Shell access to your ix2/ix4 exposed! “Get yer red hot ssh here!”

January 8th, 2010
by Christopher Kusek (PKGuild)

So, I promised you guys in Iomega ix4-200d data reconstruction, ssh and more! that I would expose the password to login to the ix2 and ix4 as soon as I could.    Well, your wait is finally over!

Let’s start as you normally would, by logging into the support console!

http://192.168.1.1/support.html

Click on Support Files

Whoa, what’s that I highlighted there and even tossed in an arrow?! Can I MAKE it any more straight forward? Psst.. Click on Support Files :)

Click on the Dump button

Ooh, what’s that little guy down there? Dump? Yea, I didn’t even notice this before (because I had shell access myself ;)) but this is for your benefit!

The system will go through "Gathering system state…"

Open up your dump file!

Why yes, I did go mad with clicking colors and arrows in the win7 version of MSPaint.. Okay, but I digress. :)

Click that bad boy, which will include dump data about your system! Download it, and open it!

Drill down into the dump –> config –> etc –> and open up the file named “shadow”   (dump-20100107225620.tar.gz\dump-20100107225620\config\etc)

Wait, what?! Is that an exposed hash with the root password from your shadow?!

Find your shadow File in there, and lo and behold, you will have your Iomega root users hash!    Now it’s just a matter of cracking it!

It is beyond the scope of this article to tell you how to actually crack the pwd.. (giggle) go here, download john the ripper and you’ll do just fine :)

Password CRACKED in seconds! user:root pwd:soho

Taking my seed from my system and running it through a simple alphanumeric search, I come up with username root, password soho! That was easy! That works if you have NO Password set!

Through a collaborative effort with @randyjcress @Kiwi_Si @VirtualisedReal and @gabvirtualworld we were able to determine that by using soho and whatever password you use on the system, that should do it! And really, the credit does primarily go to @randyjcress for leading us in that specific direction so props randy! :)

ie: admin pwd is apples, so login using sohoapples – This is still undergoing verification, but I thought I’d share it out there, while we sort it out!

Disclaimer: The means to perform all of these tasks has been replicated and verified in the wild without requiring any intimate knowledge of the inner workings of the system. 

Tags: , , , , , , , , ,
Posted in Iomega, NAS, Storage | Comments (79)

  • Kcantrel

    Okay, now I have done with I wanted to with ‘ssh’ access, how do you turn it off?  I have an IX-200 Cloud Edition and I’ve gone back to the support.html file, well, actually, it is diagnostics.html for the cloud version, unselected the check mark next to “allow remote access for support” and clicked Apply.  Unfortunately, the check mark reappears and as expected, ssh access remains.  Do I have to reboot this thing to get it to stick?

  • In a word.   Yes, yes you have to reboot it for the SSH access to turn off.
     

  • _rico_

    Hi Buck, did you find a way to upgrade to cloud edition?

  • _rico_

    Hi Chris, great work here, love my ssh on the ix2-200. Did you find a way to upgrade from a non cloud ed to cloud?, I have two ix2-200 units and I would love to use the cloud edition …

  • Guest

    you lose the warranty like this

  • Dave

    Hello, 
    I have a ix2-200 , and how can upgrade it to Cloud Edition.
    thanks 
    Dave

  • Guest

    I’ve heard that you CAN upgrade the ix2 to CLOUD EDITION… HOW???

  • footswitch

    Hi there,

    This wiki page contains a set of instructions in order to recover the NAND or replace the internal HDDs:

    http://iomega.nas-central.org/wiki/Category:Ix2-200-usb-init

    This would not only allow us to swap the HDDs in the ix2-200 to larger ones, but also upgrade (?) to the cloud edition.

    I do NOT know if any of this works as advertised.

    I have little knowledge of SSH and *nix and so forth. If
    someone with proper know-how is willing to give it a try… pretty
    please :)

    If you need to perform some test in one of the devices and you don’t have it…

    —- I have both ix2-200 (1 year-old model and the new Cloud Edition). —-

    So I’m more than willing to help with what I can.

