Monday, February 15, 2016

Exploring the OS of a Segate GoFlex Home

I recently happened upon a Segate GoFlex Home, which is a consumer grade desktop NAS with a single removable drive. I had really no use for it in its original state, since it required proprietary software to manage, so I disassembled the disk module and stuck the disk into one of my servers. The base, which you can pick up for around $35, sat unused until I decided to take off the case and investigate.

Hardware

The inside is fairly simple. The CPU is a Marvell 88F6-281, an ARMv5 running at 1.5GHz. It has a Nanya NT5TU64M16HG-AC 1GB DDR2 ram chip (I am unsure because other sources claim it's only 256 MB, and the official Nanya website is down at time of writing). For storage, it has a Toshiba TC58NVG1S3ETA00 256MB NAND flash chip. There is also a Marvell 88E1116R gigabit ethernet controller, as well as various voltage regulators, Ethernet and USB ports, and a SATA port on the bottom of the board. The power supply is 12V at 2A, likely to support the overhead of a mechanical hard drive.





(I added the heatsink after I disassembled it.)

Software

The process of rooting the device is quite simple and documented in several places. First you need to connect to the webserver on the device to create an account. Simply find the IP of the device, navigate there in a web browser, and follow the prompts. When finished, you should have a username and password. Now look on the bottom of the case and find the product key, look for something like PK: XXXX-XXXX-XXXX-XXXX.

Now, get an SSH client and connect to username_hipserv2_seagateplug_product-key@ip.address, where username is the username you previously created (in lowercase), product-key is the key in the form of XXXX-XXXX-XXXX-XXXX (all uppercase), and ip.address is the ip of the device. You should be able to log in with the password you created earlier. If all went well, a bash prompt should pop up.

Then, in order to gain root access, all you need to do is sudo -E -s

I went exploring into some of the files:

-bash-3.2$ cat /proc/cpuinfo
Processor : ARM926EJ-S rev 1 (v5l)
BogoMIPS : 1192.75
Features : swp half thumb fastmult edsp 
CPU implementer : 0x56
CPU architecture: 5TE
CPU variant : 0x2
CPU part : 0x131
CPU revision : 1
Cache type : write-back
Cache clean : cp15 c7 ops
Cache lockdown : format C
Cache format : Harvard
I size : 16384
I assoc : 4
I line length : 32
I sets : 128
D size : 16384
D assoc : 4
D line length : 32
D sets : 128

Hardware : Feroceon-KW
Revision : 0000

Serial : 0000000000000000

-bash-3.2$ cat /proc/cmdline 
console=ttyS0,115200 ubi.mtd=2,2048 root=ubi0:rootfs rootfstype=ubifs init=/linuxrc

-bash-3.2$ cat /proc/version 
Linux version 2.6.22.18 (ramang@es5x86.axentra.com) (gcc version 4.3.2 (sdk3.2rc1-ct-ng-1.4.1) ) #16 Thu Jun 17 01:37:53 EDT 2010

bash-3.2# uname -a
Linux axentraserver.jimmy.seagateshare.com 2.6.22.18 #16 Thu Jun 17 01:37:53 EDT 2010 armv5tejl armv5tejl armv5tejl GNU/Linux

Linux seems a bit out of date, don't you think? They didn't seem to try to slim it down much:

-bash-3.2$ file /bin/cat
/bin/cat: ELF 32-bit LSB executable, ARM, version 1 (SYSV), for GNU/Linux 2.6.16, dynamically linked (uses shared libs), for GNU/Linux 2.6.16, not stripped

However, It does fit, barely:

-bash-3.2$ df -h
Filesystem            Size  Used Avail Use% Mounted on
rootfs                212M  160M   52M  76% /

bash-3.2# ls /usr
X11R6  bin  etc  games include  kerberos  lib libexec  local sbin  share  src  tmp

What? X11? Games?? There is nothing in those folders, but still...

I'm working on a way to mount the filesystem and dump the whole thing... Might be shared soon.

It appears to be running several services, as indicated by an Nmap scan:

PORT      STATE    SERVICE     VERSION
21/tcp    open     ftp         vsftpd 2.0.7
22/tcp    open     ssh         Seagate GoFlex NAS device sshd 4.3 (protocol 2.0)
80/tcp    open     http        Apache httpd 2.2.3 ((Red Hat))
139/tcp   open     netbios-ssn Samba smbd 3.X (workgroup: SEAGATEGROUP)
443/tcp   open     ssl/http    Apache httpd 2.2.3 ((Red Hat))
445/tcp   open     netbios-ssn Samba smbd 3.X (workgroup: SEAGATEGROUP)
515/tcp   filtered printer
548/tcp   open     afp         Netatalk 2.2.0 (name: GoFlexHome; protocol 3.3)
631/tcp   open     ipp         CUPS 1.2
6689/tcp  open     daap        mt-daapd DAAP svn-1696
8200/tcp  open     upnp        MiniDLNA 1.0 (DLNADOC 1.50; UPnP 1.0)
49152/tcp open     upnp        Portable SDK for UPnP devices 1.4.6 (Linux 2.6.22.18; UPnP 1.0)

I'm confused as to why there are printer daemons, unless it shares a printer plugged into the USB port. As for the various media servers, I assume it indexes your media and serves it up (UPnP worked, but I don't have a disk so I wasn't able to test its full capabilities. As for the FTP and Samba, probably just fileservers. It's a pretty neat system that most people probably wouldn't ever use to full potential...

I'm still confused about most of the filesystem though. There appears to be a huge amount of random empty folders for apps like OpenVPN, Transmission Bittorrent, Gnome, and X11. All the files have been removed, but the folders have been left, cluttering the drive.

Controlling the LEDs

If you're interested in running custom code on this, LED indicators are useful. There are 3 LEDs on the front of the board. In order to set these, call the set-led-status executable like so:

set-led-status <led> <mode>

Where <led> is green_led, orange_led,  or  hdd_led
and <mode> is off, on,  or  blink

To be continued...
Posted by at

1 comment:

  1. Nguyên ĐTJune 1, 2019 at 5:10 AM

    The USB port is for sharing printer on network. It can also use to download torrent files automatically

    ReplyDelete

Subscribe to: Post Comments (Atom)