Shell access to your ix2/ix4 exposed! “Get yer red hot ssh here!”

8Jan

Shell access to your ix2/ix4 exposed! “Get yer red hot ssh here!”

by Christopher Kusek (PKGuild) Iomega, NAS, Storage

So, I promised you guys in Iomega ix4-200d data reconstruction, ssh and more! that I would expose the password to login to the ix2 and ix4 as soon as I could. Well, your wait is finally over!

Let’s start as you normally would, by logging into the support console!

http://192.168.1.1/support.html

Whoa, what’s that I highlighted there and even tossed in an arrow?! Can I MAKE it any more straight forward? Psst.. Click on Support Files :)

Ooh, what’s that little guy down there? Dump? Yea, I didn’t even notice this before (because I had shell access myself ;)) but this is for your benefit!

The system will go through "Gathering system state…"

Why yes, I did go mad with clicking colors and arrows in the win7 version of MSPaint.. Okay, but I digress. :)

Click that bad boy, which will include dump data about your system! Download it, and open it!

Drill down into the dump –> config –> etc –> and open up the file named “shadow” (dump-20100107225620.tar.gz\dump-20100107225620\config\etc)

Find your shadow File in there, and lo and behold, you will have your Iomega root users hash! Now it’s just a matter of cracking it!

It is beyond the scope of this article to tell you how to actually crack the pwd.. (giggle) go here, download john the ripper and you’ll do just fine :)

Taking my seed from my system and running it through a simple alphanumeric search, I come up with username root, password soho! That was easy! That works if you have NO Password set!

Through a collaborative effort with @randyjcress @Kiwi_Si @VirtualisedReal and @gabvirtualworld we were able to determine that by using soho and whatever password you use on the system, that should do it! And really, the credit does primarily go to @randyjcress for leading us in that specific direction so props randy! :)

ie: admin pwd is apples, so login using sohoapples – This is still undergoing verification, but I thought I’d share it out there, while we sort it out!

Disclaimer: The means to perform all of these tasks has been replicated and verified in the wild without requiring any intimate knowledge of the inner workings of the system.

cracking exposed Iomega ix2-200d ix4-200d john the ripper NAS shell access ssh support console

79 comments

Kcantrel May 23, 2011 at 8:51 pm

Okay, now I have done with I wanted to with ‘ssh’ access, how do you turn it off? I have an IX-200 Cloud Edition and I’ve gone back to the support.html file, well, actually, it is diagnostics.html for the cloud version, unselected the check mark next to “allow remote access for support” and clicked Apply. Unfortunately, the check mark reappears and as expected, ssh access remains. Do I have to reboot this thing to get it to stick?

Christopher Kusek May 23, 2011 at 9:03 pm

In a word. Yes, yes you have to reboot it for the SSH access to turn off.

_rico_ May 27, 2011 at 8:19 pm

Hi Buck, did you find a way to upgrade to cloud edition?

_rico_ May 27, 2011 at 8:24 pm

Hi Chris, great work here, love my ssh on the ix2-200. Did you find a way to upgrade from a non cloud ed to cloud?, I have two ix2-200 units and I would love to use the cloud edition …

Guest June 3, 2011 at 3:20 pm

you lose the warranty like this

Dave June 6, 2011 at 5:47 am

Hello,
I have a ix2-200 , and how can upgrade it to Cloud Edition.
thanks
Dave

Guest June 14, 2011 at 2:12 am

I’ve heard that you CAN upgrade the ix2 to CLOUD EDITION… HOW???

footswitch June 15, 2011 at 12:01 pm

Hi there,

This wiki page contains a set of instructions in order to recover the NAND or replace the internal HDDs:

http://iomega.nas-central.org/wiki/Category:Ix2-200-usb-init

This would not only allow us to swap the HDDs in the ix2-200 to larger ones, but also upgrade (?) to the cloud edition.

I do NOT know if any of this works as advertised.

I have little knowledge of SSH and *nix and so forth. If
someone with proper know-how is willing to give it a try… pretty
please :)

If you need to perform some test in one of the devices and you don’t have it…

—- I have both ix2-200 (1 year-old model and the new Cloud Edition). —-

So I’m more than willing to help with what I can.

P.S.: I did try a basic and probably stupid thing:

1. Remove the drives from the older model;

2. Place just one drive from the Cloud Edition into the older model.

I imagined at first that it would boot as if it were the Cloud Edition,
but it doesn’t. It seems like there’s a part of the OS that’s stored in
the HDDs and another part (or firmware) stored in the board…?

Joachim June 20, 2011 at 8:35 pm

Just a stupid question. Why don’t you use the first icon? Support access, and then check the ‘Enable support access via ssh…’? Afterwards, you can ssh with root & password soho-pwd…

Yozz June 26, 2011 at 3:57 pm

I have the ix2-200 edition and wanted cloud as well. I’ve made it working, however not by a hack. I bought the transmit app http://www.panic.com/transmit/ (mac only) and have set that setup over ssh connecting to my ix-200. 2 minutes work and all can by accessed as a local drive. No read/write issues or other tech issues. Just plug and play.

Scpcom July 5, 2011 at 10:22 pm

I updated my USB Init page on NAS Central. Now also people who have only Non-Cloud Edition can update to Cloud Edition (on new drives). Only the original firmware file for cloud edition is required

Remy Blank July 8, 2011 at 3:38 pm

I understand this procedure enables the SSH server on the ix2, that is, sshd. Is the ssh client also installed? That is, if I’m logged into an ix2, can I ssh to another machine? Is Python installed, too?

Magneto July 14, 2011 at 2:04 pm

FYI:
Procedure works fine on a StorCenter px6-300d.

