Skip to content
Snippets Groups Projects
Commit 59b8bd1e authored by Timmy Chan's avatar Timmy Chan
Browse files

Update Readme

parent 964617c2
Branches
No related tags found
1 merge request!5Feat/cve linux kernel
Show whitespace changes
Inline Side-by-side
exploitdb/ctfsetup/qemu/Readme.md
+ 94
101
View file @ 59b8bd1e
...@@ -2,6 +2,17 @@ ...@@ -2,6 +2,17 @@
This module support automatic setup of virtual machines with emulated hardware using Qemu. This module support automatic setup of virtual machines with emulated hardware using Qemu.
The program will spend around a total of 30 minutes to finish. The main steps done by the program are the following:
1. Check dependencies on host (install if not installed)
1. Derive inputs (calculate the gcc version).
1. Download, create and configure a stable debian disk image.
1. Find a Buildroot version which support compiling the specified kernel
1. Create a Buildroot configuration file to prepare for compilation
1. Compile the kernel
1. Run the Qemu with kernel and disk image in background
Supported CPU architectures: Supported CPU architectures:
- i386 - i386
- x86_64 (see Limitations) - x86_64 (see Limitations)
...@@ -11,42 +22,10 @@ Supported Linux kernels: ...@@ -11,42 +22,10 @@ Supported Linux kernels:
- 4.x - 4.x
- 5.x - 5.x
The setup additionally enables the following features:
- OpenSSL
- Wget
- OpenSSH
- Eth0 network
## Steps performed by the automation
#### Get required binary packages
sudo apt update && apt install -y \
wget \
build-essential \
git \
libelf-dev \
libssl-dev \
libncurses5-dev \
ncurses-dev \
qemu qemu-system-x86 \
rsync \
gcc \
;
### Default Configuration
#### Setup libraries Default config options we use for Buildroot:
Clone the latest source of Buildroot from git repo. Store it inside `./lib/buildroot/`
Get Debian minimal stable image (both 32-bit and 64-bit).
Use `debootstrap` to bootstrap a basic/minimal Debian system of 32-bit and 64-bit, into `./lib/debian_minimal/`.
#### Build the kernel and initramfs
Depending on the specifications from the user, the module will try its best to compile a working kernel.
Directly change the `.config` file and make changes depending on arguments passed to the module.
Default config options we use for buildroot:
| Config option | Value | Comment | | Config option | Value | Comment |
|----------------|----------------|----------------------------| |----------------|----------------|----------------------------|
...@@ -59,54 +38,48 @@ Default config options we use for buildroot: ...@@ -59,54 +38,48 @@ Default config options we use for buildroot:
The user will get an option to modify these options manually. The user will get an option to modify these options manually.
Debian image setup additionally enables the following features:
- OpenSSL
- Wget
- OpenSSH
- Eth0 network
How do initramfs work?
Initramfs separates the booting process into two stages. The first stage sets up links between the VM and hardware drivers and configures the network and initial system processes. At the end of the first stage, the init script within the initramfs should switch the root from initramfs to rootfs. The rootfs should be of a linux distribution, such as Debian image.
**Initramfs is not supported yet.** The kernel will run the VM image directly.
#### Create a working directory
Make a new directory inside `./virtual_machines/<vm id>` to store the different images needed.
#### Create a Debian disk image
Inside the working directory, use `dd` to create a new disk and format it properly. Mount the disk on new dir `./mnt` and the debian stable (32-bit) is copied into the image.
The network, user, pass, ctf flag and other configurations are all set up here.
#### Create a initramfs (Not supported yet)
Need a little more work on this.
Extract the rootfs.tar and edit the `/init` script to run `switch_root` to `/dev/sda`. Configure _eth0_ network.
#### Boot up with Qemu
Navigate to the working directory and use the following command:
qemu-system-x86_64 \
-kernel bzImage \
-initrd initramfs.cpio \
-append "root=/dev/sda rw biosdevname=0 net.ifnames=0 console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0" \
-nographic \
-m 512 \
-hda disk.img \
-device rtl8139,netdev=net00 \
-netdev type=user,id=net00 \
-net nic \
-net user,hostfwd=tcp:127.0.0.1:59355-:22 \
;
The command gives the VM access to network, and opens a SSH connection locally.
