search

liyansong2018 / firmware-analysis-plus

Simulate firmware with one click of firmadyne (使用 firmadyne 一键模拟固件)
MIT License
307 stars 29 forks source link

关于固件加载失败问题 #34

Closed flamingo1616 closed 2 years ago

flamingo1616 commented 2 years ago

您好,

  1. 我昨天在kali运行项目时一直卡在网络连接,最后更新了系统的一些文件,现在又卡住了。

image

希望您能帮我看一看

flamingo1616 commented 2 years ago

这是早些时间卡在网络连接哪里的代码

[+] Firmware: DIR823GA1_FW102B03.bin [+] Extracting the firmware... [+] Image ID: 2 [+] Identifying architecture... [+] Architecture: mipsel [+] Building QEMU disk image... [+] Setting up the network connection, please standby... Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 150, in read_nonblocking s = os.read(self.child_fd, size) OSError: [Errno 5] Input/output error

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 99, in expect_loop incoming = spawn.read_nonblocking(spawn.maxread, timeout) File "/usr/lib/python3/dist-packages/pexpect/pty_spawn.py", line 465, in read_nonblocking return super(spawn, self).read_nonblocking(size) File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 155, in read_nonblocking raise EOF('End Of File (EOF). Exception style platform.') pexpect.exceptions.EOF: End Of File (EOF). Exception style platform.

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "fat.py", line 170, in main() File "fat.py", line 165, in main infer_network(arch, image_id, qemu_dir) File "fat.py", line 111, in infer_network child.expect_exact("Interfaces:", timeout=None) File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 390, in expect_exact return exp.expect_loop(timeout) File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 105, in expect_loop return self.eof(e) File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 50, in eof raise EOF(msg) pexpect.exceptions.EOF: End Of File (EOF). Exception style platform. <pexpect.pty_spawn.spawn object at 0x7ffac1e47da0> command: /home/gw/firmware-analysis-toolkit/firmadyne/scripts/inferNetwork.sh args: ['/home/gw/firmware-analysis-toolkit/firmadyne/scripts/inferNetwork.sh', '2', 'mipsel'] buffer (last 100 chars): b'' before (last 100 chars): b'nitor unix:/tmp/qemu.2,server,nowait: Failed to unlink socket /tmp/qemu.2: Operation not permitted\r\n' after: <class 'pexpect.exceptions.EOF'> match: None match_index: None exitstatus: None flag_eof: True pid: 23873 child_fd: 5 closed: False timeout: 30 delimiter: <class 'pexpect.exceptions.EOF'> logfile: None logfile_read: None logfile_send: None maxread: 2000 ignorecase: False searchwindowsize: None delaybeforesend: 0.05 delayafterclose: 0.1 delayafterterminate: 0.1 searcher: searcher_string: 0: "b'Interfaces:'"

liyansong2018 commented 2 years ago

第一张图看上去是binwalk未解压成功。 1、确认一下binwalk是否完整安装。(最新版的kali不需要单独安装binwalk。但是2022版以前的Kali,需要源码编译binwalk,详见主页说明。当然也可以使用fap提供的无binwalk模式,详见主页。) 2、确认一下这个固件是否能够解压,并具有完整的文件系统。

flamingo1616 commented 2 years ago

我下午重新装了kali2022,但是问题未能解决, image

使用无binwalk模式 ,会出现网络连接问题,我尝试reset,但是未能解决 image

liyansong2018 commented 2 years ago

我尝试使用 -b0 以及 -b1 测试你的固件,仿真均没有问题。

$ ./fap.py -q ./2.5.0/ ./testcases/DIR823GA1_FW102B03.bin                                                            2 ⚙

            ______   _                ___                 
            |  ___| (_)              / _ \                
            | |_     _   _ __ ___   / /_\ \  _ __    ___  
            |  _|   | | | '_ ` _ \  |  _  | | '_ \  / __| ++
            | |     | | | | | | | | | | | | | | | | \__ \ 
            \_|     |_| |_| |_| |_| \_| |_/ |_| |_| |___/

            Welcome to the Firmware Analysis Plus - v2.2
 By lys - https://github.com/liyansong2018/firmware-analysis-plus

