SSH tunnel for VNC

If you were on a linux machine, it would be as simple as

ssh -L 5901:localhost:5901 root@192.168.7.119

Just kidding, don’t login as root, it is all just for tunneling, replace root and the IP of my super top secret server with something suitable

On windows, the most popular SSH client is putty, and to do that in putty, follow the following steps

Open putty, then enter the IP address or hostname of the remote machine

Openwrt internet via USB from Huawei E5577 or similar devices

If you have a 3G/4G USB dongle, which is not battery operated, just a USB stick, you might want to check out the instructions here

The device I am using at the minute is the ZTE MF920U, I have also used a bunch of similar Huawei devices, they all work in exactly the same way

Start by installing a few packaged, hopefully you are familiar with loggin in with SSH, if not, you can get those packages from within the software section of the luci interface

opkg update && opkg install kmod-usb-net-rndis kmod-usb-net kmod-usb2 usb-modeswitch kmod-usb-net-cdc-ether

Once those are installed, reboot, then login to luci

Connect the 4G modem via USB, then Go to interfaces, then add a new interface, select the new eth device that appeared, give it a name, and you are all good to go

New firmware for my Western Digital “My Book Live” NAS storage device

The WD My Book Live is a NAS device based on Debian Linux, Since Debian stopped supporting this processor (APM82181), the device has received no updates and will probably never, so the next best thing to do in my opinion is to install openWRT.

WARNING: I recently got a second MyBook Live device, tried installing 23.05.0 but for some reason, i could not get networking to work, So i simply installed V21, then upgraded to 23… there was probably just something I was missing, but i could not be bothered figuring it out, this was a faster way…

Before you start

1- Only the first few paragraphs of this tutorial (STEPS 1 THROUGH 6) are the instructions you need, the remaining is just for extra reference and in short you don’t need to read it to have your device running, but I do recommend YOU SKIM THE WHOLE THING BEFORE YOU START.
2- This procedure requires you to take the disk out and install it on a PC to switch the firmware, then put it back
3- The upgrade will delete all your data, You will need to move your data that is already on your WD NAS drive somewhere else while the upgrade is ready.

Step 1: Move any existing data BEFORE TAKING APART.

Move any data you may have on the drive to a temporary location outside the NAS drive. this has to be done before taking the drive apart as the unconventional 64 kB block size of the disk will be nothing but trouble if you want to extract the data while mounting the disk to a linux PC for example.

Step 2: Take the disk apart

I have included photos to help you do that, it is not rocket science.

Step 3: Mount the disk on a linux PC (Windows and MAC should work)

and mount it to a linux PC (Windows might work with software such as etcher, but i have no guarantees).

Step 4: Download the openWRT firmware

Go to the drive’s page on the openwrt website (Here), and download it to your Linux (Or windows) PC

Step 5: Write the firmware to the disk.

Decompress the file, then copy it to the drive with a command similar to the command below, but make 100% sure to replace sdx with your own drive designation

 dd if=/root/wdsata.img of=/dev/sdx bs=64k

Write the firmware to the disk, overwriting it, and effectively loosing any data you did not backup in step 1

Step 6: Put the drive back in the enclosure

Nothing to say here, this is the reverse of step 2

Once it is in the enclosure, you can not just connect it to your router as it in itself has this port defined as 192.168.1.1 and is serving dhcp !

Step 8: Create the data partition

At this stage, your device will boot, but you will need to create/expand the data partition, the partition that should not be overwritten when you upgrade the firmware for example.

opkg update
opkg install gdisk blkid openssh-sftp-server block-mount
gdisk -i /dev/sda

As soon as gdisk opens, you may be presented with the following message, if so

Found valid MBR and corrupt GPT. Which do you want to use? (Using the
GPT MAY permit recovery of GPT data.)
 1 - MBR
 2 - GPT
 3 - Create blank GPT

Chose 1 to maintain the 2 partitions we have, Now hit the command (w) to write and confirm, then quit, gdisk has just switched your disk to GPT from MBR, now run gdisk again the same way (gdisk -i /dev/sda)

n for new partition, accept the (3) for partition number, use the number (2097152) for alignment with 4K sector advanced format nearest to the 1GB mark

mkfs.ext4 /dev/sda3
mkdir /share
blkid /dev/sda3

You might find a file named fstab in /etc, this is not the file that needs to be edited, the one you are seeking is in /etc/config/fstab in my case, the UUID was as follows UUID=”9643bd00-f117-4074-a252-7ea30a5174e2″ yours will certainly be different, so in my fstab i added the following lines near the end

config mount
option target '/share'
option uuid '9643bd00-f117-4074-a252-7ea30a5174e2'
option enabled '1'

