search

attify / firmware-analysis-toolkit

Toolkit to emulate firmware and analyse it for security vulnerabilities
MIT License
1.35k stars 256 forks source link

cant access IP adress through browser #54

Open naveen66611 opened 4 years ago

naveen66611 commented 4 years ago

I was trying to emulate DIR300.bin binary ...

Following is the console output. I cant access the IP through browser. Help will be very much appreciated.

Welcome to fish, the friendly interactive shell iot@attifyos ~/t/firmware-analysis-toolkit> ./fat.py DIR_firmware.bin 

                           __           _
                          / _|         | |
                         | |_    __ _  | |_
                         |  _|  / _` | | __|
                         | |   | (_| | | |_
                         |_|    \__,_|  \__|

            Welcome to the Firmware Analysis Toolkit - v0.3
Offensive IoT Exploitation Training http://bit.do/offensiveiotexploitation
              By Attify - https://attify.com  | @attifyme

[+] Firmware: DIR_firmware.bin [+] Extracting the firmware... [+] Image ID: 3 [+] Identifying architecture... [+] Architecture: mipseb [+] Building QEMU disk image... [+] Setting up the network connection, please standby... [+] Network interfaces: [('br0', '192.168.0.1')] [+] All set! Press ENTER to run the firmware... [+] When running, press Ctrl + A X to terminate qemu [+] Command line: /home/iot/tools/firmware-analysis-toolkit/firmadyne/scratch/3/run.sh [sudo] password for iot: Creating TAP device tap3_0... Set 'tap3_0' persistent and owned by uid 0 Bringing up TAP device... Adding route to 192.168.0.1... Starting firmware emulation... use Ctrl-a + x to exit [ 0.000000] Linux version 2.6.32.70 (vagrant@vagrant-ubuntu-trusty-64) (gcc version 5.3.0 (GCC) ) #1 Thu Feb 18 01:39:21 UTC 2016 [ 0.000000] [ 0.000000] LINUX started... [ 0.000000] bootconsole [early0] enabled [ 0.000000] CPU revision is: 00019300 (MIPS 24Kc) [ 0.000000] FPU revision is: 00739300 [ 0.000000] Determined physical RAM map: [ 0.000000] memory: 00001000 @ 00000000 (reserved) [ 0.000000] memory: 000ef000 @ 00001000 (ROM data) [ 0.000000] memory: 0061e000 @ 000f0000 (reserved) [ 0.000000] memory: 0f8f1000 @ 0070e000 (usable) [ 0.000000] debug: ignoring loglevel setting. [ 0.000000] Wasting 57792 bytes for tracking 1806 unused pages [ 0.000000] Initrd not found or empty - disabling initrd [ 0.000000] Zone PFN ranges: [ 0.000000] DMA 0x00000000 -> 0x00001000 [ 0.000000] Normal 0x00001000 -> 0x0000ffff [ 0.000000] Movable zone start PFN for each node [ 0.000000] early_node_map[1] active PFN ranges [ 0.000000] 0: 0x00000000 -> 0x0000ffff [ 0.000000] On node 0 totalpages: 65535 [ 0.000000] free_area_init_node: node 0, pgdat 806aa3c0, node_mem_map 81000000 [ 0.000000] DMA zone: 32 pages used for memmap [ 0.000000] DMA zone: 0 pages reserved [ 0.000000] DMA zone: 4064 pages, LIFO batch:0 [ 0.000000] Normal zone: 480 pages used for memmap [ 0.000000] Normal zone: 60959 pages, LIFO batch:15 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 65023 [ 0.000000] Kernel command line: root=/dev/sda1 console=ttyS0 nandsim.parts=64,64,64,64,64,64,64,64,64,64 rdinit=/firmadyne/preInit.sh rw debug ignore_loglevel print-fatal-signals=1 user_debug=31 firmadyne.syscall=0 [ 0.000000] PID hash table entries: 1024 (order: 0, 4096 bytes) [ 0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes) [ 0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes) [ 0.000000] Primary instruction cache 2kB, VIPT, 2-way, linesize 16 bytes. [ 0.000000] Primary data cache 2kB, 2-way, VIPT, no aliases, linesize 16 bytes [ 0.000000] Writing ErrCtl register=00000000 [ 0.000000] Readback ErrCtl register=00000000 [ 0.000000] Memory: 252428k/254916k available (4260k kernel code, 2252k reserved, 1549k data, 220k init, 0k highmem) [ 0.000000] Hierarchical RCU implementation. [ 0.000000] NR_IRQS:256 [ 0.000000] CPU frequency 200.00 MHz [ 0.000000] Console: colour dummy device 80x25 [ 0.028000] Calibrating delay loop... 130.81 BogoMIPS (lpj=261632) [ 0.100000] Mount-cache hash table entries: 512 [ 0.188000] NET: Registered protocol family 16 [ 0.236000] bio: create slab at 0 [ 0.248000] vgaarb: loaded [ 0.256000] SCSI subsystem initialized [ 0.260000] libata version 3.00 loaded. [ 0.268000] usbcore: registered new interface driver usbfs [ 0.272000] usbcore: registered new interface driver hub [ 0.276000] usbcore: registered new device driver usb [ 0.292000] pci 0000:00:00.0: reg 14 32bit mmio pref: [0x1000000-0x1ffffff] [ 0.300000] pci 0000:00:0a.1: reg 20 io port: [0x00-0x0f] [ 0.304000] pci 0000:00:0a.2: reg 20 io port: [0x00-0x1f] [ 0.308000] pci 0000:00:0a.3: BAR 8: address space collision on of bridge [0x1100-0x110f] [ 0.312000] pci 0000:00:0a.3: quirk: region 1100-110f claimed by PIIX4 SMB [ 0.316000] pci 0000:00:12.0: reg 10 32bit mmio pref: [0x000000-0x1ffffff] [ 0.320000] pci 0000:00:12.0: reg 14 32bit mmio: [0x000000-0x000fff] [ 0.324000] pci 0000:00:12.0: reg 30 32bit mmio pref: [0x000000-0x00ffff] [ 0.328000] pci 0000:00:13.0: reg 10 32bit mmio: [0x000000-0x01ffff] [ 0.332000] pci 0000:00:13.0: reg 14 io port: [0x00-0x3f] [ 0.336000] pci 0000:00:13.0: reg 30 32bit mmio pref: [0x000000-0x07ffff] [ 0.340000] pci 0000:00:14.0: reg 10 32bit mmio: [0x000000-0x01ffff] [ 0.344000] pci 0000:00:14.0: reg 14 io port: [0x00-0x3f] [ 0.348000] pci 0000:00:14.0: reg 30 32bit mmio pref: [0x000000-0x07ffff] [ 0.352000] pci 0000:00:15.0: reg 10 32bit mmio: [0x000000-0x01ffff] [ 0.356000] pci 0000:00:15.0: reg 14 io port: [0x00-0x3f] [ 0.360000] pci 0000:00:15.0: reg 30 32bit mmio pref: [0x000000-0x07ffff] [ 0.364000] pci 0000:00:16.0: reg 10 32bit mmio: [0x000000-0x01ffff] [ 0.368000] pci 0000:00:16.0: reg 14 io port: [0x00-0x3f] [ 0.368000] pci 0000:00:16.0: reg 30 32bit mmio pref: [0x000000-0x07ffff] [ 0.376000] vgaarb: device added: PCI:0000:00:12.0,decodes=io+mem,owns=none,locks=none [ 0.380000] pci 0000:00:0a.3: BAR 8: bogus alignment [0x1100-0x110f] flags 0x100 [ 0.416000] cfg80211: Calling CRDA to update world regulatory domain [ 0.420000] Switching to clocksource MIPS [ 0.428000] Switched to NOHz mode on CPU #0 [ 0.448000] NET: Registered protocol family 2 [ 0.476000] IP route cache hash table entries: 2048 (order: 1, 8192 bytes) [ 0.516000] TCP established hash table entries: 8192 (order: 4, 65536 bytes) [ 0.532000] TCP bind hash table entries: 8192 (order: 3, 32768 bytes) [ 0.544000] TCP: Hash tables configured (established 8192 bind 8192) [ 0.560000] TCP reno registered [ 0.580000] NET: Registered protocol family 1 [ 0.600000] PCI: Enabling device 0000:00:0a.2 (0000 -> 0001) [ 0.748000] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 0.764000] Registering unionfs 2.6 (for 2.6.32.63) [ 0.788000] JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc. [ 0.808000] ROMFS MTD (C) 2007 Red Hat, Inc. [ 0.828000] msgmni has been set to 493 [ 0.964000] alg: No test for stdrng (krng) [ 1.104000] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253) [ 1.120000] io scheduler noop registered [ 1.128000] io scheduler cfq registered (default) [ 1.144000] firmadyne: devfs: 1, execute: 1, procfs: 1, syscall: 0 [ 1.176000] firmadyne: Cannot register character device: watchdog, 0xa, 0x82! [ 1.196000] firmadyne: Cannot register character device: wdt, 0xfd, 0x0! [ 1.376000] PCI: Enabling device 0000:00:12.0 (0000 -> 0002) [ 1.388000] cirrusfb 0000:00:12.0: Cirrus Logic chipset on PCI bus, RAM (4096 kB) at 0x10000000 [ 1.776000] Console: switching to colour frame buffer device 80x30 [ 1.928000] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled [ 1.960000] serial8250.0: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A [ 1.984000] console [ttyS0] enabled, bootconsole disabled [ 1.984000] console [ttyS0] enabled, bootconsole disabled [ 2.020000] serial8250.0: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A [ 2.080000] brd: module loaded [ 2.104000] loop: module loaded [ 2.112000] ata_piix 0000:00:0a.1: version 2.13 [ 2.132000] PCI: Enabling device 0000:00:0a.1 (0000 -> 0001) [ 2.168000] PCI: Setting latency timer of device 0000:00:0a.1 to 64 [ 2.208000] scsi0 : ata_piix [ 2.232000] scsi1 : ata_piix [ 2.240000] ata1: PATA max UDMA/33 cmd 0x1f0 ctl 0x3f6 bmdma 0x1420 irq 14 [ 2.264000] ata2: PATA max UDMA/33 cmd 0x170 ctl 0x376 bmdma 0x1428 irq 15 [ 2.328000] NAND device: Manufacturer ID: 0x98, Chip ID: 0x39 (Toshiba NAND 128MiB 1,8V 8-bit) [ 2.352000] flash size: 128 MiB [ 2.368000] page size: 512 bytes [ 2.372000] OOB area size: 16 bytes [ 2.380000] sector size: 16 KiB [ 2.388000] pages number: 262144 [ 2.400000] pages per sector: 32 [ 2.408000] bus width: 8 [ 2.412000] bits in sector size: 14 [ 2.420000] bits in page size: 9 [ 2.432000] bits in OOB size: 4 [ 2.440000] flash size with OOB: 135168 KiB [ 2.452000] page address bytes: 4 [ 2.464000] sector address bytes: 3 [ 2.476000] options: 0x62 [ 2.500000] Scanning device for bad blocks [ 2.840000] Creating 11 MTD partitions on "NAND 128MiB 1,8V 8-bit": [ 2.860000] 0x000000000000-0x000000100000 : "NAND simulator partition 0" [ 2.888000] 0x000000100000-0x000000200000 : "NAND simulator partition 1" [ 2.912000] 0x000000200000-0x000000300000 : "NAND simulator partition 2" [ 2.928000] 0x000000300000-0x000000400000 : "NAND simulator partition 3" [ 2.952000] 0x000000400000-0x000000500000 : "NAND simulator partition 4" [ 2.976000] 0x000000500000-0x000000600000 : "NAND simulator partition 5" [ 2.996000] 0x000000600000-0x000000700000 : "NAND simulator partition 6" [ 3.016000] 0x000000700000-0x000000800000 : "NAND simulator partition 7" [ 3.040000] 0x000000800000-0x000000900000 : "NAND simulator partition 8" [ 3.068000] 0x000000900000-0x000000a00000 : "NAND simulator partition 9" [ 3.084000] 0x000000a00000-0x000008000000 : "NAND simulator partition 10" [ 3.112000] Intel(R) PRO/1000 Network Driver - version 7.3.21-k5-NAPI [ 3.136000] Copyright (c) 1999-2006 Intel Corporation. [ 3.144000] PCI: Enabling device 0000:00:13.0 (0000 -> 0003) [ 3.168000] PCI: Setting latency timer of device 0000:00:13.0 to 64 [ 3.216000] ata2.01: NODEV after polling detection [ 3.228000] ata1.01: NODEV after polling detection [ 3.264000] ata1.00: ATA-7: QEMU HARDDISK, 2.5+, max UDMA/100 [ 3.284000] ata1.00: 2097152 sectors, multi 16: LBA48 [ 3.316000] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100 [ 3.348000] ata2.00: configured for UDMA/33 [ 3.380000] ata1.00: configured for UDMA/33 [ 3.536000] scsi 0:0:0:0: Direct-Access ATA QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5 [ 3.616000] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM 2.5+ PQ: 0 ANSI: 5 [ 3.676000] sd 0:0:0:0: [sda] 2097152 512-byte logical blocks: (1.07 GB/1.00 GiB) [ 3.724000] sd 0:0:0:0: [sda] Write Protect is off [ 3.744000] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00 [ 3.756000] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 3.828000] sda: sda1 [ 3.964000] sd 0:0:0:0: [sda] Attached SCSI disk [ 4.540000] e1000: 0000:00:13.0: e1000_probe: (PCI:33MHz:32-bit) 52:54:00:12:34:56 [ 4.628000] e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection [ 4.644000] PCI: Enabling device 0000:00:14.0 (0000 -> 0003) [ 4.672000] PCI: Setting latency timer of device 0000:00:14.0 to 64 [ 4.936000] e1000: 0000:00:14.0: e1000_probe: (PCI:33MHz:32-bit) 52:54:00:12:34:57 [ 4.992000] e1000: eth1: e1000_probe: Intel(R) PRO/1000 Network Connection [ 5.008000] PCI: Enabling device 0000:00:15.0 (0000 -> 0003) [ 5.024000] PCI: Setting latency timer of device 0000:00:15.0 to 64 [ 5.284000] e1000: 0000:00:15.0: e1000_probe: (PCI:33MHz:32-bit) 52:54:00:12:34:58 [ 5.340000] e1000: eth2: e1000_probe: Intel(R) PRO/1000 Network Connection [ 5.352000] PCI: Enabling device 0000:00:16.0 (0000 -> 0003) [ 5.368000] PCI: Setting latency timer of device 0000:00:16.0 to 64 [ 5.644000] e1000: 0000:00:16.0: e1000_probe: (PCI:33MHz:32-bit) 52:54:00:12:34:59 [ 5.700000] e1000: eth3: e1000_probe: Intel(R) PRO/1000 Network Connection [ 5.716000] e1000e: Intel(R) PRO/1000 Network Driver - 1.0.2-k2 [ 5.728000] e1000e: Copyright (c) 1999-2008 Intel Corporation. [ 5.748000] pcnet32.c:v1.35 21.Apr.2008 tsbogend@alpha.franken.de [ 5.764000] PPP generic driver version 2.4.2 [ 5.784000] PPP Deflate Compression module registered [ 5.836000] PPP MPPE Compression module registered [ 5.844000] NET: Registered protocol family 24 [ 5.856000] PPPoL2TP kernel driver, V1.0 [ 5.876000] tun: Universal TUN/TAP device driver, 1.6 [ 5.888000] tun: (C) 1999-2004 Max Krasnyansky maxk@qualcomm.com [ 5.908000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 5.920000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver [ 5.944000] uhci_hcd: USB Universal Host Controller Interface driver [ 5.964000] PCI: Setting latency timer of device 0000:00:0a.2 to 64 [ 5.984000] uhci_hcd 0000:00:0a.2: UHCI Host Controller [ 6.008000] uhci_hcd 0000:00:0a.2: new USB bus registered, assigned bus number 1 [ 