I'm confused, finding Valerio on TH-cam giving so much of himself, so much experience, and cross discipline information that some of us find quite challenging and yet here they are in a few videos, how? I've never seen such generosity from anyone like this before. Not even my professors during my academic years have I received from them such valuable information, not in electrical, electronics, RF and comms. I've done some embedded work but nothing this sophisticated. I feel like my whole life was wasted, this video gave me meaning. I was asleep but now I'm awake. Thank you friend Valerio.
00:06 Using QEMU for emulation environment 03:23 QEMU offers three modes of operation for emulation. 10:40 Emulate a complete system using QEMU 14:14 Emulating firmware with QEMU requires rebuilding the kernel for the emulated board 21:28 Challenges of managing versions and impact on security and efficiency 24:57 Tools like Yocto Project, Buildroot, and OpenWrt are used to build kernel and root file system for embedded devices or QEMU emulated boards. 31:46 Emulating firmware with QEMU provides insights into the hardware and system details. 35:16 Emulating NAND EEPROM with nandsim module 42:20 Setting up a debugging and reverse-engineering friendly emulation environment. Crafted by Merlin AI.
I used to work with embedded developers.... I heard about all these things from them.... but this intro has done a much better job of helping me REALLY understand.... this is great stuff.
These tutorials are a god send. I've wanted to get into hardware/software hacking for a while but had no idea where to start. I've learned so much by watching your videos, and my own trial and error. Its really nice that you gave us novice hackers a blueprint. Thanks, I really appreciate it. Please have a good day..
You are Amazing, Valerio!!! Congrats on making this concise, didactic and useful material for us, I have 100% certain that a lot of people that don't comment on this series have the same feeling that I'm feeling right now. I'm Brazilian and I'm not confident about my English speaking as well but I can understand you perfectly, You're amazing!!!
Fala man! Vi que vc é brasileiro e queria saber se vc assistiu a série toda, sabe me dizer oq de tão útil pode ser feito hackeando um roteador? Da pra usar ele como um arduíno ou como um mini Pc? Abc!
Like the others, I’m a few videos in your series so far, an am enjoying it and finding very helpful. After you mentioned it, I will admit my very first impression was that the accenting was a little heavy, but as I listened further, I always know exactly what you’re saying and so far have had no trouble at all. I’m subscribed and look forward to you content
I’m so glad you identified as Italian in this video, is been trying to localize your dialect. At first, when I was passing very little attention and It was just going in the background, my first guess was Russian/Eastern Bloc area, then by like you 3rd video I head some patterns sounding Dutch or German… I was just about to pay attention and try to guess for real and you gave the answer away at the same time lol.
G'day Valerio, great video instruction, I became curious about UART as it is something I have never had to get involved in, even though I have had my own Electrical / Electronics / Comms business for nearly 50 years, I was recently ask by a couple of young blokes for some assistance with it & I couldn't so i decided to catch up; I'll have to repeat the videos a few times to get a true grasp of it, but it's not because of your english, it's because i'm 75 Anni; by the way, in Australia as a young bloke I studied studied Italian at College, loved it & always remember Father Briffa, the teacher, telling us to "Roll your "R's" ! , your accent is very similar to his & therefore "Very Italian" Thanks a lot & best of luck
Enlightening and enjoyable experience... this teaches a lot to start understanding how to get into chinese surveillance cameras. No, no your english isn't an obstacle... keep it going!!!
Hello Really great job and really great exeriance. BTW your english is goog and the speed of talking make it really easy to follow and understand. keep going and good luck.
24:41 That exists? Mind blowing. I am new to this kind of thing and the concept of what you are describing sounds so powerful it's like a deus ex machina
At my old job, I think they used to make custom QEMU board files from time to time.... I wonder if this is simple or too complex. I never understood why "mipsel" not "mipsle" ... now I know!!
Thank you very much for this series of videos you recorded. I learned a lot from them. I am a novice in QEMU. The found usage of -serial is to redirect the output information to the host for display. I would like to know whether QEMU can communicate with the USB device serial port of the host in the QEMU simulation firmware solution?
