Removing E (DiskError) flag on system drive of a Synology NAS

By dose | March 14, 2023
Under: Uncategorized
Comments: No Comments »

Recently, I came across the following problem: A user of a Synology DiskStation wanted upgrade the disk drives to bigger ones. So he tried to do everything correctly:
First, he identified the list of possible disk drives officially supported for his Disk Station and bought the appropriate hard disk.
Then removed one disk drive (drive 2) in the bay and exchanged it with one of the newly bought disks and tols the NAS to repair the volume in order to sync system and data to the new drive.
And here is, where the problems started: The data RAID fortunately synced fine to the second drive, but the System RAID did not sync and left him with a faulty system volume.

This is where I came into play. A quick check via commandline revealed the following status:

sh-4.3# cat /proc/mdstat
Personalities : [linear] [raid0] [raid1] [raid10] [raid6] [raid5] 
[raid4]
md2 : active raid1 sda5[2] sdb5[1]
1948779648 blocks super 1.2 [2/2] [UU]

md1 : active raid1 sda2[0] sdb2[1]
2097088 blocks [2/2] [UU]

md0 : active raid1 sdb1[1](E)
2490176 blocks [2/1] [_E]

Now my first thought was: Status E? I’m used to Linux Software RAID, but I never saw such a RAID status code. Checked documentation, no mention if it either. It’s not “F” for faulty, it’s “E”.
After digging around in Google I finally figured out that this is a proprietary status code from Synology RAIDs not implemented in official Linux kernel.

Now how to find out more about it? I found an article on how to reset the “Faulty” flag on an existing array disk, but it didn’t sound very safe given the fact that I didn’t know the original RAID parameters of the RAID. 
Now the first thing to do when working with such volumes obviously is to make a copy and work only with the copied drive to have the original drive secured in case something goes wrong. So I dug out another good spare drive of the same size from my collection and copied the existing drive to it sector per sector with dd.

During copying, it turned out there was a bad block (fortunately only one!) on the original drive within the system partition, so that was the reason why the drive’s state went to “E”, which seems to indicate “Disk error”. ddrescue to the rescue! It skipped the bad sector and I had a working copy of the drive to mess around with. I later checked the location of the bad sector and there were sectors with 00s around it, so I guess that there was nothing important on that bad sector anyway.

Now how to reset this damn E flag? First, I needed to identify the Superblock of the RAID volume that went bed. So obviously, just examine it with

mdadm --examine /dev/sdb1

right? BOOM:

mdadm: No md superblock detected on /dev/sdb1.

Where the heck is it? After much googling around, I found a hint, that the Superblock has swapped endianness and was in fact version 0.9 as opposed to the data partition which has a version 1.2 superblock:

# mdadm --examine /dev/sdb1 -e 0
mdadm: No super block found on /dev/sdb1 (Expected magic a92b4efc, got fc4e2ba9)

Now the author of the article changed byte endianness to use the RAID on a PC, but my intention was to just remove the E flag and not mess around with the partition style. By looking at the mdadm source code, I found out that there already was a parameter to obey the different endianness of the superblock, the parameter to be specified is: “-e 0.9” 

So I finally was able to dump the superblock of the disk with:

# ./mdadm.synology --examine /dev/sdb1 -e 0.9
/dev/sdb1:
 Magic : a92b4efc
 Version : 0.90.00
 UUID : 5b116fc2:267b242b:3017a5a8:c86610be
 Creation Time : Sat Jan 1 00:00:02 2000
 Raid Level : raid1
 Used Dev Size : 2490176 (2.37 GiB 2.55 GB)
 Array Size : 2490176 (2.37 GiB 2.55 GB)
 Raid Devices : 2
 Total Devices : 1
Preferred Minor : 0

Update Time : Wed Mar 8 16:25:39 2023
 State : clean
 Active Devices : 1
Working Devices : 1
 Failed Devices : 0
 Spare Devices : 0
 Checksum : c15399ef - correct
 Events : 12649239


 Number Major Minor RaidDevice State
this 1 8 17 1 active sync /dev/sdb1

0 0 0 0 0 removed
 1 1 8 17 1 active sync /dev/sdb1

When looking at the output, the array component seemed to be in a perfectly fine condition, no sign of the failure indication from Synology. So I checked the available open source of the Synology Linux kernel for this disk error flag. Turns out that it can be found in md_p.h header file:

#ifdef MY_ABC_HERE
#define MD_DISK_ERROR 6 
#endif

Fortunately, Synology marked all their changes to the Stock Linux kernel with the #define MY_ABC_HERE, so specific code paths are easy to spot in the source.
Next, I had to identify the location of the flag in the superblock to confirm my findings. I hexdumped the superblock of the affected device. The 0.90 superblock is of struct mdp_superblock_s, which -according to md_p.h has the following structure:

typedef struct mdp_superblock_s {
 /*
 * Constant generic information
 */
 __u32 md_magic; /* 0 MD identifier */
 __u32 major_version; /* 1 major version to which the set conforms */
 __u32 minor_version; /* 2 minor version ... */
 __u32 patch_version; /* 3 patchlevel version ... */
...
 /*
 * Disks information
 */
 mdp_disk_t disks[MD_SB_DISKS];

