# asafw
Preliminary note: we recommend you to use this as part of
[asatools](https://github.com/nccgroup/asatools) but it can also be used
standalone.
**asafw** is a set of scripts to deal with Cisco ASA firmware. It allows
someone to unpack firmware required when debugging with gdb, as well as
unpacking/repacking them in order to enable certain features such as:
* Enabling gdb at boot
* Disabling ASLR to ease debugging
* Injecting a Linux debug shell to allow CTRL^C in gdb when used with real
hardware
* Rooting a firmware (generally deprecated by enabling gdb at boot and injecting
a root shell)
* etc.
The more useful tools are `unpack_repack_bin.sh` and `unpack_repack_qcow2.sh`.
They allow respectively to manipulate `asa*.bin` and `asav*.qcow2` image
formats. They both need to be executed as root when actually repacking rootfs to
keep the right permissions.
## Requirements
* Python3 only
* apt install binwalk
* Heavily tested on Linux (but could work on OS X to)
You initially need to modify `asafw/env.sh` to match your environment. It will
allow you to define paths to the tools used by all the scripts as well as some
variables matching your ASA environment. Note there is a simmilar
`asadbg/env.sh` but only one is required to be used for both projects. We
recommend that you add it to your `~/.bashrc`:
```
source /path/to/asafw/env.sh
```
# unpack_repack_bin.sh
`unpack_repack_bin.sh` is used to unpack/repack `asa*.bin` images which are used
for real Cisco ASA hardware (such as ASA 5500 and 5500-X series). The complete
usage is:
```
$ unpack_repack_bin.sh -h
Usage:
./unpack_repack_bin.sh -i <firmware_file> -o <out_dir> [-f -g -G -a -A -m -b -r -u -l <linabin_dir> -d -e -k]
-h, --help This help menu
-i, --input <firmware_file> What firmware bin to operate on
-o, --output <out_dir> Where to write new firmware
-f, --free-space Remove space from .bin to ensure injections fit
-g, --enable-gdb Set gdb to start on boot
-G, --disable-gdb Stop gdb from starting on boot
-a, --enable-aslr Turn on ASLR
-A, --disable-aslr Turn off ASLR
-m, --inject-gdb Inject gdbserver to run
-b, --debug-shell Inject ssh-triggered debug shell
-H, --lina-hook Inject hooks for monitor lina heap (requires -b)
-r, --root root the bin to get a rootshell on boot
-c, --custom custom?
-n, --n-custom custom?
-q, --gns3-fixup gns?
-u, --unpack-only unpack the firmware and nothing else
-l, --linabins <linabin_dir> destination folder to save lina binaries
-d, --delete-extracted delete files extracted during modification
-e, --delete-original-bin delete the original firmware being modified
-k, --keep-rootfs keep the extracted rootfs on disk
-s, --simple-name use a simple name for the output .bin with just appended '-repacked'
Examples:
./unpack_repack_bin.sh -i /home/user/firmware -o /home/user/firmware_repacked --free-space --enable-gdb --inject-gdb
./unpack_repack_bin.sh -i /home/user/firmware/asa961-smp-k8.bin -f -g -m
./unpack_repack_bin.sh -u -i /home/user/firmware -l /home/user/linabins
./unpack_repack_bin.sh -u -i /home/user/firmware/asa924-k8.bin -k
```
## Extract multiple firmare
Let's assume we have these two firmware:
```
~/fw$ ls
asa924-k8.bin asa981-smp-k8.bin
```
If you only want to extract firmware, e.g. to debug them with
[asadbg](https://github.com/nccgroup/asadbg), you can use `-u` to unpack only
and `-k` to only keep the rootfs and delete other files extracted by binwalk
that you don't need. Note that the output folder is the same as the input folder
as we rely on binwalk for this:
```
~/fw$ unpack_repack_bin.sh -i . -k -u
[unpack_repack_bin] Directory of firmware detected: .