7:07 - thanks and i never knew that - in fact i didnt know what who invented the little endian architecture :) - probably somebody that was hoping that the machine word and registers will grow longer and longer A, AX , EAX, RAX! SIMD-somthing-A register :)
Hi Valerio Your Videos are so helpful and rich with important information thanks a lot. It will be great full if you do some practice of RE on some old mcu like Motorola, 8051, Fujitsu, Hitachi, ... on popular devices different than routers like automotive ECU, vending machine, coin changer ...Again thanks a lot and happy RE with beautiful Italian accent.
I'm interested in learning the Stm32 microcontroller, and was surprised to find that there is no official tool / plugin for their Stm32 IDE that allows you to simulate a processor (ex. Stm32H743) without actual target hardware to download to! I'm just interested in stepping thru the code, and seeing how registers react. I understand there are (expensive) commercial solutions (Keil / proteus ), but this QEMU looks promising.. but seems like learning linux is needed first?
Can you help me to know how to modify this firmware or img of an ont because I want to save that so that even if it resets, it will save the configuration that I loaded.
Hi Valerio, I want to do a P2V migration where a windows 11 system is to be converted to a virtual machine which will be hosted on a different windows system with different set of hardware. Now the catch is the Virtual machine should think its on the exact same hardware as in the physical system. It should show exact same information in system information as in the physical system. If we do a 'wmic bios get serialnumber' the result should be same on both systems. Not looking for any registry hacks like changing string values in Computer\HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS .vmx editing will have limited scope, as i need to emulate the processor motherboard everything I tried editing the vmware bios rom file there also limited strings can be changed like mothorboad version vendor etc. How do i emulate the gpu harddisk vendor etc? looking for some sort of hardware emulation/virtualization. I am not expecting same hardware capability just that the OS should 'think' its on the same hardware. if we go under device manager disk drives/mouse it should not show vmware or virtual box, rather show the name of the disk/mouse as in the physical system. again this should not be some registry string modification, rather the OS should 'think' its on the simulated hardware Possible?
Hello MarKac, thank you for your appreciation and your suggestion. You can download the kernel, the root file system image, and the "qr.sh" script, to start QEMU, from: uk2.digiampietro.com/hht/makemehack-linux4mips.tar.gz (i added this link also in the description). Inside the image there is the nandsim related script to emulate the NAND EEPROM. I wasn't able, for copyright reasons, to add the actual firmware of the device in the image; anyway, the image is fully functional.
Hi 乔嬿晖, thank you for your question. qemu-mipsel-static is usually used with a chroot command. For example, you can extract the root file system of your device in /home/username/device-root, then copy qemu-mipsel-static in this directory, and then you can execute something similar to "sudo chroot /home/username/device-root /qemu-mipsel-static bin/cat /etc/os-release" also without using the "-L" option. With "chroot" you have to use the static version of Qemu, because, otherwise, it will not be able to find the dynamic linker and the other libraries that are not available in the new root. The result is very similar to using the "-L" option with the non-static version of Qemu, and, in this case you don't need to be root because you don't need "chroot" that requires root privileges. Sometimes if, in the new root, you have links that point to an absolute path, you cannot execute them in qemu-mipsel but you can execute them in qemu-mipsel-static; below one of this example: valerio@ubuntu-hp:squashfs-root$ ls -l bin/sh lrwxrwxrwx 1 valerio valerio 12 gen 22 2016 bin/sh -> /bin/busybox* valerio@ubuntu-hp:squashfs-root$ qemu-mipsel -L . bin/sh bin/sh: Invalid ELF image for this architecture valerio@ubuntu-hp:squashfs-root$ sudo chroot . /qemu-mipsel-static bin/sh bin/sh: can't access tty; job control turned off valerio@ubuntu-hp:$ pwd / With qemu-mipsel, bin/sh points to /bin/busybox, that exists also in my Ubuntu machine, but it is for the x64 architecture, and qemu-mipsel gives the error. With chroot and qemu-mipsel-static, /bin/busybox is the busybox in the new root, so the busybox of our device and it is executed normally. We have some issues because the /dev dir in the new root does not contain our devices, like tty devices, we could overcome this with something similar to "sudo mount --bind /dev `pwd`/dev" to be executed int he new root, before chroot. In general, I prefer to use, whenever possible, "qemu-mipsel" with the "-L" option.
