PDA

View Full Version : Updating fw via ftp


Custom Search


pez
06-18-2018, 11:50 AM
We've traditionally installed new fw via USB, but want to move across to using ftp.

I've got a test machine in front of me (c454e) and we've created an ftp server that is (or appears to be) working. FTP server has no firewall/av for testing purposes, and we can access the files within it across the network without needing to log in (set to anonymous authentication, and Everyone and Anonymous is set as a security permission with read access).


I've created a .tar of the fw using the bat file in the firmware download, and placed that tar file in the root of the ftp.

My service mode settings are as follows:

Service Mode
Machine Update Settings
Internet ISW

Internet ISW Set
Function Setting = ON
Open Mode Setting = ON

FTP Setting
Data Aqcuisition Setting = ON
Connection Setting
Port = 21
Connection Time Out = 1min
PASV Mode = OFF

Forwarding Access Setting
User ID = blank
PW = blank
URL = my ftp server
Filename = name of .tar file created by bat file in download

When I go to the Download section and click Download, I get an NG message (no error codes). When I attempt to download via
"Admin mode -> Network -> Machine Update Settings -> Internet ISW Settings -> FTP Server Setting -> Firmware Update Parameters" I see it says Failed in the Firmware Download Status box after I click Firmware Download.

Do I also need to set proxy setting for FTP in "Admin mode -> Network -> Machine Update Settings -> Internet ISW Settings -> FTP Server Setting" via a browser? I've tried both with the proxy server address entered here and left blank here, but I get NG when

I've tried switching basic authentication on in iis on my win10 machine and using an account name and password (which allows me to log into the ftp from other PCs using my credentials), and tried with it off (allowing a completely anonymous login - no credentials required), but both result in NG in the Download section.

Copier is on a static IP, ftp appears to be OK, wondering what else I can look at to get this working. Does anyone use FTP to update the fw on these machines?

feracampos
06-29-2022, 09:51 PM
We've traditionally installed new fw via USB, but want to move across to using ftp.

I've got a test machine in front of me (c454e) and we've created an ftp server that is (or appears to be) working. FTP server has no firewall/av for testing purposes, and we can access the files within it across the network without needing to log in (set to anonymous authentication, and Everyone and Anonymous is set as a security permission with read access).


I've created a .tar of the fw using the bat file in the firmware download, and placed that tar file in the root of the ftp.

My service mode settings are as follows:

Service Mode
Machine Update Settings
Internet ISW

Internet ISW Set
Function Setting = ON
Open Mode Setting = ON

FTP Setting
Data Aqcuisition Setting = ON
Connection Setting
Port = 21
Connection Time Out = 1min
PASV Mode = OFF

Forwarding Access Setting
User ID = blank
PW = blank
URL = my ftp server
Filename = name of .tar file created by bat file in download

When I go to the Download section and click Download, I get an NG message (no error codes). When I attempt to download via
"Admin mode -> Network -> Machine Update Settings -> Internet ISW Settings -> FTP Server Setting ->
Firmware Update Parameters" I see it says Failed in the Firmware Download Status box after I click Firmware Download.

Do I also need to set proxy setting for FTP in "Admin mode -> Network -> Machine Update Settings -> Internet ISW Settings -> FTP Server Setting" via a browser? I've tried both with the proxy server address entered here and left blank here, but I get NG when

I've tried switching basic authentication on in iis on my win10 machine and using an account name and password (which allows me to log into the ftp from other PCs using my credentials), and tried with it off (allowing a completely anonymous login - no credentials required), but both result in NG in the Download section.

Copier is on a static IP, ftp appears to be OK, wondering what else I can look at to get this working. Does anyone use FTP to update the fw on these machines?


Interested on this too.

techsxge
06-29-2022, 09:57 PM
Interested on this too.
I had it working once, have not used it because ftp is extremly unsafe even as a local server. The ftp protocol is nearly 40 years old and even Microsoft tries to stop using it by now, the same company that uses their printer spooling mechanism since XP.
I'll give it a little try tomorrow and see if i can dig up my documentation to do this.
There are safer ways than ftp tho

JasonSBE
06-29-2022, 11:33 PM
What OS are you running? Windows 10 built-in firewall disables ftp requests by default. May need to make sure that ftp traffic is permitted.

slimslob
06-30-2022, 02:10 AM
What OS are you running? Windows 10 built-in firewall disables ftp requests by default. May need to make sure that ftp traffic is permitted.

OS of the computer is a mute issue as he is talking about sending firmware by FTP to a KM c454e. IMHO it is an extremely bad idea. The amount of damage that a hacker can do by accessing that FTP server is unlimited, and that includes using it as a backdoor into your entire network.

rrrohan
06-30-2022, 02:51 AM
try setting credentials instead of leaving it blank.

we used to always use credentials but i havent bothered using it for many years as was really only used instead of CF cards.

I seem to recall retrying it on the 8 series but since firmware isnt just a single TAR file anymore i wasnt sure what to point it to so gave up

techsxge
06-30-2022, 07:50 AM
OS of the computer is a mute issue as he is talking about sending firmware by FTP to a KM c454e. IMHO it is an extremely bad idea. The amount of damage that a hacker can do by accessing that FTP server is unlimited, and that includes using it as a backdoor into your entire network.
Finally someone here who understands the risk of having a ftp server in your network even locally... ILY :p

JasonSBE
07-02-2022, 11:32 PM
OS of the computer is a mute issue as he is talking about sending firmware by FTP to a KM c454e. IMHO it is an extremely bad idea. The amount of damage that a hacker can do by accessing that FTP server is unlimited, and that includes using it as a backdoor into your entire network.


How is the OS an moot issue? The computer is where the firmware file is transmitted. Therefore, the OS that computer is running is relevant. And yes, FTP is not a safe method of updating firmware if you're doing it across a network, but you can still setup a FTP server a computer, and plug it directly into the MFP with a patch cable, and put manual network settings on both the MFP and the PC and update using internet ISW via FTP. I did it all the time on the old C353/C253/C203 systems because we had a lot of issue getting CF cards that would work.

slimslob
07-02-2022, 11:59 PM
The computer is where the firmware file is transmitted.

He was not talking about send to the computer, he was talking about sending firmware from the computer to the copier. A free FTP client is built into nearly every OS and can be accessed from the command line in any Microsoft OS.

JasonSBE
07-03-2022, 02:33 PM
He was not talking about send to the computer, he was talking about sending firmware from the computer to the copier. A free FTP client is built into nearly every OS and can be accessed from the command line in any Microsoft OS.

Yes. The file is TRANSMITTED from the computer. Ergo, if the computer is running windows 10 or possibly even 8 and definitely 11, he should check the firewall settings.

bsm2
07-03-2022, 03:10 PM
Updating the firmware of this machine (https://manuals.konicaminolta.eu/bizhub-C287-C227-UD/EN/contents/id08-_102039887.html)

slimslob
07-03-2022, 05:29 PM
With most major corporate and school IT departments have worked with, if they found out that the c454e was on their network with an enabled FTP server, that c454e and any other piece of equipment would immediately be replaced by equipment from another vendor and everyone from the company pez works for would be permanently banned.

techsxge
07-03-2022, 07:21 PM
With most major corporate and school IT departments have worked with, if they found out that the c454e was on their network with an enabled FTP server, that c454e and any other piece of equipment would immediately be replaced by equipment from another vendor and everyone from the company pez works for would be permanently banned.


well well, and then you hear someone saying school IT departments are stupid and old fashioned when it comes to security... Doesnt sound like it.
Thumbs up to any IT departments that does this. They are deffo on the right path.

slimslob
07-03-2022, 07:35 PM
well well, and then you hear someone saying school IT departments are stupid and old fashioned when it comes to security... Doesnt sound like it.
Thumbs up to any IT departments that does this. They are deffo on the right path.

That depends on the school. I worked with high school and elementary school districts. They had to be good in order to deal with teachers. My daughter is a Computer Science and Engineering Professor at a Cal State University. The only person at the IT Department that they trust to touch the Computer Science computers is a former student of hers.

techsxge
07-03-2022, 10:25 PM
That depends on the school. I worked with high school and elementary school districts. They had to be good in order to deal with teachers. My daughter is a Computer Science and Engineering Professor at a Cal State University. The only person at the IT Department that they trust to touch the Computer Science computers is a former student of hers.
aaaaaand this makes me happy to hear too, since all schools i worked with seems to never had their knowledge of IT updated since well the 2000's to say it politely. I have some better swearwords on hand rn but i dont feel like thats appropiate right now. You know what i want to say i hope.