[unpack_repack_bin] extract_one: asa924-k8.bin
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
75000 0x124F8 SHA256 hash constants, little endian
144510 0x2347E gzip compressed data, maximum compression, from Unix, last modified: 2015-07-15 04:53:23
1501296 0x16E870 gzip compressed data, has original file name: "rootfs.img", from Unix, last modified: 2015-07-15 05:19:52
27168620 0x19E8F6C MySQL ISAM index file Version 4
28192154 0x1AE2D9A Zip archive data, at least v2.0 to extract, name: com/cisco/webvpn/csvrjavaloader64.dll
28773362 0x1B70BF2 Zip archive data, at least v2.0 to extract, name: AliasHandlerWrapper-win64.dll
[unpack_repack_bin] Extracted firmware to /home/user/fw/_asa924-k8.bin.extracted
[unpack_repack_bin] Firmware uses regular rootfs/ dir
[unpack_repack_bin] Extracting /home/user/fw/_asa924-k8.bin.extracted/rootfs/rootfs.img into /home/user/fw/_asa924-k8.bin.extracted/rootfs
[unpack_repack_bin] Keeping rootfs
[unpack_repack_bin] Deleting "/home/user/fw/_asa924-k8.bin.extracted/rootfs.img"
[unpack_repack_bin] Deleting "/home/user/fw/_asa924-k8.bin.extracted/2347E"
[unpack_repack_bin] Deleting "/home/user/fw/_asa924-k8.bin.extracted/1AE2D9A.zip"
[unpack_repack_bin] extract_one: asa981-smp-k8.bin
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
75264 0x12600 SHA256 hash constants, little endian
133120 0x20800 Microsoft executable, portable (PE)
149183 0x246BF gzip compressed data, maximum compression, from Unix, last modified: 2017-01-30 19:33:09
3678112 0x381FA0 gzip compressed data, has original file name: "rootfs.img", from Unix, last modified: 2017-05-10 22:42:05
14838307 0xE26A23 MySQL MISAM compressed data file Version 4
87985870 0x53E8ECE MySQL MISAM compressed data file Version 7
96261881 0x5BCD6F9 Zip archive data, at least v2.0 to extract, name: com/cisco/webvpn/csvrjavaloader64.dll
96890193 0x5C66D51 MySQL ISAM compressed data file Version 5
[unpack_repack_bin] Extracted firmware to /home/user/fw/_asa981-smp-k8.bin.extracted
[unpack_repack_bin] Firmware uses regular rootfs/ dir
[unpack_repack_bin] Extracting /home/user/fw/_asa981-smp-k8.bin.extracted/rootfs/rootfs.img into /home/user/fw/_asa981-smp-k8.bin.extracted/rootfs
[unpack_repack_bin] Keeping rootfs
[unpack_repack_bin] Deleting "/home/user/fw/_asa981-smp-k8.bin.extracted/rootfs.img"
[unpack_repack_bin] Deleting "/home/user/fw/_asa981-smp-k8.bin.extracted/5BCD6F9.zip"
[unpack_repack_bin] Deleting "/home/user/fw/_asa981-smp-k8.bin.extracted/246BF"
```
Note that errors like below you may get don't matter in this case because you
are not going to repack the firmware:
```
cpio: lib/udev/devices/kmem: Function mknod failed: Operation not permitted
