--------------------------------------------------------------------------
Spikesnet get almost all.
(I don't put any data from tcpdump, only the result).

The hard drive when u try the normal upgrade by WD connect here:
http://websupport.wdc.com/firmware/l...nc&fw=01.01.18

So to see how work the martin hinner page, you need to put this in a web browser:
http://martin.hinner.info/mybook/fir...nc&fw=01.01.18
The code about this page is:
<a href="http://martin.hinner.info/mybook/files/latestfw.sh">firmware</a>

So u can download the script with this url.
I put here all the script:

#!/bin/sh

echo '#!/bin/sh' >/var/upgrade/upgrade1.sh
chmod 755 /var/upgrade/upgrade1.sh
chmod 4755 /bin/busybox

KEYGEN=/usr/bin/ssh-keygen
SSHD=/usr/sbin/sshd
RSA1_KEY=/etc/ssh_host_key
RSA_KEY=/etc/ssh_host_rsa_key
DSA_KEY=/etc/ssh_host_dsa_key

do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n $"Generating SSH1 RSA host key: "
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
echo
else
echo
exit 1
fi
fi
}

do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n $"Generating SSH2 RSA host key: "
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
echo
else
echo
exit 1
fi
fi
}

do_rsa1_keygen
do_rsa_keygen


/usr/bin/passwd -d root

/usr/sbin/sshd &

rm -f /tmp/active_upgrade

exit 0

--------------------------------------------------------------------------
The change of the root password is a good idea for sure.

On my side, i compile with success "pstree" "fuser".
I got a version of nmap, but for now i'm not sure if all working.
For now i'm trying to compile vlc.
If i do this with success, i'll post the way to do this.

I'll wondering to do or not, a change to deactivate the web page from wd, because i dunno if the perl script from wd are sure or not.
--------------------------------------------------------------------------

I believe the script leaves root's password empty so that you can change it.

How about that ?


#!/bin/sh
echo '#!/bin/sh' >/var/upgrade/upgrade1.sh
chmod 755 /var/upgrade/upgrade1.sh
chmod 4755 /bin/busybox

KEYGEN=/usr/bin/ssh-keygen
SSHD=/usr/sbin/sshd
RSA1_KEY=/etc/ssh_host_key
RSA_KEY=/etc/ssh_host_rsa_key
DSA_KEY=/etc/ssh_host_dsa_key

do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n $"Generating SSH1 RSA host key: "
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
echo
else
echo
exit 1
fi
fi
}
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n $"Generating SSH2 RSA host key: "
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
echo
else
echo
exit 1
fi
fi
}
do_rsa1_keygen
do_rsa_keygen
/usr/bin/passwd -d root
/usr/sbin/sshd &
rm -f /tmp/active_upgrade
exit 0

As osgpcq says the script calls following url :

http://martin.hinner.info/mybook/fir...nc&fw=01.01.18

after logging on the box via ssh , have a look at
/var/log/messages
you see that message :

Sep 8 12:14:50 MyBookWorld local2.notice sudo: www-data : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/www/nbin//wget.sh /var/upgrade/fwv.tmp http://martin.hinner.info/mybook/fir...nc+fw=01.01.18

looking at wget.sh script , you see that within url script parameter(the 2nd), the '+' character will be changed to '&'

and after that, the script calls the above mentioned url.

that url provides a link to following url:
http://martin.hinner.info/mybook/files/latestfw.sh

You can see that messages in the log:

Sep 8 12:14:52 MyBookWorld user.notice /usr/www/lib/nasMaster.pl[772]: DAYWAN: <a href="http://martin.hinner.info/mybook/files/latestfw.sh">firmware</a>

Sep 8 12:14:54 MyBookWorld user.notice /usr/www/lib/nasMaster.pl[772]: DAYWAN: http://martin.hinner.info/mybook/files/latestfw.sh
...
Sep 8 12:15:18 MyBookWorld local2.notice sudo: www-data : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/www/nbin//getandapplyfw.sh http://martin.hinner.info/mybook/files/latestfw.sh

So , it seems that script latestfw.sh will be executed on the box.

That script executes the following commands:

- changes some access rigths ( chmod)
- generates 2 rsa keys used by ssh daemon
- reset root password to '' (null)
- starts ssh daemon

that script does not generates any dsa key, so before starting ssh daemon, you see following error message in the log:

Sep 8 12:22:34 MyBookWorld auth.err /usr/sbin/sshd[17035]: error: Could not load host key: /etc/ssh_host_dsa_key

Martin Hinner script should be improved by adding the following command

/usr/bin/ssh-keygen -q -t dsa -f $DSA_KEY -C '' -N ''

see the next one...

