Could not find kernel command line.

[ktinkone]

When i use unpack_reapck_bin.sh ,i meet a question . Is it because this version is not supported? The version is asa804-k8.bin. Please help me！！！

[saidelike]

Hi,

Indeed, it seems our script does not support this version yet, maybe because it is really old and we didn't test it on this specific version. If you want to add support for it, you need to look at bin.py and see what kernel command line pattern we try to match versus what is used in asa804-k8.bin.

Feel free to do a pull request if you find the fix or feel free to document here the kernel command line used and we can try to infer the fix.

Hope that helps.

[cq674350529]

@ktinkone I take a look at the firmware asa804-k8.bin, and found the kernel command line as follows:

$ strings ./asa804-k8.bin | grep quiet
quiet loglevel=0 ide1=noprobe console=ttyS0,9600n8 bigphysarea=

In your case, first you need to add another statement for seaching quiet loglevel=0 in unpack() (also repack()).

https://github.com/nccgroup/asafw/blob/f4d03cc6ab1e127cd68b5d6e86c7b4c1451d5362/bin.py#L97-L104

Then, to enable gdb, you should modify enable_gdb() too. This firmware use a similar way like asa803, but in another file asa/scripts/rcS.

However, there is another issue. Currently, the unpack() fails to extract the gz file, for the start_address is not aligned to 16. As we can see, the magic 1f 8b 08 starts from 0x1228bf instead of 0x1228c0.

https://github.com/nccgroup/asafw/blob/b284a3d8572c5cdf517cc0bf2f9086e9d00820c3/bin.py#L117-L135

$ hexdump -C -n 128 -s 0x1228b0 ./asa804-k8.bin 
001228b0  df b7 b1 ff 95 ff 6f d4  7b f7 9e 85 a0 1f 00 1f  |......o.{.......|
001228c0  8b 08 08 96 b6 9b 48 00  03 72 6f 6f 74 66 73 2e  |......H..rootfs.|
001228d0  69 6d 67 00 ec fd 7b 7c  54 d5 f5 3f 0e 9f 49 26  |img...{|T..?..I&|
001228e0  64 80 81 19 24 68 50 94  51 07 85 8a 98 c1 00 09  |d...$hP.Q.......|
001228f0  84 36 24 24 80 02 06 42  00 b9 85 90 0b 13 08 49  |.6$$...B.......I|
00122900  4c 66 b8 54 2e c1 49 6a  0e c7 51 5a b1 d5 d6 b6  |Lf.T..Ij..QZ....|
00122910  50 2f 45 6b 95 5a 84 80  88 09 a1 09 28 b5 11 a8  |P/Ek.Z......(...|
00122920  46 a1 1a 15 ed 19 83 1a  6f 18 01 99 e7 bd d6 de  |F.......o.......|
00122930

I don't know how to handle it elegantly. Maybe @saidelike can help.

Thanks!

[saidelike]

Thanks @cq674350529, that's really helpful. I have made the changes you mentioned with my proposed workaround that should work to unpack and repack asa804-k8.bin. I also took this opportunity to refactor code for unpack() and repack() in bin.py since they were requiring the same offsets.

The only thing I am unsure is if you will need to manually patch lina_monitor as we had to do it iirc for asa803-k8.bin. You'll be able to check that when you boot the asa803 firmware with gdb enabled. I think it should show it listens for gdb but you may not be able to connect if it is the wrong serial port.

See the comment for asa804:

https://github.com/nccgroup/asafw/blob/d416889eeddcb016b08629e7dd5972c66ee485c0/unpack_repack_bin.sh#L447-L460

Hope that helps. Please let us know if that works or if you have any problem.

• fix: d416889eeddcb016b08629e7dd5972c66ee485c0
• refactor: 4ebe04fb695bb10ea687c7b78f926e4bbdabedb5

[ktinkone]

Hi. Thank you very much. The bin.py works well now .But i meet a question . 😭😭 Error: Cannot patch the firmware because replacement .gz is bigger than the one in .bin (12899622 > 12896553)

[cq674350529]

@saidelike Good job, look good to me. I'm also not sure if it's necessary to patch the lina_monitor manually, for I don't have a real device either.

As @ktinkone mentioned, it seems that the new gzip-compressed rootfs.img.gz is bigger than the older. As can be seen from below, the size of gunzip-compressed files are same, but those gzip-compressed are different. By the way, the patch works well both on asa803 and asa924.

I'm not sure if using gzip -9 is proper. Maybe you can have a try @ktinkone ?

$ ls -l rootfs.img* asa804-k8-initrd-original.*
-rw-r--r-- 1 root root 30811136 Nov 26 18:47 asa804-k8-initrd-original.cpio
-rw-r--r-- 1 cq   cq   12896553 Nov 26 18:52 asa804-k8-initrd-original.gz_bak
-rw-r--r-- 1 cq   cq   30811136 Nov 26 18:47 rootfs.img
-rw-r--r-- 1 cq   cq   12898489 Nov 26 18:52 rootfs.img.gz_bak

[ktinkone]

Hi. Think you very much. OK,I meet a new question again 😭. When using unpack_repack_bin.sh ,it doesn't work,but i can repack it step by step according to this article.