cpio: lib/udev/devices/net/tun: Function mknod failed: Operation not permitted
cpio: lib/udev/devices/loop01: Function mknod failed: Operation not permitted
cpio: lib/udev/devices/null: Function mknod failed: Operation not permitted
cpio: lib/udev/devices/console: Function mknod failed: Operation not permitted
cpio: lib/udev/devices/loop00: Function mknod failed: Operation not permitted
134992 blocks
```
## Enable gdb at boot / debug shell
Let's assume we have these two firmware:
```
~/fw$ ls
asa924-k8.bin asa981-smp-k8.bin
```
We enable gdb with `-g` and remove some unused files with `-f` to be able to
repack the firmware (the compressed rootfs needs to be smaller than the original
one). We also patch `lina` to add a debug shell with `-b`. As we see below, it
worked for `asa924-k8.bin` but it failed for
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
cisco asa设备逆向调试分析辅助工具 (553个子文件)
004c588fb7922c67422843cd8837a59b8c8627 22KB
0125f427c1ed253b71ef846f26ae3e0e4da756 314B
01bd66ec37d218b51f66b2440c457aca5ee329 477B
02a68213d42213c114eda4d17ad77aff371c6e 290B
0361dcdc7c7998370de2b3f95320398a2bc6da 4KB
049bd3d3d63dbe7ca4ad6cb03b4dfdc495bfcd 18KB
080a19e191b2d943a221e5c77ae0f027cf254b 150B
0883e4f76b1e7a59dbdd3bee732d9c88c4d118 1KB
08d9937d7b587f6fece4bfeea39052663ae699 4KB
09d5d17a81b8ef4c49cec058a9baf75e598620 164B
0a2b01926a07ab6f85fcc5ae382408cc4852cb 4KB
0a2ccc68afa008bdcb638e602d2d9b13d4f8f8 139B
0aac2d78c44be8ab74f7a93102d7246dfd40ba 9KB
0abe9de745a4f2031080fe9a691234151ca8c6 674B
0b4f439da83f7140b9811a8bfa2344a3d6dcb5 187B
0c77d339effc3e4e150f99b1adc8299d226a22 4KB
0cb759b2d16bf9d40a6e70a8c8fa0f1f1954b6 6KB
0ed2260a053b066629cd9bcf22858882b2376f 198B
0fce72800d28e16baaf8feb00e0f3956c07e2b 478B
10afa181663f496abafeb1d3994fb7516f58b8 120B
11a86b754832242ff692b026893c8f9e2deea5 451B
12a67179a9669b94024d6a28bc0f520be42537 18KB
148fb9ab8394fd5fab5e1968894d17fba8140a 172B
152bd9f57ef0710aba3402c668de08f1caebeb 215B
15a15340787eec5ac20db3c7e60a167ec31650 477B
167f2830e70ebe73d750fbee91e05d289b8754 168B
1ec73358c753a8094bb206012787cd48a822f3 140B
1f64d8927314663c2b6d66509000dafd18ef19 6KB
204ddca61679b97fa58c5fd5437c7f998b87a6 204B
23204b97d314a406626d3cf809989ed0345bf1 1KB
237c8fc2a52edf23ae13185633b469ac63c286 185B
248540239edc8be97edaf276d793cb9c33c8e4 175B
28b1aed9c58a0baef8ed18a1e1675a506725c0 174B
2944231da18616ce32f67feb6391edd0e4b275 233B
2a866736902c281176f9fc193f1b4d297789cb 22KB
2b8871d87cf8d595b10f941531eb40a70d4d0d 262B
2c21c2cfb21936247f60caada92f5c370fee51 1KB
2c75856e7fe8cd9d98f0037c5c123482471848 262B
2e0d4aff502dc452e44371ccd46359d4faa4a5 291B
2e8ec6e2b718a6b34053fc8dd2df9771d1dfbb 262B
2ea90bedbda6fa8fb811ac56e3757b288bb4b6 189B