6.040000] uhci_hcd 0000:00:0a.2: irq 11, io base 0x00001400 [ 6.088000] usb usb1: configuration #1 chosen from 1 choice [ 6.104000] hub 1-0:1.0: USB hub found [ 6.116000] hub 1-0:1.0: 2 ports detected [ 6.144000] Initializing USB Mass Storage driver... [ 6.160000] usbcore: registered new interface driver usb-storage [ 6.176000] USB Mass Storage support registered. [ 6.208000] serio: i8042 KBD port at 0x60,0x64 irq 1 [ 6.228000] serio: i8042 AUX port at 0x60,0x64 irq 12 [ 6.244000] mice: PS/2 mouse device common for all mice [ 6.300000] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0 [ 6.320000] rtc0: alarms up to one day, 242 bytes nvram [ 6.332000] i2c /dev entries driver [ 6.340000] piix4_smbus 0000:00:0a.3: SMBus Host Controller at 0x1100, revision 0 [ 6.376000] sdhci: Secure Digital Host Controller Interface driver [ 6.400000] sdhci: Copyright(c) Pierre Ossman [ 6.436000] input: AT Raw Set 2 keyboard as /devices/platform/i8042/serio0/input/input0 [ 6.492000] usbcore: registered new interface driver hiddev [ 6.508000] usbcore: registered new interface driver usbhid [ 6.520000] usbhid: v2.6:USB HID core driver [ 6.528000] Netfilter messages via NETLINK v0.30. [ 6.560000] nf_conntrack version 0.5.0 (3947 buckets, 15788 max) [ 6.592000] ctnetlink v0.93: registering with nfnetlink. [ 6.620000] IPv4 over IPv4 tunneling driver [ 6.640000] GRE over IPv4 tunneling driver [ 6.672000] ip_tables: (C) 2000-2006 Netfilter Core Team [ 6.688000] arp_tables: (C) 2002 David S. Miller [ 6.712000] TCP cubic registered [ 6.720000] Initializing XFRM netlink socket [ 6.740000] NET: Registered protocol family 10 [ 6.780000] ip6_tables: (C) 2000-2006 Netfilter Core Team [ 6.796000] IPv6 over IPv4 tunneling driver [ 6.808000] NET: Registered protocol family 17 [ 6.828000] Bridge firewalling registered [ 6.836000] Ebtables v2.0 registered [ 6.852000] 802.1Q VLAN Support v1.8 Ben Greear greearb@candelatech.com [ 6.872000] All bugs added by David S. Miller davem@redhat.com [ 6.892000] lib80211: common routines for IEEE802.11 drivers [ 6.904000] lib80211_crypt: registered algorithm 'NULL' [ 6.932000] rtc_cmos rtc_cmos: setting system clock to 2020-09-12 03:53:16 UTC (1599882796) [ 6.968000] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input1 [ 7.060000] EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended [ 7.080000] VFS: Mounted root (ext2 filesystem) on device 8:1. [ 7.108000] Freeing prom memory: 956k freed [ 7.204000] Freeing unused kernel memory: 220k freed [ 7.348000] firmadyne: sys_reboot[PID: 45 (init)]: magic1:fee1dead, magic2:28121969, cmd:0 init started: BusyBox v1.00 (2010.11.25-09:44+0000) multi-call binary Starting pid 47, console /dev/tts/0: '/etc/init.d/rcS' [ 7.744000] firmadyne: do_execve: /firmadyne/console [ 7.760000] OFFSETS: offset of pid: 0x100 offset of comm: 0x1f0 [/etc/init.d/S03config.sh] Mounting proc and var ... Start xmldb ... [/etc/scripts/misc/profile.sh] get ... Can't get config from nvram, generate default! [/etc/scripts/misc/profile.sh] reset ... [/etc/scripts/misc/defnodes.sh] ... [/etc/defnodes/S10setext.sh] ... PHP [/etc/defnodes/S11setnodes.php] ... PHP [/etc/defnodes/S12features.php] ... PHP [/etc/defnodes/S13flashspeed.php] ... PHP [/etc/defnodes/S20setnodes.php] ... [ 14.816000] VFS: Can't find ext3 filesystem on dev mtdblock6. [ 14.832000] VFS: Can't find an ext2 filesystem on dev mtdblock6. [ 14.856000] EXT4-fs (mtdblock6): VFS: Can't find ext4 filesystem [ 14.876000] cramfs: wrong magic [ 14.892000] SQUASHFS error: Can't find a SQUASHFS superblock on mtdblock6 [ 14.920000] FAT: bogus logical sector size 65535 [ 14.932000] VFS: Can't find a valid FAT filesystem on dev mtdblock6. [ 14.980000] ISOFS: Unable to identify CD-ROM format. [ 14.996000] VFS: Can't find a romfs filesystem on dev mtdblock6. [ 15.272000] attempt to access beyond end of device [ 15.288000] mtdblock6: rw=0, want=2049, limit=2048 [ 15.308000] UDF-fs: No VRS found [ 15.320000] UDF-fs: Rescanning with blocksize 2048 [ 15.688000] attempt to access beyond end of device [ 15.704000] mtdblock6: rw=0, want=2052, limit=2048 [ 15.724000] UDF-fs: No VRS found [ 15.740000] UDF-fs: No partition found (1) mount: Mounting /dev/mtdblock/6 on /www/locale/alt failed: Invalid argument PHP [/etc/defnodes/S40brand.php] ... [/etc/scripts/misc/defnodes.sh] Done !! [/etc/scripts/misc/profile.sh] put ... ok [/etc/templates/timezone.sh] ... [/etc/templates/logs.sh] ... [/var/run/logs_run.sh] ... Inserting modules ... Using /lib/modules/wlan.o Using /lib/modules/wlan_xauth.o Using /lib/modules/wlan_wep.o Using /lib/modules/wlan_tkip.o Using /lib/modules/wlan_scan_sta.o Using /lib/modules/wlan_scan_ap.o Using /lib/modules/wlan_ccmp.o Using /lib/modules/wlan_acl.o Using /lib/modules/ath_hal.o Using /lib/modules/ath_rate_atheros.o Using /lib/modules/ath_dfs.o The countrycode is 840. Using /lib/modules/ath_ahb.o wlanconfig: ioctl: No such device SIOCSIFHWADDR: No such device Using /lib/modules/ar231x_access.o [ 18.124000] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config [/etc/templates/webs.sh] start ... [/var/run/webs_start.sh] ... Starting HTTPD ... [/etc/init.d/S03config.sh] done! [/etc/init.d/S10system.sh] start fresetd ... start scheduled ... Factory reset time : 5 secs WPS command : [/etc/templates/wps.sh pbc &] gpio_outen: can not open [/proc/ar231x/gpio_cr7] to write. [/etc/templates/scheduled.sh] start ... [/var/run/scheduled_start.sh] ... Start scheduled ... setup layout ... [/etc/scripts/layout.sh] start ... [/var/run/layout_start.sh] ... Start router layout ... /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create interface ath0 does not exist! [ 19.952000] device eth0.0 entered promiscuous mode [ 19.964000] device eth0 entered promiscuous mode [ 19.984000] br0: port 1(eth0.0) entering forwarding state can't find port ath0 in bridge br0 start LAN ... [/etc/templates/lan.sh] ... [/var/run/lan_start.sh] ... Start LAN (br0/192.168.0.1/255.255.255.0)... Start DHCP server (br0) ... Start igmp ... [/etc/templates/igmpproxy.sh] start ... [/var/run/igmpproxy_start.sh] ... Start IGMP proxy ... /proc/net/br_igmpp_br0: cannot create /proc/net/br_mac_br0: cannot create /proc/net/br_igmpp_br0: cannot create enable LAN ports ... /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create /proc/driver/ae531x: cannot create start WLAN ... [/etc/templates/wlan.sh] start ... [/var/run/wlan_start.sh] ... Start WLAN interface ath0 ... ath0 no private ioctls.