/*
 * Reserved
 */
 __u32 reserved[MD_SB_RESERVED_WORDS];

/*
 * Active descriptor
 */
 mdp_disk_t this_disk;

} mdp_super_t;


typedef struct mdp_device_descriptor_s {
 __u32 number; /* 0 Device number in the entire set */
 __u32 major; /* 1 Device major number */
 __u32 minor; /* 2 Device minor number */
 __u32 raid_disk; /* 3 The role of the device in the raid set */
 __u32 state; /* 4 Operational state */
 __u32 reserved[MD_SB_DESCRIPTOR_WORDS - 5];
} mdp_disk_t;

So the state of the individual disks is in the state field of the mdp_disk_t structure. Let’s check the dump and interpret it:

mdp_super_t:
------------
 0000 A9 2B 4E FC 00 00 00 00 00 00 00 5A 00 00 00 00
 0010 00 00 00 00 5B 11 6F C2 38 6D 43 82 00 00 00 01
 0020 00 25 FF 40 00 00 00 01 00 00 00 02 00 00 00 00
 0030 00 00 00 00 26 7B 24 2B 30 17 A5 A8 C8 66 10 BE
 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0080 64 08 B7 03 00 00 00 01 00 00 00 01 00 00 00 01
 0090 00 00 00 00 00 00 00 00 C1 53 9A 6F 00 00 00 00
 00A0 00 C1 03 17 00 00 00 00 00 C1 03 17 FF FF FF FF
 00B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 01A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 01B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 01C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 01D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 01E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 01F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0210 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00
 0220 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

mdp_disk_t disks[MD_SB_DISKS];
 0280 00 00 00 01 00 00 00 08 00 00 00 11 00 00 00 01
 0290 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00
 02A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 02B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 02C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 02D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 02E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 02F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0370 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 03A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 03B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 03C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 03D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 03E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 03F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0420 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0430 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0440 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0460 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0470 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0480 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0490 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 04A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 04B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 04C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 04D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 04E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 04F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0500 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0510 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0520 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0540 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0550 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0570 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0580 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0590 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 05A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 05B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 05C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 05D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 05E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 05F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0600 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0610 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0620 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0630 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0650 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0660 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0670 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0680 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0690 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 06A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 06B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 06C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 06D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 06E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 06F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0700 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0710 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0730 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0740 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0750 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0780 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0790 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 07A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 07B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 07C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 07D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 07E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 07F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0810 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0820 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0840 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0850 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0860 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0880 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0890 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 08A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 08B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 08C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 08D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 08E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 08F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0900 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0910 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0920 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0930 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0940 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0950 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0960 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0970 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0980 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0990 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 09A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 09B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 09C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 09D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 09E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 09F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0A00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0A10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0A20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0A30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0A40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0A50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0A60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0A70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0A80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0A90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0AA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0AB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0AC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0AD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0AE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0AF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0B00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0B10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0B20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0B30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0B40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0B50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0B60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0B70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0B80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0B90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0BA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0BB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0BC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0BD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0BE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0BF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0C00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0C10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0C20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0C30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0C40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0C50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0C60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0C70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0C80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0C90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0CA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0CB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0CC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0CD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0CE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0CF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0D00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0D10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0D20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0D30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0D40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0D50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0D60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0D70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0D80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0D90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0DA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0DB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0DC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0DD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0DF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0E00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0E10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0E20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0E30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0E40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0E50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0E60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0E70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0E80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0E90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0EA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0EB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0EC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0ED0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0EE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0EF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0F00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0F10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0F20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0F30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0F40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0F50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0F60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0F70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

mdp_disk_t this_disk;
 0F80 00 00 00 01 00 00 00 08 00 00 00 11 00 00 00 01
 0F90 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00
 0FA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0FB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0FC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0FD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0FE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

I marked the significant fields in the dump. It can be seen that the state flag is 0x46 (that is 1000110b) which indicates: 

#define MD_DISK_FAULTY 0 
#define MD_DISK_ACTIVE 1 
#define MD_DISK_SYNC 2 
#define MD_DISK_REMOVED 3 
#define MD_DISK_CLUSTER_ADD 4 
#define MD_DISK_CANDIDATE 5
#define MD_DISK_ERROR 6 

#define MD_DISK_WRITEMOSTLY 9 
#define MD_DISK_JOURNAL 18

Bingo, there it is, MD_DISK_ERROR! So I was temtped to just remove the flag with a Hex editor, but beware: There is a checksum for the superblock header! So what’s the easiest thing to do?
First, check if Synology’s mdadm fork contained functions to maybe already clear the error flag. There must be a custom implementation, because it is able to display the E flag.
Turns out, there is no such function, so I had to extend the mdadm source code to introduce such a feature.

So, in short, I forked mdadm and implemented it, it can be downlaoded here together with a description on how to use it, so read the README there for a continuation of this story.

In short, I cleared the errorflag of the partition with my patched mdadm:

./mdadm.synology --misc --no-diskerr /dev/sdb1 -e 0.9

and put the disk back in the Synology, booted up, repaired system partition and got back a running system without having to reinstall the Synology DSM Software and its settings.

 

Installing BoundsChecker 8 on Windows 7 x64

By dose | January 8, 2023
Under: Uncategorized
Comments: No Comments »

I had real pain installing DevParther Studio Professional Edition 
for its BoundsChecker 8 component under Windows 7 64 bit.

MSI installations fortunately can be debugged with

msiexec /i "Compuware DevPartner Studio Professional Edition.msi" /lvx log2.txt

Searching for ‘1603’ in log file helps finding the error location.

First of all, after installing the .NET Framework 1.1, it refues
to isntall saying that Boundchecker was already installed, which was
not true.
Turns out, that it checks for

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NuMega\BoundsChecker

key, which has been set during .NET Framework installation to
mark that it had been installed.
But that in turn makes further setup atempts impossible.
So first problem was resolved by deleting above mentioned key.

Next, it went further, but rolled back during writing registry keys.
According to the log, it had problems overwriting a CLSID key
of MSXML3 parser:

MSI (s) (54!A8) [20:17:50:008]: Creating MSIHANDLE (12522) of type 790531 for thread 2984
Finding the key CLSID\{2933BF90-7B36-11d2-B20E-00C04F983E60}\SideBySide; the result is: 5
MSI (s) (54!A8) [20:17:50:009]: Closing MSIHANDLE (12522) of type 790531 for thread 2984
MSI (s) (54!A8) [20:17:50:009]: Creating MSIHANDLE (12523) of type 790531 for thread 2984
AddRefcountMsxml returns the code 5

So,next, I had to change the owner of the following Registry key
(which is owned by TrustedInstaller) to Administrators group and then
allow full access to everyone for this key:

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}

Next, it went a bit further but stopped at:

MSI (s) (54!50) [20:48:20:465]: Creating MSIHANDLE (15175) of type 790531 for thread 4176
PerformTypeLib Name: 'msxml3.dll' LibDir: 'C:\Windows\SysWOW64\' HelpDir: 'C:\Windows\SysWOW64\'
MSI (s) (54!50) [20:48:20:466]: Closing MSIHANDLE (15175) of type 790531 for thread 4176
MSI (s) (54!50) [20:48:20:468]: Creating MSIHANDLE (15176) of type 790531 for thread 4176
PerformTypeLib failed with error code 11 and function code 0x8002801C.

Error code 0x8002801C is TYPE_E_REGISTRYACCESS
Fired up Process Monitor and checked where there is access denied
for msiexec.exe furing installation. Turned out to be:

MsiExec.exe 2588 RegCreateKey HKCR\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\3.0\HELPDIR ACCESS DENIED Desired Access: Maximum Allowed

So I did the same Permission adjustment for the key
HKCR\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\3.0
in the registry so allo everyone to access it.

Finally, installation finished properly. However I wasn’t very happy with it on Win 7 anyway, as the dpinject64.sys driver that gets installes crashes the system and makes it stuck. Maybe it can be fixed, but I then gave up on it. Seems that a new version is needed.

Installing Collabora Office on Devuan Beowulf

By dose | October 25, 2022
Under: Uncategorized
Comments: No Comments »

Unfortunately, the Package coolwsd from Collabora for Debian 10 relies on systemd. And most recent loolwsd is now coolwsd for Collabora online (office suite to use with nextcloud).
So here is a short how-to how to set it up on Devuan Beowulf:

Setup repo:

apt install gnupg apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D
echo "deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian10 ./" >/etc/apt/sources.list.d/collabora.list
apt update

Install cooldwsd without systemd:

apt-get download coolwsd code-brand
dpkg -i --ignore-depends=systemd coolwsd_22.05.7.2-1_amd64.deb

I actually did it this way, as I was unaware of –ignore-depends option, but I leave it in here for reference in case it doesn’t work with ignore-depends option:

dpkg --force-all -i coolwsd_22.05.7.2-1_amd64.deb

Then remove systemd dependency to fix package cache:

vi /var/lib/dpkg/status

Remove “systemd” from “coolwsd” package in dependency list so that your apt isn’t damaged anymore.

When you installed with –force-all, install missing dependencies:

apt install expat collaboraofficebasis-calc collaboraofficebasis-core collaboraofficebasis-graphicfilter collaboraofficebasis-images collaboraofficebasis-impress collaboraofficebasis-ooofonts collaboraofficebasis-writer collaboraoffice collaboraoffice-ure collaboraofficebasis-en-us collaboraofficebasis-draw collaboraofficebasis-extension-pdf-import collaboraofficebasis-ooolinguistic collaboraofficebasis-math code-brand

Create logfile dir:

mkdir /var/log/coolwsd
chown cool:cool /var/log/coolwsd

Configure coolwsd:

vi /etc/coolwsd/coolwsd.xml
ssl/enable -> false
ssl/termination -> true
net/listen -> loopback
file -> enable=true
file/patch -> /var/log/coolwsd/coolwsd.log
trace_event/path -> /var/log/coolwsd/coolwsd.trace.json
net/proto -> IPv4
storage/ssl/as_scheme -> false
net/
<host desc="External IP of server">123\.123\.123\.123</host>

