pr0v3rbs
commented
3 years ago To debugging emulated firmware, Firmadyne uses a custom console. Please check firmadyne/console.
By adding serial option while runs QEMU (-serial unix:/tmp/qemu.${IID}.S1,server,nowait), the host can connect to the shell through the unix socket (sudo socat - UNIX-CONNECT:/tmp/qemu.${IID}.S1, sudo nc -U /tmp/qemu.${IID}.S1).
However, I couldn't connect well to the serial, therefore I was debugging the emulated firmware by using telnet.
When I'm debugging the emulated firmware through the telnet, I needed to initialize the terminal devices. https://github.com/pr0v3rbs/FirmAE/blob/e9153e41226e0cc06b6bf77efa6e171f7be657fa/debug.py#L37-L40
I updated the code that enabling telnet daemon, please check the makeNetwork.py 72ea38a1d0474099e356c71758633f68bb345708.
# In shell1
$ ./scratch/${IID}/run_debug.sh
# In shell2
$ ./debug ${IID}
# or
$ ./run.sh -d [brand] [firmware]
Hi, I run the debug.py script to connect a shell in a running qemu vm. However, both the port 31337 and 31338 connection failed. Do I need to make use of busybox nc to establish those ports in qemu vm, or that FirmAE has done that automatically? The code snippet is below:
def connect_shell(self): if not self.telnetInit: self.initalize_telnet() subprocess.call(['telnet',self.targetIP,'31338'])
def connect(self): self.sock = socket(AF_INET, SOCK_STREAM) print('[] connecting...') self.sock.connect((self.targetIP, 31337)) print('[] connected')