DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

Pages: 1

 

#1 2006-09-08 21:43:18

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

[Updated 20.11.2006] Bugs

Hard disk format spoof !! Extremely critical in some situations. !!
Everyone can format internal hard disk, no password needed!
Fix this using fun_plug

Code:

#!/bin/sh
if [ ! -e /mnt/HD_a2/web ]
then
cp /sys/crfs/web_page /mnt/HD_a2/web -R
rm /mnt/HD_a2/web/formatInternalHD*
fi
rm /web/web
ln -s /mnt/HD_a2/web /web/web

Web configuration only works correctly in Internet Explorer. Not critical.
Use only along with Hard disk format spoof fix. Need to execute only one time. Also sed binay is needed http://dns323.kood.org/downloads/sed-4.1.5.tar.bz2

Code:

#!/bin/sh
/mnt/HD_a2/web
for F in *.asp advanced/*.asp user/*.asp home/*.asp status/*.asp tools/*.asp help/*asp
do
  echo traite $F
  /mnt/HD_a2/sed -i -e 's?</td></a>?</a></td>?' -e 's/\(<a[^>]*>\)\(<td[^>]*>\)/\2\1/' -e 's/<p align="center"><br>/<p align="center">/' -e 's/\(<font[^>]*>\)<br>/\1/' $F
done

fun_plug backdoor. Critical in some situations.
All valid users can look and edit fun_plug via ftp or samba.
Fix using proper permissions or disallow access to the root of hard disk.
For example "chown root:root && chmod 100 fun_plug" is enough smile

Wireless not starting up. Not critical, but very counterproductive.
Long boot-up causes sometimes wireless failure or wireless wont start at all.
Fix this using fun_plug. Might be useful do add at the beginning of fun_plug and at the end as well just in case.
Busybox with cut built in is available at http://dns323.kood.org/downloads/busybo … .1.tar.bz2

Code:

#!/bin/sh
if [ ! `ifconfig | /mnt/HD_a2/busybox cut -c1-5 | grep "^ra"` ] || [ ! `lsmod | grep rt2500 | /mnt/HD_a2/busybox cut -c32 | grep 2` ]
then
  ifconfig ra0 up
  /bin/wireless
  # debug how many times we need to fix this wifi bug
  # echo `date +%Y-%b-%d,%H:%M:%S` >> /mnt/HD_a2/wifi.log
fi

chmod bug at bootup. Not critical, but very counterproductive.
At every boot up a script fixes file permissions. If you have a lot of files then your bootup may take up to 10 or more minutes.
Also for example if you have a symlink (from chroot system) /mnt/HD_a2/bin/chroot pointing to /bin/busybox then wrong file will be chmoded.
Partial fix: Update to 1.02-us firmware.
Full fix: You have to setup a second ext3 partition (will be /dev/sda3) which you are going to mount manualy using fun_plug. This way all files stored into /dev/sda3 will not get chamoded by startup script. Plus its recommended to update your firmware to the lastest US version.

Code:

#these are symlinks from gentoo chroot (full boot log attached)
chmod: /mnt/HD_a2/usr/bin/whoami: No such file or directory
chmod: /mnt/HD_a2/usr/bin/yes: No such file or directory
chmod: /mnt/HD_a2/usr/bin/setfont: No such file or directory
chmod: /mnt/HD_a2/usr/bin/fuser: No such file or directory
chmod: /mnt/HD_a2/usr/bin/killall: No such file or directory

Last edited by sala (2006-11-20 21:07:12)

DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

#2 2006-11-15 07:51:22

joecrow
Member
Registered: 2006-09-28
Posts: 5

Re: [Updated 20.11.2006] Bugs

I have two questions regarding these bugs:

1) Has anyone ever run into this error before?

Code:

# ifconfig ra0 up
SIOCSIFFLAGS: Cannot allocate memory

I just rebooted the DSM-600, and wireless wasn't up, so I thought I would try to start it.

2) Is there any easier (not necessarily better) way to stop the chmod script at start up?  Maybe fun_plug can do something like ``killall chmod_script'' -- any information on the script that repairs permissions? can I view it on the FS?


Thanks!

Joe

Offline

 

#3 2006-11-15 08:15:46

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

Re: [Updated 20.11.2006] Bugs

Code:

SIOCSIFFLAGS: Cannot allocate memory

error is described here and is cosed probably because of long boot-up.

And you can't kill so called chmod script because fun_plug gets executed after this chmod thing is completed.
Only known fix for it is just to setup a second partition for your files and mount it with fun_plug script.

DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

#4 2007-12-02 19:58:06

dannystaple
Member
Registered: 2007-08-29
Posts: 9

Re: [Updated 20.11.2006] Bugs

Sala, thanks for that - the last bit was exactly the problem I had, and for exactly that reason. Now I have tar'd up a bunch of files, but suspect I will need to mount the drive on a pc to go and partition it this way - especially considering there are already over 100Gb of files I want to keep on it.

The G600 wont reformat the drive after I pop it back in will it?

Danny

Offline

 

#5 2007-12-02 22:41:03

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

Re: [Updated 20.11.2006] Bugs

dannystaple wrote:

The G600 wont reformat the drive after I pop it back in will it?

No, as long as you have first swap partition and second ext2 or ext3 partition. Dlink's firmware does not care how the rest of your partition table looks.

DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

 

Pages: 1

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB