{"id":263,"date":"2015-05-21T09:12:48","date_gmt":"2015-05-21T06:12:48","guid":{"rendered":"http:\/\/ustinych.net\/wordpress\/?p=263"},"modified":"2015-05-21T09:14:05","modified_gmt":"2015-05-21T06:14:05","slug":"synologys-secret-telnet-password","status":"publish","type":"post","link":"https:\/\/ustinych.net\/wordpress\/?p=263","title":{"rendered":"Synology’s «secret» telnet password"},"content":{"rendered":"

If you have a Synology NAS and had some sort of disk crash in the past, you’ve probably encountered the famous\u00a0«Cannot format system partition»<\/em>\u00a0and\u00a0«Please configure your router to forward port 23 to DiskStation and contact Synology online support»<\/em>.<\/p>\n

Yeah, it sucks.<\/p>\n

It sucks even more when you know the disk is perfectly fine, and you still have hope to recover your data. Or you simply don’t like the idea of having your port 23 open to the world for god-knows-how-long until Synology tech support can look into your case.<\/p>\n

You’ve probably tried telneting to your NAS. Maybe you’ve even tried\u00a0opening the case and hacking the serial port<\/a>, only to discover that you don’t have the root password. The DS Assistant password doesn’t work, and you exhausted all obvious guesses —\u00a0blank<\/em>,\u00a0synopass<\/em>,\u00a0synology<\/em>,\u00a0password<\/em>,\u00a0admin<\/em>,\u00a0root<\/em>, etc.<\/p>\n

Well, what about\u00a0c12-0804<\/code>? This is today’s password.<\/p>\n

But if you’re reading this a few days (or years) from now, too bad; it won’t work. Unless, of course, you wait until December 8th. Because the password repeats every year.<\/p>\n

Basically Synology hardcoded the login binary within the firmware, in order to accept an obfuscated password for root, which depends on the current date.<\/p>\n

Based on the original\u00a0correct_password.c<\/a>\u00a0source, I hacked a short snippet to generate the daily password.<\/p>\n

Here’s the Synology Telnet password generator:<\/p>\n

#include <stdlib.h> <\/span>\r\n#include <time.h> <\/span>\r\n#include <stdio.h> <\/span>\r\n\r\nvoid<\/span> main()\r\n{\r\n    struct<\/span> timeval tvTime;\r\n    struct<\/span> tm tmOutput;\r\n\r\n    gettimeofday(&tvTime, 0<\/span>);\r\n    localtime_r(&(tvTime.tv_sec), &tmOutput);\r\n\r\n    tmOutput.tm_mon += 1<\/span>;\r\n    printf<\/span>(\"password for today is: %x%02d-%02x%02d\\n\\n\"<\/span>,\r\n        tmOutput.tm_mon, tmOutput.tm_mon, tmOutput.tm_mday,\r\n        gcd(tmOutput.tm_mon, tmOutput.tm_mday));\r\n}\r\n\r\nint<\/span> gcd(int<\/span> a, int<\/span> b)\r\n{\r\n    return<\/span> (b?gcd(b,a%b):a);\r\n}\r\n<\/code><\/pre>\n
Bonus tip: if you’re curious how exactly the password is generated, here’s the gist:<\/p>\n
Compile and run the code above with\u00a0gcc<\/code>, and you’ll get the password for today. You can also use the excellent\u00a0Codepad<\/a>.<\/p>\n