Red Teaming
Malware Analysis
IoT / Reverse / Firmware
Qemu + buildroot 101
Compile arm kernel and execute it via qemu
1
sudo apt-get install qemu-system-arm
2
tar -xvzf buildroot-2020.02.3.tar.gz
3
sudo apt-get install libncurses5-dev libncursesw5-dev
4
5
make menuconfig
6
make list-defconfigs
7
make qemu_arm_versatile_defconfig
8
9
export PATH=$PATH:/home/embeddedcraft/buildroot-2020.02.3/output/host/bin
10
arm-buildroot-linux-uclibcgnueabi-gcc hello.c -o hello
11
sudo mount -t ext2 -o rw,loop rootfs.ext2 /mnt/try
12
sudo cp hello /mnt/try/root/
13
14
qemu-system-arm -M versatilepb -kernel vmlinuz-3.2.0-4-versatile -initrd initrd.img-3.2.0-4-versatile -hda debian_wheezy_armel_standard.qcow2 -append "root=/dev/sda1" -net nic -net user,hostfwd=tcp::7777-:22
15
16
tar zcf squashfs-root.tar.gz squashfs-root
17
scp -P 7777 ./squashfs-root.tar.gz [email protected]:/root
Copied!
Buildroot and QEMU – the quickest recipe for your own Linux
1
get buildroot version from the official website
2
$ tar -xvzf buildroot-2021.xxx.tar.gz
3
$ cd buildroot/
4
$ make qemu_arm_versatile_defconfig
5
$ make menuconfig
6
$ qemu-system-arm -M versatilepb -kernel output/images/zImage -dtb output/images/versatile-pb.dtb -drive file=output/images/rootfs.ext2,if=scsi -append "root=/dev/sda console=ttyAMA0,115200" -nographic
7
8
source: https://pressreset.net/2013/09/buildroot-and-qemu-the-quickest-recipe-for-your-own-linux/
Copied!
buildroot essential commands that will safe your life
1
make menuconfig
2
make HOSTCC=gcc-4.4
3
make MAKEINFO=true
4
make -j8
Copied!
qemu essential commands that will safe you
1
qemu-system-arm -machine help
2
qemu-system-arm -machine vexpress -cpu help
3
4
sudo qemu-system-arm \
5
-M vexpress-a9 \
6
-kernel ./zImage_arch \
7
-dtb ./vexpress-v2p-ca9.dtb \
8
--nographic \
9
-append "root=/dev/mmcblk0 rw roottype=ext4 console=ttyAMA0" \
10
-drive if=sd,driver=raw,cache=writeback,file=./arch_rootfs.ext4 \
11
-net nic,macaddr=$macaddr \
12
-net tap,vlan=0,ifname=tap0 \
13
-snapshot
14
15
16
qemu-system-arm -M vexpress-a9 \
17
-cpu cortex-a9 \
18
-m 1024 \
19
-nographic \
20
-kernel $BRIMAGES/zImage \
21
-drive file=$BRIMAGES/rootfs.ext2,index=0,media=disk,format=raw,if=sd \
22
-dtb $BRIMAGES/vexpress-v2p-ca9.dtb \
23
-net nic \
24
-net user,hostfwd=tcp::2222-:22,hostfwd=tcp::9000-:9000 \
25
-append "rw console=ttyAMA0 console=tty root=/dev/mmcblk0"
26
27
28
qemu-system-arm -M versatilepb -kernel vmlinuz-3.2.0-4-versatile -initrd initrd.img-3.2.0-4-versatile -hda debian_wheezy_armel_standard.qcow2 -append "root=/dev/sda1" -net nic -net user,hostfwd=tcp::7777-:22
29
30
qemu-system-arm -M versatilepb -kernel output/images/zImage -dtb output/images/versatile-pb.dtb -drive file=output/images/rootfs.ext2,if=scsi -append "root=/dev/sda console=ttyAMA0,115200" -nographic
31
32
qemu-system-arm -M versatilepb -kernel zImage -dtb versatile-pb.dtb -drive file=rootfs.ext2,if=scsi,format=raw -append "root=/dev/sda console=ttyAMA0,115200" -serial stdio -net nic,model=rtl8139 -net user
Copied!
Qemu + virtual tap
1
sudo brctl addbr virbr0
2
sudo ifconfig virbr0 192.168.122.1/24 up
3
4
sudo tunctl -t tap0
5
sudo ifconfig tap0 192.168.122.11/24 up
6
sudo brctl addif virbr0 tap0
7
8
sudo qemu-system-mipsel -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda debian_wheezy_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0" -net nic,vlan=0 -net tap,vlan=0,ifname=tap0 -nographic
9
10
ifconfig eth0 192.168.122.12/24 up
Copied!
Another option is portforwarding:
1
sudo qemu-system-mipsel -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda debian_wheezy_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0" -net user,hostfwd=tcp::80-:80,hostfwd=tcp::443-:443,hostfwd=tcp::2222-:22 -net nic -nographic
2
3
ssh -p 2222 [email protected]
4
scp -r ./data [email protected]:/root/
Copied!
[原创][分享]buildroot构建MIPS64调试环境-智能设备-看雪论坛-安全社区|安全招聘|bbs.pediy.com
[原创][分享]buildroot构建MIPS64调试环境-智能设备-看雪论坛-安全社区|安全招聘|bbs.pediy.com
Last modified 10mo ago