NAS326 unresponsive after update and reset

Options
khamul
khamul Posts: 4 image  Freshman Member
First Comment Friend Collector
in Personal Cloud Storage

Hello there,

some weeks ago I've updated my NAS326 to last available firmware (5.21(AAZF.18)C0). Until then it was working without issues for years.
After update, I lost access to login page: ping works but anything else was not available anymore. Luckily, I had data backup on another NAS, so I tried to factory reset this Zyxel (long reset press until 3 beeps), but from then it became unresponsive.

When it boots, all LEDs turn on, disks spin up, but then the network LED begins to blink forever and nothing shows up in the network.

I've tried anything, "NAS326_recovery" package (found from this forum) seems do nothing (I left it working for an entire weekend). But with "universal_usb_key_func-2015-10-12" package and network_telnet_stop script, the default IP 192.168.0.33 begins to be pingable. So the network stack seems working…but I can't telnet nor ssh into that IP, both shows "Connection refused".

I'm missing something? Or is it bricked?

Thanx in advance

All Replies

  • Mijzelf
    Mijzelf Posts: 3,056 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary

    It's hard to say what is wrong if your device. If you reproducible can see difference in network behaviour with and without universal_usb_key_func/network_telnet_stop, then it's not dead. The script on the stick is executed by the kernel/rootfs of the installed firmware. The firmware consists of 2 parts, a kernel with embedded rootfs, and another firmware 'blob' containing mainly webinterface and samba. The kernel/rootfs wouldn't boot if a single byte was changed. (The bootloader checks a checksum).

    It is possible that the 2nd blob is damaged. You could try to remove the disk(s) and boot. This way you force the box to bypass the blob on disk, and use a copy from flash.

    If that doesn't change anything, maybe the script network_telnet_stop has to be changed. It is written for firmware 4 devices (NSA series), and at least the NAS5xx behaves different. The script starts a telnet daemon something like

    /bin/telnetd -l /bin/sh

    This way telnetd uses /bin/sh as login binary, effectively giving you a loginless rootshell. The NAS5xx doesn't support that '-l' option, and errors out.

    Don't know about the NAS326, but you could try to remove that -l option, to see if it opens the telnet port. If so, probably you can't login, as the root password is unknown. (Although it won't hurt to try some abvious possibilities like 1234 and admin.)

    If the port opens, it should be possible to change the root

  • Mijzelf
    Mijzelf Posts: 3,056 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary

    Hm. Some bot is prohibiting me from posting the last sentence because it contains blacklisted words. It's about changing passwords. Let's face that issue when it becomes relevant.

  • khamul
    khamul Posts: 4 image  Freshman Member
    First Comment Friend Collector

    Hi Mijzelf, thank you very much for the detailed explanation. I'll try without the "-l" option next weekend.

    I'll let you know how it will go! cheers

  • khamul
    khamul Posts: 4 image  Freshman Member
    First Comment Friend Collector

    @Mijzelf it works! Without the -l parameter, I've just been able to telnet into and login with root with one of the obvious passwords…

    I have access to files in the usb key (via /mnt/partnerkey):
    ~ # ls /
    bin etc i-data linuxrc ram_bin sys var
    dev firmware init mnt root tmp
    e-data home lib proc sbin usr
    ~ # ls /mnt
    partnerkey ram1
    ~ # ls /mnt/partnerkey/
    NSA221_check_file nsa310_check_file_C0
    README nsa310_check_file_C0.Zy_Private
    STG100_check_file salted_md5sum_Zy_Private
    STG211_check_file salted_md5sum_libzy.so.fw4
    STG212_check_file salted_md5sum_libzy.so.fw5
    md5sum usb_key_func.sh
    nas3xx_check_file usb_key_func.sh.2
    nas5xx_check_file usb_key_func.sh.network_telnet
    nsa210_check_file usb_key_func.sh.network_telnet_stop
    nsa220_check_file usb_key_func.sh.telnet
    nsa220_check_file.220- usb_key_func.sh.telnet_and_stop
    ~ # ls /firmware/
    htp mnt sbin

    Do you think I can put the last valid firmware there and flash again the NAS? Is it correct to follow your instructions in this other thread ?

    https://community.zyxel.com/en/discussion/10235/nas542-stuck-in-a-boot-loop

    Thank you very much!

  • Mijzelf
    Mijzelf Posts: 3,056 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary

    That thread is about low-level flashing, when I'm not mistaken. But you already have a flash script on the recovery stick. You can run that manually now, and the console output should tell what is going wrong. On that stick is a directory nas3xx_fw, and a file nas3xx_md5sum.txt. Copy those to your universal_usb_key. As long as you don't overwrite any existing files the orginal function should not be disturbed.

    Then boot the box, login over telnet, and execute

    cd /mnt/partnerkey/nas3xx_fw/
    

    ./usb_key_func.sh

    If you can, switch on logging of your telnet client. Don't know how much data it will spit out.

Categories

Consumer Product Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)