nccgroup / asafw Goto Github PK

I Already extract the bin and make some change in the file
Now how to repack folder to bin

The shebang in the bin.py and helper.py programs uses a hardcoded Python location instead of using env. Switching this over would allow asafw to work on platforms that don't put python3 in /usr/bin, like on macOS.

Hi, thanks your guys for providing these great tools.
Recently, when I use asafw to deal with the newest image (e.g. asav9101.qcow2), trying to disable aslr is unsuccessful. The root cause is there is no echo 0 > /proc/sys/kernel/randomize_va_space inside the fileasa/scripts/rcS.common.

# tune the VM system
if sf_asa_is_ngfw; then
    echo 0 > /proc/sys/vm/overcommit_memory
else
    MemTotal=`awk '/^MemTotal:/ {print \$2}' /proc/meminfo`
    let MemThreshold=1024*1024
    #disable overcommit only for system with more than 1G memory
    if [ $MemTotal  -le $MemThreshold ]; then
         echo 0 > /proc/sys/vm/overcommit_memory
    else
         echo 2 > /proc/sys/vm/overcommit_memory
    fi
    echo 100 > /proc/sys/vm/overcommit_ratio
 fi
ulimit -s 1024

So I modify the disable_aslr() inside the file unpack_repack_bin.sh as follows:

sed -i 's/ulimit -s 1024/echo 0 > \/proc\/sys\/kernel\/randomize_va_space\nulimit -s 1024/' asa/scripts/rcS.common

The command works well and the file is changed as I want. But when I emulate the device with the repacked image inside GSN3, it seems the aslr is still on.

I notice there are some comments inside the disable_aslr() as follows. Does it mean the command echo 0 > /proc/sys/kernel/randomize_va_space added manually is also overriden?

log "DISABLE ASLR"
# we can't just add the following line
#echo "kernel.randomize_va_space = 0" >> etc/sysctl.conf.procps
# because it looks like rcS.common overrides our value later in the boot process
# so we just make the modification in rcS.common :)

By the way, I search randomize_va_space using grep inside rootfs and get no results except for asa/bin/lina.

Is there any other way to disable aslr? Debugging with aslr is annoying.
Any advice would be appreciated! Thanks in advance.

This issue was found on a physical ASA 5505 running version 9.1(6).

When enabling gdbserver on the serial interface in asafw, the gdb script generated by asadbg hangs at target extended-remote [serial port].

Turning on gdb's remote debugging shows that gdbserver continually prints this string, preventing gdb from attaching:

It looks like a fix for this would be modifying the inittab file to run /tmp/start_cmd on a different tty. This will still cause gdbserver to attach to the serial interface, but will result in the error message being printed on the other tty as opposed to over the serial interface. Manually making this change on my end results in asadbg hanging (since it's waiting for the "Remote debugging over /dev/ttyS0" string) but eventually connecting over USB:

I'm willing to write the code to implement this change, but I'll hold off on implementing and making a pull request since this is a little more involved than my previous two issues.

when I follow your step to Configuring a Cisco ASA test environment, the last step trouble me. Something wrong with the gdb inside the firmware. The firmware I use is asav-941-200.qcow2. Please look at the picture

Please Help Me !!!!!

Hello,

what that message

[lina] Error: can't find aaa_admin_authenticate, you need to add symbol with asafw first

relates to ?

Regards

When i use unpack_reapck_bin.sh ,i meet a question .

Is it because this version is not supported?
The version is asa804-k8.bin.
Please help me！！！

Hi, thanks your guys for providing these great tools.
I want to get a shell (not Cisco CLI) on the device emulated by GNS3. As far as I know, there are three ways provided by asafw tool to do this.

• using -r option
  I can access to a shell. But the shell is too early, many pre-works haven't been done. So it's not what I want.
• using --debugshell option
  When I try to ssh to the device, it just crashes instead of giving me a reverse-shell. I haven't debugged it heavily. I'll do it when I'm free.
• using --serialshell option
  The qemu options are -cpu Haswell -smp 4,sockets=4,cores=1,threads=1 -serial telnet:127.0.0.1:15002,server,nowait.
  The outputs of device in vnc are as follows.
  