 

Create init.d script /etc/init.d/coolwsd

#!/bin/sh
### BEGIN INIT INFO
# Provides:          coolwsd
# Required-Start:    $local_fs $remote_fs $network $syslog $named
# Required-Stop:     $local_fs $remote_fs $network $syslog $named
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: libreoffice
# Description:       LibreOffice Online WebSocket server
#                    This script will start the libreoffice server
### END INIT INFO
 
# run update-rc.d for create K S file in /etc/init.d/*
 
 
DESC="LibreOffice Online WebSocket server"
NAME=coolwsd
USER=cool
DAEMON=/usr/bin/$NAME
PIDFILE=/var/run/$NAME.pid
PARAM=""
PARAM="$PARAM --version"
PARAM="$PARAM --disable-ssl"
PARAM="$PARAM --o:sys_template_path=/opt/cool/systemplate"
PARAM="$PARAM --o:child_root_path=/opt/cool/child-roots"
PARAM="$PARAM --o:file_server_root_path=/usr/share/coolwsd"
PARAM="$PARAM --o:logging.file[@enable]=true"
 
test -x $DAEMON || exit 0
 
 
. /lib/lsb/init-functions
 
 
if [ "$(id -u)" != "0" ]
then
  log_failure_msg "You must be root to start, stop or restart cool"
  exit 1
fi
 
 
do_status () {
     log_daemon_msg "$DESC" "$name"
     start-stop-daemon --status --verbose --pidfile $PIDFILE
     log_end_msg $?
     return $?
}
 
do_start () {
  log_daemon_msg "Starting $DESC" "$name"
  start-stop-daemon --start --verbose --pidfile $PIDFILE --make-pidfile --chuid $USER --background --exec $DAEMON -- $PARAM
  log_end_msg $?
  return $?
}
 
do_stop () {
  log_daemon_msg "Stopping $DESC" "$name"
  start-stop-daemon --stop --verbose --pidfile $PIDFILE --remove-pidfile
  log_end_msg $?
  return $?
}
 
case "$1" in
  status)
     do_status || exit 1
     ;;
  start)
     do_start || exit 1
     ;;
  stop)
     do_stop || exit 1
     ;;
  force-reload|restart)
     do_stop &amp;&amp; sleep 3
     do_start || exit 1
     ;;
  *)
 
     echo "Usage: /etc/init.d/lool {start|stop|restart|force-reload|status}"
     exit 1
esac
 
exit 0

Install with: update-rc.d coolwsd defaults

Now setup apache virtualhost to collabora.yourdomain.com:


cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/collabora.conf
vi /etc/apache2/sites-available/collabora.conf

Uncomment & set the ServerName directive.

Install SSL certificate:

a2ensite collabora
/etc/init.d/apache2 reload
certbot --apache -d collabora.yourdomain.com
a2enmod proxy proxy_wstunnel proxy_http

Add configuration options for coolwsd:
vi /etc/apache2/sites-enabled/collabora-le-ssl.conf:

# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
 
# Container uses a unique non-signed certificate
SSLProxyEngine Off
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
 
# keep the host
ProxyPreserveHost On
 
# static html, js, images, etc. served from coolwsd
# browser is the client part of LibreOffice Online
ProxyPass /browser http://127.0.0.1:9980/browser retry=0
ProxyPassReverse /browser http://127.0.0.1:9980/browser
 
# WOPI discovery URL
ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
 
# Main websocket
ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/cool/$1/ws nocanon
 
# Admin Console websocket
ProxyPass /cool/adminws ws://127.0.0.1:9980/cool/adminws
 
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /cool http://127.0.0.1:9980/cool
ProxyPassReverse /cool http://127.0.0.1:9980/cool
 
# Endpoint with information about availability of various features
ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities

Start collabora and reload apache and it should work:


/etc/init.d/apache2 reload
/etc/init.d/coolwsd start

Hope that helps to use collabora without this dreaded systemd cr*p.

Fixing a bug in Zarafa Client 7.2.4 that crashed it on Outlook >2013

By dose | April 2, 2022
Under: Uncategorized
Comments: No Comments »

A customer is running a Zarafa Server for some years now and it works nicely with its webinterface and all integrations. He also used the Zarafa Client (zarafaclient-7.2.4-52167.msi) on Outlook 2010 without issues, but only on 2 machines.
But as the number of users grew, it was desirable to get it running an new machines and unfortunately, Microsoft doesn’t sell licenses for old Outlook versions anymore. I tried running the Zarafa Client on Outlook 2022, but after installation, Outlook just crashed after the Splash screen.
So time to look into the internals of the Zarafa connector.
It seems to use an old “trick” to hook Outlook by placing a version.dll in Outlook’s program directory so that due to the DLL search path, the “prepared” version.dll gets loaded, which forwards the normal functions to the system’s version.dll but is hooking 2 functions on startup:

MAPILogonEx in olmapi32.dll and GetProcAddress in kernel32.dll to filter dynamically loaded functions.
GetProcAddress checks for the import or Ordinal 11 in olmapit32.dll, which also is MAPILogonEx and hooks it and it also hooks functions FValidEmsabpEntryID and FValidEmsabpEntryIDBin.
Interesting for the problem is the MAPLogonEx hook. In there, it checks current Outlook version from HKEY_CLASSES_ROOT\Outlook.Application\CurVer key and compares it to the value 15, because the “IMAPISession” class that it tries to overload changed in version 15.

And here is the problem. It does (in pseudocode):

if (!SUCCEEDED(GetOutlookVersion(&dwVersion)) || dwVersion != 15)
{
  *lppSession = &IMAPISessionWrapper;
}
else
{
  *lppSession = &IMAPISessionOlk15Wrapper;
}

Now Outlook 2022 is Version 16, (for a list of Outlook version numbers, see Wikipedia article on Outlook), therefore it falls back to Version 14 and below vtable and then the wrapper functions call the wrong functions and so – besides wrong function calls – we end up with a ruined stack that finally crashes Outlook.
The fix is incredibly simple: Change dwVersion != 15 to dwVersion < 15, so in ASM:

.text:100038BA                 cmp     [esp+8+arg_10], 0Fh
.text:100038BF                 jnz     short loc_100038E3

So change jnz to jb. And tadaa… It works! (with a Hex-Editor, you can change 75h to 72h on offset 2CBFh).
I made a little Patcher that does the work for you, if you are experiencing the same problem.
For me, this simple fix was enough to get it running.

Testing file system repair attempts on a read-only disk image

By dose | September 1, 2021
Under: Uncategorized
Comments: No Comments »

I recently got a damaged HFS+ formatted volume for analysis and repair.
Now I did what has to be done first on all data recovery attempts, obviously: Create a dd Disk image from the disk before messing around with it.
As the volume was very large, it would cost a lot of time and disk space to always make a copy of the image, mess around with it and if it fails, restore the original image. Copying around terabytes of data on a slow medium like classic harddisks is taking a lot of time, after all.
So I was searching for a way to operate on a snapshot-overlay of the original image to mess around with it and just dump the snapshot and revert, if something goes wrong.
Fortunately, I found this Stackoverflow post, which describes a way to do what I want.
So here is a little mount script mount_ovl.sh:

#!/bin/sh
if [ $# -eq 0 ]; then
  echo Usage: $0 ro-device \[overlay-size\]
  echo i.e.: $0 /dev/loop0
  exit
fi
if [ ! -e $1 ]; then
  echo $1 does not exist
  exit
fi
if [ -z "$2" ]; then
  ovlsz=10G
else
  ovlsz=$2
fi
 
ovl=/tmp/ovl
newdevname=ovldev
truncate -s$ovlsz $ovl
size=$(blockdev --getsz "$1")
loop=$(losetup -f --show -- "$ovl")
echo "0 $size snapshot $1 $loop P 8" | dmsetup create "$newdevname"
echo Mounted $loop to $newdevname

So, to i.e. do a fsck.hfsplus without ruining the original image, I first create a loopf device of the disk image:

# losetup -P /dev/loop0 /mnt/winhexraw.dd

Let’s list the partitions that it autodetected with -P:

# fdisk -lu /dev/loop0
Disk /dev/loop0: 931,5 GiB, 1000170586112 bytes, 1953458176 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: B9D171AA-7F12-4DD2-B1BD-FAE6A14B1DA8

Device        Start        End    Sectors   Size Type
/dev/loop0p1     40     409639     409600   200M EFI System
/dev/loop0p2 409640 1953195991 1952786352 931,2G Apple HFS/HFS+

So /dev/loop0p2 is the partition that needs to be checked.
Now mount it R/W with the script to /dev/mapper/ovldev:

./mount_ovl.sh /dev/loop0p2

Now it can be i.e. checked with 

fsck.hfsplus -f /dev/mapper/ovldev

and possibly fixed. In my case, file system was damaged and fsck was unable to fix it, so I finally resorted to HFS+ rescue to get the files off from it. But this little hint can still be useful for futher attempts to i.e. repair the filesystem by hand.

To drop the snapshot again, assuming that it got mounted to /dev/loop1:

dmsetup remove "ovldev"
losetup -d /dev/loop1

And to release original loop device for disk image:

losetup -d /dev/loop0

Might become handy some day.

Open in VLC Media Player in Firefox 52.9.0 ESR on WinXP

By dose | February 27, 2021
Under: Uncategorized
Comments: 3 Comments »

Recently, the ORF tvthek made some really bad updates to their player.
1) the fullscreen function now throws a javascript error in Firefox 52.9.0 ESR (last version that works on WinXP), so you cannot put the video to fullscreen anymore.
2) No matter what resolution you choose, the video resolution always gets adapted during playback and worsens over time, so videos cannot be viewed in full quality anymore rendeing the player useless.

So I needed an alternative to open up the videos in VLC media player, which also has the advantage that it uses much less CPU than the Firefox integrated video player.
Now there is this usedful “Open in VLC media player” Firefox plugin.
The problem with it is that it requires a node.js native client and nodeJS executable only works up to version v5.12.0 on Windows XP.
Therefore you need an older client script version and need to adapt it for the old node.js version.

