#
# How to patch the firmware of WD MyBook Live and WD MyBook Live Duo
# to address CVE-2018-18472
# Daniel Marschall, 28 June 2021
#



# ATTENTION!!! NOT TESTED!!!



# ----------------------------------
# --- WesternDigital MyBook Live ---
# ----------------------------------
# (Scroll down for MyBook Live Duo)

# MyBook Live (Codename "Apollo NAS")
# https://support-en.wd.com/app/products/product-detail/p/231#WD_downloads
wget https://download.wdc.com/nas/apnc-024310-048-20150507.deb

# You must be root to preserve the file owners!
sudo su

# Extract DEB file
mkdir apnc-024310-048-20150507
dpkg-deb -R apnc-024310-048-20150507.deb apnc-024310-048-20150507/

# Mount rootfs.img
cd apnc-024310-048-20150507/CacheVolume/upgrade
mkdir rootfs
mount -o loop rootfs.img rootfs

# Do the stuff you want to change e.g. fixing security vulnerabilites ...

# NOTE: Do *not* update the version in DEBIAN/control and rootfs/etc/version
#       because the firmware update script won't allow a rollback to a version
#       with a smaller bugfix number (version gets converted to a number my removing dots and hyphens)

# Unmount
umount rootfs
rm -rf rootfs

# Renew MD5 checksum
md5sum rootfs.img | sed 's/rootfs.img/-/g' > rootfs.md5

# Rebuild debian package
cd ../../../
mv apnc-024310-048-20150507.deb apnc-024310-048-20150507_original.deb
dpkg -b apnc-024310-048-20150507

# FINISHED:
# Your new firmware is now saved as apnc-024310-048-20150507.deb !
# You can now rename it if you like
mv apnc-024310-048-20150507.deb apnc-024310-048-20210628-hotfix1.deb


# --------------------------------------
# --- WesternDigital MyBook Live Duo ---
# --------------------------------------
# (It is basically the same, just "apnc" is "ap2nc")

# MyBook Live Duo (Codename "Zermatt", probably previously "Apollo 2")
# https://support-en.wd.com/app/products/product-detail/p/232
wget https://download.wdc.com/nas/ap2nc-024310-048-20150507.zip
unzip ap2nc-024310-048-20150507.zip

# You must be root to preserve the file owners!
sudo su

# Extract DEB file
mkdir ap2nc-024310-048-20150507
dpkg-deb -R ap2nc-024310-048-20150507.deb ap2nc-024310-048-20150507/

# Mount rootfs.img
cd ap2nc-024310-048-20150507/CacheVolume/upgrade
mkdir rootfs
mount -o loop rootfs.img rootfs

# Do the stuff you want to change e.g. fixing security vulnerabilites ...

# NOTE: Do *not* update the version in DEBIAN/control and rootfs/etc/version
#       because the firmware update script won't allow a rollback to a version
#       with a smaller bugfix number (version gets converted to a number my removing dots and hyphens)

# Unmount
umount rootfs
rm -rf rootfs

# Renew MD5 checksum
md5sum rootfs.img | sed 's/rootfs.img/-/g' > rootfs.md5

# Rebuild debian package
cd ../../../
mv ap2nc-024310-048-20150507.deb ap2nc-024310-048-20150507_original.deb
dpkg -b ap2nc-024310-048-20150507

# FINISHED:
# Your new firmware is now saved as ap2nc-024310-048-20150507.deb !
# You can now rename it if you like
mv ap2nc-024310-048-20150507.deb ap2nc-024310-048-20210628-hotfix1.deb