/volume_%d/conf/upgrade 2>/dev/null
    /bin/rm -rf /harddisk/volume_%d/conf/tmp/* 2>/dev/null
    /bin/rm -rf /harddisk/volume_%d/conf/config/* 2>/dev/null
    /bin/rm -rf /harddisk/volume_%d/conf/upgrade/* 2>/dev/null
    Another thought is that you could compile a binary for strace under the cross-compiler tools, and then watch the Linux API calls fly. :)
  5. jac_goudsmit

    jac_goudsmit Super Moderator Staff Member Member

    You wouldn't need to do any cross-compiling, but you also probably won't get very far with this because I think Linksys (really Sercomm) used some other closed-source libraries to store data about accounts and file sharing.

    By the way, letting rc.bootbin run on a regular system outside of a chroot jail could cause major trouble because it overwrites important files in /etc, so the worst case is that it really does what it's supposed to do and makes your system unbootable. Handle with care!

  6. morgan_greywolf

    morgan_greywolf Addicted to LI Member

    No, I mean compile strace for the NAS200 and run it on the NAS200, not on another Linux box. I've compiled lots of other binaries already. I had BusyBox 1.14 running before jackito posted his.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice