Closed jsm174 closed 3 years ago
Just to follow up on this. I think I am linking against the correct libs now:
export LDFLAGS="-L/home/pi/wireless-carplay-dongle-reverse-engineering/Extracted/28102020/lib"
/configure --host arm-linux-gnueabihf --enable-static --disable-zlib
make
.
.
arm-linux-gnueabihf-gcc -L/home/pi/wireless-carplay-dongle-reverse-engineering/Extracted/28102020/lib -static -o dropbear dbutil.o buffer.o dbhelpers.o dss.o bignum.o signkey.o rsa.o dbrandom.o queue.o atomicio.o compat.o fake-rfc2553.o ltc_prng.o ecc.o ecdsa.o crypto_desc.o curve25519.o ed25519.o dbmalloc.o gensignkey.o gendss.o genrsa.o gened25519.o common-session.o packet.o common-algo.o common-kex.o common-channel.o common-chansession.o termcodes.o loginrec.o tcp-accept.o listener.o process-packet.o dh_groups.o common-runopts.o circbuffer.o list.o netio.o chachapoly.o gcm.o svr-kex.o svr-auth.o sshpty.o svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o svr-tcpfwd.o svr-authpam.o libtomcrypt/libtomcrypt.a libtommath/libtommath.a -lutil -lcrypt
/usr/bin/ld: svr-auth.o: in function `recv_msg_userauth_request':
svr-auth.c:(.text+0x638): warning: Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: svr-chansession.o: in function `execchild':
svr-chansession.c:(.text+0x794): warning: Using 'initgroups' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: sshpty.o: in function `pty_setowner':
sshpty.c:(.text+0x2ec): warning: Using 'getgrnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: common-session.o: in function `fill_passwd':
common-session.c:(.text+0xad8): warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: dbutil.o: in function `expand_homedir_path':
dbutil.c:(.text+0xc24): warning: Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: netio.o: in function `connect_remote':
netio.c:(.text+0x120): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: common-session.o: in function `fill_passwd':
common-session.c:(.text+0xb20): warning: Using 'getspnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
I'll start adding some debugs around checkusername
...
So while thinking about https://github.com/ludwig-v/wireless-carplay-dongle-reverse-engineering/issues/3, I wanted to see if I could get Dropbear running.
I compiled Dropbear on an RPI:
binwalk
shows:When I try running it on the dongle, it says it can't find the binary.
So then I tried making a static build:
binwalk
now shows:During the build, I did notice these warnings (which are probably important as I will get to later):
So I start Dropbear in
U2W.sh
:I then connect to the dongle's wifi, and attempt to ssh into dropbear 1000 different ways. I tried authorized_keys, adding a new user account, no luck.
(I noticed that in
shadow-
it was set to 123456, so I tried that too).Anyway, since
-F
doesn't fork Dropbear, all the logs are getting written toU2W.txt
user 'root' doesn't exist
is coming from:https://github.com/mkj/dropbear/blob/master/svr-auth.c#L266
The user comes from a call to
getpwnam
which was one the warnings from above:Any thoughts on how to possibly link with the correct
glibc
?