Comments (13)
Thanks @cq674350529, that's really helpful. I have made the changes you mentioned with my proposed workaround that should work to unpack and repack asa804-k8.bin. I also took this opportunity to refactor code for unpack()
and repack()
in bin.py
since they were requiring the same offsets.
The only thing I am unsure is if you will need to manually patch lina_monitor
as we had to do it iirc for asa803-k8.bin
. You'll be able to check that when you boot the asa803 firmware with gdb enabled. I think it should show it listens for gdb but you may not be able to connect if it is the wrong serial port.
See the comment for asa804:
Lines 447 to 460 in d416889
Hope that helps. Please let us know if that works or if you have any problem.
from asafw.
Hi,
Indeed, it seems our script does not support this version yet, maybe because it is really old and we didn't test it on this specific version. If you want to add support for it, you need to look at bin.py
and see what kernel command line pattern we try to match versus what is used in asa804-k8.bin.
Feel free to do a pull request if you find the fix or feel free to document here the kernel command line used and we can try to infer the fix.
Hope that helps.
from asafw.
@ktinkone I take a look at the firmware asa804-k8.bin
, and found the kernel command line as follows:
$ strings ./asa804-k8.bin | grep quiet
quiet loglevel=0 ide1=noprobe console=ttyS0,9600n8 bigphysarea=
In your case, first you need to add another statement for seaching quiet loglevel=0
in unpack()
(also repack()
).
Lines 97 to 104 in f4d03cc
Then, to enable gdb, you should modify enable_gdb()
too. This firmware use a similar way like asa803
, but in another file asa/scripts/rcS
.
However, there is another issue. Currently, the unpack()
fails to extract the gz
file, for the start_address is not aligned to 16
. As we can see, the magic 1f 8b 08
starts from 0x1228bf
instead of 0x1228c0
.
Lines 117 to 135 in b284a3d
$ hexdump -C -n 128 -s 0x1228b0 ./asa804-k8.bin
001228b0 df b7 b1 ff 95 ff 6f d4 7b f7 9e 85 a0 1f 00 1f |......o.{.......|
001228c0 8b 08 08 96 b6 9b 48 00 03 72 6f 6f 74 66 73 2e |......H..rootfs.|
001228d0 69 6d 67 00 ec fd 7b 7c 54 d5 f5 3f 0e 9f 49 26 |img...{|T..?..I&|
001228e0 64 80 81 19 24 68 50 94 51 07 85 8a 98 c1 00 09 |d...$hP.Q.......|
001228f0 84 36 24 24 80 02 06 42 00 b9 85 90 0b 13 08 49 |.6$$...B.......I|
00122900 4c 66 b8 54 2e c1 49 6a 0e c7 51 5a b1 d5 d6 b6 |Lf.T..Ij..QZ....|
00122910 50 2f 45 6b 95 5a 84 80 88 09 a1 09 28 b5 11 a8 |P/Ek.Z......(...|
00122920 46 a1 1a 15 ed 19 83 1a 6f 18 01 99 e7 bd d6 de |F.......o.......|
00122930
I don't know how to handle it elegantly. Maybe @saidelike can help.
Thanks!
from asafw.
Hi.
Thank you very much.
The bin.py works well now .But i meet a question .
😭😭
Error: Cannot patch the firmware because replacement .gz is bigger than the one in .bin (12899622 > 12896553)
from asafw.
@saidelike Good job, look good to me. I'm also not sure if it's necessary to patch the lina_monitor
manually, for I don't have a real device either.
As @ktinkone mentioned, it seems that the new gzip-compressed rootfs.img.gz
is bigger than the older. As can be seen from below, the size of gunzip-compressed files are same, but those gzip-compressed are different. By the way, the patch works well both on asa803
and asa924
.
I'm not sure if using gzip -9
is proper. Maybe you can have a try @ktinkone ?
$ ls -l rootfs.img* asa804-k8-initrd-original.*
-rw-r--r-- 1 root root 30811136 Nov 26 18:47 asa804-k8-initrd-original.cpio
-rw-r--r-- 1 cq cq 12896553 Nov 26 18:52 asa804-k8-initrd-original.gz_bak
-rw-r--r-- 1 cq cq 30811136 Nov 26 18:47 rootfs.img
-rw-r--r-- 1 cq cq 12898489 Nov 26 18:52 rootfs.img.gz_bak
from asafw.
Hi.
Think you very much.
OK,I meet a new question again 😭.
When using unpack_repack_bin.sh ,it doesn't work,but i can repack it step by step according to this article.
After that , i got a asa804-k8-repacked.bin .
But when i put it on the real device. I meet a new question.
😭😭
from asafw.
Ah weird. I didn't have that gzip problem.
asafw$ sudo -E ./unpack_repack_bin.sh -i /home/user/cisco/firmware/asa804-k8.bin --free-space --enable-gdb
[sudo] password for user:
[unpack_repack_bin] Single firmware detected
[unpack_repack_bin] unpack_bin: asa804-k8.bin
[bin] Unpacking...
