ARM VM on Windows

So here I was watching video lectures on Open Security Training , I stumbled across the Intro to ARM course.
for all you windows users who want to setup ARM VM using qemu on Windows, follow these instructions as the one mentioned on Authors Blog didn’t work out for me.

Step 1:
Download qemu from

http://qemu.weilnetz.de/

either w32 or w64 and install it.

Add the directory to your PATH variable, which in my case was

H:\Program Files (x86)\qemu

Step 2:
Get image:

wget http://releases.linaro.org/images/12.03/oneiric/nano/vexpress-a9-nano.img.gz
gunzip vexpress-a9-nano.img.gz

You can either download the attached vmlinuz , initrd.img

https://www.dropbox.com/s/u7l4nc09lyb0uqz/initrd.img?dl=0
https://www.dropbox.com/s/ftdqyu74uwfut5s/vmlinuz?dl=0

OR
extract them yourselves from the vexpress.img

Get image:
wget http://releases.linaro.org/images/12.03/oneiric/nano/vexpress-a9-nano.img.gz
gunzip vexpress-a9-nano.img.gz

Extract kernel and initrd:

(IMG=vexpress.img ; if [ -e “$IMG” ] ; then sudo mount -o loop,offset=”$(file “$IMG” | awk ‘BEGIN { RS=”;”; } /partition 2/ { print $7*512; }’)” -t auto “$IMG” /mnt/mnt; else echo “$IMG not found”; fi )

sudo cp -vr /mnt/mnt/boot .
sudo chown -R youruser:youruser boot
sudo umount /mnt/mnt

You end up with a number of images in .boot:

abi-3.3.0-1800-linaro-lt-vexpress-a9
config-3.3.0-1800-linaro-lt-vexpress-a9
initrd.img-3.3.0-1800-linaro-lt-vexpress-a9
System.map-3.3.0-1800-linaro-lt-vexpress-a9
vmlinuz-3.3.0-1800-linaro-lt-vexpress-a9

Copy the original vexpress image, vmlinuz.* and initrd.* somewhere where you want to keep your VM.

It will end up looking something like this
xne

Step 3:
open command windows inside the directory where you extracted vexpress.img , vmlinuz , initrd.img and run following command

qemu-system-arm -M vexpress-a9 -cpu cortex-a9 -kernel ./vmlinuz -initrd ./initrd.img -redir tcp:5022::22 -m 1024 -append “root=/dev/mmcblk0p2 vga=normal mem=512M devtmpfs.mount=0 rw” -drive file=vexpress.img,if=sd,cache=writeback

you can create a batch file if you don’t want to do it everytime you want to run a VM.

https://www.dropbox.com/s/atleeoke4zzajer/launchemu.bat?dl=0

Tools of Trade

Following will be the tools I will be using during my Game Hacking Endeavours.Choice of tools depends on your personal preference, cash in hand, Experience , liking and many other factors.

IDA Pro : A great disassembler with many powerful features, multi platform , fast and easy to use ūüėČ

IDA¬†is the¬†Interactive¬†DisAssembler: the world’s smartest and most feature-full¬†disassembler, which many software security specialists are familiar with.¬†Written entirely in C++, IDA runs on the three major operating systems: Microsoft Windows, Mac OS X, and Linux.

IDA is also the solid foundation on which our second product, the Hex-Rays decompiler, is built.

The unique Hex-Rays decompiler delivers on the promise of high level representation of binary executables. It can handle real world code. It is real.

 

Buy IDA  : https://www.hex-rays.com/index.shtml

OllyDebug : Olly debug is a debugger and one of the most powerful out there. It can be obtained for free from here http://www.ollydbg.de/ you can get a fully function Olly with all necessary plugins from here http://www.thelegendofrandom.com/files/tools/R4ndoms_OllyDBG.zip

last but not the least

WireShark : Wireshark is best network sniffing and packet capture tool available out there. which can be obtained from here http://www.wireshark.org/

and here we go again…

Now I am pretty bored so I had to find something fun to do until I get some PS4 flash dump , Network Traffic dump to analyse, no one near to me has a PS4 yet so I guess I have to wait , I could have bought my self a PS4 but I has no monies, thinking of getting a part time job though, that would make my life less miserable.

So what’s new ? well Game hacks they are pretty fun especially one of my friend “Convery” always tells me to start working on making hacks, I guess now I should start with that. Upcoming blog entries will record my deep divings into Game Hacking, Reverse Engg.

All thanks to Convery I am into this ūüôā

Next post will be about tools of the trade involved in game hacking scenes.