-
-
[原创]IoT安全:调试环境搭建教程(AArch32篇)
-
2018-7-4 14:39
-
本文是 《IoT安全:调试环境搭建教程》的第二篇,不多说直接上内容吧。
0x003 AArch32
主机:Ubuntu 16.04 LST
虚拟机版本: qemu 2.8.0
Linux内核版本:3.16
BusyBox版本:1.24.2
交叉编译工具链: arm-2014.05-29-arm-none-linux-gnueabi-i686-pc-linux-gnu
gdb版本:7.11.1
根文件系统:aarch32_rootfs.tar
以上工具已经打包好,下载地址如下
链接:https://pan.baidu.com/s/1saWaHWh-3oIl35MPHkr6xQ 密码:u3l5
上一篇已经有的工具不再重复,可自行前往下载
安装qemu和依赖
# 已经安装过的,输入以下命令会出现提示 $ qemu-system-arm qemu-system-arm: No machine specified, and there is no default Use -machine help to list supported machines
编译linux内核
$ tar -xf linux-3.16.tar.xz $ cross_compile=/root/toolchain/gcc/arm-2014.05/bin/arm-none-linux-gnueabi- $ make CROSS_COMPILE=$cross_compile ARCH=arm O=./out_aarch32 vexpress_defconfig $ make CROSS_COMPILE=$cross_compile ARCH=arm O=./out_aarch32 menuconfig $ make CROSS_COMPILE=$cross_compile ARCH=arm O=./out_aarch32 zImage -j4 Kernel Features ---> Memory split (3G/1G user/kernel split) ---> [*] High Memory Support Device Drivers ---> [*] Block devices ---> <*> RAM block device support (8192) Default RAM disk size (kbytes) System Type ---> [ ] Enable the L2x0 outer cache controller
添加开机自启动挂载共享文件
$ sudo gedit ./etc/init.d/rcS $ mkdir /nfsroot $ mount -t nfs -o nolock 192.168.1.156:/nfsroot /nfsroot
这里
不知道为什么 ,貌似不能用9p的方式共享
制作根文件系统
$ tar -xjvf busybox-1.24.2.tar.bz2 $ make menuconfig Build Options ---> [*] Build BusyBox as a static binary (no shared libs) (/root/toolchain/gcc/arm-2014.05/bin/arm-none-linux-gnueabi-) Cross Compiler prefix $ make && make install
制作启动用的ramdisk
$ tar -xzvf aarch32_rootfs.tar.gz # mk_ramdisk.sh #!/bin/bash sudo rm -rf rootfs sudo rm -rf tmpfs sudo rm -rf ramdisk* sudo mkdir rootfs sudo cp ../busybox-1.24.2/_install/* rootfs/ -raf sudo mkdir -p rootfs/proc/ sudo mkdir -p rootfs/sys/ sudo mkdir -p rootfs/tmp/ sudo mkdir -p rootfs/root/ sudo mkdir -p rootfs/var/ sudo mkdir -p rootfs/mnt/ sudo cp etc rootfs/ -arf sudo cp -arf /root/toolchain/gcc/arm-2014.05/arm-none-linux-gnueabi/libc/lib rootfs/ sudo rm -rf rootfs/lib/*.a sudo /root/toolchain/gcc/arm-2014.05/bin/arm-none-linux-gnueabi-strip rootfs/lib/* sudo mkdir -p rootfs/dev/ sudo mknod rootfs/dev/tty1 c 4 1 sudo mknod rootfs/dev/tty2 c 4 2 sudo mknod rootfs/dev/tty3 c 4 3 sudo mknod rootfs/dev/tty4 c 4 4 sudo mknod rootfs/dev/console c 5 1 sudo mknod rootfs/dev/null c 1 3 sudo dd if=/dev/zero of=ramdisk bs=1M count=8 sudo mkfs.ext4 -F ramdisk sudo mkdir -p tmpfs sudo mount -t ext4 ramdisk ./tmpfs/ -o loop sudo cp -raf rootfs/* tmpfs/ sudo umount tmpfs sudo gzip --best -c ramdisk > ramdisk.gz sudo mkimage -n "ramdisk" -A arm -O linux -T ramdisk -C gzip -d ramdisk.gz ramdisk.img
提示"mkimage:找不到命令"
$ sudo apt install u-boot-tools
启动
# run.sh qemu-system-arm \ -M vexpress-a9 \ -m 1024M \ -smp 2 \ -kernel ./zImage \ -nographic \ -append "root=/dev/mmcblk0 rw console=ttyAMA0 init=/linuxrc" \ -sd ./a9rootfs.ext3 \ -net nic,vlan=0 -net tap,vlan=0,ifname=tap0 \ -redir tcp:2333::2333
若提示提示
EXT4-fs (ram0): mounted filesystem with ordered data mode. Opts: (null) VFS: Mounted root (ext4 filesystem) readonly on device 1:0. Freeing unused kernel memory: 1024K mkdir: can't create directory '/var/lock': Read-only file system
config kernel后重新编译
Device Drivers —> Generic Driver Options —> (/sbin/hotplug) path to uevent helper [*] Maintain a devtmpfs filesystem to mount at /dev [*] Automount devtmpfs at /dev, after the kernel mounted the rootfs [*] Select only drivers that don’t need compile-time external firmware [*] Prevent firmware from being built -*- Userspace firmware loading support [ ] Include in-kernel firmware blobs in kernel binary () External firmware blobs to build into the kernel binary [ ] Driver Core verbose debug messages [ ] Managed device resources verbose debug messages
配置主机nfs服务
$ sudo apt-get update $ sudo apt-get install nfs-kernel-server $ mkdir /nfsroot $ sudo gedit /etc/exports /nfsroot *(rw,sync,no_root_squash,no_subtree_check) $ sudo /etc/init.d/rpcbind restart $ sudo /etc/init.d/nfs-kernel-server restart
编译gdb-7.11.1
$ CC="arm-linux-gnueabi-gcc-5" CXX="arm-linux-gnueabi-g++-5" ./configure --target=arm-linux-gnueabi --host="arm-linux-gnueabi" --prefix="/root/toolchain/gdb/gdb-7.11.1/gdb/gdbserver/out_aarch32" $ make install
交叉编译测试例程
$ mkdir build
$ nano hello.c
#include <stdio.h>
int main()
{
printf("hello\n");
return 0;
}
$ ./arm-none-linux-gnueabi-gcc -g hello.c -o hello_aarch32 -staticguest机启动调试
$ ./gdbserver_aarch32 0.0.0.0:2333 ./hello_aarch32
host机附加上去,报错
$ gdb gef➤ gef-remote -q 192.168.1.20:2333 warning: while parsing target description (at line 10): Target description specified unknown architecture "arm" warning: Could not load XML target description; ignoring Remote 'g' packet reply is too long: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030feffbe000000005c8b0000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
改成用gdb-multiarch
$ gdb-multiarch gef➤ set architecture arm The target architecture is assumed to be arm gef➤ gef-remote -q 192.168.1.20:2333
至此,调试环境已经搭建好了,其实也可以直接Raspberry镜像,具体参考这篇文章
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
|
|
|---|---|
