Member-only story
Reverse Engineering Bare Metal Kernel Images with QEMU- Part 1
This tutorial will be a part of a series for bare metal reverse engineering
My curiosity for embedded systems has grown since taking when I took apart a few Android phones. Although not an embedded system itself, I knew that phones were going to eventually overtake computers; thus, I wanted to learn more about them. That’s when I began learning ARM and encountering many similarities between them and embedded devices. After that, it was off to the races for me: I started learning everything there is to know about embedded devices.
What is an embedded system? — An embedded system is a device that serves a singular purpose most efficiently and cost-effectively possible. The most common example of this is IoT devices (like cameras). Often this requires software to run only what is required; thus, embedded operating systems are required (e.g. embedded Linux).
The first set of embedded systems I decided to explore were Raspberry Pis because I already have some experience with them (specifically for hackathon-based projects, not reverse engineering or binary exploitation). It was also a very well-documented system, which made it easier to learn how certain aspects of it worked (both for software and hardware). Finally, it made it easier to find development tools for it, including emulators so that way I can take my projects on the go.
You do not necessarily have to start with Raspberry Pis either... There are others like Beaglebone devices, routers, cameras, and many more. For this tutorial, however, I will be focusing primarily on the Raspberry Pi 0.
Some basic things that you should know before reading further:
- Serial Communication: This is the signal that is generally used for debugging input and output. Generally, this requires cables to be attached to pins; however, with QEMU, we can emulate this to stdin/stdout.
- Pins: This is the way that embedded systems sends signals (serial, JTAG, etc).
- Toolchains: This is how we will compile our code. We will often be cross-compiling (as we are going to assume we do not have any ARM hardware in this tutorial). The toolchains that you might hear are eabi, gnueabi, and gnueabi-hf. For this tutorial, we will…
