Loading ...
Sorry, an error occurred while loading the content.

Re: [LinkStation_General] Re: Password for Firmware image.dat 1.4x

Expand Messages
  • James Ronald
    Thanks... So to record this information in couple more times. The password for the LS 1.4x firmwares is NFM_TUPSBHFNFM_TUPSBHF .
    Message 1 of 10 , May 29, 2005
    • 0 Attachment
      Thanks... So to record this information in couple more times. The password
      for the LS 1.4x firmwares is
      "NFM_TUPSBHFNFM_TUPSBHF".

      >I confirmed this password is OK for the Link 1 LS 14* firmwares
      >
      > --- In LinkStation_General@yahoogroups.com, "TechHeavy"
      > <mike.tsao@g...> wrote:
      >> > Somebody needs to look at the v1.x
      >> > ap_servd/ls_servd to see what they're doing.
      >>
      >> Here you go: http://www.sowbug.org/mt/archives/000179.html
    • Gerald Vogt
      ... FYI: This password also works for the 1.41 japanese firmware upgrade of the HD-HGLAN series as downloaded from
      Message 2 of 10 , May 29, 2005
      • 0 Attachment
        James Ronald wrote:
        > Thanks... So to record this information in couple more times. The password
        > for the LS 1.4x firmwares is
        > "NFM_TUPSBHFNFM_TUPSBHF".

        FYI: This password also works for the 1.41 japanese firmware upgrade of
        the HD-HGLAN series as downloaded from

        http://buffalo.melcoinc.co.jp/download/driver/hd/hd-hglan.html

        Gerald
      • stratmoens
        I spent part of yesterday and cracked the password using gdb and pcc_82xx-objdump but I didn t post it up right away. For reference ap_servd hides the password
        Message 3 of 10 , May 29, 2005
        • 0 Attachment
          I spent part of yesterday and cracked the password using gdb and
          pcc_82xx-objdump but I didn't post it up right away. For reference
          ap_servd hides the password via tortuous coding (e.g. extra
          instructions mixed in to confuse), as well as a very robust encryption
          scheme. Well not really...128 is added to each character of the source
          string to yield the actual password. (Recall that the Terastation
          subtracts 111...)

          Also notable is that a future version of the firmware can alter the
          password, but there are ways to deal with this possibility.

          I built myself a custom image.dat from the 1.47 base that includes all
          of the modes that I have been running for the last six+ months.
        • Roger Richards
          So, for us NOOBs, to log into a stock 1.4x Linkstation, we can telnet (port 23) with un & pw: root NFM_TUPSBHFNFM_TUPSBHF Because it does not work for me...
          Message 4 of 10 , May 29, 2005
          • 0 Attachment
            So, for us NOOBs, to log into a stock 1.4x Linkstation, we can telnet
            (port 23) with un & pw:

            root
            NFM_TUPSBHFNFM_TUPSBHF

            Because it does not work for me...

            --- In LinkStation_General@yahoogroups.com, Gerald Vogt <vogt@s...>
            wrote:
            > James Ronald wrote:
            > > Thanks... So to record this information in couple more times.
            The password
            > > for the LS 1.4x firmwares is
            > > "NFM_TUPSBHFNFM_TUPSBHF".
            >
            > FYI: This password also works for the 1.41 japanese firmware
            upgrade of
            > the HD-HGLAN series as downloaded from
            >
            > http://buffalo.melcoinc.co.jp/download/driver/hd/hd-hglan.html
            >
            > Gerald
          • Trevor
            ... No. It s nothing to do with the root password. NFM_TUPSBHFNFM_TUPSBHF is the password for the zip file in the firmware upgrade package that contains the
            Message 5 of 10 , May 29, 2005
            • 0 Attachment
              --- In LinkStation_General@yahoogroups.com, "Roger Richards"
              <roger_richards@h...> wrote:
              > So, for us NOOBs, to log into a stock 1.4x Linkstation, we can telnet
              > (port 23) with un & pw:
              >
              > root
              > NFM_TUPSBHFNFM_TUPSBHF
              >
              > Because it does not work for me...

              No. It's nothing to do with the root password.
              "NFM_TUPSBHFNFM_TUPSBHF" is the password for the zip file in the
              firmware upgrade package that contains the HD image. You would use it
              to make your own custom firmware update.