After that , i got a asa804-k8-repacked.bin . But when i put it on the real device. I meet a new question.

😭😭

[saidelike]

Ah weird. I didn't have that gzip problem.

asafw$ sudo -E ./unpack_repack_bin.sh -i /home/user/cisco/firmware/asa804-k8.bin --free-space --enable-gdb
[sudo] password for user: 
[unpack_repack_bin] Single firmware detected
[unpack_repack_bin] unpack_bin: asa804-k8.bin
[bin] Unpacking...
[bin] Old gzip size: 0xc4c929 bytes
[bin] Writing /home/user/cisco/firmware/asa804-k8-initrd-original.gz (12896553 bytes)...
[bin] unpack: Writing /home/user/cisco/firmware/asa804-k8-vmlinuz (1095871 bytes)...
[unpack_repack_bin] modify_bin: asa804-k8.bin
[unpack_repack_bin] ENABLE GDB
[unpack_repack_bin] Using asa804 ASA gdb patching method
[unpack_repack_bin] Freeing space in extracted .bin
[unpack_repack_bin] repack_bin: asa804-k8.bin
[bin] Repacking...
[bin] Old gzip size: 0xc4c929 bytes
[bin] New gzip size: 0xc4c6ae bytes
[bin] repack: Writing /home/user/cisco/firmware/asa804-k8-repacked-gdbserver.bin (14137344 bytes)...
[unpack_repack_bin] MD5: eed4b419bfbcebb6f100b73a5809297c  /home/user/cisco/firmware/asa804-k8-repacked-gdbserver.bin
[unpack_repack_bin] CLEANUP

$ gzip --version
gzip 1.6
Copyright (C) 2007, 2010, 2011 Free Software Foundation, Inc.
Copyright (C) 1993 Jean-loup Gailly.
This is free software.  You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.

Written by Jean-loup Gailly.

The way to automate solving it would be to either:

• use a different gzip version since mine seems to work fine
• remove additional files we don't need, see free_space() in unpack_repack_bin.sh

[saidelike]

But when i put it on the real device. I meet a new question.

😭😭

This is the lina_monitor issue I was discussing earlier. You can see in the output that it is using /dev/ttyS1 instead of /dev/ttyS0. Basically the patch we did in /asa/scripts/rcS that is supposed to pass the serial port dev/ttyS0 is not taken into account by lina_monitor so you need to patch it manually inside lina_monitor and replace it like we did for asa804-k8.bin.

https://github.com/nccgroup/asafw/blob/d416889eeddcb016b08629e7dd5972c66ee485c0/unpack_repack_bin.sh#L447-L460

[ktinkone]

Hi. So what i need to do is just changing the "sed -i 's/(\/asa\/bin\/lina_monitor)/\1 -g -s \/dev\/ttyS0 -d/' asa/scripts/rcS " to "sed -i 's/(\/asa\/bin\/lina_monitor)/\1 -g -s \/dev\/ttyS1 -d/' asa/scripts/rcS" ?

Or what else should i do ？

[ktinkone]

Hi. I have change the rcS to /dev/ttyS1.

But the same question happen.

[cq674350529]

The gzip version in my machine is also 1.6.

$ gzip --version
gzip 1.6
Copyright (C) 2007, 2010, 2011 Free Software Foundation, Inc.
Copyright (C) 1993 Jean-loup Gailly.
This is free software.  You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.

Written by Jean-loup Gailly.

@ktinkone

Hi. Think you very much. OK,I meet a new question again 😭. When using unpack_repack_bin.sh ,it doesn't work,but i can repack it step by step according to this article.

In manual step, cpio.sh is used. It uses gzip -9 instead of gzip, so there is no issue related to the size, as I mentioned above. https://github.com/nccgroup/asafw/blob/4ebe04fb695bb10ea687c7b78f926e4bbdabedb5/cpio.sh#L63-L68

Hi. So what i need to do is just changing the "sed -i 's/(/asa/bin/lina_monitor)/\1 -g -s /dev/ttyS0 -d/' asa/scripts/rcS " to "sed -i 's/(/asa/bin/lina_monitor)/\1 -g -s /dev/ttyS1 -d/' asa/scripts/rcS" ?

Or what else should i do ？

What you should do is to patch the lina_monitor binary manually, to change /dev/ttyS1 to /dev/ttyS0 in the binary, if I understand it well. Then you should add cp ${FIRMWAREDIR}/_asa804/lina_monitor_patched $(pwd)/asa/bin/lina_monitor for asa804, like asa803.

[ktinkone]

Oh,god. I have solve the question . Thank you very much . Thank you again.

I use vim to open  lina_monitor 
find ttyS1,then change it to ttyS0 and save it.

It works.

Best wishes

[saidelike]

Great. I'll close the issue then.

Btw I changed in 09d33ca8b632b664822a4678a8f17d2ac241830a to use gzip -9 in unpack_repack_bin.sh too to reduce the chance of failure, as pointed by @cq674350529. Thanks for the idea.

It allowed changing from:

[bin] Old gzip size: 0xc4c929 bytes
[bin] New gzip size: 0xc4c6ae bytes

to

[bin] Old gzip size: 0xc4c929 bytes
[bin] New gzip size: 0xc3fa83 bytes