Heads up to your daughter then, she must be doing one heck of a job then.

techsxge
07-03-2022, 10:26 PM
But to be honest: When i read the title of the Thread at first, my heart kind of stopped for a second.

rrrohan
07-04-2022, 02:26 AM
was FTPS designed to prolong the life of this old protocol or was that unsuccessful and no one trusts it anymore

techsxge
07-04-2022, 07:42 AM
was FTPS designed to prolong the life of this old protocol or was that unsuccessful and no one trusts it anymore
Well there is SFTP (SSH FTP) and FTPS (SSL FTP). Both adding a layer for security, but if configured by someone who does not understand the full functionality it is basically the same as FTP.

rrrohan
07-04-2022, 09:29 AM
Well there is SFTP (SSH FTP) and FTPS (SSL FTP). Both adding a layer for security, but if configured by someone who does not understand the full functionality it is basically the same as FTP.

lets assume his firewall is locked down. im curious as to how to get this working. we had a program on laptop we used with patch cable directly connected to copier but since firmware is a FW000000 folder and not a .tar we couldnt never figure out what we were doing wrong. id be curious what we need to do and just ignore the security concerns for now since as copier techs this isnt out job to understand and should be left to IT staff. but honestly assuming we arent on any other network at the time and just connected direct to copier then terminate the FTP server when finished and prior to reconnecting to a network i dont think the risk is even that bad

techsxge
07-04-2022, 02:44 PM
lets assume his firewall is locked down. im curious as to how to get this working. we had a program on laptop we used with patch cable directly connected to copier but since firmware is a FW000000 folder and not a .tar we couldnt never figure out what we were doing wrong. id be curious what we need to do and just ignore the security concerns for now since as copier techs this isnt out job to understand and should be left to IT staff. but honestly assuming we arent on any other network at the time and just connected direct to copier then terminate the FTP server when finished and prior to reconnecting to a network i dont think the risk is even that bad


"just ignore the security concerns for now since as copier techs this isnt out job to understand and should be left to IT staff" has the same energy as saying "i can install new power outlets, i can ignore if there is a current on the wires thats the eletricians job"

If YOU bring any security Problems into a Network, no matter if IT, Copy Tech, End-user or whatever, you are the Person to blame.
Oh and the second statement is also false: Yoiu could already be a infected client. Now if you connect to the machine, a hacker / virus can then send himself on the machine. When you then reconnect the Machine to your Clients network, he can spread out by manipulating Email attachments, changing SMB send files etc.. Ofcourse the Chance for this is way lower than other configurations, but still extremly unsafe and a reason for any IT department to ban you from any network access and throw the machine out at your cost.

JasonSBE
07-04-2022, 03:34 PM
lets assume his firewall is locked down. im curious as to how to get this working. we had a program on laptop we used with patch cable directly connected to copier but since firmware is a FW000000 folder and not a .tar we couldnt never figure out what we were doing wrong. id be curious what we need to do and just ignore the security concerns for now since as copier techs this isnt out job to understand and should be left to IT staff. but honestly assuming we arent on any other network at the time and just connected direct to copier then terminate the FTP server when finished and prior to reconnecting to a network i dont think the risk is even that bad



Every firmware that you download and extract from Konica should have a "mktar.bat" file in the same directory as the FW00000000 folder. Drag the FW000000 folder over the mktar.bat file and release it. This will generate the .tar file that is supposed to be used for firmware updates if you're using internet ISW.

tsbservice
07-04-2022, 08:50 PM
Every firmware that you download and extract from Konica should have a "mktar.bat" file in the same directory as the FW00000000 folder. Drag the FW000000 folder over the mktar.bat file and release it. This will generate the .tar file that is supposed to be used for firmware updates if you're using internet ISW.

Absolutely. I've done it and once you get the right setup it works flawlessly.
However I'm still using USB on site method...sigh, pretty stupid I know.

JasonSBE
07-06-2022, 01:10 AM
Absolutely. I've done it and once you get the right setup it works flawlessly.
However I'm still using USB on site method...sigh, pretty stupid I know.


Honestly, the folks saying ftp over the network is a bad idea are right. I would only pursue internet ISW in extreme cases, or if you're trying to update a very old machine that does not support USB. And even in those cases I would still plug directly into the MFP with either a patch cable or a crossover. It is nice to get it working for when it is needed though.

Custom Search