Hello amlamarra, thank you for comment, you're right, the "-net" is a legacy option than can be replaced with "-netdev" and "-device" and the "-nic" option. Anyway, the QEMU version available in the Ubuntu repository for Ubuntu 18.04 is quite old (2.11.1), doesn't support the new "-nic" option and, for an unknown reason, the "-netdev" option, wasn't functioning with ipv6; for this reason, I used the "-net" legacy option.
I'm confused, finding Valerio on TH-cam giving so much of himself, so much experience, and cross discipline information that some of us find quite challenging and yet here they are in a few videos, how? I've never seen such generosity from anyone like this before. Not even my professors during my academic years have I received from them such valuable information, not in electrical, electronics, RF and comms. I've done some embedded work but nothing this sophisticated. I feel like my whole life was wasted, this video gave me meaning. I was asleep but now I'm awake. Thank you friend Valerio.
00:06 Using QEMU for emulation environment
03:23 QEMU offers three modes of operation for emulation.
10:40 Emulate a complete system using QEMU
14:14 Emulating firmware with QEMU requires rebuilding the kernel for the emulated board
21:28 Challenges of managing versions and impact on security and efficiency
24:57 Tools like Yocto Project, Buildroot, and OpenWrt are used to build kernel and root file system for embedded devices or QEMU emulated boards.
31:46 Emulating firmware with QEMU provides insights into the hardware and system details.
35:16 Emulating NAND EEPROM with nandsim module
42:20 Setting up a debugging and reverse-engineering friendly emulation environment.
Crafted by Merlin AI.
Valerio: These videos are fantastic! Great content, excellent video production, and the Italian accent makes it even better! Many thanks!
Hello Horace Siskin, thank you very much for your appreciation and support.!
Its hard to find arm devices that have uefi firmware@@MakeMeHack
I've seen many tutorials but none have been as good as this series. Your explanation leaves absolutely no questions.
I used to work with embedded developers.... I heard about all these things from them.... but this intro has done a much better job of helping me REALLY understand.... this is great stuff.
Now this... is very interesting. :) I did not expect this much detail at NAND emulation.
These tutorials are a god send. I've wanted to get into hardware/software hacking for a while but had no idea where to start. I've learned so much by watching your videos, and my own trial and error. Its really nice that you gave us novice hackers a blueprint. Thanks, I really appreciate it. Please have a good day..
You are Amazing, Valerio!!! Congrats on making this concise, didactic and useful material for us, I have 100% certain that a lot of people that don't comment on this series have the same feeling that I'm feeling right now. I'm Brazilian and I'm not confident about my English speaking as well but I can understand you perfectly, You're amazing!!!
Fala man! Vi que vc é brasileiro e queria saber se vc assistiu a série toda, sabe me dizer oq de tão útil pode ser feito hackeando um roteador? Da pra usar ele como um arduíno ou como um mini Pc? Abc!
Dude you’re frighteningly intelligent - the English is excellent and makes the videos very friendly. (I’m English)
Like the others, I’m a few videos in your series so far, an am enjoying it and finding very helpful. After you mentioned it, I will admit my very first impression was that the accenting was a little heavy, but as I listened further, I always know exactly what you’re saying and so far have had no trouble at all. I’m subscribed and look forward to you content
Very thoruugh coverage of topics. Great stuff.
I’m so glad you identified as Italian in this video, is been trying to localize your dialect. At first, when I was passing very little attention and It was just going in the background, my first guess was Russian/Eastern Bloc area, then by like you 3rd video I head some patterns sounding Dutch or German… I was just about to pay attention and try to guess for real and you gave the answer away at the same time lol.
Thank you so much for these. Who says you can't learn anything in quarantine??? Sincerely, you are appreciated for the whole series.
Hello murrij, thank you for your appreciation and support.
