Search code examples
linuxmipsvmwarebinaryfilesmips32

Load ARM (MIPS-MIPS32) Linux filesystem on VMware?

I have a Linux firmware for the MIPS architecture. Would it be possible to load up a firmware image like this in VMWare? I am trying to get into reverse-engineering, but have hit a wall. Here is the binwalk output:

8212          0x2014          uImage header, header size: 64 bytes, header CRC: 0xD384760C, created: 2021-12-01 11:10:32, image size: 1975811 bytes, Data Address: 0x81001000, Entry Point: 0x813E4860, data CRC: 0xE74BA6F, OS: Linux, CPU: MIPS, image type: OS Kernel Image, compression type: lzma, image name: "Linux Kernel Image"
8276          0x2054          LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 5748736 bytes
1984088       0x1E4658        Squashfs filesystem, little endian, version 4.0, compression:xz, size: 10883970 bytes, 2239 inodes, blocksize: 131072 bytes, created: 2021-12-02 11:17:54

I have managed to extract the raw filesystem from the .bin file, but cannot get much further. How would I go about loading something like this in VMware? Would it even be possible due to architecture differences? It has a squashfs-root file, and some others in the binary. I am myself on windows (doing everything via WSL), but not shy to boot Linux. Here is some LS output of the binary: enter image description here

I am able to extract the files with 7zip from the binary, as stated. But this removes the other 1E4658.squashfs file, the 2054 file, and the 2054.7z and only decompresses the linux filesystem from squashfs-root.

The 1E4658.squashfs file, is a copy of the whole filesystem it seems like. (I think maybe for validation? I don't know.)

It's firmware for my TP-link deco. If anyone has any tips to get further with reverse engineering, please do share!! :)

Solution

  • How would I go about loading something like this in VMware?
    Would it even be possible due to architecture differences?

    VMware simulates an x86 desktop PC.

    You can attach floppy disk, CD-ROM or DVD images to VMware to simulate such a media.

    If you have installed some operating systems in your virtual machine (that runs inside VMware) that contains a tool (similar to 7z) that can extract firmware image files, it makes sense to copy the firmware image to the virtual machine - in this case the file is just a "regular" file for VMware (just like a text document or a PNG image).

    However, VMware itself cannot do anything with a Firmware image for ARM or MIPS.

    I am able to extract the files with 7zip from the binary, as stated. But this removes the ... files ...

    Looking at your screenshot, I doubt if I understood your question correctly.

    If I understand the "binwalk" output correctly, the first file begins at offset 8212 (which is hexadecimal 0x2014), the second one at offset 8276 and the SquashFS image begins at offset.

    So if you want to have the file 2014, you can use the dd tool to extract that file from the firmware image:

    dd if=firmware_image of=output_filename bs=1 count=64 skip=8212

    (Replace firmware_image by the file name of the firmware image and output_filename by the desired file name for the file 2014; example: 2014.bin)

    For the second file use: count=1975812 (because the file's size is: 1984088-8276=1975812) and skip=8276. For the SquashFS image, use skip=1984088 and omit the count= argument (this means: extract until the end of the file).

    However:

    The content of the 2014 file is already shown by "binwalk":

    uImage header, header size ... name: "Linux Kernel Image"

    The file does not contain any more data but this line of information.

    The 2054 file is an operating system kernel image. Such an image does not contain any "useful" information that can be read out.

    And the kernel image will only work on the device it is intended for - it won't work on "MIPS-based routers" but it will only work on the MIPS-based router "Example Industries Inc, ABC-1234-D".