read

If you have a Synology NAS and had some sort of disk crash in the past, you've probably encountered the famous "Cannot format system partition" and "Please configure your router to forward port 23 to DiskStation and contact Synology online support".

Yeah, it sucks.

It sucks even more when you know the disk is perfectly fine, and you still have hopes to recover your data. Or you simply don't like the idea of having your port 23 open to the world for god-knows-how-long until a Synology tech support can look into your case.

You've probably tried telneting to your NAS. Maybe you've even tried opening the case and hacking the serial port, only to discover that you don't have the root password. The DS Assistant password doesn't work, and you exhausted all obvious guesses - blank, synopass, synology, password, admin, root, etc.

Well, what about c12-0804? No, I didn't make this up. This is today's password.

But if you're reading this a few days (or years) from now, too bad; it won't work. Unless, of course, you wait until December 8th. Because the password repeats every year.

Basically Synology hardcoded a modified login binary within the firmware that accepts an obfuscated password for root, which depends on the current date. (by the way, this isn't the only thing Synology folks hardcoded in the firmware).

Thanks to GPL, Synology was forced to publish the original source code for the firmware. Based on the original correct_password.c code, I hacked a short snippet to generate the daily password.

Here's the Synology Telnet password generator:

#include <stdlib.h> 
#include <time.h> 
#include <stdio.h> 

void main()
{
    struct timeval tvTime;
    struct tm tmOutput;

    gettimeofday(&tvTime, 0);
    localtime_r(&(tvTime.tv_sec), &tmOutput);

    tmOutput.tm_mon += 1;
    printf("password for today is: %x%02d-%02x%02d\n\n",
        tmOutput.tm_mon, tmOutput.tm_mon, tmOutput.tm_mday,
        gcd(tmOutput.tm_mon, tmOutput.tm_mday));
}

int gcd(int a, int b)
{
    return (b?gcd(b,a%b):a);
}


Compile and run the code above with gcc. You can also use the excellent Codepad   Repl.it to run the code online and get the password for today (no registration needed).

Bonus tip: if you're curious how exactly the password is generated, here's the algorithm:

  • 1st character = month in hexadecimal, lower case (1=Jan, ... , a=Oct, b=Nov, c=Dec)
  • 2-3 = month in decimal, zero padded and starting in 1 (01, 02, 03, ..., 11, 12)
  • 4 = dash
  • 5-6 = day of the month in hex (01, 02 .., 0A, .., 1F)
  • 7-8 = greatest common divisor between month and day, zero padded. This is always a number between 01 and 12.

So, let's say today is October 15, the password would be: a10-0f05 where a = month in hex, 10 = month in decimal, 0f = day in hex, 05 = greatest divisor between 10 and 15).

If you have trouble calculating the greatest common divisor (elementary math, anyone?), Wolfram Alpha is your friend.

This was tested on a Synology DS212+, with Marvell Kirkwood mv6282 chipset. It's unlikely but still possible that different models use a different algorithm. YMMV, so always check the source code.

[UPDATE 1: Several users reported that this works in many other models, including DS409, DS112j, etc. Please leave a comment with your model and firmware version.]

[UPDATE 2: If it doesn't work, it's probably that your date is incorrect in the NAS. Per Patrick's suggestion below, try "101-0101", which is the password for Jan 01]


Blog Logo

Gui Ambros

Maker, engineer, ad:tech veteran. Incurable optimist. I was there when the web was born. Opinions here are my own. @GuiAmbros


Published

Image

wrgms.com

/dev/random rants about technology, electronics, startups.

Back to Overview