Skip to main content

Out-of-Band management MSL2024/4048/SL24/SL48 with simple telnet and expect tool

Disclaimer: there is NO password provided somewhere in the post, you need to get actual firmware/microcode and do some steps manually. Also you need carefuly read the f.cking manuals provided by vendor, manufacturer, ODM or OEM vendor to avoid getting some unexpected results before run any commands or apply any configurations. All steps provided is abnormal and should not be used in prod environment. In some extraodinry cases you simply ruin your whole installation ;)

Tasks on library you can do remotely (most of them can be done on Ops Panel):

  • open mailslot;
  • shutdown/power up drive;
  • get actual inventory without in-band connection (mtx or so);
  • get temp on lib block, robotics, drvs;
  • anything you need to do remotely over private (unsecured) network;

Get the password for tadmin/tsupport (you need *.frm file, something like MSL4048_x.yy.frm) by doing something like this (I don’t provide any files, passwords, etc., here) using binwalk for FLMON/telnet access (very dirty, but it’s not encrypted, keep an eye on 2nd column, HEX shift, this will be file name after extraction):

$ binwalk -e library_firmware.frm
28749         0x704D          CRC32 polynomial table, little endian
32845         0x804D          CRC32 polynomial table, big endian
39330         0x99A2          Copyright string: "Copyright 1995-2005 Mark Adler "
40005         0x9C45          Zlib compressed data, default compression
1724176       0x1A4F10        MySQL ISAM compressed data file Version 7
1896591       0x1CF08F        Base64 standard index table
$ strings _library_firmware.frm.extracted/9C45 | egrep -A1 "PASSADM|PASSSER" | tail -4
<password for tadmin>
<password for tsupport>

Simple script using expect:

# power off drive 2

set timeout 300
set name tape
set user tadmin
set password <password> # insert extracted password here
spawn telnet $name 
expect "FLMON>"
send "lgi\n"
expect "User Name:" 
send "$user\n"
expect "Password:"
send "$password\n"
expect "login ok"
send "swdr 2 0\n"
expect "Command executed successfully"
send "lgo\n"
expect "logout successfully!"
send "exit\n"

And so on – change command, check for reply, confirm enough timeouts.