NAS-4220 explorations
8 March 2008I have several disks which are encrypted using dm_crypt/LUKs. Unfortunately these disk don’t seem to be supported by the default software. Well i guess thats a good excuse to have a look at the bowels of this box. 
One way to get a shell on the box is to cross compile a ssh server (preferable dropbear as it was written for embedded environments) and to install it using the package mechanism. The benefit of this approach is that it should be easy and you don’t have to muck around with the hardware. The real downside with this approach is that you might be able to lock yourself out if you screw up badly enough (kernel is no longer booting, network is not coming up, …). Also there are juicy bits like the boot loader which you can’t access with this approach.
There is a better way. Some people already found out that there is a connector inside the box featuring a serial console and a JTAG. RaidSonic was even nice enough to even put out the schematics for the connector. The easiest way to connect to this socket is a modified Nokia CA-42 cable. I got mine from ebay for 5€ including shipping (buy a clone!). Collin, who also bought a NAS-4220 soldered me a connector. Thanks!
The serial parameters are 19200/8N1/no flow control. One tricky issue is that the device will not power up if the serial connector is plugged. So you switch on the device and plug the connector afterwards. If your not really fast the boot loader will already have started the linux kernel (it waits just three seconds) but this is not really a problem. Just wait till the system has completely booted and than press the reset at the back off the device (its a soft reset that is only read after the system is up). When the box comes up again you can stop the auto boot by pressing ^C.
The bootloader is a modified Redboot. It allows you to read and write the internal flash memory and to upload data by xmodem and TFTP. Upload by xmodem works but is very slow (hint to Ubuntu users: in addition to minicom you also need to install the lrzsz package. It is not installed by default and minicom is giving you only a very vague error message where it should say: "no xmodem software found"). The better solution is TFTP (gigabit ethernet hurray!). Some people on the forums have reported that they couldn’t get networking in the bootloader working or even that it is crippled and does not support IP. For me it worked out of the box. If was able to ping in both directions. TFTP is the next thing for me to try.
