|
|
|
This wiki shows how to simulate D-link 850L with Qemu:
|
|
|
|
|
|
|
|
**Install qemu**
|
|
|
|
|
|
|
|
Download qemu with wget:
|
|
|
|
|
|
|
|
`wget https://download.qemu.org/qemu-5.2.0.tar.xz`
|
|
|
|
|
|
|
|
`tar xvJf qemu-5.2.0.tar.xz`
|
|
|
|
|
|
|
|
`cd qemu-5.2.0`
|
|
|
|
|
|
|
|
Install some dependent tools:
|
|
|
|
|
|
|
|
`sudo apt-get install build-essential libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev`
|
|
|
|
|
|
|
|
Install ninja:
|
|
|
|
|
|
|
|
`apt install re2c
|
|
|
|
|
|
|
|
`git clone git://github.com/ninja-build/ninja.git && cd ninja`
|
|
|
|
|
|
|
|
`sudo ./configure.py --bootstrap`
|
|
|
|
|
|
|
|
`cp ninja /usr/bin/`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Install qemu;
|
|
|
|
|
|
|
|
`./configure`
|
|
|
|
|
|
|
|
`Make`
|
|
|
|
|
|
|
|
`Make install`
|
|
|
|
|
|
|
|
**Use System emulation to simulate the Router D_Link 850L**
|
|
|
|
|
|
|
|
For QEMU in system mode, we need to provide the emulator with a file system image and a kernel to use in the boot process.
|
|
|
|
Using a pre-compiled Debian MIPS kernel with a MIPS QCOW2 file system image, boot the VM, copy the DIR-850L’s extracted squashfs root into the VM, and then create a new chroot.
|
|
|
|
|
|
|
|
|
|
|
|
1.Getting squashfs root
|
|
|
|
Download the firmware from the internet and extracting the device firewre with binwalk.
|
|
|
|
`sudo apt-get -y install unzip`
|
|
|
|
`unzip DIR-850L_REVA_FIRMWARE_1.00.B07.ZIP`
|
|
|
|
`binwalk -e DIR850LA1_FW114WWb07.bin`
|
|
|
|
|
|
|
|
2.Getting a kernal and file system image
|
|
|
|
'mkdir linux_mips; cd linux_mips'
|
|
|
|
'wget https://people.debian.org/~aurel32/qemu/mips/vmlinux-3.2.0-4-4kc-malta'
|
|
|
|
`wget https://people.debian.org/~aurel32/qemu/mips/debian_wheezy_mips_standard.qcow2`
|
|
|
|
|
|
|
|
3.Booting the vm
|
|
|
|
`qemu-system-mips -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda debian_wheezy_mips_standard.qcow2 -append "root=/dev/sda1" -nographic -net nic -net user,id=tcp,hostfwd=tcp::5022-:22,hostfwd=tcp:5023:23,hostfwd=tcp:48101:48101`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4.Copying the squashfs root
|
|
|
|
ensure that the sshd is running inside the MIPS VM:
|
|
|
|
`root@debian-mips:~# service ssh start; service ssh status
|
|
|
|
Starting OpenBSD Secure Shell server: sshd.
|
|
|
|
sshd is running.
|
|
|
|
root@debian-mips:~#`
|
|
|
|
|
|
|
|
back on the host OS, tar up the contents of the squashfs root and copy it into the guest VM:
|
|
|
|
|
|
|
|
$ tar zcf squashfs-root.tar.gz squashfs-root/
|
|
|
|
$ scp -P 2222 ./squashfs-root.tar.gz root@127.0.0.1:/root
|
|
|
|
|
|
|
|
|
|
|
|
extract the tarball on the guest MIPS VM:
|
|
|
|
|
|
|
|
root@debian-mips:~# ls
|
|
|
|
squashfs-root.tar.gz
|
|
|
|
root@debian-mips:~# tar zxf squashfs-root.tar.gz
|
|
|
|
root@debian-mips:~#
|
|
|
|
Inatll /proc,/dev and /sys and use chroot to enter the firmware file system:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5.Starting the device's service
|
|
|
|
Most embedded Linux devices have startup scripts in /etc/init.d/ that will launch services and perform configuration.
|
|
|
|
|
|
|
|
# `/etc/init.d/rcS` |