Does it works as expected when using --serialshell option? How can I access to the serial shell?

Any advice would be appreciated! Thanks in advance.

I unpack asa944-16-smp-k8.bin using bin.py and get two files asa944-16-smp-k8-initrd-original.gz and asa944-16-smp-k8-vmlinuz. When I'm trying to run them in GNS3 I have an error
INIT: version 2.88 booting
Starting udev
[ 9.928700] udevd[505]: starting version 182
[ 10.855231] ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 10
[ 10.947480] e1000_uio(e1000_pci.0.2.0): user interrupt driver successfully loaded.
Configuring network interfaces... done.
Populating dev cache
no cdrom devices
[ 13.722192] tipc: Started in network mode
[ 13.722721] tipc: Own node address <1.1.1>, network identity 1234
[ 13.725539] tipc: Enabled bearer <eth:tap0>, discovery domain <1.1.0>, priority 10
info: Running in kvm virtual environment.
/asa/scripts/vm_lib: line 221: /mnt/disk0/system-serial-number: No such file or directory
cp: cannot stat '/mnt/disk0/system-serial-number': No such file or directory
[ 15.584344] IHM: Initializing Interface Helper Module
[ 15.584403] IHM: registering chr device
[ 15.584470] Module registered 251, from (pid 1079)
[ 15.760572] 988.760510 [2606] netmap_init run mknod /dev/netmap c 10 60 # error 0
[ 15.761156] netmap: loaded module

Loading...

Starting image verification
[ 20.781129] traps: lina_monitor[1141] trap invalid opcode ip:40f4da sp:7fffffffe3f8 error:0 in lina_monitor[400000+26000]
/tmp/run_cmd: line 5: 1141 Illegal instruction (core dumped) cgexec -g memory:privileged -g cpuset:restricted/lina /asa/bin/lina_monitor -l
INIT: Switching to runlevel: 6
INIT: Sending processes the TERM signal
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting... [ 32.317855] Restarting system.
[ 32.317855] reboot: machine restart

I'm using these args:
Kernel Command Line: no-hlt -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536
Option: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32

Please help to run asa in GNS3 using bin file!

Hi,
Recently I have read your great posts about Cisco ASA. When I do experiments with GNS3, I came accross some problems.

1. Since a GNS3 instance will be debugged over TCP/IP(telnet), why still need to enable and change "/dev/ttyS1" to "/dev/ttyS0" in rcS script when patch the qcow2 image? Why not use -n instead? (-n : gdb ethernet device, eg, 'eth0'). I have tried use -n option and made some corresponding changes, but it didn't work.

2. When use asadbg to debug, a asacfg file is needed. In GNS3 mode, we have to specify a gns3_port filed (in your case, use 12005 instead). But during patching the qcow2 image, I can't find the corresponding port. Is it the default port used by gdbserver? How can I configure that port when enable gdb?

Now I get the following at the boot (default console type is vnc), but I don't know which port to use in gdb (target remote < GNS3's ip>:<which port???>).

Any advice would be appricated! Thanks in advance.

I get the following error. and do not know how to source env.sh, can you point me in the right direction?

error:
[unpack_repack_bin] This tool relies on env.sh which has not been sourced

Thanks
Darrell

I used the "./unpack_repack_bin.sh -i asa924-k8.bin -f -g" command to repack an ASA image but this image cannot use by the ASA.
I used the both the ASDM and CLI command to upload the image but got the same error. Would you please tell me some suggestions?
This is the error information:
sumval(0x7688) chksum(0x 0)md5(0x627f79f7 0xef30d361 0xdc06d033 0x47d62959)
md5(0x4f5398c1 0xfeefb16a 0x9380fe65 0x44370bc5)
Checksum verification on new image failed