[+] Firmware: DIR823GA1_FW102B03.bin
[+] Extracting the firmware...
[+] Image ID: 1
[+] Identifying architecture...
[+] Architecture: mipsel
[+] Building QEMU disk image...
[+] Setting up the network connection, please standby...
[+] Network interfaces: [('br0', '192.168.0.1'), ('br1', '192.168.100.1')]
[+] Using qemu-system-mipsel from /home/lys/Tools/firmware-analysis-plus/qemu-builds/2.5.0
[+] All set! Press ENTER to run the firmware...
[+] When running, press Ctrl + A X to terminate qemu
[+] Command line: /home/lys/Tools/firmware-analysis-plus/firmadyne/scratch/1/run.sh

没有更多的日志支撑,你的问题跟环境有关系,确认下单独使用binwalk是否能够成功解压。

liyansong2018 commented 2 years ago

请确认下你的固件是否完整,是否能够用binwalk单独解包。从仅有的日志来看,你的固件完整性可能存在问题。

flamingo1616 commented 2 years ago

您好,这边我使用binwalk 解压你提供的测试固件,是可以解压到文件的 image

image

liyansong2018 commented 2 years ago

squashfs-root目录下,重新压缩固件,使用 ./fap.py -q ./2.5.0/ -b false ./testcases/squashfs.tar.gz ,再次测试。

liyansong2018 commented 2 years ago

或者切换普通身份(非root用户)再次尝试。

flamingo1616 commented 2 years ago

这边我重新压缩,然后再次运行,出现网络错误。 image

flamingo1616 commented 2 years ago

普通用户,我使用binwalk和不使用binwlak都测试了,效果不好

kali㉿kali)-[/opt/firmware/firmware-analysis-plus] └─$ ./fap.py -q ./2.5.0/ -b false /home/kali/test.tar.gz 

        ______   _                ___                 
        |  ___| (_)              / _ \                
        | |_     _   _ __ ___   / /_\ \  _ __    ___  
        |  _|   | | | '_ ` _ \  |  _  | | '_ \  / __| ++
        | |     | | | | | | | | | | | | | | | | \__ \ 
        \_|     |_| |_| |_| |_| \_| |_/ |_| |_| |___/

        Welcome to the Firmware Analysis Plus - v2.2

By lys - https://github.com/liyansong2018/firmware-analysis-plus

[+] Firmware: test.tar.gz [+] Extracting the firmware... [+] Cleaning previous images and created files by firmadyne Traceback (most recent call last): File "/opt/firmware/firmware-analysis-plus/./reset.py", line 15, in child.expect_exact(pexpect.EOF) File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 421, in expect_exact return exp.expect_loop(timeout) File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 181, in expect_loop return self.timeout(e) File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 144, in timeout raise exc pexpect.exceptions.TIMEOUT: Timeout exceeded. <pexpect.pty_spawn.spawn object at 0x7f95125facb0> command: /bin/sh args: ['/bin/sh', '-c', 'sudo rm -rf /opt/firmware/firmware-analysis-plus/firmadyne/images/*.tar.gz'] buffer (last 100 chars): b'[sudo] password for kali: \r\nSorry, try again.\r\n[sudo] password for kali: ' before (last 100 chars): b'[sudo] password for kali: \r\nSorry, try again.\r\n[sudo] password for kali: ' after: <class 'pexpect.exceptions.TIMEOUT'> match: None match_index: None exitstatus: None flag_eof: False pid: 144055 child_fd: 5 closed: False timeout: 30 delimiter: <class 'pexpect.exceptions.EOF'> logfile: None logfile_read: None logfile_send: None maxread: 2000 ignorecase: False searchwindowsize: None delaybeforesend: 0.05 delayafterclose: 0.1 delayafterterminate: 0.1 searcher: searcher_string: 0: EOF cp: cannot create regular file '/opt/firmware/firmware-analysis-plus/firmadyne/images/test.tar.gz': Permission denied mv: cannot stat '/opt/firmware/firmware-analysis-plus/firmadyne/images/test.tar.gz': No such file or directory [+] Image ID: 1 [+] Identifying architecture... [+] Architecture: /opt/firmware/firmware-analysis-plus/firmadyne/images/1.tar.gz: Cannot open: No such file or directory [+] Building QEMU disk image... Traceback (most recent call last): File "/opt/firmware/firmware-analysis-plus/./fap.py", line 185, in main() File "/opt/firmware/firmware-analysis-plus/./fap.py", line 179, in main make_image(arch, image_id) File "/opt/firmware/firmware-analysis-plus/./fap.py", line 108, in make_image child.expect_exact(pexpect.EOF) File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 421, in expect_exact return exp.expect_loop(timeout) File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 181, in expect_loop return self.timeout(e) File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 144, in timeout raise exc pexpect.exceptions.TIMEOUT: Timeout exceeded. <pexpect.pty_spawn.spawn object at 0x7f31dd25b850> command: /usr/bin/sudo args: ['/usr/bin/sudo', '--', '/opt/firmware/firmware-analysis-plus/firmadyne/scripts/makeImage.sh', '1', '/opt/firmware/firmware-analysis-plus/firmadyne/images/1.tar.gz: Cannot open: No such file or directory'] buffer (last 100 chars): b'[sudo] password for kali: \r\nSorry, try again.\r\n[sudo] password for kali: ' before (last 100 chars): b'[sudo] password for kali: \r\nSorry, try again.\r\n[sudo] password for kali: ' after: <class 'pexpect.exceptions.TIMEOUT'> match: None match_index: None exitstatus: None flag_eof: False pid: 144263 child_fd: 5 closed: False timeout: 30 delimiter: <class 'pexpect.exceptions.EOF'> logfile: None logfile_read: None logfile_send: None maxread: 2000 ignorecase: False searchwindowsize: None delaybeforesend: 0.05 delayafterclose: 0.1 delayafterterminate: 0.1 searcher: searcher_string: 0: EOF