1) Download nodejs nativeclient version 0.5.5
2) Download NodeJS node.exe v5.12.0
3) Unpack the nativeclient above and replace node\x86\node.exe with version from 2)
4) Fix install.bat and uninstall.bat by adding the following line after @echo off, as Windows XP doesn’t have a %LocalAPPData% environment (which can get quite danerous on later versions of uninstall.bat):

if "%LocalAPPData%"=="" set LocalAPPData=%AppData%

5) The host.js file is not fully compatible with the node.js version, therefore you have to patch the following lines:

a) Replace

const walk = (dir, depth = 0) => {

with

const walk = (dir, depth) => {

b) Replace 

walk(msg.path);

with

walk(msg.path, 0);

6) Now you can run install.bat and finally install the “open in VLC” plugin into Firefox.

Here is a patched version of the nodejs-nativeclient that contains the appropriate node.js exe and patched files so that you just need to install it.

Removing the timebomb of the Adobe Flash Player

By dose | February 19, 2021
Under: Uncategorized
Comments: 3 Comments »

As known, Adobe placed a time bomb in their flash player in order to disable it by 12/01/2021.
This is – of course – a horrible move, rendering a lot of applications (i.e. HP Printer Software, interactive tutorials, Flash games, etc.) useless and therefore it has to be fixed in order to re-enable it.
Flash was available for download from Adobe, but an up-to-date version also was shipped and updated with Windows 10. So for the ActiveX-version, this one got maintained by Windows Update, whereas the other versions (i.e. npapi) got maintained by Adobe.
Lately, some people even said that the optional Microsoft patch KB4577586, which removes Flash from the system, got deployed to them via Windows Update.

So in order to re-enable flash (even when the evil, unremovable patch KB4577586 has been installed to the system), I made a little patcher, based on the work of KuromeSan which you can download here
Hopefully this will get you up and running again.

Install Winhlp32 (32bit Winhelp) on Windows 10

By dose | February 18, 2021
Under: Uncategorized
Comments: No Comments »

As I recently got asked on how to install WinHlp32.exe on Windows 10, I once wrote a little script to automate the task that I share here, as Microsoft fails to provide an installer for it on Windows 10.

Just copy the following lines into a file called install_winhelp.cmd and then execute it, it should download and install winhlp32.exe automatically:

@echo off
setlocal
echo Detecting language...
set LANG=%1
if "%1"=="" for /f "delims=" %%a in ('powershell.exe -ExecutionPolicy ByPass -Command "$PSUICulture"') DO set "LANG=%%a"
if "%LANG%"=="" set LANG=de-de
 
rem Ensure that we are run from 64bit prompt
if "%ProgramFiles(x86)%" == "" goto StartExec
if not exist %SystemRoot%\Sysnative\cmd.exe goto StartExec
%SystemRoot%\Sysnative\cmd.exe /C "%~f0" %*
exit /b
:StartExec
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (
  echo Requesting administrative privileges...
  goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
exit /B
:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
pushd "%CD%"
CD /D "%~dp0"
 
set ARCH=amd64
reg query HKLM\Hardware\Description\System\CentralProcessor\0 /v Identifier | Find /i "x86" >nul
if not errorlevel 1 set ARCH=x86
 
echo Downloading Winhelp, using language %LANG% for arch %ARCH%...
bitsadmin /transfer Windows8.1-KB917607-x64.msu /download /priority normal https://download.microsoft.com/download/A/5/6/A5651A53-2487-43C6-835A-744EB9C72579/Windows8.1-KB917607-x64.msu %CD%\Windows8.1-KB917607-x64.msu
if not exist Windows8.1-KB917607-x64.msu goto fini
 
md ContentMSU
expand Windows8.1-KB917607-x64.msu /F:* .\ContentMSU
 
cd ContentMSU
md ContentCAB
expand Windows8.1-KB917607-x64.cab /F:* .\ContentCAB
 
cd ContentCAB
cd %ARCH%*winhstb*%LANG%*
if not exist winhlp32.exe.mui (
  echo winhlp32.exe.mui does not exist in requested langauge
  goto fini
)
takeown /f "%SystemRoot%\%LANG%\winhlp32.exe.mui"
icacls "%SystemRoot%\%LANG%\winhlp32.exe.mui" /grant "%UserName%":F
ren %SystemRoot%\%LANG%\winhlp32.exe.mui winhlp32.exe.mui.w10
copy /y winhlp32.exe.mui %SystemRoot%\%LANG%\winhlp32.exe.mui 
cd ..
cd %ARCH%*winhstb*none*
if not exist winhlp32.exe (
  echo winhlp32.exe does not exist ??
  goto fini
)
takeown /f "%SystemRoot%\winhlp32.exe"
icacls "%SystemRoot%\winhlp32.exe" /grant "%UserName%":F
ren %SystemRoot%\winhlp32.exe winhlp32.exe.w10
copy /y winhlp32.exe %SystemRoot%\winhlp32.exe
cd ..\..\..
rmdir /s /q  ContentMSU
echo Done
 
:fini
endlocal
pause

Convert (Debrand and remove SIMlock) of Nokia E63 from carrier Drei to standard E63