– enable ssh via http://nas/diagnostics.html
– use the described method to login as root

Hometeck20001 July 18, 2011 at 8:33 pm

hi i have the iomega ix100 and tride to akses the thidden web page of iomega storcenter and ther is aproblem with the certiffecut and clikt the link and got 404 file not found can you help my emaile is hometeck20001@hotmail.com

Joakim Laine August 14, 2011 at 7:07 pm

Has anybody tried with http://iomega.nas-central.org/wiki/Category:Ix2-200-usb-init using the cloud edition firmware downloaded from iomega support site into non cloud ix2-200 if it works?? will it erase the drives or keep old data?? This would also add os x lion compatibility. I’d test it but dont have extra drives to try with.

Iomega Storcenter – enable ssh access and install mediatomb server | Ramblings October 11, 2011 at 7:13 pm

[…] https://www.pkguild.com/2010/01/shell-access-to-your-ix2ix4-exposed-get-yer-red-hot-ssh-here/ This entry was posted in Storcenter by admin. Bookmark the permalink. […]

Remco October 26, 2011 at 8:55 am

I have 4x StorCenter ix2-200 with out iCloud and have buy a new one this is with iCloud but i dont like the system, is there a way to switch the firmware back to the old version?

Thx for your feedback.

Christopher Kusek October 29, 2011 at 7:56 am

What you’ve all been waiting for! My good friend Chris Colotti brings us:

How To: Convert an Iomega IX4-200D to an IX4-200D “Cloud Edition” bit.ly/vMbkWU (by @ccolotti)

http://www.chriscolotti.us/technology/how-to-convert-an-iomega-ix4-200d-to-an-ix4-200d-cloud-edition/

Tohesop November 7, 2011 at 2:46 pm

it works on ix4-200r, 2.0.4.41587
i’m amused :-)

matt December 1, 2011 at 8:54 am

This just worked with my “iomega 34785 3TB Home Media Network Hard Drive, Cloud Edition”, purchased last week (http://www.newegg.com/Product/Product.aspx?Item=N82E16822186283), with the latest firmware.

I went through the whole cracking process to find it’s still root:soho

matt December 1, 2011 at 8:55 am

I forgot to mention, I had to use /diagnostics.html, as described by Magneto below.

Mao January 11, 2012 at 5:14 pm

Someone has the instructions to update to ix4-200d to Cloud Edition? Colotti has removed

Christopher Kusek January 11, 2012 at 10:58 pm

It looks like technically they’ve released a new(er) updated Firmware to take it to 2.1.40 which gives support for LION, though I imagine doesn’t convert it over to the Cloud Edition.

Having never actually gotten around to updating my IX4 to the Cloud Edition (Hey, I was busy! :)) What benefits did it particularly provide?

https://iomega-eu-en.custhelp.com/app/answers/detail/a_id/22315

Mao January 15, 2012 at 3:58 pm

The firmware 2.1.40 only adds support to the lion.
I have the old version of ix4 and I also tried the version cloud edition.
it has a new interface and management different from the old, new applications have “cloud” and some applications to synchronize their profiles in social networks

Mao January 15, 2012 at 4:04 pm

Hi Christopher, if you have the update files and instructions, you could send them to me or make it public?

Mrmichael112002 July 17, 2012 at 9:26 am

the soho plus admin password is ACCURATE

Jmbarros November 3, 2012 at 8:00 am

LOL!!!!!!! very nice article, and how iomega can be so stupid to put the shadow file in your dump file????? haahhahahahha…very nice! tks!

Daniel January 30, 2013 at 2:17 pm

For px6-300d (firmware 3.2.3.15290) only works in this way too, soho+admin-password

Using NFS to Share Data Between UNIX and Mac OS X March 20, 2015 at 3:42 pm

[…] and slow. I was getting less than 10 MB/s so the transfer would take more than two days! Luckily, I rooted the Iomega years ago and was able to get inside and take a look. Sure enough, the CPU was pegged at 100% the […]

Shell access to your ix2/ix4 exposed! “Get yer red hot ssh here!”

Share this:

79 comments

Kcantrel May 23, 2011 at 8:51 pm

Christopher Kusek May 23, 2011 at 9:03 pm

_rico_ May 27, 2011 at 8:19 pm

_rico_ May 27, 2011 at 8:24 pm

Guest June 3, 2011 at 3:20 pm

Dave June 6, 2011 at 5:47 am

Guest June 14, 2011 at 2:12 am

footswitch June 15, 2011 at 12:01 pm

Joachim June 20, 2011 at 8:35 pm

Yozz June 26, 2011 at 3:57 pm

Scpcom July 5, 2011 at 10:22 pm

Remy Blank July 8, 2011 at 3:38 pm

Magneto July 14, 2011 at 2:04 pm

Hometeck20001 July 18, 2011 at 8:33 pm

Joakim Laine August 14, 2011 at 7:07 pm

Iomega Storcenter – enable ssh access and install mediatomb server | Ramblings October 11, 2011 at 7:13 pm

Remco October 26, 2011 at 8:55 am

Christopher Kusek October 29, 2011 at 7:56 am

Tohesop November 7, 2011 at 2:46 pm

matt December 1, 2011 at 8:54 am

matt December 1, 2011 at 8:55 am

Mao January 11, 2012 at 5:14 pm

Christopher Kusek January 11, 2012 at 10:58 pm

Mao January 15, 2012 at 3:58 pm

Mao January 15, 2012 at 4:04 pm

Mrmichael112002 July 17, 2012 at 9:26 am

Jmbarros November 3, 2012 at 8:00 am

Daniel January 30, 2013 at 2:17 pm

Using NFS to Share Data Between UNIX and Mac OS X March 20, 2015 at 3:42 pm