Akitio MyCloud Duo vs HP ProLiant Microserver with FreeNAS
Also a trick to enable root access on the Akitio MyCloud Duo
I have managed to enable ( well change the password as its technically already enabled ) the root user account for SSH access to this device.
First I want to state that I was a very angry owner of three Akitio MyCloud Duo’s but now I am a very proud and happy owner of once HP ProLiant MicroServer N40L running Free NAS.
The Akitio device:
http://www.akitio.com/network-attached-storage/mycloud-duo
$160 Retail for the each device but I will look at this price comparison from a per unit cost.
$60 postage for three devices so lets just say $20 postage.
10+ days worth of frustration on postage and supply delays.
2 weeks of wanting to nearly slash my wrists due to the devices crap interface and poor stability with Hard Drive detection.
$45 Return postage for Refund.
Pro
Cheap
not too difficult to install the drives
low power consumption
looks nice as a device
iOS apps for accessing and uploading photos and files to the device
Supports RAID 1, 0 and JBOD
Con
256MB NAND, not much space to play once you have root access.
Web based OS controls, buggy and little configurable access.
User account based home sharing, makes simple sharing for a single location as guest access impossible with out needing a password… very inconvenient for enclosed networks using project files etc…
torrent client is extremely limited with next to no controls apart from add and remove…
Only a 2 bay NAS
Only supports RAID 1, 0 and JBOD
0 Display connectors.
If the Linux OS running on the NAND falls over there is no restore to factory settings option… your device just bricks.
No ability to access the NAND externally
3/10 for functionality.
8/10 for visual design.
6/10 bang for your buck.
1/10 for reliability. ( I would never trust this with my least important files )
Intended market: consumer
Comment: I am concerned about what frustrations this device may cause a consumer when faced with how to share their files over the network and control who can access them.
The HP ProLiant Microserver device:
http://www.megabuy.com.au/hp-658553-371-proliant-n40l-microserver-p293609.html
$264.95 Retail from MegaBy.com
$17.95 postage
89MB download for FreeNAS ( no cost really… plenty of download available on my internet plan )
Pro
Price is still considered affordable and cheap when compared to most server based devices.
4 bay NAS
Comes with a 250GB HDD taking up one of the drive slots.
Supports most RAID configurations eg 0,1,5 etc…
Supports ZFS and RAIDZ
Excellent web based GUI.
A well established support community.
Documentation that could sink a ship but allow you to find almost any answer you need to questions and errors you encounter.
2 GB Memory in slot one and slot two is free for another 2GB or any 2 Memory mole combination you like up to the devices spec max Memory.
2 PCI
Con
Needed to remove the 250GB drive and mount it in a USB Caddy to free up the 4th bay to run a 4 drive RAID.
Advanced configuration requires unix based knowledge and intermediate to advanced computer knowledge to configure.
The device is larger than the MyCloud Duo but this is to be expected as a 4 bay device running computer standard HW inside.
10/10 for functionality.
8/10 for visual design.
10/10 bang for your buck.
8/10 for reliability. ( Running the worlds oldest and most trusted kernel, unix I would not be able to find a more trustworthy device )
Intended market: Small to Medium Business
Comment: In the hands of a good administrator or savvy home user this device could prove quite useful and efficient as a network attached storage device.
I also bought 4 x 2TB WD Green Hard drives for $145 each but that cost is separate as I will be now using it with the HP Microserver.
My Microsever is now running an awesome OS for NAS sharing ( the controls and settings are a lot more advanced than the MC Duo but gives my the control and need and want )
How to enable ( change the password ) root access via SSH
I won’t beat around the bush, but I do want to credit my brother and I for possibly being the first people to find this hole and exploit it for the purpose of having more control over the device than what was offered through their WEB OS.
I no longer own one of these so I am sorry that this does not contain any images, I was not able to screen capture what aint there no more… but I will try to be a descriptive as possible.
Out of the box you get a user account with “admin” as the username and “admin” as the password ( or was it “password” as the password, this does not really matter )
Browse to the IP of the device in your web browser.
Once you have logged in using “admin” go straight to the settings control panel and first go into firmware, disable updates as there is a chance this post may attract enough attention for them to release and update that will automatically get applied and you may lose all root access… that would suck so again, disable auto updates.
Now using the same settings control panel go into accounts, using the admin account change its password to what ever password you desire to use as root.