[bin] Old gzip size: 0xc4c929 bytes
[bin] Writing /home/user/cisco/firmware/asa804-k8-initrd-original.gz (12896553 bytes)...
[bin] unpack: Writing /home/user/cisco/firmware/asa804-k8-vmlinuz (1095871 bytes)...
[unpack_repack_bin] modify_bin: asa804-k8.bin
[unpack_repack_bin] ENABLE GDB
[unpack_repack_bin] Using asa804 ASA gdb patching method
[unpack_repack_bin] Freeing space in extracted .bin
[unpack_repack_bin] repack_bin: asa804-k8.bin
[bin] Repacking...
[bin] Old gzip size: 0xc4c929 bytes
[bin] New gzip size: 0xc4c6ae bytes
[bin] repack: Writing /home/user/cisco/firmware/asa804-k8-repacked-gdbserver.bin (14137344 bytes)...
[unpack_repack_bin] MD5: eed4b419bfbcebb6f100b73a5809297c /home/user/cisco/firmware/asa804-k8-repacked-gdbserver.bin
[unpack_repack_bin] CLEANUP
$ gzip --version
gzip 1.6
Copyright (C) 2007, 2010, 2011 Free Software Foundation, Inc.
Copyright (C) 1993 Jean-loup Gailly.
This is free software. You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.
Written by Jean-loup Gailly.
The way to automate solving it would be to either:
- use a different gzip version since mine seems to work fine
- remove additional files we don't need, see
free_space()
inunpack_repack_bin.sh
from asafw.
But when i put it on the real device. I meet a new question.
😭😭
This is the lina_monitor
issue I was discussing earlier. You can see in the output that it is using /dev/ttyS1
instead of /dev/ttyS0
. Basically the patch we did in /asa/scripts/rcS
that is supposed to pass the serial port dev/ttyS0
is not taken into account by lina_monitor
so you need to patch it manually inside lina_monitor
and replace it like we did for asa804-k8.bin
.
Lines 447 to 460 in d416889
from asafw.
Hi.
So what i need to do is just changing the "sed -i 's/(/asa/bin/lina_monitor)/\1 -g -s /dev/ttyS0 -d/' asa/scripts/rcS " to "sed -i 's/(/asa/bin/lina_monitor)/\1 -g -s /dev/ttyS1 -d/' asa/scripts/rcS" ?
Or what else should i do ?
from asafw.
Hi.
I have change the rcS to /dev/ttyS1.
But the same question happen.
from asafw.
The gzip version in my machine is also 1.6
.
$ gzip --version
gzip 1.6
Copyright (C) 2007, 2010, 2011 Free Software Foundation, Inc.
Copyright (C) 1993 Jean-loup Gailly.
This is free software. You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.
Written by Jean-loup Gailly.
Hi.
Think you very much.
OK,I meet a new question again 😭.
When using unpack_repack_bin.sh ,it doesn't work,but i can repack it step by step according to this article.
In manual step, cpio.sh
is used. It uses gzip -9
instead of gzip
, so there is no issue related to the size, as I mentioned above.
Lines 63 to 68 in 4ebe04f
Hi.
So what i need to do is just changing the "sed -i 's/(/asa/bin/lina_monitor)/\1 -g -s /dev/ttyS0 -d/' asa/scripts/rcS " to "sed -i 's/(/asa/bin/lina_monitor)/\1 -g -s /dev/ttyS1 -d/' asa/scripts/rcS" ?Or what else should i do ?
What you should do is to patch the lina_monitor
binary manually, to change /dev/ttyS1
to /dev/ttyS0
in the binary, if I understand it well. Then you should add cp ${FIRMWAREDIR}/_asa804/lina_monitor_patched $(pwd)/asa/bin/lina_monitor
for asa804
, like asa803
.
from asafw.
Oh,god. I have solve the question .
Thank you very much .
Thank you again.
I use vim to open lina_monitor
find ttyS1,then change it to ttyS0 and save it.
It works.
Best wishes
from asafw.
Great. I'll close the issue then.
Btw I changed in 09d33ca to use gzip -9
in unpack_repack_bin.sh
too to reduce the chance of failure, as pointed by @cq674350529. Thanks for the idea.
It allowed changing from:
[bin] Old gzip size: 0xc4c929 bytes
[bin] New gzip size: 0xc4c6ae bytes
to
[bin] Old gzip size: 0xc4c929 bytes
[bin] New gzip size: 0xc3fa83 bytes
from asafw.
Related Issues (12)
- something wrong when I enable gdb HOT 2
- lina : aaa_admin_authenticate HOT 2
- issue running unpack_repack_bin.sh HOT 4
- How to repack file to bin
- How to unpack asa*.bin for using in GNS3? HOT 5
- Hardcoded Python location in bin.py and helper.py HOT 1
- Serial debugging failing to start HOT 4
- how to configure gdbserver port when enable gdb in GNS3 mode? HOT 3
- The repacked image cannot pass the checksum verification. HOT 3
- How to disable aslr for the newest images? HOT 8
- How to access to the serial-shell after enable it? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from asafw.