Predpriprava

V Virtualbox, VMWare ali qemu pripravi navidezen računalnik z GNU/Linux.

Naloge za danes

Za neučakane:

  1. V menu bootloaderja dodaj svoj vnos.
  2. V začetni sistem v RAM (initial ramdisk, initrd, initial ramfs) dodaj svoj program, ki bo nekaj izpisal na zaslon.
  3. Zaženi sistem, za katerega ne poznaš gesla tako, da boš s pomočjo spremembe vnosa v bootloaderju lahko prišel do roota.
  4. Poskrbi, da se bo ob zagonu pognala skripta, ki bo nekaj izpisala na zaslon.
  5. Vsebino pomnilnika po resetu na računalniku shrani na USB ključ in jo preglej.
  6. Zaženi računalnik v FREEDOS prek mreže.
  7. Ponovi nalogo 2. na live distribuciji.
  8. Napiši svoj modul za GRUB ali SYSLINUX.

Scenariji uporabe znanja:

Prvi scenarij: v roke ste dobili računalnik, ki se ne zbudi. Konfiguracija programov na njem je edinstvena in neponovljiva, tako da ponovna namestitev sistema ne pride v poštev. Poskrbite, da se bo računalnik zbudil.

Drugi scenarij: napisali bi radi svoj virus, ki ga bo težko zaznati in izkoreniniti. Seveda morate najprej poskrbeti, da se virus zažene še pred operacijskim sistemom (OS). Nato virus lahko pokvari OS in se nasploh obnaša neprijetno.

Tretji scenarij: radi bi prišli do podatkov na fakultetnem računalniku. Računalnik je nastavljen tako, da se zažene prek mreže.

Četrti scenarij: zlikovca ste v napeti policijski akciji uspeli ujeti še preden bi vam uspel uničiti računalnik. Podatke na disku ima kriptirane. Računalnik je še vedno vklopljen, a ima zakljenjen zaslon. Sumite, da se vsaj nekatera gesla skrivajo v RAM. Hočete podatke v RAM.


Zagon sistema

Zagon v času DOS

Boot nekdaj je bil preprost:

  1. BIOS zazna RAM in periferijo.
  2. Če računalnik nima diska, se ustavi; na pravih IBM se zažene BASIC interpreter.
  3. Če računalnik ima disk, se v RAM naloži bootloader iz MBR.
  4. Nalagalnik (Bootloader) iz MBR naloži prvi sektor z aktivne particije.
  5. Nalagalnik s particije naloži IO.SYS in MSDOS.SYS; na pravih IBM naloži IBMBIO.SYS in IBMDOS.SYS.
  6. DOS prebere CONFIG.SYS, naloži COMMAND.COM.
  7. Izvedejo se ukazi v AUTOEXEC.BAT.

Zagon v Linux pred 10+ leti

  1. Nalagalnik iz MBR naloži prvi sektor LILO ali GRUB (prvostopenjski nalagalnik, Stage 1 bootloader).
  2. Prvostopenjski nalagalnik naloži z začetka diska (med MBR in začetkom 1. particije) drugostopenjski nalagalnik (stage 2 bootloader), ki vsebuje podporo za datotečne sisteme.
  3. Drugostopenjski nalagalnik ponudi izbiro OS za zagon, naloži jedro in ga požene
  4. Zažene se program init.
  5. init prebere inittab in požene skripto /etc/rc ali skripte v /etc/init.d (odvisno od distribucije).

Zagon v Linux pred cca 5 leti

  1. Drugostopenjski nalagalnik ponudi izbiro OS za zagon, naloži jedro ter začetni RAMDISK (initrd). Jedro zažene z initrd.
  2. initrd zazna priklopljene naprave ter obesi korenski datotečni sistem (root). Nato zamenja trenutni root (ki je v RAM) in dejanski root (na disku).
  3. zažene se program init.
  4. init prebere inittab in požene skripto /etc/rc (BSD) ali skripte v /etc/init.d (SysV) - glede na to, kakšna je distribucija.

