安装Qemu

1
2
3
4
5
6
sudo apt-get install qemu 
sudo apt-get install qemu-user-static
sudo apt-get install qemu-system
sudo apt-get install uml-utilities
sudo apt-get install bridge-utils
sudo apt-get install qemu-user-static qemu-system-mips

配置Qemu网络

配置Qemu system模式与主机的网络连接

1
2
sudo brctl addbr virbr0
sudo ifconfig virbr0 192.168.122.1/24 up

创建tap接口,名字为tap0,并添加到网桥:

1
2
3
sudo tunctl -t tap0
sudo ifconfig tap0 192.168.122.11/24 up
sudo brctl addif virbr0 tap0

下载并启动qemu镜像,配置qemu虚拟机中的网络。在这里下载qemu的mips镜像

https://people.debian.org/~aurel32/qemu/mips/

1
qemu-system-mips -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda debian_wheezy_mips_standard.qcow2 -append "root=/dev/sda1" -netdev tap,id=tapnet,ifname=tap0,script=no -device rtl8139,netdev=tapnet -nographic

输入root/root进入虚拟机,设置ip:

1
ifconfig eth0 192.168.122.12/24 up

快捷启动脚本

Qemu-run /Pwn/Mips-pwn/Mips-tools/Qemu/Qemu-run

1
echo 'qemu-system-mips -M malta -kernel /mnt/hgfs/DA1SY/Security_studies/Pwn/Mips-pwn/Mips-tools/Qemu/vmlinux-3.2.0-4-4kc-malta -hda /mnt/hgfs/DA1SY/Security_studies/Pwn/Mips-pwn/Mips-tools/Qemu/debian_wheezy_mips_standard.qcow2  -append "root=/dev/sda1" -netdev tap,id=tapnet,ifname=tap0,script=no -device rtl8139,netdev=tapnet -nographic' > Qemu-run

Qemu-NetworkConf /Pwn/Mips-pwn/Mips-tools/Qemu/Qemu-NetworkConf

1
2
3
4
5
echo 'brctl addbr virbr0 
ifconfig virbr0 192.168.122.1/24 up 
tunctl -t tap0 
ifconfig tap0 192.168.122.11/24 up 
brctl addif virbr0 tap0' > Qemu-NetworkConf2

qemu-run /usr/bin/qemu-run 

1
2
echo 'sh /mnt/hgfs/DA1SY/Security_studies/Pwn/Mips-pwn/Mips-tools/Qemu/Qemu-NetworkConf' > qemu-run
echo 'sh /mnt/hgfs/DA1SY/Security_studies/Pwn/Mips-pwn/Mips-tools/Qemu/Qemu-run' >> qemu-run

最后可以在qemu虚拟机中配置一下开机自动配置ip的脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
❯ sudo qemu-run 
[sudo] password for da1sy:
Set 'tap0' persistent and owned by uid 0
[    0.000000] Initializing cgroup subsys cpuset
[    0.000000] Initializing cgroup subsys cpu
[    0.000000] Linux version 3.2.0-4-4kc-malta (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 Debian 3.2.51-1
[    0.000000] Config serial console: console=ttyS0,38400n8r
[    0.000000] bootconsole [early0] enabled
...
[ ok ] Starting NFS common utilities: statd idmapd.
[ ok ] Starting rpcbind daemon...[....] Already running..
[ ok ] Starting enhanced syslogd: rsyslogd0c.
[ ok ] Starting deferred execution scheduler: atd.
[ ok ] Starting periodic command scheduler: cron.
[ ok ] Starting MTA:[....] Starting OpenBSD Secure Shell server: sshd.
[ ok 4.

Debian GNU/Linux 7 debian-mips ttyS0

debian-mips login:

交叉编译环境buildroot

1
2
3
4
5
6
7
sudo apt-get install libncurses5-dev patch
wget http://buildroot.uclibc.org/downloads/snapshots/buildroot-snapshot.tar.bz2
tar -jxvf buildroot-snapshot.tar.bz2
cd buildroot/
make clean
make menuconfig
sudo make

安装可以编译mips-linux架构的编译器

1
sudo apt-get install gcc-mips-linux-gnu