by: Linux/Unix Networking

If you are an owner of the Western Digital My Cloud Home, you might have noticed that the product support has a great hardware but crappy software and ultra limited features.

How about having full control of your device? Here are some reasons / user cases:

  • It no longer receive firmware updates or security patches, leaving your device vulnerable to potential security risks. Have you seen the amount and severity of known vulnerabilities associate with this product?
  • Its hard drive has died and a new image needs to be written to the new drive before powering it back on with a new HDD or a SSD.
    • Note: it will require an adapter because the 3.5 HDD mounting holes are used to keep the PCB attached to the case:
  • Or as a way to take full control of your device and secure it against such risks with Debian on it. There are lots of basic features that WD will never support, such as:
    • Use a secondary network adapter or additional storage capacity via USB 3,
    • SSH access to run or schedule tasks,
    • Install virtually any application (host a website, active directory, share a printer, etc)

So, if you are looking for a way to keep your device secure and up-to-date, using a clean installation of Debian 11 (built in March 2023) follow along.

INSTALLATION PROCEDURE

Preparation

  • Backup your data from the NAS somewhere else (at your own risk),
  • Download the image file [Link] and decompress it (feel free to thoroughly inspect the image before using it),
  • Format an 8+ GB USB drive as FAT32 on MBR,
  • Copy the content of the decompressed image to the drive.

Execution

  • Power off the NAS,
  • Insert the USB drive,
  • Press and hold the Reset button (right above the USB port),
  • Keep pressed the button while power it on and keep pressed until the light is ON (about 30 seconds),
  • With the button released, keep pinging the NAS and watch for it to stop responding and start responding again (it means it rebooted),
  • Remove the USB drive.

FIRST ACCESS

ssh root@IP

Search for the IP auto assigned to the NAS by looking at the DHCP server, doing ARP scan, port (22) scan, etc.

The default password is passwordChange it immediately!

Do all the basic hygiene to the system: create your own account, give it sudo privileges, disable SSH as root, enforce usage of SSH Keys, etc.

Then start checking for additional up dates.

sudo apt update
sudo apt upgrade -y
sudo apt --purge autoremove -y
sudo apt autoclean -y
sudo apt dist-upgrade -y
sudo apt --purge autoremove -y
sudo apt autoclean -y

Always monitor the mounted partitions with df -h because they are small and might get full easily. A work around it using symbolic links to move directories to a bigger partition (/srv/dev-sataa24/).

UNDERSTANDING THE NEW SYSTEM

The single bay 2 TB version that I have (also available in higher capacities) has the following hardware specification:

  • Storage capacity: WD RED 3.5 HDD 2TB (usable < 1.8 TB)
  • Processor: ARM Cortex-A53 Quad-Core 1.4 GHz 64-Bit
  • Memory: 1GB DDR3 (usable 730 MB)
  • Network interface: Gigabit Ethernet
  • USB port: One USB 3.0 Type-A port on the back.
  • Power: ~7W (18W max) in use = About 60 kWh/year.

On the hard drive there are 24 partitions (on GPT), as follows:

    • sataa1 to sataa19 and sataa23 – Not used by the operating system but I would not play with them.
    • sataa20 – 775 MB (12% used) – Root of the file system /.
    • sataa21 – 775 MB (67% used) – Mounting point /var.
    • sataa22 – 2 GB (73% used) – Mounting point /usr.
    • sataa24 – 1.8 TB – User storage space mounted on /srv/dev-sataa24/.

Note: it is not recommended to play with the partitions from 1 to 23 because it could mess up with the recovery procedure. The last partition can be resized to fit the hardware drive full capacity.

By inspecting the image that is created the USB drive one may find the following file structure:

  • rescue.root.sata.cpio.gz_pad.img
  • rescue.sata.dtb
  • sata.uImage
  • bluecore.audio
  • omv/20-root.tar.gz ends up being copied to sataa20
  • omv/21-var.tar.gz ends up being copied to sataa21
  • omv/22-usr.tar.gz ends up being copied to sataa22
  • omv/bootConfig
  • omv/fwtable.bin
  • omv/rootfs.bin

After the image is pushed to the device its utilisation will be as follows:

  • ~ 20% of RAM utilisation (~140 MB / 730 MB),
  • < 5% of CPU utilisation in idle state.

HOW IT WAS BUILT

Kudos to CyberTalk [Link], who original released an image that overwrites the WD operating system with a Debian 9 with OMV 4 pre-installed.

Goals and Reflections

  • OMV (Opem Media Vault) version 4 (Arrakis) was released in 2018 and its EOL (End-of-Life) was in 2020.
    • Not all repositories were still available at the time this post was written.
  • Debian 9 (Stretch) was relased in 2017 and its EOL was in 2020.
    • There was not enough space to run apt update.
  • Some use cases will NOT need or want this piece of software installed.
    • All the moving pieces related to OMV needed to be stripped from the system before upgrade.
    • Keep it on the bare bones (lightweight) so anyone can install only the necessary applications.
  • I the event of the hard drive dies one can have a full image with all the partitions schema ready to write to a new drive and fire it up.
    • I don’t know if the partition schema must be preserved (cloned) to the new drive so the firmware is capable of properly boot [Link].

Thanks again to the CyberTalk folks that made the base image, I only cleaned and updated it.

BONUS

  • Disable IPv6 if not needed,
  • Change the /etc/fstab to mount the big partition on the desired location instead of /srv/dev-sataa24,
  • Do not try to install UFW, would work (if you know how to make it work, please ping me). Instead, use iptables to create firewall rules.
  • NFS was broken on the original image (Debian 9) and I could not make it work on any version (if you know how to make it work, please ping me).
    • Alternativelly to NFS Server that fails to load, NFS Ganesha will work: 
      • sudo apt install nfs-ganesha nfs-ganesha-vfs -y
sudo nano /etc/ganesha/ganesha.conf
      • EXPORT {
  Export_Id = 1;
  Path = /PATH_TO_SHARE;
  Pseudo = /SHARE_NAME;
  Access_Type = RW;
  Squash = No_Root_Squash;
  FSAL {
    Name = VFS;
  }
  clients = 192.168.1.0/24;
}
      • sudo systemctl restart nfs-ganesha
sudo systemctl status nfs-ganesha
    • For local network file share samba is already out-of-the-box.
    • For a powerful and secure file share and storage over the Internet, I recommend MinIO, an enterprise grade AWS S3 compatible server [Link].