Category Archives: tools

Installing QEMU from Source

You might notice that I had written an article before about building QEMU from source. That one is QEMU KVM (Kernel Virtual Machine).  As per version version 1.3 QEMU-KVM is merged to upstream QEMU project therefore the QEMU-KVM is no longer maintained. It’s been done long time ago, actually.

QEMU is a generic and open source machine emulator and virtualizer.

When used as a machine emulator, QEMU can run OSes and programs made for one machine (e.g. an ARM board) on a different machine. By using dynamic translation, it achieves very good performance.

In this article we will discuss about installing QEMU and use following requirement:

  1. Slackware64 14.0, although any version is OK
  2. latest qemu source code

There are two options for us: building the stable release or building the development code

Obtain the Source Code

Between the stable release source code and development code, which one is suitable for us?If you want to download the latest stable release, you can obtain it from qemu official site here.

At the time of writing this article, the latest stable version is 2.2.0 (per January 8th 2015). You can download it by direct link here. http://wiki.qemu-project.org/download/qemu-2.2.0.tar.bz2

Once you have done downloading, uncompress it with:

tar -jxvf qemu-2.2.0.tar.bz2

If you want to download the development code. You can clone the git repository by:

git clone git://git.qemu-project.org/qemu.git

For any option we choose, we should have qemu source code now.

Installation

Next thing to do is doing configuration and make the binary code. The default installation path would be on /usr/local and we won’t change this thus we will do default procedures. Now invoke following command:

./configure
make
make install

It may take a while. Once you have compile it, you will have qemu installed on standard location on /usr/local. Verify whether qemu has already installed:

qemu-arm -version

You should see some text like this:

qemu-arm version 2.2.0, Copyright (c) 2003-2008 Fabrice Bellard

Congratulation! You have installed qemu.

The post Installing QEMU from Source appeared first on Xathrya.ID.

Building GCC MinGW Toolchain Cross Compiler

Windows, up until today, is still popular Operating System and have large market. This Microsoft’s product is designed for end-user and reducing complexity of Operating System. Even when some other OS such as Linux and Mac OS starts invading, this Operating System is still major and fanatically used by some people in the world.

In this article we will about how to build GCC Win32 and Win64 Toolchain for Win32 and Win64 architecture, which is a cross compiler to build Win32 and Win64 program.

Requirement set for this article:

    1. GCC (Native platform)
    2. Binutils (Native platform)
    3. Bison
    4. Flex
    5. gperf

CoreutilsMake (>= 3.8.1)

  1. SVN & CVS client

Also the test is done on Slackware64 current, though it is optional. You can use other Linux distribution which suit you.

While the previous list is requirement on your host system (your system which will build the cross compiler), we have another list. Some of the component mentioned below will be taken out from their respective repository.

  1. MinGW-w64 (SVN repository)
  2. GCC 4.9.2
  3. Binutils 2.24
  4. GDB 7.8.1
  5. GMP 6.0.0
  6. MPFR 3.1.2
  7. MPC 1.0.2

The Target

There are two architecture: Win32 and Win64. You are free to choose what MinGW system you will build. However, in this article, we will build MinGW Cross Compiler for Windows 64-bit. If you read other cross compiler article, we need a target alias (or simply target) which is the target of the toolchain.

Preparation

We will need some disk space (~2GB should be enough). We also need root access to install it on “system-wide”.

We will create a working directory. We will refer it as $MINGWGCC, so $MINGWGCC/src should really be something like ~/MINGWGCC/src (the ~ means your home directory). So go ahead and create following directory structure:

# set aliases
export MINGWGCC=~/
export PREFIX=/usr/local
export BUILD=$(gcc -dumpmachine)
export TARGET=x86_64-w64-mingw32

export BINUTILS_BUILD=${MINGWGCC}/build/binutils-build
export GCC_BUILD=${MINGWGCC}/build/gcc-build
export GDB_BUILD=${MINGWGCC}/build/gdb-build
export MINGW_BUILD=${MINGWGCC}/build/mingw-build
export MINGW_H_BUILD=${MINGWGCC}/build/mingw-h-build

export BINUTILS_SRC=${MINGWGCC}/src/binutils-2.24
export GCC_SRC=${MINGWGCC}/src/gcc-4.9.2
export GDB_SRC=${MINGWGCC}/src/gdb-7.8.1
export MINGW_SRC=${MINGWGCC}/src/mingw/
export MINGW_HEADERS=${MINGW_SRC}/mingw-w64-headers