This is where me no longer owning one and Akitio’s Wiki appears to be out of date or missing the image to show you…
Then go back to the settings control panel and go into an area that should be backup configuration? again forgive me… I should have done this before sending the devices back but I know its there… it should be some kind of system backup and restore area.
Go into the backup and restore are and backup your configuration, it will download a zip file containing around 12 – 16 files, again no longer have these either to reference… but its a zip file all the same…
Now this is where it gets a little specific with what you need to do… all terminal commands from here need to be done as root otherwise you will brick your MyCloud Duo and there is no way to recover from this.
I REPEAT >> WARNING >> PERFORM ALL THE FOLLOWING AS ROOT.
As an additional disclaimer I take no responsibility for anything that may happen as a result of following the instructions on this page or otherwise from my self else where.
# using terminal on your computer: ( I was using a Mac, but a linux system will work the same… not sure about windows though )
I would say its confirmed a working hack using Mac Terminal, linux should work and I doubt windows will work with this as its not unix based… don’t use windows with any DOD prompts… for starters none of these commands will work and second it does not follow the same file system properties.
sudo -i
# this will prompt you for a password, enter in your administrator password for your admin user account your using in mac, please note that if your user account in mac does not have a password then this will not work… you need to specify one in Apple > System Preferences > Accounts ( Users )
cd ~/Downloads
# using the cd command browse to where ever you downloaded the configuration backup file from the akitio web portal of your MyCloud Duo. usually the Downloads directory in your user account ~/ means from my home dir. aka $HOME un linux but linux still recognises ~/
mkdir ./UNZIP
# this will make a folder for us to work with
unzip isharing_backup_name.zip -d ./UNZIP/
# this will unzip the contents of the zip file into the UNZIP folder as root level.
cd ./UNZIP/
# this will change the terminal view into the UNZIP folder.
vi shadow
# this opens a file called shadow for editing in a very simple editor called “vi” if you have never used this before then I suggest to read up so that you know how to use it. I will try to explain each step as if you don’t but it helps to know.
# now normally with out root access you would never be able to edit and save this file back to a server thus its secure and never an issue that the passwords are stored in it as encrypted data… but the loop hole in the Akitio devices is that their web interface controls run as root and thus once this shadow file has been save and zipped back up you can upload the file right back up into its place with out needing root access.
# in this shadow file you will see a list of usernames aligned to the left and information on each line for each user separated by a : per chunk of information… basically the “root” user should be the one at the top and it has an excepted password about 20-30 char long… you can’t miss it but please refer to this site for understanding the shadow file.
http://www.cyberciti.biz/faq/understanding-etcshadow-file/
# now locate your “admin” user, should be towards the bottom of the list, using the link above to understand where the password starts and ends, copy the password for admin “admin:password_is_stored_excrypted_here:…..” ensure you get all the characters between the : : and not include the : :
# now go back up to root with the terminal flashing cursor, press the letter i on the keyboard for the “INSERT” function of VI and delete the password for the root line so that your left with “root::….” then position the curser in bwteen the two : : and paste your admin encrypted password.
#Now save the file by pressing on the keyboard the following keys SHIFT + ; ( inputs a : ) then press the “w” key followed by the “q” then press return, this should have saved the file and brought you back to the terminal prompt.
zip isharing_backup_name.zip *
# this zips up the contents of the UNZIP folder into a zip file called is haring_backup_name.zip, please note that this is now located inside the UNZIP folder.
# now go back to your MyCloud Duo website and back into the backup and restore control panel, again I forget what its called but its there along the top row… but not visible from the wiki example images…
# now choose to upload or restore the configuration from a backup file, choose the newly created zip file inside the UNZIP folder under your web browsers downloads folder.
# use standard upload technique just to ensure its simplified and successful.
# once the upload is completed you need to reboot the device.
# there is a shutdown and reboot area of the control panel, use this to reboot the device.
# once the device has rebooted you should now be able to…
ssh root@10.0.1.100
# using the IP of your device and the password for the admin user.
# If this did not work then there are two points where you could have made a mistake or was not successful, the editing of the shadow file or the uploading to the device failed.
# Please feel free to contact me to ask questions but remember I no longer own one and my memory ( intentionally for my own sake ) is rapidly forgetting how to browse its crappy control panel 
# there is a “Contact us” button at top right, might even be a Online support button if I am online via chat. feel free to chat me if this is the case.