3074561d42627800639f464ff8ba79cf878b5e 4KB
3172859e6a67fd8bf586d23c8a6f062128d970 67B
338ed1db4a23fc10ce2919d2f97271a7077cd6 9KB
34e35a2616650bd66887389b4fd97e310fac22 6KB
34fff081176b91b9d43baaaad8fdd1e3c3edf3 18KB
37d2d2862a61cb6dbe07abd5dd4318bbf854cf 389B
386b8cafa484adf52c37e0d2229af992c03789 313B
3914432d71397478d6d662a853a5d33be3f4be 171B
391f81a228f0d913f8dd8afb2fa943ffa517f8 478B
3951533185b3d87e2e80a3a076b85d580a0641 252B
3aceefb93c7d2736b0021d7f27143667e03730 4KB
3d5326463c3b65696767b0e9c83805b8103fef 6KB
3e6802471360ed0e2448d9239b69887b8feee9 262B
3f84e33b397843e6271fb2df1b4e705caeb8de 181B
3fc162dda09ab02f54264666a72b08f09cb91b 176B
40ce10fc98a7c8350d2db804c66d1ceb9f1c37 314B
4399393843b450d58c29b4edcea022023f1441 189B
43e0c4f179f653990962c83802393e595ce44c 182B
4838871791c6a79fdb640da37a813485162fa2 262B
484fc0389b6abd7c8687d89a33c11f098bd6de 7KB
4878528cec8662a60e8423651a2bd4d47853fa 650B
488df7a8a6105b55346b2bb26fe122d1c2779b 5KB
49db8716c2e47bd624732d0c8244684a356749 314B
4a26abf121ee4e7b58bb7dfa687f0a4988524d 262B
4c3ab21b59055be8173a5269d9cd1ec16c6003 947B
4d390516ae14de4888987e17f02d0fca8e113a 858B
4e4e80f360966a520c56766d8e9fd641d6b49a 162B
531572783529a5088f8028bcef7d5189d48385 223B
539848f140f398f2efea1859d0a4d8b9a8eced 5KB
554c7e39d5dbdd11729d888814abb55eafe095 207B
58796070513cb83d846614abb01a035e748418 183B
599a96a826f2b43e7d1a3f2e6f92f6756d416d 22KB
59e16521b9ef1baf94bb8bcde73ab07da9165d 183B
5a30714ca753eaae6e97a840f1f21bd2dbc615 12KB
5c1ba7fa1a9e0ec5c362d6cdfa8d848066bf05 4KB
5c30e77b51f5c18ddff76a677cf0aada7e172e 22KB
5d05c7cc6cb5115d049d172dbca57bdace7acd 18KB
5df3baa52cffcc57ab7907c08bada1257f4a44 13KB
5ea893e8fb46b85b385086f78f86d1db33a8a3 392B
5f666c44a08b3af23d6632fb01d53c3813d96d 313B
6062de6b90447c2f139f9dbbe2e9fd4dfb6d6f 13KB
613a9132ae1a8a142f66bda55b5ccf5f272cc1 4KB
6207774b592520118bba963769ad3678315a56 20KB
621d5d99a3ef18210bc0783a65504ec6a5f8f6 660B
6500e3a15ab98894178d3d5a3141c50b2a1fce 6KB
6552e58fba066f07a17cdecfa442fe310f3b14 12KB
659f29d39e57922620b087f1792c1d1a0b6a9b 6KB
67057ca54215368a8e6b41475c2cfc820d7f9f 6KB
67a7ff6e1dc9e9be492ed64c05cc5443a114ee 118B
68fa604037193b7163fb1701a864f7d318a8f7 262B
6921a0352c8a4f9bc73c27e1b3b81dee5c8e94 253B
694c267e0e2a8afdf0f2b908e757438c553afc 2KB
6ca394edb93ce64657ee877942b9bc314e0135 201B
6e484f51d2045d5d02b72a5a1d327b37e1e990 5KB
6fbd17ab290afd75a4d71715336e52800dd1ab 7KB
70c771c536af57e359dd7fa9b56ff2dd2a8c0e 5KB
70fb56198b44b7cdce36c876598f933f68e3f1 263B
72bb33cdec76dac5bb77e0dec2659bb31b4e6b 210B
74188230df8e1b65622682ac3cd44be5126835 314B
共 553 条
- 1
- 2
- 3
- 4
- 5
- 6
资源评论
leave17
- 粉丝: 1
- 资源: 4
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功