Recommended Posts

I follow this thread since a few weeks and I'm really amazed by your works, guys ! You deserve the congratulations of all of us :wink:

 

+1

 

I have just repacked/optimized previous xpenology builds but guys your work is amazing :mrgreen:

Can't wait to work on 4.3 build :smile:

Link to post
Share on other sites
With the info you posted I can probably manualy create a devices file for synology_bromolow_3612xs :smile:

Yes, you're right, it is a hash check for files + check for hardcodes devices (like sata controller/network controller) in files vs /proc/bus/pci/devices.

 

I do not understand why they did not also check synobios.ko

 

I have a working DS3612xs :smile:. Thanks to Vortex's info I created /proc/bus/pci/devices

 

4_3_bromolow.jpg

Link to post
Share on other sites

Here too :smile: I'm kind of busy theses days so I can only spend halt an hour max to play with...

 

@Venom, did you filter the open hook on current->comm (process name), I mean there could be side effect if all of the open are hooked to the fake file :razz: we juste have to build an array with all of the process name calling for it (hoping no side effect) and compare with current->comm.

 

Another thing, I got issue with ia32_sys_call_table at first (because of 64 bit architecture and 32 bits binaries), I made an ugly "hack" (#define __NR32_OPEN = 5), how did you deal with ?

 

If you can share your code :smile: I can also share mine. Tanks.

 

I started to look to emulate the ttyS1 device for for example the get_micropid() function with a proper return, it could be easy to do.

 

In fact binaries like scemd use ioctl to /dev/synobios and synobios.ko deal with /dev/ttyS1 (with is a serial device to manage leds, button,...). the module contain also some kernel function to deal with satacontrol and disks. So with a little work, we could :

 

Generate a custom synoboot from pat file :

- get the rd.gz and add the module to fake the system (need to be added before synobios.ko)

- add a custom kernel for better compatibility (64bits / drivers)

 

Install the DSM from the genuine PAT file without any patching or rebuilding.

 

This way we don't "break" any Synology property.

Link to post
Share on other sites

I tried it your way. I only hooked on /proc/bus/pci/devices using sample code from the https://github.com/mfontanini/Programs-Scripts/blob/master/rootkit/rootkit.c. Take a look at it, should help.

Then I took a different approach. I created /proc/virtual_devices, removed /proc/bus/pci/devices then symlink /proc/bus/pci/devices to /proc/virtual_devices.

 

static int __init dsmcheck_proc_init(void) {
if ( strcmp(syno_hw_version, "synology_bromolow_3612xs") == 0 || strcmp(syno_hw_version, "synology_x86_1511+") == 0 ) {
	created_virtual_devices = true;
	printk(KERN_INFO "DSMCHECK : %s found, creating virtual devices\n", syno_hw_version);
	remove_proc_entry("bus/pci/devices", NULL);
	proc_create("virtual_devices", 0, NULL, &dsmcheck_proc_fops);
	proc_symlink("bus/pci/devices", NULL, "../../virtual_devices");
} else {
	printk(KERN_INFO "DSMCHECK : %s found, not supported yet, skipping\n", syno_hw_version);
}
return 0;
}

 

I insert my module from /etc/rc using syno_hw_version=$UNIQUE as param.

# insert virtual devices module
insmod /root/dsmcheck.ko syno_hw_version=$UNIQUE

 

I will share the module once I am sure there is no problem.

Link to post
Share on other sites

Hey Guys, you are so great. I'm using Transtor's 4.2 3211 with some limitation (have a H87 Intel Board and this seems not to be fully recognized). I hope, that this 4.3 will include newest hardware driver support;-)

 

I'll stop working to optimize my 4.2 (e.g. dsaudio doesn't work) and continue with 4.3 once it is there.

 

But don't hurry, you already did a great job and I can wait some more time before jumping on that new train.

 

all the best

 

myhtpc

Link to post
Share on other sites

I appreciate all the time and effort people have put into working through these new hurdles.

 

I hope there will be a 4.3 QNap x59 release for this, similar to what Vortex has released in the past.

 

Thanks again,

T.

Link to post
Share on other sites

THANKS A LOT! Guys, great job!

 

p.s. You are very familiar with Linux tools. You proved it once more.

Could you look at one old problem in Xpenology - BIOS goes to reset state

(there are several reports for different hardware configurations) when power-off shedule is enabled?

 

 

thanks again!

Link to post
Share on other sites

The problem with this is that if you unmount, /dev/sda will get deleted. Even if my module gets unloaded cat /proc/bus/pci/devices returns null so the check doesn't do anything (I spoke too soon, it will remove /dev/sda).

 

DiskStation43> dmesg | grep DSM
[    2.785396] DSMVD : synology_x86_1511+ found, hooking virtual devices
DiskStation43> rmmod dsmvd
DiskStation43> dmesg | grep DSM
[    2.785396] DSMVD : synology_x86_1511+ found, hooking virtual devices
[   96.543365] DSMVD : unhooking virtual devices, replacing with NULL
DiskStation43> cat /proc/bus/pci/devices
cat: read error: Invalid argument

 

Anyway, I would not use 4.3 with this check in production. Syno can do anything in their apps, so they can unload/unmount anything we do here. So let's say you install/update AudioStation and then you notice that all your data is gone.

Link to post
Share on other sites
Anyway, I would not use 4.3 with this check in production. Syno can do anything in their apps, so they can unload/unmount anything we do here. So let's say you install/update AudioStation and then you notice that all your data is gone.

 

Agree. But I'll use 4.3 in production :smile: New features are important for me. I will not have problem check updated packages if they are safe before upgrading.

Edited by Guest
Link to post
Share on other sites

New Synology "microupdate" techniqie is amazing! Now they can update certain files without updating a whole system.

For example DSM 4.3-3776-2 fixes a vulnerabilities by updating some system sfiles.

New patches are in .deb format, downloads silently and installs silently or after confirmation.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.