ath0 no private ioctls.

ath0 no private ioctls.

can't find port ath0 in bridge br0 ath0 no private ioctls.

ath0 no private ioctls.

ath0 no private ioctls.

ath0 no private ioctls.

ath0 no private ioctls.

Error for wireless request "Set Frequency" (8B04) : SET failed on device ath0 ; No such device. Error for wireless request "Set RTS Threshold" (8B22) : SET failed on device ath0 ; No such device. Error for wireless request "Set Fragmentation Threshold" (8B24) : SET failed on device ath0 ; No such device. Error for wireless request "Set Bit Rate" (8B20) : SET failed on device ath0 ; No such device. ath0 no private ioctls.

ath0 no private ioctls.

/proc/net/br_forward_br0: cannot create ath0 no private ioctls.

ath0 no private ioctls.

ath0 no private ioctls.

ath0 no private ioctls.

ath0 no private ioctls.

Error for wireless request "Set ESSID" (8B1A) : SET failed on device ath0 ; No such device. Configuration file: /var/run/hostapd.ath0.conf SIOCGIFFLAGS: No such device madwifi_poll: ioctl_get_ssid() fail, return Unable to open socket file : -1 ! /var/run/fresetd_unixsock ioctl(SIOCGIFINDEX): No such device madwifi driver initialization failed. [/etc/templates/wps.sh] setie ... [ 28.424000] eth0: no IPv6 routers present [ 29.336000] br0: no IPv6 routers present Start WLAN interface ath0 Done !!! start Guest Zone [/etc/templates/gzone.sh] ... [/etc/templates/enable_gzone.sh] ... start RG ... [/etc/templates/rg.sh] start ... [ 30.244000] eth0.0: no IPv6 routers present [/var/run/rg_start.sh] ...[ 30.332000] eth0.2: no IPv6 routers present

iptables: Protocol wrong type for socket iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name Using /lib/modules/sw_tcpip.o Using /lib/modules/ifresetcnt.o Using /lib/modules/ipt_string.o /proc/sys/net/ipv4/ip_conntrack_max: cannot create Using /lib/modules/ip_stun_func.o Using /lib/modules/ipt_PERS.o sendto_unsock(/var/run/portt.unixsocket, flush) /proc/sys/net/ipv4/arp_flood_burst: cannot create /proc/sys/net/ipv4/arp_flood_cost: cannot create start DNRD ... [/etc/templates/dnrd.sh] ... [/var/run/dnrd_start.sh] ... Start DNRD ... Notice: caching turned off Start telnetd ... start UPNPD ... [/etc/templates/upnpd.sh] ... [/var/run/upnpd_start.sh] ... Starting UPnP ... [/var/run/upnp_alive.sh] ... start WAN ... Set WAN port media type 0 open failed (/proc/driver/ae531x)... open failed (/proc/driver/ae531x)... [/etc/templates/wan.sh] start ... [/var/run/wan_start.sh] ... /proc/sys/net/ipv4/ip_personality_enable: cannot create /proc/sys/net/ipv4/ip_personality_sport: cannot create Using /lib/modules/sw_tcpip.o It is the DHCP mod start!! Restore WAN MAC : 00:de:fa:19:c0:02 DHCP client on WAN(eth0.2) CloneMAC() ... start LLD2D ... [/etc/templates/lld2d.sh] ... [/var/run/lld2d_start.sh] ... Start LLD2 daemon ... start Neaps ... [/etc/templates/neaps.sh] start ... [/var/run/neaps_start.sh] ... Start Neap Server ... start igmpproxy ... [/etc/templates/igmpproxy.sh] start ... [/var/run/igmpproxy_stop.sh] ... Stop IGMP proxy ... /proc/net/br_igmpp_br0: cannot create /proc/net/br_mac_br0[/etc/templates/igmpproxy_helper.sh] flush ... : cannot create [/var/run/igmpproxy_helper.sh] ... [/etc/templates/rg.sh] misc ... [/var/run/rg_misc.sh] ... /proc/fastnat/forskipsupport: cannot create [/var/run/igmpproxy_start.sh] ... Start IGMP proxy ... /proc/net/br_igmpp_br0: cannot create /proc/net/br_mac_br0: cannot create /proc/net/br_igmpp_br0: cannot create [/etc/init.d/S10system.sh] done! rcS done! Starting pid 943, console /dev/tts/0: '/bin/sh'

BusyBox v1.00 (2010.11.25-09:44+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands.

[ 52.540000] eth0.2: no IPv6 routers present

extremecoders-re commented 4 years ago

Please check qemu.initial.serial.log. There should be lines containing __inet_insert_ifa. If not present, it indicates the firmware doesn't try to bring up the network interface and consequently there's no IP assigned.

More details https://github.com/attify/firmware-analysis-toolkit/issues/43#issuecomment-607651532