By dose | January 5, 2021
Under: Uncategorized
Comments: No Comments »

I love phones with keyboards. The modern touchscreen based Smartphones may be useful for i.e. Internet surfing, but their on-screen keyboard without the ability to type with physical feedback from the buttons is just very, very awful and makes them barely usable for my purposes.
Therefore I love the old Nokia E63 Symbian S60v3-based phones. Its “killer feature” is the flashlight that can be toggled by just pressing the space bar, it’s so much easier than fiddling around with a touchscreen to turn it on. That’s one reason why I prefer it over the Nokia E71, and according to some reviews, the E72 isn’t that great either.
Now my E63 aged, some plastic parts fell out and after carrying the phone in my pocket on a very rainy day, the phone shut down and didn’t recover from the water incident for serveral days.
After drying it for a few days and opening it to let the wetness dry out, the phone recovered and started back normally. So generally, these devices seem to be very robust. But I noticed over time that the signal quality got worse. Sometimes that phone just disconnected from the cell tower and it took minutes to reconnect and so I got missed calls depending on my location. And I suddenly was unable to get a proper signal in areas where I had no problems to at least get a low signal level before. So due to the water, some component may unfortunately have degraded.
Time to get a replacement! These old phones with European style keyboards are getting rarer on the market, but the Austrian carrier “Drei” once gave out these phones and some of them are still around for a few bucks, but with Drei Simlock in place and the firmware is also branded. But as these are still easy to get, I bought a used one and had to remove the Drei Simlock and debrand it.
In case someone likes the E63 as much as I do and still wants to do this procedure today, here is a short howto:

For all operations, I used the Nokia BEST (BB5 Easy Service Tool) v. 1.51 by Infinity-Box Team

1. Prepare

I carried out all Operations on Windows XP, but I guess it may also work on Win 7.
1.1 Download Nokia BEST V 1.51 and install it to your work directory
1.2 Download Nokia USB driver and install it (also contains driver for Bootloader which is needed).

I also had Nokia PC Suite installed, but I guess it’s not really necessary. I just had it on my machine anyway.

2. Remove SIM-Lock

This video shows the process.
It may be a good idea to verify that the connetion to the phone works, therefore first let’s read it:
2.1 Power on the E63
2.2 Start Nokia BEST and connect USB cable between Nokia and PC, select “PC Suite” when asked on the phone in which mode you want to connect.
2.3 Noka BEST should now detect the phone and be able to read it. So under “Service Tool” tab, click “Read info”. On Lock status, you will see Lock  closed, type of your phone is PA_SL2 phone. If this applies, the phone is SIM-locked and you need to continue, otherwise it may already be unlocked.
2.4 Ensure that your phone has enough battery and unplug the charger, if you have plugged it in (I found the process easier with no charger attached). Go to “Repair” tab and click “Rd key”.
You will be presented with a dialog with instructions:
2.5 Unplug USB cable, shut down your hpone with the red Hangup key and wait till it is turned off.
2.6 Press OK in the dialog
2.7 Replug USB cable and press the red Hangup key for just about half of a second. Nokia BEST should detect the phone and read out data. Phone is booted into service mode.
2.8 When it shows “Key file updated”, then you can finally unlock it, go to tab “Unlock” and press “Unlock”.  Unlock should be done now and locks removed.

Don’t showdown or unplug cable yet to get out of service mode, you can do one more step to debrand phone on the next step:

3. Debrand phone

Change product code

First, you need to find out the production data of your current phone and the production data of the phone, you want to convert it to. Normally, this number can be found on a label under the battery in the field named “Code”, bot to see the real code, on Nokia BEST, go to tab “Service Tool” and in “Prduction Data Edit”, click “Read”.
To make sense of the number, there are lists of the production codes available, i.e. this list seems to be pretty complete.
Now in my example, the phone I want to debrand is a:

0583827 200.21.012 E63-1 RM-437 3 AT AT ULTRA BLUE GV

Now I need to find the product code for the phone that I want to turn it into. For the central European market with QWERTZ keyboard, this code is the correct one for my purposes:

0568835 RM-437 CTR EURO-C ALS ON Ultramarine 200.21.01

So, enter the code above in the input field and click “Write”.
“ALS ON” stands for “Ambient light sensor” activated, I think, which detects light conditions and handles keyboard light accordingly (the sensor is right next to the speaker).

Download firmware

Unfortuntely, Microsoft shut down the old update servers for the BB5 phone firmwares, but luckyly, some people have archived the complete firmware packages. See this thread on gsmhosting forum. Download the EURO firmware package (Nokia_E63_RM-437_EURO_DP_15.00_MCU_510.21.010.exe). Should it get lost somehow, The Internet Archive also has an archive of BB5 firmware packages.

