环境要求
- Mac m1
- Mac m1 中 虚拟机安装aarch64 ubuntu22.02
- Mac m1安装OrbStack,并在其中安装 ubuntu20.04(x86_64)
构建文件系统
在虚拟机 aarch64 ubuntu22.02中构建
安装必要的库
sudo apt-get install libncurses5-dev build-essential git bison flex libssl-dev dtc bison flex gcc make bc g++ vim git bc flex bison libssl-dev dwarves libelf-dev xz-utils wget
使用busybox-1.35.0,先配置make menuconfig,设置
Settings --->[*] Build static binary (no shared libs)
然后使用下面的脚本生成文件系统
cd busybox-1.35.0
sudo rm -rf _install
make install -j32
cd _installmkdir etc dev lib
cd etccat > profile << EOF
#!/bin/sh
export HOSTNAME=bryant
export USER=root
export HOME=/home
export PS1="[$USER@$HOSTNAME \W]\# "
PATH=/bin:/sbin:/usr/bin:/usr/sbin
LD_LIBRARY_PATH=/lib:/usr/lib:$LD_LIBRARY_PATH
export PATH LD_LIBRARY_PATH
EOFcat > inittab << EOF
::sysinit:/etc/init.d/rcS
::respawn:-/bin/sh
::askfirst:-/bin/sh
::ctrlaltdel:/bin/umount -a -r
EOFcat > fstab << EOF
#device mount-point type options dump fsck order
proc /proc proc defaults 0 0
tmpfs /tmp tmpfs defaults 0 0
sysfs /sys sysfs defaults 0 0
tmpfs /dev tmpfs defaults 0 0
debugfs /sys/kernel/debug debugfs defaults 0 0
kmod_mount /mnt 9p trans=virtio 0 0
EOFmkdir init.d
cd init.d
cat > rcS << EOF
mkdir -p /sys
mkdir -p /tmp
mkdir -p /proc
mkdir -p /mnt
/bin/mount -a
mkdir -p /dev/pts
mount -t devpts devpts /dev/pts
echo /sbin/mdev > /proc/sys/kernel/hotplug
mdev -s
EOFchmod 777 rcScd ../../dev
sudo mknod console c 5 1cd ..
find . | cpio -o --format=newc > ../rootfs.img
linux kernel 编译 && 调试
在虚拟机 aarch64 ubuntu22.02中构建
和x86_64中设置一致(本身就在aarch64中,不需要配置交叉编译工具,直接使用gcc编译)
启动脚本(-kernel 和 -initrd 根据自己实际的位置改一改)
qemu-system-aarch64 \-cpu cortex-a72 \-machine type=virt \-nographic -smp 2 -m 2048M \-kernel linux-5.18/arch/arm64/boot/Image \-append "nokaslr root=/dev/ram rdinit=/linuxrc console=ttyAMA0" \-initrd busybox-1.35.0/rootfs.img \-device virtio-scsi-device -s -S
android goldfish 编译 && 调试
所需环境 Mac m1 OrbStack ubuntu20.04(x86_64)
下载编译工具android NDK https://github.com/android/ndk/wiki/Unsupported-Downloads
用的是 android-ndk-r18b
编译环境配置
sudo apt install gcc g++ cmake make perl ruby libncurses5-dev gcc make bc g++ vim git bc flex bison libssl-dev dwarves libelf-dev xz-utils wget git-core gnupg flex bison gperf build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z-dev ccache libgl1-mesa-dev libxml2-utils xsltproc unzip openjdk-8-jdk
下载goldfish源码,并提取android-goldfish-4.4-dev
git clone https://android.googlesource.com/kernel/goldfish.git
git checkout -b android-goldfish-4.4-dev remotes/origin/android-goldfish-4.4-dev
配置goldfish
export PATH=/Volumes/TwoT/android_kernel/android-ndk-r18b/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin:$PATH
export CROSS_COMPILE=aarch64-linux-android-
make ARCH=arm64 arm64_ranchu_defconfig
修改.config
CONFIG_DEBUG_RODATA=n
CONFIG_RANDOMIZE_BASE=n
编译
make \ARCH=arm64 \CC=/Volumes/TwoT/android_kernel/android-ndk-r18b/toolchains/llvm/prebuilt/linux-x86_64/bin/clang \CLANG_TRIPLE=aarch64-linux-gnu- \CROSS_COMPILE=/Volumes/TwoT/android_kernel/android-ndk-r18b/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android- \-j16
启动调试 在虚拟机 aarch64 ubuntu22.02
qemu-system-aarch64 \-cpu cortex-a72 \-machine type=virt \-nographic -smp 2 -m 2048M \-kernel /media/psf/TwoT/android_kernel/test/goldfish/arch/arm64/boot/Image \-append "nokaslr root=/dev/ram rdinit=/linuxrc console=ttyAMA0" \-initrd busybox-1.35.0/rootfs.img \-device virtio-scsi-device -s -S
其他的问题
为什么不在mac m1直接模拟执行?
下一个断点,继续运行,会就直接崩溃了,有大佬解决了,告知一些
poc的编写
- 需要ndk静态编译
- 需要在Mac m1上的android studio中创建aarch64模拟器,抽取里面system的文件,放到文件系统中