G'day Valerio, great video instruction, I became curious about UART as it is something I have never had to get involved in, even though I have had my own Electrical / Electronics / Comms business for nearly 50 years, I was recently ask by a couple of young blokes for some assistance with it & I couldn't so i decided to catch up; I'll have to repeat the videos a few times to get a true grasp of it, but it's not because of your english, it's because i'm 75 Anni; by the way, in Australia as a young bloke I studied studied Italian at College, loved it & always remember Father Briffa, the teacher, telling us to "Roll your "R's" ! , your accent is very similar to his & therefore "Very Italian"
Thanks a lot & best of luck
Thank you so much for this, emulating arm systems / consoles to root and release mods has been a topic I wanted to learn for awhile now
Enlightening and enjoyable experience... this teaches a lot to start understanding how to get into chinese surveillance cameras. No, no your english isn't an obstacle... keep it going!!!
Incredible content. You're a master on this topic and an incredible teacher. I hope you release more videos on this topic.
Once more, an excellent presentation! Can't wait for the next video!
Hi Μανούσος Πουλινάκης, thank you again for your continued support!
This channel is a gem! Glad I found it.
Hello Amr Mustafa, thank you for your appreciation!.
If you come to the Basque Country, there's a beer waiting...
Hello
Really great job
and really great exeriance.
BTW your english is goog and the speed of talking make it really easy to follow and understand.
keep going
and good luck.
24:41 That exists? Mind blowing. I am new to this kind of thing and the concept of what you are describing sounds so powerful it's like a deus ex machina
At my old job, I think they used to make custom QEMU board files from time to time.... I wonder if this is simple or too complex.
I never understood why "mipsel" not "mipsle" ... now I know!!
Great job. Like your passion and great knowladge which you are willing to share. Thank you very much!
Thank you! Great video series!
Excellent videos. I'm really enjoying them. Thank you !
Your videos have a lot of value !!! Thanks
Thank you very much for this series of videos you recorded. I learned a lot from them. I am a novice in QEMU. The found usage of -serial is to redirect the output information to the host for display.
I would like to know whether QEMU can communicate with the USB device serial port of the host in the QEMU simulation firmware solution?
You are fantastic. Thank you for sharing.
7:07 - thanks and i never knew that - in fact i didnt know what who invented the little endian architecture :) - probably somebody that was hoping that the machine word and registers will grow longer and longer A, AX , EAX, RAX! SIMD-somthing-A register :)
Do yourself a favor and put the Playback speed at 1.25 ;)
Great content btw (y)
can you please make more videos on qemu which explains what is qemu and how it is used in pc virtualization? thanks in advance
I can understand you just fine.
Hi Valerio
Your Videos are so helpful and rich with important information thanks a lot.
It will be great full if you do some practice of RE on some old mcu like Motorola, 8051, Fujitsu, Hitachi, ... on popular devices different than routers like automotive ECU, vending machine, coin changer ...Again thanks a lot and happy RE with beautiful Italian accent.
Most underrated channel. You're videos are simply amazing
great video, thank you!
Thanks a lot, great video
I've recently got a router with the serial port and JTAG clearly labelled but no easy Open WRT support.... I'm really keen to try "all of this".
Please make more videos , thanks 🙏
I'm interested in learning the Stm32 microcontroller, and was surprised to find that there is no official tool / plugin for their Stm32 IDE that allows you to simulate a processor (ex. Stm32H743) without actual target hardware to download to! I'm just interested in stepping thru the code, and seeing how registers react.
I understand there are (expensive) commercial solutions (Keil / proteus ), but this QEMU looks promising.. but seems like learning linux is needed first?
Qemu is available for Windows or MacOS also. You can try the Windows or Mac version.
Do it support emulation of IBM PALM processor?
Could I use this to run uefi firmware. Ive ran old bioses on qemu before but I want to know if its possiable with uefi firmware
Love it... Thanks again
Can you help me to know how to modify this firmware or img of an ont because I want to save that so that even if it resets, it will save the configuration that I loaded.
Mr Valerio please do more video for beginner.
can i use it to run old cellphone firmwares like nokia s30
THIS IS THE BEST CHANNEL EVER
Are you available help for iot?
wow... high info level....
Magnific !!
Hi Valerio,
I want to do a P2V migration where a windows 11 system is to be converted to a virtual machine which will be hosted on a different windows system with different set of hardware.
Now the catch is the Virtual machine should think its on the exact same hardware as in the physical system. It should show exact same information in system information as in the physical system.
If we do a 'wmic bios get serialnumber' the result should be same on both systems.
