qemu环境搭建 | Snappyjack

第一次要使用sudo passwd root为root设置密码

修改源

#备份
cp /etc/apt/sources.list /etc/apt/sources.list.bak

在/etc/apt/sources.list文件前面替换如下条目

# 阿里云源
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
##测试版
#deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
# 源码
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
##测试版
#deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse


# 清华大学源
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
##测试版
#deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
# 源码
deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
##测试版
#deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multivers

安装及更换pip源

apt-get install python-pip

~/.pip/pip.conf (没有就创建一个文件夹及文件。文件夹要加“.”，表示是隐藏文件夹)

[global]
index-url = https://pypi.tuna.tsinghua.edu.cn/simple
[install]
trusted-host = https://pypi.tuna.tsinghua.edu.cn

binwalk

https://github.com/ReFirmLabs/binwalk

搭建调试环境

在从前，想要跨平台模拟运行其他平台的程序是很困难的，幸好一路大佬开发出了QEMU，关于 QEMU 的具体信息可在其官方网站上找到，实际上它就是一个虚拟机，能够虚拟大部分硬件设备，ARM 自然也包括在内，下面是一张关于 QEMU 的简图

---------------------------------------------
|apps		   |apps		  |apps		     | 
|--------------|--------------|--------------|
|客户端系统	   |客户端系统	  |客户端系统	 |
|--------------|--------------|--------------|
|QEMU(x86架构) |QEMU(ARM架构) |QEMU(x86架构) |
|--------------------------------------------|
|				宿主系统					 |
|--------------------------------------------|	
|			硬件平台(x86架构)				 |
----------------------------------------------

其中Qemu模块可以CPU模拟,内存模拟,I/O设备模拟,其他设备模拟等等

它在宿主机上模拟了相应硬件的环境，并在这些模拟的环境上面运行客户系统，这种机制类似于VMware，无需关机重启，即可在一套硬件上运行多种不同的系统。

一些命令

用chroot /overlay/squashfs-root /bin/sh来切换根目录到路由器文件系统。

漏洞固件下载

wget ftp://ftp.dlink.eu/Products/dir/dir-100/driver_software/DIR-100_fw_reva_113_ALL_en_20110915.zip

解包

binwalk -Me DIR100_v5.0.0EUb3_patch02.bix

如果想试试解包出来能不能运行,先安装这个

apt-get install binfmt-support qemu-user-static

然后在固件目录下执行这个

cp $(which qemu-mips-static) ./		#将那个文件复制到当前目录下

然后

chroot . ./qemu-mips-static ./bin/ifconfig

结果

chroot . ./qemu-mips-static ./bin/ifconfig 
ifconfig: Warning: cannot open /proc/net/dev. Limited output.: No such file or directory
docker0   Link encap:Ethernet  HWaddr 02:42:5C:F8:57:28  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

enp0s3    Link encap:Ethernet  HWaddr 08:00:27:9F:BF:22  
          inet addr:192.168.1.9  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

安装buildroot

buildroot是Linux平台上一个构建嵌入式Linux系统的框架。整个Buildroot是由Makefile脚本和Kconfig配置文件构成的。你可以和编译Linux内核一样，通过buildroot配置，menuconfig修改，编译出一个完整的可以直接烧写到机器上运行的Linux系统软件(包含boot、kernel、rootfs以及rootfs中的各种库和应用程序)。

先安装这个

apt install libncurses5-dev patch

切换到buildroot目录然后

make clean
make menuconfig

然后

target options ->target architecture -> mips(little endian)
tollchain -> kernel headers ->我的kernel

然后make,之后就是漫长的等待,结果

>>>   Generating filesystem image rootfs.tar
mkdir -p /root/buildroot-2019.02.8/output/images
rm -rf /root/buildroot-2019.02.8/output/build/buildroot-fs/tar
mkdir -p /root/buildroot-2019.02.8/output/build/buildroot-fs/tar
rsync -auH --exclude=/THIS_IS_NOT_YOUR_ROOT_FILESYSTEM /root/buildroot-2019.02.8/output/target/ /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/target
echo '#!/bin/sh' > /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/fakeroot
echo "set -e" >> /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/fakeroot
echo "chown -h -R 0:0 /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/target" >> /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/fakeroot
PATH="/root/buildroot-2019.02.8/output/host/bin:/root/buildroot-2019.02.8/output/host/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" /root/buildroot-2019.02.8/support/scripts/mkusers /root/buildroot-2019.02.8/output/build/buildroot-fs/full_users_table.txt /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/target >> /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/fakeroot
echo "/root/buildroot-2019.02.8/output/host/bin/makedevs -d /root/buildroot-2019.02.8/output/build/buildroot-fs/full_devices_table.txt /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/target" >> /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/fakeroot
printf '   \n' >> /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/fakeroot
printf '   	(cd /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/target; find -print0 | LC_ALL=C sort -z | tar  --pax-option=exthdr.name=%%d/PaxHeaders/%%f,atime:=0,ctime:=0 -cf /root/buildroot-2019.02.8/output/images/rootfs.tar --null --xattrs-include='\''*'\'' --no-recursion -T - --numeric-owner)\n' >> /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/fakeroot
chmod a+x /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/fakeroot
PATH="/root/buildroot-2019.02.8/output/host/bin:/root/buildroot-2019.02.8/output/host/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" FAKEROOTDONTTRYCHOWN=1 /root/buildroot-2019.02.8/output/host/bin/fakeroot -- /root/buildroot-2019.02.8/output/build/buildroot-fs/tar/fakeroot
rootdir=/root/buildroot-2019.02.8/output/build/buildroot-fs/tar/target
table='/root/buildroot-2019.02.8/output/build/buildroot-fs/full_devices_table.txt'

使用交叉编译工具来测试一下

/root/buildroot-2019.02.8/output/host/bin/mipsel-linux-gcc helloworld.c -o helloworld.out -static

运行

qemu-mipsel ./helloworld.out 
Hello, World! 

file

file helloworld.out 
helloworld.out: ELF 32-bit LSB executable, MIPS, MIPS32 version 1 (SYSV), statically linked, with debug_info, not stripped

这说明我们的交叉编译环境和QEMU都是安装成功的

选择QEMU-MIPS虚拟机映像

访问https://people.debian.org/~aurel32/qemu/,下载MIPSEL的系统映像,其中

with the following arguments for a 32-bit machine:
  - qemu-system-mipsel -M malta -kernel vmlinux-2.6.32-5-4kc-malta -hda debian_squeeze_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0"
  - qemu-system-mipsel -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda debian_wheezy_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0"

Start QEMU with the following arguments for a 64-bit machine:
  - qemu-system-mips64el -M malta -kernel vmlinux-2.6.32-5-5kc-malta -hda debian_squeeze_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0"
  - qemu-system-mips64el -M malta -kernel vmlinux-3.2.0-4-5kc-malta -hda debian_wheezy_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0"

配置桥接网络

为了能够让QEMU虚拟机和宿主机都能上网且互通,需要配置桥接网络

apt install bridge-utils uml-utilities

修改/etc/network/interfaces

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
up ifconfig eth0 0.0.0.0 up
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp off
bridge_maxwait 1

修改/etc/qemu-ifup

echo "Executing /etc/qemu-ifup"
echo "Bringing up $1 for bridged mode..."
sudo /sbin/ifconfig $1 0.0.0.0 promisc up
echo "Adding $1 to br0..."
sudo /sbin/brctl addif br0 $1
sleep 3

启动系统

qemu-system-mips -M malta -kernel vmlinux-2.6.32-5-4kc-malta -hda debian_squeeze_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0" -net nic, -net tap