Now, network sharing is what i was originally interested in when i got this unit, and it is why I am replacing it’s firmware, so to installing samba

opkg update && opkg install samba4-server luci-app-samba4

Now, add the following line to /etc/passwd to add me as a user to the system

yazeed:*:1000:65534:yazeed:/var:/bin/false

Or, if you do not want to add the user manually, you can install the adduser package, and add the users through it like so

opkg install shadow-useradd
useradd yazeed
Unfortunately, this command won't do and you will have to edit it in the passwords file

Now, for either method from the above, run the command

passwd yazeed
smbpasswd -a yazeed

Now, since this is a NAS device, disk tools may be a good idea

opkg install hd-idle luci-app-hd-idle hdparm

To check if disk is spinning, try the command
hdparm -C /dev/sda
The responce active/idle means it is spinning

You are done.

FAQ

Is the hardware and the new openWRT firmware compatible with my 8TB hard drive

Yes it is, I have found many people asking if the hardware supports drives over 2TB, the answer is yes, but you will have to use the GPT rather than the MBR (See steps above)

about the original firmware

What is that vulnerability about

it comes from WDs cloud service, bottom line is that many devices were completely wiped remotely by malicious users and it is unknown if the data itself leaked, so yes, it is very serious

What is the difference between quick factory restore and full factory restore

Quick factory restore is probably what you are looking for, the later seems to do a zero fill on the hard drive after performing a factory restore to disallow data retrieval (For example before you sell it), you can verify this by logging in using SSH, and by the fact that the tool tips state something to that effect.

Inspecting the device

To begin with, I logged in via SSH and inspected some stuff, to enable SSH access on the My Book Live original firmware, you will need to visit a page at a URL such as http://mybooklive/UI/ssh or http://192.168.2.116/UI/ssh (Replace the IP with your own)

the system is based on the following CPU

CPU
processor       : 0
cpu             : APM82181
clock           : 800.000008MHz
revision        : 28.130 (pvr 12c4 1c82)
bogomips        : 1600.00
timebase        : 800000008
platform        : PowerPC 44x Platform
model           : amcc,apollo3g
Memory          : 256 MB

With that out of the way, A look at /etc/apt/sources.list revealed that it is a Debian Distro, the only problem with this is that debian stopped supporting this CPU some time ago, so you can’t go past Debian 8 (Jessie)

deb http://ftp.us.debian.org/debian/ squeeze main
deb http://ftp.us.debian.org/debian/ wheezy main
#deb-src http://ftp.us.debian.org/debian/ wheezy main
#deb http://ftp.us.debian.org/debian/ sid main

Checking the disk info with hdparm revealed that the disk is a WDC WD20EARX-00PASB0, which is as i expected a Caviar Green (SMR disk)

parted (The new fdisk so to speak) shows the following partition scheme for the existing system.

Model: ATA WDC WD20EARX-00P (scsi)
Disk /dev/sda: 2000GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number  Start   End     Size    File system     Name     Flags
 3      15.7MB  528MB   513MB   linux-swap(v1)  primary
 1      528MB   2576MB  2048MB  ext3            primary  raid
 2      2576MB  4624MB  2048MB  ext3            primary  raid
 4      4624MB  2000GB  1996GB  ext4            primary

And a “df -h” reveals

Filesystem            Size  Used Avail Use% Mounted on
/dev/md0              1.9G  555M  1.3G  31% /
tmpfs                 5.0M     0  5.0M   0% /lib/init/rw
udev                   10M  6.7M  3.4M  67% /dev
tmpfs                 5.0M     0  5.0M   0% /dev/shm
tmpfs                 100M  4.6M   96M   5% /tmp
ramlog-tmpfs           20M  4.5M   16M  23% /var/log
/dev/sda4             1.9T  2.1G  1.9T   1% /DataVolume

A good alternative for this Gigabit Lan network attached storage might be openWRT, the same firmware I use for my routers !

there are things you need to know in advance though, first of which is that changing the firmware will require you to delete everything on the drive ! as Western Digital have used an unconventional bunch of things such as a 64 kB block size !

With that out of the way, you can skip down to the installing openWRT about the upgrade process step by step (Including backing up your system), then come back to why etc…

What if i want to revert back to the WD software ?

That is indeed a good question, and to make it easy to do that, I have already backed up the entire disk to another while I am sure that i don’t want to go back. Also worth mentioning that the latest firmware on the WD website dates back to 2015 ! which is at the time of writing 6 years ago !

Where can i find the up to date openWRT distribution for this drive ?

OpenWRT has a page dedicated to this drive, both the single and the Duo here (https://openwrt.org/toh/western_digital/mybooklive)

What are the benefits of the NAS box (enclosure), why not just take out the hard drive and put it in a PC somewhere.

The Western Digital My Book Live has a super low power CPU, and when the disk is spun down, it consumes very little energy (Not a significant load to your UPS for example), It is also fan-less, so it is with the exception of the spinning drive when it is spinning silent, which is also a nice thing, So i would argue that keeping it by updating it’s software is a good idea

Another reason is the amount of relevant software provided through openWRT packages, covering many more things than the original firmware (miniDLNA included).

Errors and resolution

1- I have this error that i have not resolved yet

mv: setting attribute 'user.DOSATTRIB' for 'user.DOSATTRIB': Permission denied

2- The NAS box will not accept many files that windows creates such as Thumbs.db, to allow such files to be stored, This can easily be resolved by editing the samba template and commenting the “veto” files line, then make sure the config is regenerated from the template

How do i keep the system up to date

If you come from a debian background, you would normally apt-get update then apt-get upgrade and that is that, in OpenWRT, there is no such upgrade command, the upgrade command in openWRT is meant to upgrade 1 package specified by name, so the solution is the following line

 opkg list-upgradable | cut -f 1 -d ' ' | xargs -r opkg upgrade

Finding static ip machines on openwrt

As soon as you enter the LUCI interface of openwrt, you are presented with a bunch of DHCP leases corresponding to all the machines that got their IP from DHCP, but what about the computers that have static IPs ?

The answer to that is that there is no place where all this data is stored on the router, and you must scan for all machines

a tool to help you do that is arp-scan, just go into packages and install it, or simply run the command “opkg install arp-scan” from the ssh session, right after, you should be able to run the command as follows

arp-scan –interface br-lan –localnet

but this will not necessarily be the correct command, you will need to find the name of your LAN interface which is simple from interfaces in LUCI

As of now, the current version of arp-scan has a bug, where it displays the following error

arp-scan -I br-lan -l
Interface: br-lan, datalink type: EN10MB (Ethernet)
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-oui.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/mac-vendor.txt: No such file or directory
Starting arp-scan 1.9.5 with 256 hosts (https://github.com/royhills/arp-scan)

15 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9.5: 256 hosts scanned in 1.852 seconds (138.23 hosts/sec). 0 responded

The solution to that is by manually installing the newer arp-scan package

Debricking a TP-MR3220 V2 router using tftp only

Usually, i go with a serial cable, these days, people have found simpler ways

Start by downloading lede-17.01.5-ar71xx-generic-tl-mr3220-v2-squashfs-factory.bin from the openwrt website (Don’t use the original, it needs trimming 😉 and you can install it after using the post after this one

rename the file you downloaded to mr3220v2_tp_recovery.bin and put it in your tftp client folder

Setup your computer’s LAN settings to the IP address 192.168.0.66

Connect the eithernet cable to the yellow LAN port farthest away from the blue wan port (Not the one next to it, only this port works)

start your TFTP client, pick your eithernet LAN and connect the lan cable

Hold the WPS/Reset button, and while holding it, start the router, then wait 4 seconds and release it

On your screen, you should see your TFTP client sending a file (on tftpd32 you see a download progress bar)

Wait for the router to reboot, now you have hte openwrt firmware, go ahead and read the previous post on going back to factory 😉

Have a great day

reverting tp-link tl-mr3220 V2 to stock firmware the easy way

If you are on openwrt and want to revert back to factory firmware, you need to do the following easy steps

Download the file from the tp-link website, this should be straight forward, you go to the website, search for your router by model, on the firmware download page, select the version of your router and download the file

If it is a zip file, extract it, we are looking for a bin file that should be inside the zip file (Make sure it has up_boot in the file name)

Use an application such as putty to connect to the router as root, and an application such as winSCP to connect to the router (Also as root) to upload the file

upload the file to the /tmp folder, this folder is in RAM not on the flash of the router, so it has more space that can accommodate the procedure

Using Putty, execute the following commands

cd /tmp

On this command here, you will need to replace the name of the file with the name of the file you have uploaded to the router
This command (That starts with DD), trims the first 257*512 = 131,584 bytes from the file which are the boot loader
dd if=yourfilename.bin of=flash.bin skip=257 bs=512

Now you would want to remove the old file after we have trimmed it with DD
rm yourfilename.bin

