Hack DRAC5

Overview

DRAC uses deprecated SSL procotols and also tries to execute unsigned code from Dell. I’m going to run it straight with Java instead of WebStart, because we can bypass many issues and get debugging turned on as well.

Running iDRAC5 in Standalone

Pre-requisites

• 32-bit JVM
• Modify Java’s security files to enable disabled cipher suites
• Download your DRAC instance’s connection JAR and native lib.
• Ensure you have all dependencies for your OS (Linux, or Windows)

Running DRAC Console

If you want to run things directly, try this script. You’ll need to grab the JARs right off your DRAC instance and stash them somewhere locally.

Get your DRAC’s connection jars

https://$YOURDRACHOST/plugins/vkvm/avctKVMIOLinux.jar https://$YOURDRACHOST/plugins/vkvm/avctDRAC5Viewer.jar

#!/bin/bash
WEBSTART=$1
if [[ -z $WEBSTART ]] ; then
    echo "Please supply a webstart file."; 
else 
    echo "We found your webstart -> $WEBSTART";
fi

ARGS=$(cat "$WEBSTART"  |  grep '^<argument' | sed -e 's/<argument>//g' | sed -e 's/<\/argument>//g' | tr '\n' ' ')
echo $ARGS
RUN="java -cp avctDRAC5Viewer.jar:avctKVMIOLinux.jar -Djava.library.path=. com.avocent.drac5.kvm.Main $ARGS"
echo $RUN
LD_PRELOAD="$PWD"/idrac-kvm-keyboard-fix/keycode-hack.so $RUN
#$RUN

Keycode hack

Dell’s DRAC protocol passes keycode that have since changed. We can dynamically override this with a hack. Alternatively, you can mod X with xmodmap as well.

Caveats

SSL suites disabled

You may have to enable deprecated cipher suites - you can Google that and find plenty of results.

01/03/2018 10:49:16:193: User Login Request: 0x100
01/03/2018 10:49:16:193:  ======connectToPort - sendRequest====== 
01/03/2018 10:49:16:194: packet type( 0x100)
 Sending packet: com.avocent.kvm.e.a.bf@17009c9e (8, 208).
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
			    at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1551)
			    at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1563)
			    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71)
			    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
			    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
			    at java.io.DataOutputStream.flush(DataOutputStream.java:123)
			    at com.avocent.kvm.d.b.g.b(Unknown Source)
			    at com.avocent.kvm.d.b.i.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
       at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
       at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1492)
       at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1361)
       at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:938)
       at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
       at java.io.DataInputStream.read(DataInputStream.java:149)
       at java.io.DataInputStream.readFully(DataInputStream.java:195)
       at java.io.DataInputStream.readFully(DataInputStream.java:169)
       at com.avocent.kvm.e.a.a.a(Unknown Source)
       at com.avocent.kvm.e.t.run(Unknown Source)

64-bit VM

You’ll need a 32-bit JVM and 32-bit libraries for its dependencies, like libX*.i686. I had many of them installed already because I do cross-arch dev on gentoo. You can install most of them with yum (C7).

#yum install compat-libst* libstdc* <-- You probably don't need this.
yum install glibc.i686
yum -y install 'libX*.i686'
yum -y install 'libgcc.i686'

The error , if you’re curious

Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /home/avinash/repos/os/hakDrak/hakdrak/src/main/lib/libavctKVMIO.so which might have disabled stack guard. The VM will try to fix the stack guard now.
It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'.
java.lang.UnsatisfiedLinkError: /home/avinash/repos/os/hakDrak/hakdrak/src/main/lib/libavctKVMIO.so: /home/avinash/repos/os/hakDrak/hakdrak/src/main/lib/libavctKVMIO.so: wrong ELF class: ELFCLASS32 (Possible cause: architecture word width mismatch)
				at java.lang.ClassLoader$NativeLibrary.load(Native Method)
				at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
				at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1857)
				at java.lang.Runtime.loadLibrary0(Runtime.java:870)
				at java.lang.System.loadLibrary(System.java:1122)
				at com.avocent.kvm.nativekeyboard.c.b(Unknown Source)
				at com.avocent.kvm.nativekeyboard.c.<init>(Unknown Source)
				at com.avocent.drac5.kvm.e.a(Unknown Source)
				at com.avocent.a.b.i.f(Unknown Source)
				at com.avocent.drac5.kvm.Main.a(Unknown Source)
				at com.avocent.drac5.kvm.Main.main(Unknown Source)
				at com.gentoomx.App.main(App.java:33)
 Failed to load native keyboard library.
01/03/2018 10:51:09:937:  End of file, session closing.
01/03/2018 10:51:09:937: AVSP closeConnection called.
01/03/2018 10:51:09:938:   Mouse packet thread stopping.