liyansong2018 commented 2 years ago

抱歉,这可能是引入的一个bug,正在调试中

flamingo1616 commented 2 years ago

没事,谢谢你的帮助。

liyansong2018 commented 2 years ago

请在最新版Kali上,重新下载Fap,运行./setup.py,并修改fap.config中的密码,再运行待测试的固件。请确保 setup脚本中的工具都已安装。

$ lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description:    Kali GNU/Linux Rolling
Release:        2022.1
Codename:       kali-rolling
flamingo1616 commented 2 years ago

好的我现在再测试一下,太打扰你了。

flamingo1616 commented 2 years ago

这边我不使用binwalk,成功了 image

感谢您的帮助,这么晚还再调试。

Dejavu610 commented 2 years ago

@flamingo1616 您好,请问这个问题你是怎么解决的呢?我也遇到了同样的问题。

flamingo1616 commented 2 years ago

@flamingo1616 您好,请问这个问题你是怎么解决的呢?我也遇到了同样的问题。

我暂时没有使用FAP了,这个我使用的时候兼容性还是有点问题。 你仿真固件的话,可以看看Attify-OS这个系统(IOT分析),里面有FAT环境和其他工具。

liyansong2018 commented 2 years ago

@flamingo1616 您好,请问这个问题你是怎么解决的呢?我也遇到了同样的问题。

你用的也是Fap自带的测试固件么?

flamingo1616 commented 2 years ago

是的,貌似并不能成功的运行

---原始邮件--- 发件人: @.> 发送时间: 2022年6月20日(周一) 晚上8:57 收件人: @.>; 抄送: @.**@.>; 主题: Re: [liyansong2018/firmware-analysis-plus] 关于固件加载失败问题 (Issue #34)

@flamingo1616 您好,请问这个问题你是怎么解决的呢?我也遇到了同样的问题。

你用的也是Fap自带的测试固件么?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

liyansong2018 commented 2 years ago

我在Windows + Vmware(Kali Linux 2022)上测试过Fap,没有遇到你们的问题。你的运行环境是什么?@KongLynn

Dejavu610 commented 2 years ago

我在Windows + Vmware(Kali Linux 2022)上测试过Fap,没有遇到你们的问题。你的运行环境是什么?@KongLynn

我的运行环境也是Windows + Vmware(Kali Linux 2022.2),报错如下: 使用binwalk: image 无binwalk: image

liyansong2018 commented 2 years ago

@KongLynn @flamingo1616 非常抱歉,这是由 e502470d36bd4c8cd1658080f273e097714b5af0 引入的一个bug,已修复。如果问题还没解决,可以重新打开这个issue。如果有其他问题,欢迎提交新 issue。

liyansong2018 commented 2 years ago

该 Bug 由缺少依赖 qemu-utils 引起的。此工具用于创建 qemu 镜像文件,是必不可少的工具。因此该 issue 的问题是某次更新 e502470d36bd4c8cd1658080f273e097714b5af0 删除该依赖导致的,实际上是创建 qemu 镜像失败了,已修复 522246185747438f0db482f81c9ae53331137f4b。再次感谢大家的反馈!