On 02/28/2017 11:38 AM, Mark Morgan Lloyd wrote: [...] > Is it possible to use Qemu or some comparable emulator to check the boot > sequence in situ, i.e. without breaking the U-Boot and kernel images out > into separate files?
There are a few tools which take embedded Linux/Android disk images, run QEMU to emulate the missing hardware, and then attack it with whatever they can. Maybe one of those tools can help you with your boot sequence needs? Below are a few, there are others that I'm forgetting the names of, these will probably help you search for the ones I'm forgetting. :-) Sorry, unsure if there is an option that will work with U-Boot and Debian and ARM. (I haven't worked much with these tools, instead focus on UEFI/ACPI 'blobs'.) https://firmwaresecurity.com/2016/02/28/firmadyne-automated-analysis-of-linux-embedded-firmware/ https://firmwaresecurity.com/2015/09/23/costins-embedded-firmware-security-thesis/ https://firmwaresecurity.com/2015/11/23/panda-vm/ https://firmwaresecurity.com/2016/08/25/firminator/ https://firmwaresecurity.com/2016/02/28/firmadyne-automated-analysis-of-linux-embedded-firmware/ You might also try asking on Twitter, on the firmware-security list. https://twitter.com/JacobTorrey/lists/firmware-security https://firmwaresecurity.com/2017/01/17/firmware-security-list-on-twitter/ Also, I've not tried it for this purpose, but perhaps S2E/Avatar has some features that might help you. http://www.s3.eurecom.fr/tools/avatar/ HTH, Lee
