Hht
HHT stands for "Hardware Hacking Tutorial" and contains the companion code to the Hardware Hacking Tutorial series on YouTube: Debian Wheezy based Docker container, to run an old Buildroot version, scripts and external tree to generate a MIPSel image with Buildroot, scripts to run QEMU on this image.
Install / Use
/learn @digiampietro/HhtREADME
Description
HHT stands for "Hardware Hacking Tutorial" and contains the companion code to the Hardware Hacking Tutorial series: Debian Wheezy based Docker container, to run an old Buildroot version, scripts and external tree to generate a MIPSel image with Buildroot, scripts to run QEMU on this image.
Contents
Large part of this content has been already published, with minor differences, in the hacking Gemtek repository about the reverse engineering project of the sample Gemtek router used in the "Hardware Hacking Tutorial" series.
Docker container
In the folder docker there are the following files:
-
Dockerfile to build the Debian Wheezy based container, to run the old version of Buildroot we need, to build a kernel and a root file system, as similar as possible, to what is installed on our sample Gemtek router;
-
dockbuild.sh to build the Docker container using the above file;
-
dockrun.sh to run the container sharing the user's home directory between the host and the container;
-
startup.sh is the script that will be copied inside the container to become the ENTRYPOINT script to run when the container will be started;
Buildroot configuration
In the folder br there are configuration files to build our image for the QEMU MIPSel board based on an old kernel version (2.6.36 released in 2010), an old uClibc version (0.9.33 released in 2012) and old versions of other root file system components:
-
patch files needed to do some minor patches to some Buildroot packages to successfully compile them;
-
brpatch is a shell script to patch the Buildroot packages;
-
brmake is the wrapper shell script to invoke Buildroot using configuration files stored on the external tree;
-
patch-package.sh is a script that it is not needed, it was used to automate the patch generation;
-
ext-tree is the external tree where the Buildroot configuration files are stored:
-
ext-tree/board/mips4kc contains files for the fictitious board called mips4kc (for our QEMU emulated board)
-
ext-tree/board/mips4kc/kernel-defconfig contains the kernel configuration, saved in a defconfig file;
-
ext-tree/board/mips4kc/overlay in this path's subfolder there is the
set-prompt.shscript used to setup the prompt inside the QEMU emulated machine; -
ext-tree/board/mips4kc/post-build.sh this is the Buildroot post-build script, used mainly to copy router's root file system and firmware to the root image of the emulated machine;
-
ext-tree/Config.in, external.desc, external.mk are files needed by Buildroot to use the external tree;
-
ext-tree/configs/mips4kc-qemu_mipsel_malta_defconfig contains the buildroot configuration, it is based on the qemu_mipsel_malta_defconfig, included in buildroot, to emulate a MIPS Malta Core LV with a MIPS 32 processor;
-
ext-tree/configs/uClibc-0.9.33.config this is the uClibc configuration, differences, compared with the default, have been introduced to be compatible with the router's binaries and to include debugging symbols in the library files;
-
QEMU wrapper script
In the folder qr there are two files:
-
qr.sh is the wrapper script to launch QEMU to emulate our MIPSel malta board using the kernel and the root file system generated by Buildroot;
-
set-nandsim.sh is the script, that will be copied inside the root file system, and that will be used to emulate the NAND flash memory using the kernel nandsim module.
Quick start
If you want to skip some steps and just want to get the kernel, the root file system image and the QEMU wrapper script, without taking time to build the image, you can dowload the QEMU MIPSel image and wrapper script and start playing with QEMU.
Clone this repo
Clone this repository in your preferred folder:
$ git clone https://github.com/digiampietro/hht
$ cd hht
Install Buildroot
Download Buildroot version 2015.02, extract it in the hht folder and patch it:
$ cd download
$ wget https://buildroot.org/downloads/buildroot-2015.02.tar.gz
$ cd ..
$ tar -zxvf download/buildroot-2015.02.tar.gz
$ cd br
$ ./brpatch
$ cd ..
Build and run the docker container
We need to build the Debian Wheezy docker container to run this old version of buildroot:
$ cd docker
$ ./dockbuild.sh
$ ./dockrun.sh
Build the image with Buildroot
We will build the image, with Buildroot running inside the docker container and using our wrapper script brmake. With a good Internet connection and a good PC it will take few hours, otherwise it wil take many hours:
BRHOST:~$ cd hht/br
BRHOST:~/hht/br$ ./brmake mips4kc-qemu_mipsel_malta_defconfig
BRHOST:~/hht/br$ ./brmake
BRHOST:~/hht/br$ exit
BRHOST:/src/misc# exit
$ cd ..
Run the QEMU emulated board
We are now ready to run QEMU using our wrapper script that has the path to the Buildroot generated kernel and root file system image:
$ cd qr
$ ./qr.sh
WARNING: Image format was not specified for '/home/valerio/hht/buildroot-2015.02/output/images/rootfs.ext2' and probing guessed raw.
Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
Specify the 'raw' format explicitly to remove the restrictions.
Linux version 2.6.36 (valerio@BRHOST) (gcc version 4.5.4 (Buildroot 2015.02) ) #1 SMP PREEMPT Fri May 22 20:39:08 UTC 2020
...
NET: Registered protocol family 17
turn off boot console early0
Welcome to Buildroot
buildroot login: root
root@buildroot:~# uname -a
Linux buildroot 2.6.36 #1 SMP PREEMPT Fri May 22 20:39:08 UTC 2020 mips GNU/Linux
root@buildroot:~#