Zagon v Linux danes

  1. zažene se program upstart (Ubuntu, Meego, HP WebOS) ali systemd (Fedora, SuSE). Ime programa je še vedno init.
  2. init prebere konfiguracijo. Konfiguracija vsebuje opise vseh daemonov oz. storitev, ki naj se zaženejo ob zagonu. Vsak opis storitve vsebuje podatek o tem, katere storitve morajo biti že zagnane pred njo. V primeru systemd so ti opisi v /etc/systemd, pri upstart so ti podatki dodani kar v skripte v /etc/init.d.
  3. init požene skripte, ki so pisane v stilu SysV.

Grub

  • Konfiguracija: /boot/grub/grub.cfg
  • Moduli: /boot/grub/*.mod

Na Ubuntu se konfiguracija ustvari z ukazom update-grub s pomočjo datotek: - vrsta skript v /etc/grub.d/ - /etc/default/grub , kjer naj bi uporabnik nastavljal možnosti

Syslinux

initrd

Pod Debianom (in posledično Ubuntu) se initrd ustvari s pomočjo datotek, spravljenih v /etc/initramfs-tools.

Na živih CD-jih je initrd običajno ustvarjen ročno. Popravite ga tako, da ga najprej raz-, nato pa spakirate nazaj. Ime datoteke običajno vsebuje niz "initrd" in se nahaja v /casper . Nekje poleg se nahaja tudi dejanski korenski datotečni sistem, ki je običajno poimenovan filesystem.squashfs .

Uporabne povezave

Coldboot napad Syslinux MEMDISK Freedos

Uporabni ukazi (uporabi po pameti)

  • mount -o bind /proc /mnt/mojroot/proc # obesi /proc še na /mnt/mojroot/proc. Uporabno v povezavi s chroot
  • grub-install /dev/sda # namesti grub na 1. disk
  • update-grub # ponovno ustvari grub.cfg
  • update-initramfs -k vsi # ponovno ustvari initrd za vsa jedra
  • gzip -dc /mnt/caspre/initrd.gz # na standardni izhod razpakiraj .gz
  • lzma -dc -S .lz /mnt/caspre/initrd.lz # na standardni izhod razpakiraj .lz
  • gzip -9 > new-initrd.gz; lzma -7 > ~/new-initrd.lz # zapakiraj standardni vhod v .gz ali .lz
  • cpio -id # razpakiraj cpio arhiv s standardnega vhoda v trenutni imenik
  • find . | cpio --quiet --dereference -o -H newc # zapakiraj datoteke v trenutnem imeniku v cpio arhiv
  • mkisofs -o ../mojiso.iso -R -J -hide-rr-moved -v -d -N -no-emul-boot -boot-load-size 32 -boot-info-table -sort isolinux/iso.sort -b isolinux/isolinux.bin -c isolinux/isolinux.boot . # ustvari mojiso.iso iz trenutnega imenika (.) . ISO postane bootable, pri čemer se kot bootloader uporabi isolinux.
  • unsquashfs filesystem.squashfs # razpakiraj squashfs.
  • mksquashfs mojimenik filesystem.squashfs -nolzma # zapakiraj mojimenik v squashfs

Prerequisite

In Virtualbox, VMWare or qemu prepare a virtual machine with GNU/Linux.

Tasks for today

For the impatient:

  1. Add your entry to the bootloader menu.
  2. In the initial system in RAM (initial ramdisk, initrd, initial ramfs) add your own program that will print out something on the screen.
  3. Start a system that you do not know the password for so that you can try to access the system as root by changing an entry in the bootloader.
  4. Make sure that a script is run at startup that will print out something on the screen.
  5. Save the contents of the memory after resetting your computer to a USB stick and examine it.
  6. Start the computer in FREEDOS over the network.
  7. Repeat task 2. on live distribution.
  8. Write your own module for GRUB or SYSLINUX.

Scenarios for the use of these skills:

First scenario: You get a computer that does not boot. The configuration of the programs on it is unique and unrepeatable so reinstalling the system is out of the question. Make sure that computer is able to boot.

Second scenario: You would like to write your own virus, which will be difficult to detect and eradicate. Of course, you must first make sure that the virus starts before the operating system (OS). Then the virus can corrupt the OS and generally behave annoyingly.

