Ubuntu 16.04 + Qemu + Raspberry Pi image triggered kernel panic

I tried to boot Raspbian OS on Qemu but failed!!
Ubuntu 16.04 + Qemu + Raspberry Pi image
Freeing unused kernel memory: 176K (c0530000 - c055c000)
Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
I googled it and resolved..
It need to edit raspberry pi's files in .img
/etc/fstab by commenting out mmcblk entries
and /etc/ld.so.preload old entries.

OK, lets check .img file.
umiushi@umiushi-VirtualBox:~/Desktop/armv6_stretch$ file raspbian-stretch.img 
raspbian-stretch.img: DOS/MBR boot sector; partition 1 : ID=0xc, start-CHS (0x0,130,3), 
end-CHS (0x7,165,30), startsector 8192, 114688 sectors; 
partition 2 : ID=0x83, start-CHS (0x7,165,31), end-CHS (0x18e,97,19), startsector 122880, 6277120 sectors


Then, trying fdisk command.
Which sector should be mounted..
umiushi@umiushi-VirtualBox:~/Desktop/armv6_stretch$ fdisk -l ./raspbian-stretch.img
Disk ./raspbian-stretch.img: 3.1 GiB, 3276800000 bytes, 6400000 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0009bf4f

Device                  Boot  Start     End Sectors Size Id Type
./raspbian-stretch.img1        8192  122879  114688  56M  c W95 FAT32 (LBA)
./raspbian-stretch.img2      122880 6399999 6277120   3G 83 Linux

OK, lets mount that. offset is 512*122880.
umiushi@umiushi-VirtualBox:~/Desktop/armv6_stretch$ sudo mount -v -o offset=62914560 -t ext4 ./raspbian-stretch.img /mnt/
[sudo] password for umiushi: 
mount: /dev/loop0 mounted on /mnt.


umiushi@umiushi-VirtualBox:~/Desktop/armv6_stretch$ ls /mnt/
bin   dev  home  lost+found  mnt  proc  run   srv  tmp  var
boot  etc  lib   media       opt  root  sbin  sys  usr

We can now edit files!!
Commentig out as followings..
/mnt/etc/ld.so.preload 
#/usr/lib/arm-linux-gnueabihf/libarmmem.so

/mnt/etc/fstab 
proc            /proc           proc    defaults          0       0
#/dev/mmcblk0p1  /boot           vfat    defaults          0       2
#/dev/mmcblk0p2  /               ext4    defaults,noatime  0       1
# a swapfile is not a swap partition, so no using swapon|off from here on, use  dphys-swapfile swap[on|off]  for that
$ sudo umount /mnt
and lets re-try execute qemu boot raspbian!!!
$ ./start.sh
#!/bin/bash

SSH_PORT=5022
EXTRA_PORT=6987

qemu-system-arm \
  -cpu arm1176 \
  -m 256 \
  -redir tcp:${SSH_PORT}::22 \
  -redir tcp:${EXTRA_PORT}::4444 \
  -kernel kernel-qemu-4.4.34-jessie \
  -M versatilepb \
  -no-reboot \
  -serial stdio \
  -append "root=/dev/sda2 panic=1 rootfstype=ext4 rw console=ttyAMA0" \
  -nographic -monitor /dev/null \
  -hda ./raspbian-stretch.img

And another way,
Ubuntu 18.04 does not happend that kernel panic error without editting fstab and ld.so.preload.

Comments

Post a Comment

Popular posts from this blog

Firmware dumping via SPI

Image
I tried firmware dumping via SPI with Attify badge and Attify OS. Target camera is this one.. This camera seems to be famous among the IoT hackers. You would find many IoT hacking blogs about this camera. After the preview, I have extracted board. This time, I'd like to focus on Flash memory. It looks mxic mx25l12835f. From model number, we can find data-sheet. MX25L12835F . Now, let's connect flash memory pin and Attify Badge. Attify badge pin layout is.. D0 : SCK D1 : MISO  D2 : MOSI  D3 : CS  I have connected flash memory and Attify badge like this. D0 - SCLK(6) D1 - SI(5)  D2 - SO(2)  D3 - CS(1)  GND - GND(4)  3.3V - VCC(8)  3.3V - RESET(7)  3.3V - WP(3)  We dont need to connect power plug to camera. It is supplied via badge. For testing, trying spiflash.py and -i parameter. According to the python code, it returns ChipID. This command can be used for connectivity tesingt. "00 00 00" or "FF FF FF" seem to mean fai
Read more

BochsでMBR debugging

Image
今回は前回取り出したPetyaに書き換えられてしまったMBRをBochsで動かしてみよう。 https://ja.wikipedia.org/wiki/Bochs Bochsはここから入手できる。 http://bochs.sourceforge.net/getcurrent.html Bochsも前に出てきたVMware同様PCエミュレータなのだけど、 こいつはMBRのdebugができてしまうんだ。 OSが起動するより前のコードを追えるってわけだね。 そりゃ面白そうだ~笑 キモは設定ファイルの書き方くらいかなと。 サンプルの設定ファイルがあるのでチェックしてみて。 Bochs-2.6.9\bochsrc-sample.txt   多分もっとシンプルにもできるんだと思うんだけど、、 筆者のはこんな感じ。 romimage: file=$BXSHARE/BIOS-bochs-latest vgaromimage: file=$BXSHARE/VGABIOS-lgpl-latest megs: 16 ata0: enabled=1, ioaddr1=0x1f0, ioaddr2=0x3f0, irq=14 ata0-master: type=disk, path="petya.img", mode=flat, cylinders=1, heads=16, spt=63 boot: disk vga: extension=vbe mouse: enabled=0 log: nul logprefix: %t%e%d panic: action=fatal error: action=report info: action=report debug: action=ignore   こいつをファイル名を変えてbochsrcとして保存。.txtもいらない。 Bochs-2.6.9\bochsrc 設定ファイルのポイントは赤文字のところ!! path="" には取り出したMBRのパスを記入する。 そして、もうひとつ重要なのが、Bochsに読み込ませるディスクイメージのサイズは512の倍数でなければいけないんだ。 どういうこっちゃ??なのだけど、、 切り出したMBRをバイナリエディタで読み
Read more

BLE sniffing with UbertoothOne

Image
This time, I'd like to try monitoring smartlock's BLE packets with Ubertooth One. Smartlock  use this dongle and Ubertooth One Find BLE device  check BLE dongle is connected. ➜ ~ sudo hciconfig hci0: Type: BR/EDR Bus: USB BD Address: 00:1A:7D:DA:71:13 ACL MTU: 310:10 SCO MTU: 64:8 UP RUNNING PSCAN RX bytes:622 acl:0 sco:0 events:38 errors:0 TX bytes:952 acl:0 sco:0 commands:38 errors:0 Let's find BLE devices ➜ ~ sudo hcitool lescan LE Scan ... 30:F8:3F:06:4F:6F (unknown) 30:F8:3F:06:4F:6F (unknown) 30:F8:3F:06:4F:6F (unknown) 18:62:E4:46:60:AB (unknown) <------ 18:62:E4:46:60:AB BlueFPL <------ 30:F8:3F:06:4F:6F (unknown) 30:F8:3F:06:4F:6F (unknown) 30:F8:3F:06:4F:6F (unknown) Then, trying gatttool. Peripheral is defined by service and characteristic. Each service contains charateristics which contains data. ➜ ~ sudo gatttool -I -b 18:62:E4:46:60:AB [ ][18:62:E4:46:60:AB][LE]> connect [CON][18:62:E4:46:60:AB][LE]> primary [CON][18:
Read more