Not looking for any registry hacks like changing string values in
Computer\HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
.vmx editing will have limited scope, as i need to emulate the processor motherboard everything
I tried editing the vmware bios rom file there also limited strings can be changed like mothorboad version vendor etc. How do i emulate the gpu harddisk vendor etc?
looking for some sort of hardware emulation/virtualization. I am not expecting same hardware capability just that the OS should 'think' its on the same hardware. if we go under device manager disk drives/mouse it should not show vmware or virtual box, rather show the name of the disk/mouse as in the physical system.
again this should not be some registry string modification, rather the OS should 'think' its on the simulated hardware
Possible?
Good video! Would be great if you could share all the scripts and image for download so people play around quickly
Hello MarKac, thank you for your appreciation and your suggestion. You can download the kernel, the root file system image, and the "qr.sh" script, to start QEMU, from: uk2.digiampietro.com/hht/makemehack-linux4mips.tar.gz (i added this link also in the description). Inside the image there is the nandsim related script to emulate the NAND EEPROM. I wasn't able, for copyright reasons, to add the actual firmware of the device in the image; anyway, the image is fully functional.
How to choose between qemu-mipsel and qemu-mipsel-static?
Hi 乔嬿晖, thank you for your question. qemu-mipsel-static is usually used with a chroot command. For example, you can extract the root file system of your device in /home/username/device-root, then copy qemu-mipsel-static in this directory, and then you can execute something similar to "sudo chroot /home/username/device-root /qemu-mipsel-static bin/cat /etc/os-release" also without using the "-L" option.
With "chroot" you have to use the static version of Qemu, because, otherwise, it will not be able to find the dynamic linker and the other libraries that are not available in the new root.
The result is very similar to using the "-L" option with the non-static version of Qemu, and, in this case you don't need to be root because you don't need "chroot" that requires root privileges.
Sometimes if, in the new root, you have links that point to an absolute path, you cannot execute them in qemu-mipsel but you can execute them in qemu-mipsel-static; below one of this example:
valerio@ubuntu-hp:squashfs-root$ ls -l bin/sh
lrwxrwxrwx 1 valerio valerio 12 gen 22 2016 bin/sh -> /bin/busybox*
valerio@ubuntu-hp:squashfs-root$ qemu-mipsel -L . bin/sh
bin/sh: Invalid ELF image for this architecture
valerio@ubuntu-hp:squashfs-root$ sudo chroot . /qemu-mipsel-static bin/sh
bin/sh: can't access tty; job control turned off
valerio@ubuntu-hp:$ pwd
/
With qemu-mipsel, bin/sh points to /bin/busybox, that exists also in my Ubuntu machine, but it is for the x64 architecture, and qemu-mipsel gives the error.
With chroot and qemu-mipsel-static, /bin/busybox is the busybox in the new root, so the busybox of our device and it is executed normally.
We have some issues because the /dev dir in the new root does not contain our devices, like tty devices, we could overcome this with something similar to "sudo mount --bind /dev `pwd`/dev" to be executed int he new root, before chroot.
In general, I prefer to use, whenever possible, "qemu-mipsel" with the "-L" option.
@@MakeMeHack Thanks! Very helpful~XD
how to emulate running esp32 using qemu at windows command line
👍
The thumbnail says "Emulate Firmware with QEmu", but it's the hardware you emulate with QEmu, not the firmware.
Some of those qemu options are deprecated. Like -net. Now it's -netdev.
Hello amlamarra, thank you for comment, you're right, the "-net" is a legacy option than can be replaced with "-netdev" and "-device" and the "-nic" option. Anyway, the QEMU version available in the Ubuntu repository for Ubuntu 18.04 is quite old (2.11.1), doesn't support the new "-nic" option and, for an unknown reason, the "-netdev" option, wasn't functioning with ipv6; for this reason, I used the "-net" legacy option.
Fantastic video
WOW mind blown
If you could do a beginner Tutorial on STm32 , i will change my patreon from another to you. - Thank you
great
Buongiorno )
great video
Great Video :)
Thanks!
вот бы русские субтитры..
itallian steven wolfram
Well as interesting as this video may be, I had to focus so much on what you were saying it was really hard to follow. Sorry.