Have you ever want to try system other than your PC? MIPS for example.
As a reverse engineer, I sometimes want to run a MIPS Linux system so that I can observe, develop, and testing somethings. However, I don’t have much room for another device, so virtualization might be a solution.
In this article we will try to run MIPS Linux on QEMU. In specific, Debian MIPS Linux, with following materials used:
- Slackware64 14.1
- QEMU 2.1.50
The article written here should be as generic as possible so I hope it can be used for different setup you use.
Obtain the Materials
Refer to this article to build a QEMU, if you don’t have one: Installing QEMU from Source
Next, we need to download the kernel images and a disk image which has Debian installed there. Go to this site to download. The ‘mips’ directory is for Big Endian MIPS and ‘mipsel’ is for Little Endian one. Choose what you want but in this case I will download both of them. In specific, we will test kernel version 3.2.0 (denoted as vmlinux-3.2.0-4-5kc-malta) with Debian Wheezy (denoted as debian_wheezy_mipsel_standard.qcow2)
At this point, we have (at least):
- QEMU installed
- Debian kernel
- Disk Image with qcow2 format.
Setup Bridged Networking
In order to make QEMU environment connected to the network, we need to do some additional setup.
Now create the two new files, /etc/qemu-ifup and /etc/qemu-ifdown. Make sure you give them executable permission. Also make sure you have right configuration, like GATEWAY and BROADCAST address. Also pay attention to the USER. It is a username you should specify when you want to run qemu.
#!/bin/bash ETH0IPADDR=192.168.1.100 GATEWAY=192.168.1.1 BROADCAST=192.168.1.255 USER=xathrya # First take eth0 down, then bring it up with IP address 0.0.0.0 /sbin/ifconfig eth0 down /sbin/ifconfig eth0 0.0.0.0 promisc up # Bring up the tap device (name specified as first argument, by QEMU) /usr/sbin/openvpn --mktun --dev $1 --user $USER /sbin/ifconfig $1 0.0.0.0 promisc up # Create the bridge between eth0 and the tap device /usr/sbin/brctl addbr br0 /usr/sbin/brctl addif br0 eth0 /usr/sbin/brctl addif br0 $1 # Only a single bridge so loops are not possible, turn off spanning tree protocol /usr/sbin/brctl stp br0 off # Bring up the bridge with ETH0IPADDR and add the default route /sbin/ifconfig br0 $ETH0IPADDR netmask 255.255.255.0 broadcast $BROADCAST /sbin/route add default gw $GATEWAY
#!/bin/bash # Bring down eth0 and br0 /sbin/ifconfig eth0 down /sbin/ifconfig br0 down # Delete the bridge /usr/sbin/brctl delbr br0 # Bring up eth0 in "normal" mode /sbin/ifconfig eth0 -promisc /sbin/ifconfig eth0 up # Delete the tap debice /usr/sbin/openvpn --rmtun --dev $1
To starting network bridge, just invoke
and then invoke
to stop it.
Running the Debian MIPS
After all preparation we have done, it’s time for actual thing.
Go to the directory where we store kernel and disk image, for example $HOME/debian-mipsel, and then invoke following command:
qemu-system-mips64el -net nic -net tap,ifname=tap0,script=no,downscript=no \ -M malta -kernel vmlinux-3.2.0-4-5kc-malta -hda debian_wheezy_mipsel_standard.qcow2 \ -append "root=/dev/sda1 console=tty0"
We can also create a script to simplify it.
#!/bin/bash qemu=qemu-system-mips64el path="$HOME/debian-mipsel/" hda="$path/debian_wheezy_mipsel_standard.qcow2" kernel="$path/vmlinux-3.2.0-4-5kc-malta" iface=tap0 echo "Stopping eth0, starting tap0" /etc/qemu-ifup tap0 || quit 1 "Failed to start tap0" echo "Starting Debian MIPS" $qemu -net nic -net tap,ifname=$iface,script=no,downscript=no \ -nographic -M malta -kernel $kernel -hda $hda -append "root=/dev/sda1 console=tty0"
If everything goes well, you should see Debian is booting and then greeted with sweet login prompt.
It’s nice to work with QEMU window. But you should admit taht QEMU console is very limiting, so you need SSH connection to do most of your work. You can, by installing OpenSSH inside Debian system using apt:
apt-get update apt-get install openssh-server