acp-commander
acp-commander copied to clipboard
Stonie
Current version of fw 1.72 on TS-WXL/R1 requires more authentication
TS-WXL/R1, Firmware 1.72
Currently this will open sesame:
java -jar acp_commander.jar -t "$dest" -pw "$password" -c "/bin/passwd -d root" -ip 1.2.3.4 java -jar acp_commander.jar -t "$dest" -pw "$password" -c "/usr/sbin/telnetd" -ip 1.2.3.4
Changing the IP will fail, but trying to change it will change the authentication used by acp-commander. (if (_changeip) { ... myACP.Authent()[1]); }
In other words:
java -jar acp_commander.jar -t "$dest" -pw "$pass" -c "echo test" -ip 1.2.3.4
will execute and not change the IP
`java -jar acp_commander.jar -t "$dest" -pw "$pass" -c "echo test" will not execute
Edit:
java -jar acp_commander.jar -shutdown -t nas13 -pw "$pass" -ip 1.2.3.4 did change the IP
I've forked this project and am planning to take a look at this issue along with a couple of others. I'm thinking I should be able to add some code to automatically try the other authentication method if the first one fails or something like that.
So far I've made a few tweaks to allow it to build using a modern version of java and created a build script which compiles the classes and builds the jar file. The resulting file has worked as expected so far, I should be able to start on the functionality change sin the coming days/weeks.
You can follow the updated project here: https://github.com/1000001101000/acp-commander
@7eggert I've removed the if (_changeip) check and recompiled the jar. I tested it against my TS-WXL and confirmed that it now works without "-ip".
I've started work on making "-o" work more reliably. you should now be able to "open sesame" your TS-WXL with just:
java -jar acp_commander.jar -t "$dest" -pw "$pass" -o
The updated JAR and source can be found at: https://github.com/1000001101000/acp-commander
let me know if you get a chance to try it out.
I spent some time working on "-s" last night. I've added some logic to try to track what the current directory is, so something like cd /boot should actually work now. It's still a pretty crude shell but it works for some simple stuff.
unfortunately that part didn't work for the ls500 (yet). That's the only model I'm aware of where my version of "-o" doesn't work.
it's still a work in progress
1000001101000 , I really could use your help with acp-commander and haven't found any other way to reach you! Like most owners of a buffalo NAS (LS-QVL), I need to enable SMB2 . All guides recommend enabling SSH but I do not wish to, so I'd like to know if there is a way to disable SSH with acp-commander after doing the procedure to enable SMB2 ? I found guides from japan that seem to not require SSH at all and use the following:
java -jar acp_commander.jar -t 192.168.11.2 -ip 192.168.11.2 -pw password -s /root> sed -i "58i/bin/sed -i '3i\ max protocol = SMB2\' /etc/samba/smb.conf" /etc/init.d/smb.sh
Apparently SSH factory setting on the box isn't altered at all in this scenario ? Does this method make sense to you? Thanks a lot for your insight.
Good to hear from you!
I actually forked ACP_Commander a year or so ago and have worked to improve/modernize many of its features. I did a lot of work on the "-s" pseudo-shell function that the method you posted uses. In fact, it looks like they must have used my version since I changed the prompt in my version.
You can get the new version here: https://github.com/1000001101000/acp-commander
You can use the "-s" method listed in the blog to get an interactive pseudo-shell (this method does not make any changes to the box but us somewhat limited). I fixed the bug that used to require "-pw" to be added to the commands, it now works with just:
java -jar acp_commander.jar -t 192.168.11.2 -s
I'd suggest backing up the files before modifying it with something like:
cp /etc/init.d/smb.sh /etc/init.d/smb.sh.bak
BTW: could you send me a link to the blog you got the command from?
Thanks a lot for your reply! So doing it this way would not require SSH to be enabled or altered in the first place, right ? You can see this method being used here: https://firtel.blogspot.com/2018/06/smbv2-linkstation-ls-chl.html and http://chibiny.blog.fc2.com/blog-entry-67.html
Can your updated "acp_commander.jar" be used with the ACP Commander GUI by the way ? https://advanxer.com/blog/2013/02/buffalo-linkstation-acp-commander-gui/
I'm also a bit worried that the command on the japanese blog: sed -i "58i/bin/sed -i '3i\ max protocol = SMB2\' /etc/samba/smb.conf" /etc/init.d/smb.sh cannot be simply copy-pasted "as-is", because of the html / website rendering that may omit a space or transform double quotes to simple quote or other similar (encoding) issues. Does the syntax above look ok, logic, and usable "as-is" to you? If you have a test system could you possibly try it ?
Finally of course the first thing I'll do is a backup: cp /etc/init.d/smb.sh /etc/init.d/smb.sh.bak But could you please tell me command to restore this backup in case things go wrong ? I've never used unix and better be safe than sorry ^^;
Thank you very much for your time.
SSH would not be involved in this procedure. ACP_Commander sends commands using the same protocol used by the firmware update process. "-c" is used to send a single command, "-s" provides a prompt to send commands one at a time. Further options like "-o" or that ssh process make permanent changes to security settings and start up telnet/ssh.
I haven't done anything with the GUI version, mainly because I've never found source code for it.
I don't have a test system running the stock firmware currently. I ran the command against a test file and confirmed it inserts the desired line... it seems fine.
To backup
cp /etc/init.d/smb.sh /etc/init.d/smb.sh.bak
To install:
sed -i "58i/bin/sed -i '3i\ max protocol = SMB2\' /etc/samba/smb.conf" /etc/init.d/smb.sh
reboot
To restore
cp /etc/init.d/smb.sh.bak /etc/init.d/smb.sh
reboot
Hi again 1000001101000, While I've yet to test the SMBv2 trick on 1.74 (NAS is in storage), it turns out Buffalo just released version 1.75. Have you tested this new version yet ? https://www.buffalo.jp/support/download/detail/?dl_contents_id=60849 I wonder if they enabled SMBv2 on their own.?!
according to the release notes it's just a fix for the date issue. Nice to see they're doing that much for this model at least.
http://buffalo.jp/support_ap/support/products/ts_xl_rxl.html
[Release Notes] Version 1.74 [2020-12-14] Bug Fixes [Date and Time] • Fixed a bug where if the date is set to “2020/12/1” and a later date and the TeraStation is restarted, the configured date reverts to “2007/11/1”.
It's strange they didn't bump the version number to 1.75 on the western release. In any case it seems they didn't enable SMBv2 while they were at it, sad. I hope acp_commander still works though !
the link you posted appears to be for the LS-WXL rather than the TS-WXL which might have something to do with it. Let me know if ACP commander does break, I don't think they will because then NasNavigator would probably break too.
It's actually applicable to: LS-XHL、LS-CHL、LS-WXL、LS-WSXL、LS-SL、LS-AVL、LS-VL、LS-WVL、LS-QVL、LS-XL series.