foote.pub

Jonathan Foote, Security Dad

Follow Me On

GitHub Open source code

Twitter Mostly retweets and non-sequitors

 

Posts

Stowing distracting MacOS apps (personal edition)

Stowing distracting Android apps

Other

Hello world for qemu-arm in 6 commands


On Ubuntu precise x86_64:

    #!/bin/bash

    # Get QEMU ARM ELF emulator and cross-compile toolchain
    sudo apt-get install qemu-user
    wget http://www.gnuarm.com/bu-2.16.1_gcc-4.0.2-c-c++_nl-1.14.0_gi-6.4_x86-64.tar.bz2
    tar -xjf bu-2.16.1_gcc-4.0.2-c-c++_nl-1.14.0_gi-6.4_x86-64.tar.bz2

    # Store a hello world program
    echo "#include <stdio.h> 
    int main(int argc, char *argv[]) 
    { 
        printf(\"hello arm\\n\"); 
        return 0; \
    }" > hello.c

    # Compile and run the program
    gnuarm-4.0.2/bin/arm-elf-gcc hello.c -o hello.bin
    qemu-arm hello.bin

Note that qemu-arm is different than qemu-system-arm. qemu-arm translates ARM syscalls to the native host syscalls to support quick-and-easy execution of ARM ELF binaries on mainstream architectures. qemu-system-arm runs the code directly on emulated ARM hardware, to support running something like an operating system/Linux kernel.

You can use the -g flag to remote debug the target, but unfortunately qemu-arm itself crashes if the application under test raises a SIGSEGV regardless, so this isn’t going to help me with testing ARM support for exploitable. But, it’s still pretty slick.