I was recently going through a box of old tech that I have held on to over the years. I am across two SanDisk Media Drives that I purchased for next to nothing on a clearance aisle at Target many years back. I had previously used these for their intended purpose. While traveling I would set them up with movies so we could watch when we otherwise didn't have easy access to streaming. Like I said I have had them for a while.
I have always wondered if I could use them for something more. So I plugged them in and got to looking. I quickly realized that I could access the files via the device's IP address. This meant that I could easily setup a reverse proxy using the Pi Lab load balancer to serve the content on these devices outside my local network.
As I began to look more closely at the devices I found a few snags. First off the FTP access to the devices was completely open. So anyone on my network could anonymously FTP into the device and have full read/write access to the files that I would be serving. The devices also had a web interface that allowed that same level of access.
After some digging I found a few posts online that discussed these very issues. As it turns out the devices run an embedded Linux OS. They do not provide SSH access, but they do provide telnet access. Which gave me enough access to get started. I was able to find the root password on one of the forum posts. The person who posted it had used John the Ripper password cracker to crack the password.
Now I was able to update the root password and gain write access to the entire device. I was able to track down the needed changes to not allow anonymous FTP access and I completely removed the web interface as I will not be using it. I also made backups of all the files used when setting up the WiFi creds for the devices. That way in the future I will not even need to use the SanDisk app for setting that up.
I added 32GB SD cards to each device which gives me 64GBs on each drive. One really cool thing is these devices can actually host static HTML/JS sites. That is what the web interface was using.
I have setup a GitHub repo to document the steps I took to set things up. Check it out here.
Updates:
Unfortunately I noticed that the batteries in these devices were starting to bulge. I have decided to retire these nodes.