    P.S.: I did try a basic and probably stupid thing:

    1. Remove the drives from the older model;

    2. Place just one drive from the Cloud Edition into the older model.

    I imagined at first that it would boot as if it were the Cloud Edition,
    but it doesn’t. It seems like there’s a part of the OS that’s stored in
    the HDDs and another part (or firmware) stored in the board…?

  • Joachim

    Just a stupid question. Why don’t you use the first icon? Support access, and then check the ‘Enable support access via ssh…’? Afterwards, you can ssh with root & password soho-pwd…

  • Yozz

    I have the ix2-200 edition and wanted cloud as well. I’ve made it working, however not by a hack. I bought the transmit app http://www.panic.com/transmit/ (mac only) and have set that setup over ssh connecting to my ix-200. 2 minutes work and all can by accessed as a local drive. No read/write issues or other tech issues. Just plug and play.

  • Scpcom

    I updated my USB Init page on NAS Central. Now also people who have only Non-Cloud Edition can update to Cloud Edition (on new drives). Only the original firmware file for cloud edition is required

  • Remy Blank

    I understand this procedure enables the SSH server on the ix2, that is, sshd. Is the ssh client also installed? That is, if I’m logged into an ix2, can I ssh to another machine? Is Python installed, too?

  • Magneto

    FYI:
    Procedure works fine on a StorCenter px6-300d.

    – enable ssh via http://nas/diagnostics.html
    – use the described method to login as root

  • Hometeck20001

    hi i have the iomega ix100 and tride to akses the thidden web page of iomega storcenter and ther is aproblem with the certiffecut and clikt the link and got 404 file not found can you help my emaile is hometeck20001@hotmail.com

  • Has anybody tried with http://iomega.nas-central.org/wiki/Category:Ix2-200-usb-init using the cloud edition firmware downloaded from iomega support site into non cloud ix2-200 if it works?? will it erase the drives or keep old data?? This would also add os x lion compatibility. I’d test it but dont have extra drives to try with.

  • Pingback: Iomega Storcenter – enable ssh access and install mediatomb server | Ramblings()

  • Remco

    I have 4x StorCenter ix2-200 with out iCloud and have buy a new one this is with iCloud but i dont like the system, is there a way to switch the firmware back to the old version?

    Thx for your feedback.

  • What you’ve all been waiting for! My good friend Chris Colotti brings us:

    How To: Convert an Iomega IX4-200D to an IX4-200D “Cloud Edition” bit.ly/vMbkWU (by @ccolotti)

    http://www.chriscolotti.us/technology/how-to-convert-an-iomega-ix4-200d-to-an-ix4-200d-cloud-edition/

  • Tohesop

    it works on ix4-200r, 2.0.4.41587 
    i’m amused :-)

  • matt

    This just worked with my “iomega 34785 3TB Home Media Network Hard Drive, Cloud Edition”, purchased last week (http://www.newegg.com/Product/Product.aspx?Item=N82E16822186283), with the latest firmware.

    I went through the whole cracking process to find it’s still root:soho

  • matt

    I forgot to mention, I had to use /diagnostics.html, as described by Magneto below.

  • Mao

    Someone has the instructions to update to ix4-200d to Cloud Edition? Colotti has removed

  • It looks like technically they’ve released a new(er) updated Firmware to take it to 2.1.40 which gives support for LION, though I imagine doesn’t convert it over to the Cloud Edition.

    Having never actually gotten around to updating my IX4 to the Cloud Edition (Hey, I was busy! :)) What benefits did it particularly provide?

    https://iomega-eu-en.custhelp.com/app/answers/detail/a_id/22315

  • Mao

    The firmware 2.1.40 only adds support to the lion.
    I have the old version of ix4 and I also tried the version cloud edition.
    it has a new interface and management different from the old, new applications have “cloud” and some applications to synchronize their profiles in social networks

  • Mao

    Hi Christopher, if you have the update files and instructions, you could send them to me or make it  public?

  • Mrmichael112002

    the soho plus admin password is ACCURATE

  • Jmbarros

    LOL!!!!!!! very nice article, and how iomega can be so stupid to put the shadow file in your dump file????? haahhahahahha…very nice! tks!

  • Daniel

    For px6-300d (firmware 3.2.3.15290) only works in this way too, soho+admin-password

  • Pingback: Using NFS to Share Data Between UNIX and Mac OS X()

  • Archives