Now, to the final step, which is actually writing the trimmed firmware to the router
mtd -r write /tmp/flash.bin firmware

Now all you need to do is wait for the router to write the firmware, right after it will reboot and you are done

going back to original firmware on tp-link

Let me start with the warning, DO NOT FLASH THE ORIGINAL TPLINK FIRMWARE BACK BEFORE FINDING OUT IF YOU NEED TO STRIP THE FIRST NUMBER OF BYTES OUT, YOU WILL BRICK YOUR ROUTER, IF YOU SEE

Failed to erase block

IF YOU DO, YOU NEED TO MAKE SURE YOU GET IT right after that, or you will start to get.

segmentation fault

on every and any command you run, at this stage, when you see this error after the failed to erase block error, your router is bricked, reboot it and it will not boot back up. if this happens, you might (depending on the model you have) have to connect your router to a com port and debrick it.

Now that you know, let’s see how to deal with this

If your firmware download file name has the word boot in it’s file name, you will need to strip out the first 0x20200 bytes (131584 bytes), if you fail to do this, meaning you fail to either identify if you need to do this, or fail to trim them, you will brick your router in the next step, to make matters both, TP-LINK is no longer including the word boot in firmwares with boot.

so to trim

dd if=orig.bin of=tplink.bin skip=257 bs=512

this command means read the file into another, skipping the first 257×512 = 131584 bytes (Which is the number you find above)

Now, you can flash it with the following command

mtd -r write /tmp/tplink.bin firmware

And if it says all is ok, you can now reboot your router into the new firmware

 

 

huawei dongle on openwrt – the fast and easy way

NOTE: this is not about battery operated 4G modems (such as the huwawei E5577 for example), see here for instructions to connect 4G modems via USB to openwrt

This is a 4MB space tp-link router, here are the steps

opkg install kmod-usb-serial kmod-usb2 luci-proto-3g kmod-usb-serial-option usb-modeswitch kmod-usb2 kmod-usb-serial-wwan kmod-usb-serial ppp comgt 

A package required for older releases of openwrt

opkg install sdparm

And the optional package

opkg install usbutils 

Now, reboot the router, then go to the routers LUCI interfaces page, then add an interface

From the drop down, chose UMTS/GPRS

On the next page, you should see one of the devices names /dev/ttyUSB0, in my case there are 2 since the device provides a storage controller, the modem was on USB0 not USB1, your might be different (try both if you have 2)

Now i chose UMTS only so that the modem will always use 3G because edge is good for nothing

Then your APN and username/password as you would on a phone or anywhere else… then save and apply

OpenWRT router with huawei hilink – on a 4MB router

Since this router has around 600 to 700 KBs of free space, running the hi link USB dongle modem should be done with the bare minimum packages
Here are the ones i installed to get mine running

opkg install kmod-usb-net kmod-usb-net-rndis kmod-usb-net-cdc-ether udev usb-modeswitch kmod-usb-serial-option kmod-usb-net

Right after, i rebooted, then running the command,

ifconfig -a

I got a new eithernet device (USB0), on another older hi link dongle it was called eth2.

Then, from within LUCI, you can simply add a new interface using this hardware interface, and set that to DHCP and add it to the WAN segment, You are done, it should be connected now

Please be aware that once you have it running, you might want to get into the dongle’s interface settings, and instruct the dongle to only use 3G (Not GSM/EDGE), i do that by visiting 192.168.8.1 (Hard coded, can not be changed, but depending on the model yours might be different).

WNDR3700V3 reverting to stock or openwrt

In my case, i was switching to the openwrt from dd-wrt.

I got my netgear WNDR3700 V3 (which is broadcom not atherios) used from ebay, Switching from dd-wrt to openwrt

First of all, there is a bug in the dd-wrt 21061 that makes it not possible to use SSH, so i logged in with telnet

Now,

wget http://theplacewhereyouputthefile/filename.bin (the original firmware is .chk not .bin)

Then

mtd -e linux -r write /tmp/x.bin linux

And the router showed things like

Unlocking Linux …

Erasing Linux

Writing from x.bin to Linux … [e]
Writing from x.bin to Linux … [w]

Then, connection to the host was lost

Then the router was bricked

I did get ping replies from the router, but that did not mean it is working

So, my next thing to do was this, the router booted itself into recovery mode, so i got the original firmware.

tftp -i 192.168.1.1 put x.chk

Transfer successful: 7258170 bytes in 29 second(s), 250281 bytes/s

Where X is simply the factory firmware .chk file, now leave the router for more than 5 minutes while it digests the update, then use the web interface to update to the openwrt chk file