The purpose for opening a stock firmware is to gain root access to LinkStation. With root access, several additional softwares can be added to the firmware, e.g: using optware package. Furthermore, a custom operating system can be used to replace the Buffalo stock firmware such as Debian.
This process based on existing method on buffalo.nas-central.org, tested on LS421DE:
- Download the tools from https://github.com/tohenk/linkstation-mod/archive/master.zip.
$ mkdir ~/lsmod $ cd ~/lsmod $ wget https://github.com/tohenk/linkstation-mod/archive/master.zip $ unzip master.zip $ cd linkstation-mod-master
- Get the Buffalo stock firmware from http://buffalo.jp/support_ap/support/products/ls400.html, the latest firmware as of this writing is 1.33.
$ mkdir firmware $ cd firmware $ wget http://buffalo.jp/php/ldl_ap.php?to=secure%2Fnas%2Fwin%2Fls400-133en.zip%3Fkey%3DMzEyNzEwMDQzNzE0NTQ2OTEwMTAwMjJkcml2ZXIuYXNpYS5idWZmYWxvLmpwMDQwL2J1Zi1kcnYyL3NlY3VyZS9uYXMvd2luL2xzNDAwLTEzM2VuLnppcDEwMTAwMDJpZDExMTBya3BhdzAwMDAwMDA2MDAwMzcyNzY%3D%26ext%3D.zip $ unzip ls400-133en.zip
After unzip process, the firmware can be found on the ~/lsmod/linkstation-mod-master/firmware/ls400-133en/ folder.
- Prepare SSH public key for login authentication.
If you’re already using a linux box, simply copy id_dsa.pub or id_rsa.pub to data folder.$ cd ~/lsmod/linkstation-mod-master $ cp ~/.ssh/id_dsa.pub data/id_dsa.key
On windows box, use puTTYgen to generate SSH private/public key pair. Refer to http://winscp.net/eng/docs/ui_puttygen for an example. After the key generation is complete, do not close the puTTYgen window, rather select all the text in the generated public key, press Ctrl+C to copy the content and paste it as text file in notepad and save the file with .key extension. You then can copy the file to linux box using WinSCP for example and put in the data folder.
- Execute the script to open the stock firmware.
$ sudo ./scripts/open-ls-rootfs.sh firmware/ls400-133en/hddrootfs.img Opening stock firmware ROOTFS of firmware/ls400-133en/hddrootfs.img. > Preparing directories... > Unpacking ROOTFS image... Using password 1NIf_2yUOlRDpYZUVNqboRpMBoZwT4PzoUvOPUp6l. > Extracting ROOTFS... > Removing root password... Removing root password from initfile backup. Removing root password from shadow file. > Allowing root login via telnet and ssh... Enabling SSHD service. > Adding ssh key... > Creating emergency script service... > Package ROOTFS... Opened ROOTFS image saved in /home/toha/lsmod/linkstation-mod-master/out/hddrootfs.img. Done.
Additionally, you can add features by editing data/nas_features and issue the following command:
$ sudo ./scripts/open-ls-initrd-cpio.sh firmware/ls400-133en/initrd.img Opening stock firmware INITRD of firmware/ls400-133en/initrd.img. > Preparing directories... > Unpacking INITRD image... Using password 1NIf_2yUOlRDpYZUVNqboRpMBoZwT4PzoUvOPUp6l. > Extracting INITRD using cpio... > Enable SFTP in nas_features... > Patching nas_features... Applying patch from /home/toha/lsmod/linkstation-mod-master/data/nas_features. > Removing root password... > Create and package INITRD... Opened INITRD image saved in /home/toha/lsmod/linkstation-mod-master/out/initrd.img. Done.
The opened firmware image can be found on ~/lsmod/linkstation-mod-master/out/ folder named as hddrootfs.img and initrd.img.
- Re-flash the modified firmware.
You need a windows box (or Machintosh) to flash Buffalo firmware. Copy and replace original firmware with the opened firmware from previous step.
