Skip to main content

Out-of-Band management MSL2024/4048/SL24/SL48 with simple telnet and expect tool

Tasks on library you can do remotely (most of them can be done on Ops Panel):

  • open mailslot;
  • shutdown/power up drive;
  • get actual inventory without in-band connection (mtx or so);
  • get temp on lib block, robotics, drvs;
  • anything you need to do remotely over private (unsecured) network;

Get the password for tadmin/tsupport (you need *.frm file, something like MSL4048_x.yy.frm) by doing something like this (I don’t provide any files, passwords, etc., here) using binwalk for FLMON/telnet access (very dirty, but it’s not encrypted, keep an eye on 2nd column, HEX shift, this will be file name after extraction):

$ binwalk -e library_firmware.frm
28749         0x704D          CRC32 polynomial table, little endian
32845         0x804D          CRC32 polynomial table, big endian
39330         0x99A2          Copyright string: "Copyright 1995-2005 Mark Adler "
40005         0x9C45          Zlib compressed data, default compression
1724176       0x1A4F10        MySQL ISAM compressed data file Version 7
1896591       0x1CF08F        Base64 standard index table
$ strings _library_firmware.frm.extracted/9C45 | egrep -A1 "PASSADM|PASSSER" | tail -4
<password for tadmin>
<password for tsupport>

Simple script using expect:

# power off drive 2

set timeout 300
set name tape
set user tadmin
set password <password> # insert extracted password here
spawn telnet $name 
expect "FLMON>"
send "lgi\n"
expect "User Name:" 
send "$user\n"
expect "Password:"
send "$password\n"
expect "login ok"
send "swdr 2 0\n"
expect "Command executed successfully"
send "lgo\n"
expect "logout successfully!"
send "exit\n"

And so on – change command, check for reply, confirm enough timeouts.