NAS326 unresponsive after update and reset

khamul

Hello there,

some weeks ago I've updated my NAS326 to last available firmware (5.21(AAZF.18)C0). Until then it was working without issues for years.
After update, I lost access to login page: ping works but anything else was not available anymore. Luckily, I had data backup on another NAS, so I tried to factory reset this Zyxel (long reset press until 3 beeps), but from then it became unresponsive.

When it boots, all LEDs turn on, disks spin up, but then the network LED begins to blink forever and nothing shows up in the network.

I've tried anything, "NAS326_recovery" package (found from this forum) seems do nothing (I left it working for an entire weekend). But with "universal_usb_key_func-2015-10-12" package and network_telnet_stop script, the default IP 192.168.0.33 begins to be pingable. So the network stack seems working…but I can't telnet nor ssh into that IP, both shows "Connection refused".

I'm missing something? Or is it bricked?

Thanx in advance

Mijzelf

It's hard to say what is wrong if your device. If you reproducible can see difference in network behaviour with and without universal_usb_key_func/network_telnet_stop, then it's not dead. The script on the stick is executed by the kernel/rootfs of the installed firmware. The firmware consists of 2 parts, a kernel with embedded rootfs, and another firmware 'blob' containing mainly webinterface and samba. The kernel/rootfs wouldn't boot if a single byte was changed. (The bootloader checks a checksum).

It is possible that the 2nd blob is damaged. You could try to remove the disk(s) and boot. This way you force the box to bypass the blob on disk, and use a copy from flash.

If that doesn't change anything, maybe the script network_telnet_stop has to be changed. It is written for firmware 4 devices (NSA series), and at least the NAS5xx behaves different. The script starts a telnet daemon something like

/bin/telnetd -l /bin/sh

This way telnetd uses /bin/sh as login binary, effectively giving you a loginless rootshell. The NAS5xx doesn't support that '-l' option, and errors out.

Don't know about the NAS326, but you could try to remove that -l option, to see if it opens the telnet port. If so, probably you can't login, as the root password is unknown. (Although it won't hurt to try some abvious possibilities like 1234 and admin.)

If the port opens, it should be possible to change the root

Mijzelf

Hm. Some bot is prohibiting me from posting the last sentence because it contains blacklisted words. It's about changing passwords. Let's face that issue when it becomes relevant.

khamul

Hi Mijzelf, thank you very much for the detailed explanation. I'll try without the "-l" option next weekend.

I'll let you know how it will go! cheers