Append the following lines to LSUpdater.ini[SpecialFlags] Debug = 1
Execute LSUpdater.exe, activate debug mode by clicking in the upper left corner (see figure below).
In the Debug Mode dialog, tick the following options:- Config: Do not check version
- Config: Force update
- Update: Update rootfs
- Update: Update initrd (only if you add features to initrd image)
Next, perform update process by clicking the Update button. After update process is done you can SSH-ing to the box using root.
16 thoughts on “Opening Stock Firmware of LinkStation LS421DE”
I’ve tried this a couple of times and all that ends up happening is the linkstation tries to boot, but the status light just flashes red and blue. Any thoughts?
I have tried, and ssh is active but I can’t SSH using root. I logged in using user admin with password successfully. How can I logged in using user root?
Have you try to use ssh public key authentication?
In Firmware 1.80 the root account is locke, which means even public key authentication is not possible. So one cannot log in as stated as your last step.
The tool used with the link did the trick, since you can get root access using that tool: http://forum.nas-hilfe.de/buffalo-technology-nas-anleitungen/ssh-freischalten-auf-einer-ls421de-t2165.html
Anyway, big thanks to you Toha. More people like you are needed on the net 😉
Hi, I had the same problem (can’t login with ssh key) on firmware 1.81. After I used Cris solution, I found the reason, why it wasn’t working. /var/log/messages shows the reason:
Authentication refused: bad ownership or modes for directory /root
/root /root/.ssh and /root/.ssh/authorized_keys have the wrong permission! Therefore I modified open-ls-rootfs.sh. Inside do_correct_permissions(), I added:
chmod 0700 “$ROOTFS/root”
chmod 0700 “$ROOTFS/root/.ssh”
chmod 0600 “$ROOTFS/root/.ssh/authorized_keys ”
Then I had to uncomment the do_correct_permssions inside the main method.
With these modification, everything works now.
Thanks for your feedback Dennis, will integrate it on Github.
When I try running this, I get to this step:
do_unpack_rootfs() {
show_msg “Unpacking ROOTFS image”
PASSWORD=`unpack_buffalo_image “$ORIGINAL” “$ROOTFS_IMG”`
But my system can’t find an executable called unpack_buffalo_image .
Where do I get it?
https://github.com/tohenk/linkstation-mod/blob/master/scripts/ls-functions.sh#L29
what changes do I need if I want to replace the root password instead of removing it completely?
It is easier if you change the root password after logging in using SSH.
Hi there and thank You for all your Work.
I´l got a LS220D so my question is did this also working for a ls220D and modifire the firmware LS200-v170 ?
Till step 4 “Execute the script to open the stock firmware” it works fine on a VM-Ware Linux-Mint 19.1 and i could create the “hddrootfs.img” but if i want to “add features” the features script failed to create the”initrd.img”
##execute features script##
~/lsmod/linkstation-mod-master$ sudo ./scripts/open-ls-initrd.sh firmware/LS200/initrd.img
Opening stock firmware INITRD of firmware/LS200/initrd.img.
> Preparing directories…
> Unpacking INITRD image…
Using password 1NIf_2yUOlRDpYZUVNqboRpMBoZwT4PzoUvOPUp6l.
> Extracting INITRD using GZIP…
> Enable SFTP in nas_features…
> Patching nas_features…
Applying patch from /home/doonuts/lsmod/linkstation-mod-master/data/nas_features.
> Removing root password…
> Create and package INITRD…
/home/doonuts/lsmod/linkstation-mod-master/scripts/ls-functions.sh: Zeile 122: mkimage: Befehl nicht gefunden
\nDone.\n
##end execute features script##
could you help me to find the foult?
ThX in Advanced
DooNuts
This works for my ls420ds. Thank you.
Now I am struggling with how to install transmission Daemon.
I’m scared to try switching to Debian and I’m a noob so unsure how to compile from source.
Any advice or help would be gratefully received
This worked very well for my LS220D. Can now ssh in with the admin password.
Great work.
funciona para buffalo linkstation 520?