              - Trevor
            • TechHeavy
              ... telnet ... Roger, The firmware password is not a user account password. Rather, the password I extracted is used to unzip the newer 1.4x versions of the
              Message 6 of 10 , May 29, 2005
              • 0 Attachment
                > So, for us NOOBs, to log into a stock 1.4x Linkstation, we can
                telnet
                > (port 23) with un & pw:

                Roger,

                The firmware password is not a user account password. Rather, the
                password I extracted is used to unzip the newer 1.4x versions of the
                Linkstation (non-Kuro, non-hobbyist) firmware. This is valuable
                because it provides Linkstation hobbyists an easy way to extend the
                very latest 1.4x firmware. Before discovery of the password, it was
                difficult (maybe impossible?) to do this with versions newer than 1.45
                because those versions disabled telnet access.

                Incidentally, there is little value to figuring out the root password,
                because there already exist well-documented methods to gain access to
                the box equivalent to being able to telnet as root. Someone might
                figure it out for fun, but until that happens, don't expect to be able
                to telnet as root into a stock Linkstation.

                I imagine that the reason Buffalo added the password in the first
                place was to discourage people from messing up their Linkstations by
                updating to buggy or even malicious firmware that Buffalo didn't have
                a chance to test and approve. Given Buffalo's decision to rely on
                GPL'ed software, though, I'm not sure this was a valid reason, because
                inevitably they would have had to release tools that enabled users to
                do anything they wanted to their hardware. But in the spirit of
                encouraging more companies like Buffalo to openly use GPL'ed software,
                please abide by Buffalo's wishes. If you choose to use this password,
                please understand the risks, and by all means don't bother Buffalo if
                you do get into trouble.
              • lb_worm
                ... telnet ... How did you manage to repackage the files. I have tried using winace but the resultant image.dat files does not resemble that of the original
                Message 7 of 10 , May 30, 2005
                • 0 Attachment
                  --- In LinkStation_General@yahoogroups.com, "Trevor" <tman_yahoo@t...>
                  wrote:
                  > --- In LinkStation_General@yahoogroups.com, "Roger Richards"
                  > <roger_richards@h...> wrote:
                  > > So, for us NOOBs, to log into a stock 1.4x Linkstation, we can
                  telnet
                  > > (port 23) with un & pw:
                  > >
                  > > root
                  > > NFM_TUPSBHFNFM_TUPSBHF
                  > >
                  > > Because it does not work for me...
                  >
                  > No. It's nothing to do with the root password.
                  > "NFM_TUPSBHFNFM_TUPSBHF" is the password for the zip file in the
                  > firmware upgrade package that contains the HD image. You would use it
                  > to make your own custom firmware update.
                  >
                  > - Trevor

                  How did you manage to repackage the files. I have tried using winace
                  but the resultant image.dat files does not resemble that of the
                  original and I do not fancy trying to upload using a damaged image
                  file. Can you post any details/steps on what you did after unpacking
                  the directorys. It is good to see that these package files have been
                  unlocked as we can now keep up with the firmware patches but also
                  extend the functionality of the boxes at the same time.
                • Trevor
                  ... No. Don t try to edit the filesystem image under Windows. If you unpack it and then repack it you ll break it since the symbolic links and device files
                  Message 8 of 10 , May 30, 2005
                  • 0 Attachment
                    --- In LinkStation_General@yahoogroups.com, "lb_worm"
                    <bobateiger@h...> wrote:
                    > How did you manage to repackage the files. I have tried using winace
                    > but the resultant image.dat files does not resemble that of the
                    > original and I do not fancy trying to upload using a damaged image
                    > file.

                    No. Don't try to edit the filesystem image under Windows. If you
                    unpack it and then repack it you'll break it since the symbolic links
                    and device files won't be created properly. You have to do it under
                    Linux or your favourite *NIX like OS which supports the required
                    features. In theory it should be possible under Mac OS X but I've not
                    tried it.

                    > Can you post any details/steps on what you did after unpacking
                    > the directorys. It is good to see that these package files have been
                    > unlocked as we can now keep up with the firmware patches but also
                    > extend the functionality of the boxes at the same time.

                    You must do the following as root otherwise you can't create the
                    device files

                    Unzip image.dat with the password

                    Untar it into a clean directory

                    Do whatever changes you want

                    Tar & gzip it back up and make sure the resulting file is called
                    tmpimage.tgz

                    Rezip it with the same password as before and overwrite image.dat from
                    the firmware upgrade

                    Thats what I do for my Terastation firmware anyway. I've not got a
                    Linkstation so I can't try the procedure but it should be the same.

