GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kholia → mips-hacking

kholia / mips-hacking

Licence: other
Notes on QEMU and Debian MIPS (big-endian)

Programming Languages

python
139335 projects - #7 most used programming language
c
50402 projects - #5 most used programming language

(UPDATE) Easily start a MIPS VM with arm_now

$ pip3 install --user https://github.com/nongiach/arm_now/archive/master.zip --upgrade

$ arm_now start mips32
Welcome to Buildroot
buildroot login: root
# uname -m
mips
# gdb /bin/ls
(gdb) start
Temporary breakpoint 1, 0x00405434 in main ()
(gdb) x/i $pc
=> 0x405434 <main+12>:	li	a0,-1

Note: The mips32 VM image seems to be pretty limited (no gdb, no apt-get/opkg). I recommend using the following method for getting a proper mips32 image.

Get Debian for MIPS

Building QEMU (optional)

./configure --prefix=$HOME/QEMU --target-list=mips-softmmu,mips-linux-user

make

make install

HOWTO

Install
qemu-img create -f qcow2 hda.img 32G

qemu-system-mips -M malta -m 256 -hda hda.img -kernel vmlinux-4.9.0-3-4kc-malta \
    -initrd initrd.gz -append "console=ttyS0 nokaslr" -nographic

Copy initrd.img-4.9.0-3-4kc-malta from the installed VM to the host machine.

Boot:
qemu-system-mips -M malta -m 256 -hda hda.img -kernel vmlinux-4.9.0-3-4kc-malta \
    -initrd initrd.img-4.9.0-3-4kc-malta \
    -append "root=/dev/sda1 console=ttyS0 nokaslr" -nographic \
    -netdev user,id=net0 \
    -device e1000-82545em,netdev=net0,id=net0,mac=52:54:00:c9:18:27 \
    -net user -redir tcp:2222::22

C-a h key combination is useful to interacting with QEMU in -nographic mode.

Notes

  • Kernel (and initrd.gz) from Debian 9 MIPS (version 20170615) does not boot in QEMU 2.9.0. It fails with Initramfs unpacking failed: uncompression error or Initramfs unpacking failed: junk in compressed archive error messages.

    Update: In Debian 9, the initrd load address clashes with kernel address randomization due to a bug in QEMU. Pass "nokaslr" to the append option.

  • Debugging a MIPS binary directly under QEMU,

    $ qemu-mips -g 1234 ./mips.binary

$ gdb ./mips.binary  # in another terminal
(gdb) set architecture mips
(gdb) target remote localhost:1234

    Run dynamically linked MIPS binary with QEMU,

    LD_LIBRARY_PATH=. qemu-mips ./routerlocker

    Check behaviour of a MIPS binary,

    LD_LIBRARY_PATH=. qemu-mips -strace ./routerlocker

References

Thanks

  • rofl0r

  • aurel32

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].