WD MyBookLive shutdown

Hello,

So you guys know of the hack on this unit (sotck firmware), right? Not sleeping well since.
I wanted to repurpose the drive, as 2nd backup, and found out OpenWRT can ron on this, amazing!

I am writing this after acomplishing some nice things:
-Installed successfully
-On a 4TB drive
-Managed to make a GPT partition above 2TB, use all the remaining drive. Leaving 1GB for the system partition!
-Installed Samba, create a share with authentication.
-Installed rsyncd (requirement to act as a backup drive of another drive, in this case, my Synology NAS). This one gave me some work, I was getting a problem with permissions. I found out I had to set "chroot = no" in order to work. It's a bit offtopic but I didn't understand what this means and its consequences in terms of security.

As paranoia levels are high, I want to shut it down after the backup is made. It is meant to be offline backup, to try to prevent me if I get some ransomware or something.

I already searched the forum, and there are some topics marked as solved but I don't understand what I am supposed to do.
As they said in the threads, halt only stops the disk temporarily (going to blue led for some 30s) and then returns to normal state, and poweroff just reboots the unit.

As the stock firmware could shut down the drive completely via UI, I ask for an easy solution. It might be through LUCI interface or SSH, preferably both options (more flexible).

The firmware version is current, just installed it, it is 21.02.1

Thank you very much!

It allows you to boot from a LiveCD and then take control of the drive w/o login.

When I need to rollback kernel's on my system I'll boot to a LCD image and then mount the drive partition and chroot /mnt to access the underlying partition and be able to install / remove kernel's w/o being asked to login.

If you wrote over the WD system OS the exposure to the "hack" is now irrelevant as you have an entirely new OS running on the device that's more secure.

Hello and thank you for your answer!

I am sorry but I didn't understand what you expaliend about chroot. But nevermind because it doesn't seem to me importante at the moment. I only wanted to know it if was a security breach of my part!

Flashing OpenWRT was precisily to replace a buggy-old OS, now I am more relaxed :slight_smile:

Regarding to the shutdown feature (for me it is a must-have), can you or other person help?

TY once again!

Can someone provide some help regarding to the shutdown feature please?
It is very importante for me as I want to use this as offline backup.

Thank you very much.

From OpenWrt's side (userspace/ init), shutdown/ poweroff works just fine - but the kernel side SoC support for many embedded targets may not deal with this properly (it's more targeted at 24/7 usage, many developers probably never test it). Fixing this will require kernel development/ debugging.

I don't know of anyway to shutdown a USB port from GUI / CLI as it's not called for assuming users have access to simply unplug the port. If it was an interface I could simply do "ifconfig down" and it turns down the IF and just replace down w/ UP to bring it back online.

The command to see the USB interfaces is "lsusb" and would output:

lsusb
Bus 002 Device 002: ID 174c:3074 ASMedia Technology Inc. ASM1074 SuperSpeed hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 005: ID 046d:c52b Logitech, Inc. Unifying Receiver
Bus 001 Device 003: ID 174c:2074 ASMedia Technology Inc. ASM1074 High-Speed hub
Bus 001 Device 002: ID 18d1:4e41 Google Inc. Nexus 7 (MTP)
Bus 001 Device 006: ID 8087:0032 Intel Corp. 
Bus 001 Device 004: ID 26ce:01a2 ASRock LED Controller
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

There might be a way to do a USB shutdown if you google it.

@slh
So no solution has someone has to go deeper on this?
Can I help with something, like testing?
Who could make this happen?

@Tech_Junky
I am sorry what? USB Shutdown?
What does that has to do with this? I am sorry I don't understand.

PS: I don't know how to quote or multi-quote :frowning:

For some reason I thought you were talking about an external drive.

This just is odd to be running OWRT on a NAS. In Linux you can do a "shutdown now" command and it will shutoff whatever device it's running on.

Sorry, currently there is no way to really shut down a WD My Book Live. The board actually has no way of shutting down.

The manufacturer's firmware fakes a shutdown by putting the CPU in an endless loop after disabling everything and turning off the LEDs. The board is still running but it's not doing anything anymore. With OpenWrt that wouldn't work, a watchdog kicks in that senses there is a problem and reboots the device.

(There used to be a rather ugly and very hack-y way that replicates that "fake shutdown", but that does not work anymore with current versions of OpenWrt, so there's no point in describing it here.)

That can be mitigated with different means, the easiest one being not to rely on a single backup.

1 Like

@Tech_Junky OK now makes sense. I would gladly install another firmware, updated and maintained, other than OpenWRT, thought to NAS operation. I just want NAS sharing (well and Rsync :smiley: ). But the stock firmware got hacked and I feel more confident with OpenWRT than stock.

@takimata Thank you very much for your explanation. Thanks for the technical details of the fake shutdown and the time you took to explain what happened in the past.

But I still want something like the remote shutdown.
Can the watchdog timer be changed? Like for instance, to be 2 minutes? That way I would have more time to shut It down.
I am thinking into using a remotely operated switch, controlled by home assistant, with power measure. I would see by consumption if the hard drive was spinning or not. More time before watchdog coming up would give me more time against the latency of the power readings being updated.

Other option could be installing MQTT into OpenWRT and informing in some way that the disk is inactive, so I could safely remotely shut it down.

What do you guys think?

TY

Smart plug might be the only option to kill it remotely and effectively. I don't know of other FW though that would work on it off the top of my head.

It seems to me to be my ideal solution.
I can distinguish between the idle (blue led) and the spinning disk state.

But is it possible to increase the time the disk is “stopped”?
Is it possible to increase the watchdog timer?

I don't have one to play with to figure it out but, trying won't hurt anything.

Do you know where can I look for in order to change the watchdog timer?

In theory yes, in practice it won't help since the maximum timeout for the watchdog is 3 seconds.

Again, I can think of several methods to ensure a backup will not be compromised. Turning off the device is not the only solution.

I am listening to your suggestions :smile:

And then what?

Securing a NAS is outside of the scope of OpenWrt.

There are steps you can take...

This is a bit outside of the scope of this forum, but there are lots of strategies to protect against malware/ransomware. Immutable backups come to mind, make sure a backup can not overwrite older backup files. This can be done with incremental backups and a bit of rights management.

Or have multiple backups in a staggered manner, either by alternating between backup devices, or by having a secondary backup device back up the primary backup. This way you will have some time before a corruption can propagate through your backups.

Air gapping, which is effectively what you do by turning off the backup device, is a valid strategy. It's just not the only one.

In general here's my strategy.

Vital files only go to multiple drives.

Main storage is "NAS" and nothing stored only locally on PC / laptop.

USB drives - i have enclosure with a 1TB NVME sitting in it / 256GB USB drive that's seen as an internal drive when plugged in and can run an OS natively / smaller drives for only vital data that could be a nightmare to replace / rebuild

Phone - 256GB of room and secure w/ fingerprint / FS explorer to the LAN and copy files as needed.

Online - compressed / password protected files uploaded to Google

I have dual NVME drives in the "server / NAS" that auto backup incrementally as well since it's an integral part of the network being as it functions as the router / switch / firewall / AP