# make base dir, original archives dir (orig), source code dir (src), 
# and working / building dir (build) 
mkdir ${MINGWGCC}{,/{orig,src,build}}

# Make build directory for each component
mkdir ${MINGWGCC}/build/{binutils,gcc,gdb,mingw{,-h}}-build

Acquiring the Materials

A cross compiler for Win32 and Win64 are provided by MinGW-w64 project. Download latest packages of GCC, GDB, binutils, and MinGW-w64 source code. You can download it using wget or alternatively download via browser and move it to $MINGWGCC/orig.

cd ${MINGWGCC}/orig

wget ftp://ftp.gnu.org/pub/gnu/gcc/gcc-4.9.2/gcc-4.9.2.tar.bz2
wget ftp://ftp.gnu.org/pub/gnu/gdb/gdb-7.8.1.tar.xz
wget ftp://ftp.gnu.org/gnu/binutils/binutils-2.24.tar.bz2

wget ftp://ftp.gnu.org/pub/gnu/gmp/gmp-6.0.0a.tar.xz
wget ftp://ftp.gnu.org/pub/gnu/mpc/mpc-1.0.2.tar.gz
wget ftp://ftp.gnu.org/pub/gnu/mpfr/mpfr-3.1.2.tar.gz

Then, extract them to src directory.

cd ${MINGWGCC}/src

tar -jxf ${MINGWGCC}/orig/gcc-4.9.2.tar.bz2
tar -Jxf ${MINGWGCC}/orig/gdb-7.8.1.tar.xz
tar -jxf ${MINGWGCC}/orig/binutils-2.24.tar.bz2

Next, the MinGW and GCC codes.

cd ${MINGWGCC}/src
svn co 'https://svn.code.sf.net/p/mingw-w64/code/trunk' mingw

Next we need to download some prerequisites, especially GMP (GNU Multiple Precision), MPC (Multiple-Precision Complex), and MPFR (Multiple-Precision Floating Point Reliably) which is used for computation. The prerequisites can be downloaded by invoking following command:

The MPFR, GMP, and MPC is not the latest version, but at least we can build GCC. Suppose your working directory at /home/xathrya/ARMGCC, to obtain MPDR, GMP, and MPC invoke following command:

cd ${GCC_SRC}
./contrib/download_prerequisites

However, the version of GMP, MPC, and MPFR is not the latest version. We can switch to the latest version by download the latest version and create symbolic link to it.

cd ${GCC_SRC}

rm {gmp,mpc,mpfr}

tar -Jxf ${MINGWGCC}/orig/gmp-6.0.0a.tar.xz
tar -zxf ${MINGWGCC}/orig/mpc-1.0.2.tar.gz
tar -zxf ${MINGWGCC}/orig/mpfr-3.1.2.tar.gz

ln -s gmp-6.0.0 gmp
ln -s mpc-1.0.2 mpc
ln -s mpfr-3.1.2 mpfr

Building the Toolchains

Building stage is pretty simple. Honestly speaking, the tricky part is about how GCC and built concept and ordering them in correct order.

Binutils

First, built binutils. This will provide lots of useful tools in building MinGW libraries and binaries (like objdump, ld, ranlib, etc). Invoke following commands:

cd ${BINUTILS_BUILD}
${BINUTILS_SRC}/configure 
   --target=${TARGET} 
   --enable-targets=x86_64-w64-mingw32,i686-w64-mingw32 
   --prefix=${PREFIX} 
   --disable-nls
make -j4 all
make install
make clean

MinGW Headers

MinGW headers is set of headers used to build MinGW application. It is different beast with Linux GCC headers, although we use the same vendor compiler.

cd ${MINGW_H_BUILD}
${MINGW_HEADERS}/configure 
    --build=${BUILD} 
    --host=${TARGET} 
    --prefix=${PREFIX}/${TARGET}
make install

For v3 and later trunk, we have to append ${TARGET} to our prefix. If not, your native GCC will be contaminated. Please note it.