Hello,
Thanks to everybody for this usfull topic!!!

My question is : Did you solve this "user issue"?

My experienceof this Mybookworld :
I didn't use the crack (maybe later), I just mount this drive using cifs on my debian servor. Here are my fstab entry :
for the guests of my servor (they are read only users).
for users who are able to write on this disk. (/root/.PassSambaNAS contains username and password of a declared user on the web interface of the NAS)

The problem is that a user who has the right to go in "/path1/DD1ToWritable" (a rw user - theoriticaly) is not able to write on the disk.
It only works if I am connected as root on my debian servor....
I think it's because of this strange user "www-data" you mentionned in your post...???

any ideas????????????

Thanks a lot in advance!!
Mat (not so far from a newbee!!!)

User www-data has userid 33 and groupid 33
You can see that without any hack, yust type:
ls -l

If you define on your linux box an user
with userid=33 and groupid 33, you will have read/write access to mybookworld shares
example:

THANKS A LOT!
The answer was obvious... but sometimes it doesn't come out alone...
Thanks again.

One more question...
Is the crack (to get ssh acces to the box) you are all talking about (http://martin.hinner.info/mybook/)
reversible?
If yes : How?

Thanks again!!!
SeeU
Mat

Why do you want to go back?
That crack is only a bash script.

it does only 2 things

1) starts ssh server and creates rsa keys needed to start it
2) remove root password

If you wants to go back

1) log into mybook using ssh
2) don’t make ssh restartable on boot.
3) remove rsa keys under /etc
4) It's very difficult to restore original root password ..


All that "go back" work seems totally useless .

But when you have ssh access to your mybook , there are lots of very usefull things you can do:

Set up vsftpd server and access it through ftp
Access it with sftp … and so on

If you need more information, send a private message here ( of course you must first register)

I tried the excellent martin hinner ssh, but I forgot to add sshd to inittab before rebooting. ><

Now when I try to install sshd again, I get this message in the web interface :

There is no new firmware available

Anyone got a tip? I'm not so steady in perl, and the upgrade script at http://mybookworld.wikidot.com/forum...are-upgrade-pl should be able to tell how the upgrade.php at martin hinners site.

Anyone who can help me?

I found the solution.

The update doesn't work without network config set to dhcp for some reason :-)

Network was configured right.

Hi - I have looked at the posts but because I know almost nothing about Linux I am having trouble following the responses. I bought a WD MyBook World edition and set it up on my home network and can happily see it from my windows laptop. I also have a Debian server that a company set up for me. I utilise webmin to do some basic things and managed to work out how to use rsync to back up some Linux directories to a external USB drive (configured as a linux filesystem). Now I want to rsync to the MyBook so that if my linux system goes down I can still access the MyBook files from my Laptop. I would appreciate if anyone could give me some simple steps on how to do this. Thanks

Hi,
I leave the subject about the drive cause, i'm, still and for at least 1 month more, in a middle of a change of the residence !
But:
-First way: try to compile de src of rsync all the stuff rsync could need...
I can't help you for the moment, no enough time.
-Second: use rsync over ssh:
Like what: rsync -avz -e ssh 'user@mybook:/directory/mybook/'
Hope it's help you.
Regards

Vince

The compilation of rsync work perfectly:
# rsync
wget http://samba.anu.edu.au/ftp/rsync/rsync-2.6.9.tar.gz
tar xzvf rsync-2.6.9.tar.gz
cd rsync-2.6.9
./configure
make
make install

Regards

Hi all. I have been a user of the WD MYBook World Edition II for a few months now, recently applied the hack and changed root password, all very successful, also enabled SSH, and can log in happily from my Windows box (putty.exe). I am considering setting up VPN access through an ADSL2 router connected direct to the Internet with a fixed IP address. Can anyone suggest a how-to or other instruction to do it safely? I understand from a little reading on the subject that setting up the (provided) DMZ setup on the router is not really very safe, need a second router to make it so..is this true? I do have a second (older) ADSL wireless router I could spare, but never set one up as a secondary router (rather than directly to the ADSL line). Any comments, suggestions, or friendly abuse welcomed! Thanks in advance. Oh, I am fairly good with Linux (UNIX admin) but never been much involved with extranet comms.