                    <--- SNIP --->

                    su
                    # Type your root password
                    unzip -P NFM_TUPSBHFNFM_TUPSBHF image.dat
                    mkdir image
                    cd image
                    tar zxvf ../tmpimage.tgz
                    # Do whatever it is you need to do
                    tar zcvf ../tmpimage.tgz *
                    cd ..
                    zip -e image.dat tmpimage.tgz
                    # Type in the above password twice

                    <--- SNIP --->

                    The Terastation and v2 Linkstations use a different password and there
                    are actually 4 possible ones it can use. stratmoens disassembled
                    ap_servd so therefore needs to check that there aren't any others.

                    Just remember, you do this at your own risk. Don't kill the box and
                    then expect Buffalo to replace it for you.

                    - Trevor
                  • lb_worm
                    ... winace ... image ... links ... not ... been ... from ... there ... Many thanks Trevor, this is nice and easy to follow.
                    Message 9 of 10 , May 30, 2005
                    • 0 Attachment
                      --- In LinkStation_General@yahoogroups.com, "Trevor"
                      <tman_yahoo@t...> wrote:
                      > --- In LinkStation_General@yahoogroups.com, "lb_worm"
                      > <bobateiger@h...> wrote:
                      > > How did you manage to repackage the files. I have tried using
                      winace
                      > > but the resultant image.dat files does not resemble that of the
                      > > original and I do not fancy trying to upload using a damaged
                      image
                      > > file.
                      >
                      > No. Don't try to edit the filesystem image under Windows. If you
                      > unpack it and then repack it you'll break it since the symbolic
                      links
                      > and device files won't be created properly. You have to do it under
                      > Linux or your favourite *NIX like OS which supports the required
                      > features. In theory it should be possible under Mac OS X but I've
                      not
                      > tried it.
                      >
                      > > Can you post any details/steps on what you did after unpacking
                      > > the directorys. It is good to see that these package files have
                      been
                      > > unlocked as we can now keep up with the firmware patches but also
                      > > extend the functionality of the boxes at the same time.
                      >
                      > You must do the following as root otherwise you can't create the
                      > device files
                      >
                      > Unzip image.dat with the password
                      >
                      > Untar it into a clean directory
                      >
                      > Do whatever changes you want
                      >
                      > Tar & gzip it back up and make sure the resulting file is called
                      > tmpimage.tgz
                      >
                      > Rezip it with the same password as before and overwrite image.dat
                      from
                      > the firmware upgrade
                      >
                      > Thats what I do for my Terastation firmware anyway. I've not got a
                      > Linkstation so I can't try the procedure but it should be the same.
                      >
                      > <--- SNIP --->
                      >
                      > su
                      > # Type your root password
                      > unzip -P NFM_TUPSBHFNFM_TUPSBHF image.dat
                      > mkdir image
                      > cd image
                      > tar zxvf ../tmpimage.tgz
                      > # Do whatever it is you need to do
                      > tar zcvf ../tmpimage.tgz *
                      > cd ..
                      > zip -e image.dat tmpimage.tgz
                      > # Type in the above password twice
                      >
                      > <--- SNIP --->
                      >
                      > The Terastation and v2 Linkstations use a different password and
                      there
                      > are actually 4 possible ones it can use. stratmoens disassembled
                      > ap_servd so therefore needs to check that there aren't any others.
                      >
                      > Just remember, you do this at your own risk. Don't kill the box and
                      > then expect Buffalo to replace it for you.
                      >
                      > - Trevor

                      Many thanks Trevor, this is nice and easy to follow.
                    • chano22000
                      I cannot find already compiled zip and unzip packages for my PPC LS in order to achieve Trevor s trick for customizing v1.4x stock firmware. Could anyone post
                      Message 10 of 10 , May 30, 2005
                      • 0 Attachment
                        I cannot find already compiled zip and unzip packages for my PPC
                        LS in order to achieve Trevor's trick for customizing v1.4x stock
                        firmware.

                        Could anyone post a link or upload corresponding tars ?

                        Thanks a lot in advance.

                        Chano22000
                      Your message has been successfully submitted and would be delivered to recipients shortly.