This will install MinGW headers into ${PREFIX}/${TARGET}/include/ or in our case it would be /usr/local/x86_64-w64-mingw32/include/.

MinGW Directories and Symlinks

We should end up with a ${PREFIX}/${TARGET}/ directory. Manually create lib/ directory and create symbolic link as lib64/

GCC also requires the ${TARGET} directory to be mirrored as a directory ‘mingw’ in the same root (it’s ${PREFIX} directory). Therefore, we need to make a soft link there.

n -s ${PREFIX}/${TARGET} ${PREFIX}/mingw
mkdir -p ${PREFIX}/${TARGET}/lib{,32}
ln -s ${PREFIX}/${TARGET}/lib ${PREFIX}/${TARGET}/lib64

GCC Core

Next we will build the GCC. But please note that we are only intereset on C and C++ so we will ignore other language. To built GCC, do this:

cd ${GCC_BUILD}
${GCC_SRC}/configure 
   --build=${BUILD} 
   --target=${TARGET} 
   --enable-targets=all 
   --prefix=${PREFIX} 
   --enable-interwork 
   --enable-multilib 
   --enable-languages="c,c++" 
   --enable-shared 
   --enable-fully-dynamic-string 
   --with-system-zlib 
   --disable-nls
make -j4 all-gcc install-gcc
make clean

C RunTime (CRT) Library

 Next we will build the C runtime library or the MinGW itself. In the short: building libs required. The static and dynamic lib built with GCC core we have built.

cd ${MINGW_BUILD}
${MINGW_SRC}/configure 
    --host=${TARGET} 
    --prefix=${PREFIX}/${TARGET} 
    --enable-multilib 
    --enable-shared 
    --enable-lib32
make -j4 all
make install

For v3 and later trunk, we have to append ${TARGET} to our prefix. If not, your native GCC will be contaminated. Please note it.

Make sure you have following directories in the ${PREFIX}:

# ${PREFIX} => /usr/local
# ${TARGET} => x86_64-w64-mingw32

${PREFIX}/${TARGET}
${PREFIX}/${TARGET}/include
${PREFIX}/${TARGET}/lib
${PREFIX}/${TARGET}/lib32
${PREFIX}/${TARGET}/lib64 [link to lib]
${PREFIX}/mingw [link to ${TARGET}]
${PREFIX}/mingw/include
${PREFIX}/mingw/lib
${PREFIX}/mingw/lib32
${PREFIX}/mingw/lib64 [link to lib]

GCC (again)

Now that we have our runtime libraries, go back and ginish the GCC build:

cd ${GCC_BUILD}
make -j4
make install

GDB

Optionally you can build GDB. To do so, invoke following:

cd ${GDB_BUILD}
${GDB_SRC}/configure 
   --target=${TARGET} 
   --prefix=${PREFIX} 
   --enable-interwork 
   --enable-multilib
make -j4 all 
make install

And that’s it. You should have them now.

Testing

The toolchain can be tested with the minimal code here, save as demo.c:

int main()
{
   return 0;
}

void exit(int code)
{
   while(1);
}

Invoke following command to compile:

x86_64-w64-mingw32-gcc demo.c -o demo.exe

The post Building GCC MinGW Toolchain Cross Compiler appeared first on Xathrya.ID.

Base Conversion and Rax2 (Radare2 Framework)

As a reverse engineer, we are often face various number in various base and then the need to do conversion rise. We need a handy and simple calculator and converter tool to convert numbers from different bases, change the endianness, etc. Our shell and linux might ship this capability but not as flexible as we want.

Fortunately ‘rax2′ utility comes with Radare2 Framework for a good use. Rax aims to be a minimalistic expression evaluator for the shell and can be used for making base conversions easily between floating point values, hexadecimal representations, hexpair strings to ascii, octal to integer, etc.

In this article we will discuss about some of Rax2 capability.

Invocation

rax2 is a single utility program. We can invoke it directly in our terminal. If no arguments given, rax2 can run on interactive mode.

Let’s see the help.

rax2 -h

And what we see in out screen:

Usage: rax2 [options] [expr ...]
  =[base]                 ;  rax2 =10 0x46 -> output in base 10
  int   ->  hex           ;  rax2 10
  hex   ->  int           ;  rax2 0xa
  -int  ->  hex           ;  rax2 -77
  -hex  ->  int           ;  rax2 0xffffffb3
  int   ->  bin           ;  rax2 b30
  int   ->  ternary       ;  rax2 t42
  bin   ->  int           ;  rax2 1010d
  float ->  hex           ;  rax2 3.33f
  hex   ->  float         ;  rax2 Fx40551ed8
  oct   ->  hex           ;  rax2 35o
  hex   ->  oct           ;  rax2 Ox12 (O is a letter)
  bin   ->  hex           ;  rax2 1100011b
  hex   ->  bin           ;  rax2 Bx63
  hex   ->  ternary       ;  rax2 Tx23
  raw   ->  hex           ;  rax2 -S < /binfile
  hex   ->  raw           ;  rax2 -s 414141
  -b    binstr -> bin     ;  rax2 -b 01000101 01110110
  -B    keep base         ;  rax2 -B 33+3 -> 36
  -d    force integer     ;  rax2 -d 3 -> 3 instead of 0x3
  -e    swap endianness   ;  rax2 -e 0x33
  -f    floating point    ;  rax2 -f 6.3+2.1
  -F    stdin slurp C hex ;  rax2 -F < shellcode.c
  -h    help              ;  rax2 -h
  -k    randomart         ;  rax2 -k 0x34 1020304050
  -n    binary number     ;  rax2 -n 0x1234 # 34120000
  -N    binary number     ;  rax2 -N 0x1234 # x34x12x00x00
  -s    hexstr -> raw     ;  rax2 -s 43 4a 50
  -S    raw -> hexstr     ;  rax2 -S < /bin/ls > ls.hex
  -t    tstamp -> str     ;  rax2 -t 1234567890
  -x    hash string       ;  rax2 -x linux osx
  -u    units             ;  rax2 -u 389289238 # 317.0M
  -v    version           ;  rax2 -V

Compact yet informative.

Number Representations

Mathematical constants are simply fixed values we write, such as: 1, 135, 182, 666, etc. It can be represented in various format / base. Some common representations (in computer science) are: binary, octal, decimal, hexadecimal.

Let’s see some example.

$ rax2 0x345
837
$ rax2 837
0x345
$ rax2 44.44f
Fx8fc23142 
$ rax2 0xfffffffd
-3
$ rax2 -3
0xfffffffd 
$ rax2 -s "41 42 43 44"
ABCD

Decimal number are written as is. The hexadecimal number has 0x prefix on them. We also see 44.44f which is a decimal floating point number (suffix f) and then converted to the hexadecimal representation Fx8fc23142 (with prefix Fx). As you can see, prefix and suffix give important meaning to the conversion. List of all prefix and suffix can be seen on rax2 usage.

Endianness

Endianness (Big Endian and Little Endian) define interpretation of the bytes making up a data word when those bytes stored in computer memory.

Suppose we have value 0x12345678. This is 8 byte value (32-bit) and if we split it into byte, we have 4 bytes. Thus we have 4 bytes: 12, 34, 56, 78 where each byte requires 2 hex digits. The number will be stored differently in Big Endian system and Little Endian system.

Data are written in memory location, using the smallest unit available: byte. Computer are a big array of chunks, addressable by memory address. Memory address is like another number and range from low address to high address.

In Big Endian, you store the most significant byte in the smallest address. In our case, 0x12345678 will be seen as this:

hex1

In Little Endian, things will be different. You store the least significant byte in the smallest address. Here’s how the same value represented:

hex2

Notice that Little Endian is in the reverse order compared to Big Endian.

The good news is, in addition to convert base rax2 can also convert value from one endianness to another endianness. It’s as easy as invoking rax2 with -e argument. For example:

$ rax2 0x12345678
305419896

$ rax2 -e 0x12345678
2018915346