After download, install the Firmware package and note down the path you installed it to. The directory contains a file named readme_euro.txt

Flash the firmware

Take note of the respective firmware flash files you need for the Product code that you changed the code to in the previous step. I.e. for out 0568835 phone, the readme_euro.txt tells us:

Transceiver: 0568835: RM-437 CTR EURO-C ALS ON Ultramarine
 Images:
 - rm437_510.21.010_prd.c00
 - rm437_510.21.010_prd.v33
 - rm437_510.21.010.42U
 - sofie_erase_y_drive.fpsx
 - RM437_ENO_008.07.45_100.71.952.a018.fpsx

Now go to Nokia BEST again to tab “Flashing”. Select phone Model (RM-437 in our case), and check the following boxes

[x] Use INI
[x] Manual
[x] Dead mode
[x] Backup
[x] Chk/Read
[x] Set Normal
[x] FactorySet

After previous step, I disconneted the phone, reboted it normally, checked that it still booted and then did the flash (you can leave local mode on phone my just pulling out the battery).
If you are doing this in one step, “Dead mode” checkbox may not be available. Not sure if flashing can be done in one step after SIM-unlocking.
Now select the respective files fro the README above for the Fields MCU, PPM1, CNT1, CNT2, CNT3 (leave out PPM2).
The process can be seen on this video.
Be aware that all data gets deleted from the phone!! Also ensure to remove an SD-Card from the phone, if you have one sitting in the phone.
Finally click “Flash” to flash the new firmware on the phone.
If you have previously disconnected the phone, you must follow the same procedure as in first step. Disconnect cable, power off phone, reconnect cable, press hangup for half of a second and let the flash process start.

After flashing is done, you should have a new stock firmware on the device.

4. Remove signature enforcement

The Nokia Symbian phones have the annoying feature that all software installed on the phone must be signed with a certificate. You can turn off the ceritficate verification, but it still checks the certificate date/timestamp and you cannot install unsigned software. In order to remove these limits, Installer needs to be patched.
This video shows you how to do it.
It is said that a memory card should be used to carry over the files and a SIM card needs to be inserted in order to work properly. Havent’t tried if this is really needed, but did so:

Copy Norton Symbian hack, RomPatcherPlus, X-Plore and installserver.exe to a directory on memory card.
Menu -> Office -> clock -> Change phone date to 01.01.2009
Menu -> Installations -> App mgr. -> Options -> Settings -> Software installation -> All
Menu -> Office -> File manager -> Memory card -> Install NortonSymbianHack.sisx
Menu -> Installations -> Norton -> Options -> Antivirus -> Quarantine list -> Options -> Restore all -> Yes
Menu -> Installations -> App mgr. -> Symantec Symbian Hack -> Options -> Remove -> Yes
Menu -> Office -> File manager -> Memory card -> Install RomPatcherPlus_3.1.sisx (Into Phone memory)
Menu -> Installations -> RomPatcher+ -> [x] Install Server RP+ (turns red) -> [X] Open4All RP+ (turns green)
Meno -> Office -> clock -> Change phone date to 01.01.2012
Menu -> Office -> File manager -> Memory card -> Install X-plore V.1.56 S60v3+v5+…
Menu -> Installations -> X-plore -> Menu -> tools -> configuration -> [x] Show system files/folders -> Back
Copy installserver.exe to C:\sys\bin

5. Install language pack for TTS (Text to Speech)

As the default language for Text-to-speech is only English, you need to install additional TTS-Langpacks. i.e. the German language pack can be found here.

 

Now I was able to install all applications from the old phone on the replacement phone, migrate data via Nokia PC Suite and finally got my replacement phone running as new main phone. Mission accomplished 🙂

In case some files linked here are missing (files are not available anymore), just drop me a comment and I can supply them to you.

Installing MS SQL Server 2019 on Devuan Beowulf (~Debian 10)

By dose | December 22, 2020
Under: Uncategorized
Comments: No Comments »

As this systemd plague has also caught Debian, I’m mostly using Devuan for new servers now to have the normal SYSV-Init system I’m used to.
I already wrote an article on how to install MS SQL Server 2017 on Debian Jessie. Now here is a little Tutorial on how to install it on lates Devuan Beowulf:

I assume you are root and fixed the annoying Debian 10 su bug with:

echo "ALWAYS_SET_PATH yes" >/etc/default/su
apt-get install gnupg
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
wget -qO- https://packages.microsoft.com/config/ubuntu/18.04/mssql-server-2019.list | tee /etc/apt/sources.list.d/mssql-server.list
wget -qO- https://packages.microsoft.com/config/debian/10/prod.list | tee /etc/apt/sources.list.d/mssql-client.list
apt-get update
apt-get install mssql-server
/opt/mssql/bin/mssql-conf setup
# Ignore error about failed systemctl start after setup
vi /etc/init.d/mssql-server

# Insert script from http://hardwarefetish.com/781-ms-sql-server-2017-upstart-script

chmod +x /etc/init.d/mssql-server
update-rc.d mssql-server defaults
/etc/init.d/mssql-server start
apt-get install mssql-tools unixodbc

Pretty straightforward. No more messing around with openssl lib like on Jessie.

« Previous Entries

About author

AuthorSystem programmer
Spoken languages: C and x86 Assembler
Currently working as a UNIX Host programmer
In-depth knowledge of the WIN32 Kernel and MS DOS.
Likes: Optimized, fast low-level code
Hates: Bloated managed code like Java or .NET
Favourite Book: PC Intern 4 by Michael Tischer