ARM64 Debugging Environment

Since the last time ZCTF did a ARM64, I decided to record the process of using QEMU to build the ARM64 environment, and I would definitely encounter more reverse and PWN under the arm platform.

one installation of Qemu

I want to emulate the 64-bit ARM environment, so I need to use the qemu-system-aarch64. Under Kali, you can install successfully using the Apt-get install QEMU-SYSTEM-AARCH64.

two QEMU images that can be used directly

Ubuntu has provided a file system image for the user that has already installed the system. In

https://cloud-images.ubuntu.com/can find each Ubuntu server version of the QEMU image, I use Ubuntu server 14.04 here. The suffix is disk1.img is the image that QEMU supports.

three capacity to download the image

By default, this file system image can use a size of 2G.

I'm going to scale this file system.

Qemu-img Resize Trusty-server-cloudimg-arm64-disk1.img 20G expands the capacity of the mirror to 20G

Modprobe NBD max_part=8

Qemu-nbd-c/dev/nbd0 trusty-server-cloudimg-arm64-disk1.img mount the image using QEMU-NBD

FDISK/DEV/NBD0 Zoning Adjustments

Delete/DEV/NBD0P1 partition

Rebuilding/DEV/NBD0P1 partitions

Make it bootable

Adapts the file system to the extended image.

four extracting vmlinuz and intrid.img

mkdir MNT

MOUNT/DEV/NBD0P1 MNT

Ls-lt mnt/

CP Mnt/boot/vmlinuz-3.19.0-25-generic.

CP Mnt/boot/initrd.img-3.19.0-25-generic.

Umount MNT

Qemu-nbd-d/dev/nbd0

Five ready-to- start systems

There are several ways in which QEMU's network can be used, and I'll introduce two common ways.

In order for the QEMU guest system to use the network, QEMU needs to prepare a virtual network device (such as a network card) for the guest, and prepare a backend,backend for each virtual network device to interact with the virtual network device. For example, the network traffic generated by the guest system is removed from the virtual network device into the network of the host system. Each backend is associated with a virtual network device. At the start of the system, you need to specify the following two lines of parameters.

-netdev Type,id=name,...

-device Type,netdev=name

The first way to use the network is similar to NAT, the guest system can access the network, but the host system does not have direct access to the guest system. You can start with the following command:

The second way is to bridge the way, the guest and host can easily access each other, need to host the root authority. Before you run qemu-system-aarch64, you need to generate a network bridge, using the following script:

After the script runs, run ifconfig to see

Then use the following script to start the qemu-system-aarch64

After starting, install GCC/GDB, start debugging!!!

After you exit QEMU, run the following script to restore the original network settings

six other

I normally run QEMU in a screen session, but the shortcut keys for quitting qemu are: Ctrl + A + x. However, this shortcut will be captured by screen and will not reach Qemu, so qemu will not exit. You can use the following command to exit Qemu. Where Arm64 is the session name of screen.

Screen-s arm64-p 0-x Stuff "^ax"

Seven references

Http://rzycki.blogspot.com/2014/08/using-qemu-to-run-ubuntu-arm-64-bit.html

Https://en.wikibooks.org/wiki/QEMU/Networking

Http://www.mztn.org/dragon/arm64_01.html

Http://www.cnblogs.com/clpszpp/p/linux_bridge.html

https://gist.github.com/larsks/3933980

Http://hzqtc.github.io/2012/02/kvm-network-bridging.html

Http://suihkulokki.blogspot.my/2014/08/testing-qemu-21-arm64-support.html

Https://gist.github.com/philipz/3d278f414f8eadb5afe1

Https://en.wikibooks.org/wiki/QEMU/Images

Http://askubuntu.com/questions/456491/what-are-the-different-ubuntu-cloud-guest-images-disk1-root-uefi1

Https://wiki.ubuntu.com/ARM64/QEMU

Http://blog.eciton.net/uefi/qemu-arm-uefi.html

ARM64 Debugging Environment