A proper port forwarding system on the host machine is needed to forward incoming SSH connections to the VM. ### Project structure:
qemu
├── lib
│ ├── buildroot # Library to configure and compile kernel
│ ├── kconfiglib.py # Library to parse kconfig files
│ └── html_table_parser.py # Parser for html tables
├── buildroot_compile.sh # Run kernel compilation commands
├── buildroot_menuconfig_navigator.py # Utility class to control buildroot_menuconfig
├── buildroot_menuconfig.py # Utility class to control kconfiglib
├── buildroot_prepare.sh # Changes the buildroot version and clean up
├── buildroot_setup_config.txt # Generated file. Will be copied to lib/buildroot as .config
├── buildroot_setup_preconfig_host.txt # Defines configurations to forcibly override parts in .config
├── buildroot_setup.py # Run buildroot setup, configure and compile
├── buildroot_utils.py # Buildroot utility functions
├── debian_image_configuration_chroot.sh # Configure a disk image
├── debian_image_setup.sh # Bootstrap a debian disk image and configure
├── qemu_background_boot.sh # Boots kernel and OS image on Qemu, ssh enabled, in background
├── settings.py # Defines variables
├── setup_dependencies.sh # Checks and install necessary dependencies in host machine
├── setup.py # Run full setup.
├── utils.py # General utility functions
└── vms # Directory to store the generated Qemu VMs
├── 2020-06-10_13.18.38 # Directory named after date of creation
│ ├── bzImage # Kernel image copied from [..]/buildroot/output/images/
│ └── disk.img # Configured minimal debian image
├── 2020-07-04_11.08.46 # Directory named after date of creation
│ ├── ...
├── ...
## Limitations ## Limitations
This depends on Builtroot's internal toolchain. Some specific versions of kernel do not support compiling for x86_64 (possibly many others). No errors can be detected before running the system with Qemu. Errorneuos kernel versions gets stuck after the following output: - External toolchain is not set up. The program now uses Builtroot's internal toolchain.
- Some specific versions of kernel do not support compiling for x86_64 (possibly many others).
Erroneous kernel versions gets stuck after the following output:
$ qemu-system-x86_64 -nographic -m 512 \ $ qemu-system-x86_64 -nographic -m 512 \
-kernel bzImage \ -kernel bzImage \
...@@ -122,13 +95,33 @@ This depends on Builtroot's internal toolchain. Some specific versions of kernel ...@@ -122,13 +95,33 @@ This depends on Builtroot's internal toolchain. Some specific versions of kernel
Decompressing Linux... Parsing ELF... done. Decompressing Linux... Parsing ELF... done.
Booting the kernel. Booting the kernel.
Examples of versions that does not work for 64-bit, but 32-bit: Examples of versions that does not work for 64-bit, but 32-bit:
- 3.18.4, arch x86_64, 3.18.4, arch x86_64,
- As the system reuse the same Buildroot source, it cannot run multiple compilations (cmake) simultaneously.
- A proper port forwarding system on the host machine is needed to forward incoming SSH connections to the VM.
- The qemu setup program cannot list the running qemu vm images yet.
We can do "ps aux | grep qemu", but not something similar to "docker ps".
It means we cannot easily check which ssh port is running which VM yet.
- No way to detect a crashed qemu vm. A simple "ssh port is open" check on qemu booting is implemented,
but it is unreliable as a kernel could still have crashed even if the port is open.
- Kernels before 3.2.x are not supported. System will try running it, and sometimes it boots,
sometimes doesn't. There are many compatibility issues on the old kernels mostly because of `glibc` updates.
- I have been trying out different package patches on glibc.
Some luck was shown, but the fixes were not consistent, as moving to a slightly older kernel
version introduced new errors (during compilation and boot).
- Booting a machine on initramfs is not supported yet. The kernel will run the VM image directly.
- Only Debian OS are supported.
- The earliest Buildroot release is from 2012. The program do not necessarily support
compiling kernels earlier than 3.2.
As the system reuse the same buildroot source, it cannot run multiple compilations (cmake) simultaneously. - Different steps of the program is not run in parallel. Running Debian image setup and kernel compilation
simultaneously is not supported yet.
## Dependencies
- Buildroot
- Debian (debootstrap command?)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment