nccgroup / asafw Goto Github PK
View Code? Open in Web Editor NEWSet of scripts to deal with Cisco ASA firmware [pack/unpack etc.]
License: BSD 3-Clause "New" or "Revised" License
Set of scripts to deal with Cisco ASA firmware [pack/unpack etc.]
License: BSD 3-Clause "New" or "Revised" License
I used the "./unpack_repack_bin.sh -i asa924-k8.bin -f -g" command to repack an ASA image but this image cannot use by the ASA.
I used the both the ASDM and CLI command to upload the image but got the same error. Would you please tell me some suggestions?
This is the error information:
sumval(0x7688) chksum(0x 0)md5(0x627f79f7 0xef30d361 0xdc06d033 0x47d62959)
md5(0x4f5398c1 0xfeefb16a 0x9380fe65 0x44370bc5)
Checksum verification on new image failed
The shebang in the bin.py and helper.py programs uses a hardcoded Python location instead of using env. Switching this over would allow asafw to work on platforms that don't put python3 in /usr/bin, like on macOS.
Hello,
what that message
[lina] Error: can't find aaa_admin_authenticate, you need to add symbol with asafw first
relates to ?
Regards
Hi, thanks your guys for providing these great tools.
Recently, when I use asafw
to deal with the newest image (e.g. asav9101.qcow2
), trying to disable aslr
is unsuccessful. The root cause is there is no echo 0 > /proc/sys/kernel/randomize_va_space
inside the fileasa/scripts/rcS.common
.
# tune the VM system
if sf_asa_is_ngfw; then
echo 0 > /proc/sys/vm/overcommit_memory
else
MemTotal=`awk '/^MemTotal:/ {print \$2}' /proc/meminfo`
let MemThreshold=1024*1024
#disable overcommit only for system with more than 1G memory
if [ $MemTotal -le $MemThreshold ]; then
echo 0 > /proc/sys/vm/overcommit_memory
else
echo 2 > /proc/sys/vm/overcommit_memory
fi
echo 100 > /proc/sys/vm/overcommit_ratio
fi
ulimit -s 1024
So I modify the disable_aslr()
inside the file unpack_repack_bin.sh
as follows:
sed -i 's/ulimit -s 1024/echo 0 > \/proc\/sys\/kernel\/randomize_va_space\nulimit -s 1024/' asa/scripts/rcS.common
The command works well and the file is changed as I want. But when I emulate the device with the repacked image inside GSN3
, it seems the aslr
is still on.
I notice there are some comments inside the disable_aslr()
as follows. Does it mean the command echo 0 > /proc/sys/kernel/randomize_va_space
added manually is also overriden?
log "DISABLE ASLR"
# we can't just add the following line
#echo "kernel.randomize_va_space = 0" >> etc/sysctl.conf.procps
# because it looks like rcS.common overrides our value later in the boot process
# so we just make the modification in rcS.common :)
By the way, I search randomize_va_space
using grep
inside rootfs
and get no results except for asa/bin/lina
.
Is there any other way to disable aslr
? Debugging with aslr
is annoying.
Any advice would be appreciated! Thanks in advance.
I unpack asa944-16-smp-k8.bin using bin.py and get two files asa944-16-smp-k8-initrd-original.gz and asa944-16-smp-k8-vmlinuz. When I'm trying to run them in GNS3 I have an error
INIT: version 2.88 booting
Starting udev
[ 9.928700] udevd[505]: starting version 182
[ 10.855231] ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 10
[ 10.947480] e1000_uio(e1000_pci.0.2.0): user interrupt driver successfully loaded.
Configuring network interfaces... done.
Populating dev cache
no cdrom devices
[ 13.722192] tipc: Started in network mode
[ 13.722721] tipc: Own node address <1.1.1>, network identity 1234
[ 13.725539] tipc: Enabled bearer <eth:tap0>, discovery domain <1.1.0>, priority 10
info: Running in kvm virtual environment.
/asa/scripts/vm_lib: line 221: /mnt/disk0/system-serial-number: No such file or directory
cp: cannot stat '/mnt/disk0/system-serial-number': No such file or directory
[ 15.584344] IHM: Initializing Interface Helper Module
[ 15.584403] IHM: registering chr device
[ 15.584470] Module registered 251, from (pid 1079)
[ 15.760572] 988.760510 [2606] netmap_init run mknod /dev/netmap c 10 60 # error 0
[ 15.761156] netmap: loaded module
Loading...
Starting image verification
[ 20.781129] traps: lina_monitor[1141] trap invalid opcode ip:40f4da sp:7fffffffe3f8 error:0 in
lina_monitor[400000+26000]
/tmp/run_cmd: line 5: 1141 Illegal instruction (core dumped) cgexec -g memory:privileged -g
cpuset:restricted/lina /asa/bin/lina_monitor -l
INIT: Switching to runlevel: 6
INIT: Sending processes the TERM signal
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting... [ 32.317855] Restarting system.
[ 32.317855] reboot: machine restart
I'm using these args:
Kernel Command Line: no-hlt -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536
Option: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32
Please help to run asa in GNS3 using bin file!
I Already extract the bin and make some change in the file
Now how to repack folder to bin
Hi,
Recently I have read your great posts about Cisco ASA. When I do experiments with GNS3, I came accross some problems.
Since a GNS3 instance will be debugged over TCP/IP(telnet)
, why still need to enable and change "/dev/ttyS1" to "/dev/ttyS0" in rcS
script when patch the qcow2 image? Why not use -n
instead? (-n : gdb ethernet device, eg, 'eth0'
). I have tried use -n
option and made some corresponding changes, but it didn't work.
When use asadbg
to debug, a asacfg
file is needed. In GNS3 mode, we have to specify a gns3_port
filed (in your case, use 12005 instead). But during patching the qcow2 image, I can't find the corresponding port. Is it the default port used by gdbserver? How can I configure that port when enable gdb?
Now I get the following at the boot (default console type is vnc
), but I don't know which port to use in gdb (target remote < GNS3's ip>:<which port???>
).
Any advice would be appricated! Thanks in advance.
Hi, thanks your guys for providing these great tools.
I want to get a shell (not Cisco CLI) on the device emulated by GNS3
. As far as I know, there are three ways provided by asafw
tool to do this.
-r
option--debugshell
optionssh
to the device, it just crashes instead of giving me a reverse-shell. I haven't debugged it heavily. I'll do it when I'm free.--serialshell
option-cpu Haswell -smp 4,sockets=4,cores=1,threads=1 -serial telnet:127.0.0.1:15002,server,nowait
.vnc
are as follows.Does it works as expected when using --serialshell
option? How can I access to the serial shell?
Any advice would be appreciated! Thanks in advance.
I get the following error. and do not know how to source env.sh, can you point me in the right direction?
error:
[unpack_repack_bin] This tool relies on env.sh which has not been sourced
Thanks
Darrell
This issue was found on a physical ASA 5505 running version 9.1(6).
When enabling gdbserver on the serial interface in asafw, the gdb script generated by asadbg hangs at target extended-remote [serial port]
.
Turning on gdb's remote debugging shows that gdbserver continually prints this string, preventing gdb from attaching:
It looks like a fix for this would be modifying the inittab file to run /tmp/start_cmd on a different tty. This will still cause gdbserver to attach to the serial interface, but will result in the error message being printed on the other tty as opposed to over the serial interface. Manually making this change on my end results in asadbg hanging (since it's waiting for the "Remote debugging over /dev/ttyS0" string) but eventually connecting over USB:
I'm willing to write the code to implement this change, but I'll hold off on implementing and making a pull request since this is a little more involved than my previous two issues.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.