Third scenario: You would like to get the data from the faculty computer. The computer is set up to boot over the network.

Forth scenario: You were able to catch the villain in a tense police operation before he could destroy his computer. Disk data is encrypted. The computer is still on but it has a locked screen. You suspect that at least some of the passwords are hidden in RAM. You want data in RAM.


System boot

System boot in the time of DOS

Boot used to be simple:

  1. The BIOS detects RAM and peripherals.
  2. If the computer does not have a disk, it stops; on the real IBM, the BASIC interpreter is run.
  3. If the computer has a disk, a bootloader from MBR is loaded into RAM.
  4. Bootloader loads the first sector of the active partition from MBR.
  5. Bootloader loads IO.SYS and MSDOS.SYS from the partition; on the real IBM, it loads IBMBIO.SYS and IBMDOS.SYS.
  6. DOS reads CONFIG.SYS, loads COMMAND.COM.
  7. The commands in AUTOEXEC.BAT are executed.

Linux boot 10+ years ago

  1. Bootloader loads from MBR the first sector of LILO or GRUB (Stage 1 bootloader).
  2. Stage 1 bootloader loads from the beginning of the disk (between MBR and the start of the first partition) stage 2 bootloader, which contains support for file systems.
  3. Stage 2 bootloader offers the choice of OS to boot, loads the kernel, and start it up.
  4. The init program is run.
  5. init reads inittab and runs the /etc/rc script or scripts in /etc/init.d (depending on distribution).

Linux boot approximately 5 years ago

  1. The stage 2 bootloader offers the choice of OS to boot, loads the kernel, and initial RAMDISK (initrd). The kernel is started with initrd.
  2. initrd detects attached devices and attaches the root filesystem. It then replaces the current root (which is in RAM) with the actual root (on disk).
  3. The init program is run.
  4. init reads inittab and runs the /etc/rc script (BSD) or scripts in /etc/init.d (SysV) (depending on distribution).

Linux boot today

  1. The upstart (Ubuntu, Meego, HP WebOS) or systemd (Fedora, SuSE) program is run. The name of the program is still init.
  2. init reads the configuration. The configuration contains descriptions of all the daemons or services, respectively, which are run at the startup Each description of the service contains information about which services should already be run before it. In the case of systemd, these descriptions are in /etc/systemd, in the case of upstart this information is added directly to scripts in /etc/init.d.
  3. init runs scripts, which are written in SysV style.

Grub

  • Configuration: /boot/grub/grub.cfg
  • Modules: /boot/grub/*.mod

On Ubuntu, the configuration is created using the command update-grub using files: - Various scripts in /etc/grub.d/ - /etc/default/grub , where the user should set options

Syslinux

initrd

Under Debian (and consequently Ubuntu), initrd is created using files stored in /etc/initramfs-tools.

On live CDs, initrd is usually created manually. You can change it by first unpacking it and then packing it back. The file name usually contains the string "initrd" and is located in /casper . Somewhere next to it is the actual root file system, commonly called filesystem.squashfs.

Useful links

Coldboot napad Syslinux MEMDISK Freedos

Useful commands (use at your discretion)

  • mount -o bind /proc /mnt/mojroot/proc # attaches /proc also to /mnt/mojroot/proc. Useful in connection with chroot.
  • grub-install /dev/sda # installs grub to 1. disk
  • update-grub # recreates grub.cfg
  • update-initramfs -k vsi # recreates initrd for all kernels
  • gzip -dc /mnt/caspre/initrd.gz # unpacks .gz to standard output
  • lzma -dc -S .lz /mnt/caspre/initrd.lz # unpacks .lz to standard output
  • gzip -9 > new-initrd.gz; lzma -7 > ~/new-initrd.lz # pack standard input into .gz or .lz
  • cpio -id # unpack cpio archive from the standard input to current directory
  • find . | cpio --quiet --dereference -o -H newc # pack the files in the current directory into cpio archive
  • mkisofs -o ../mojiso.iso -R -J -hide-rr-moved -v -d -N -no-emul-boot -boot-load-size 32 -boot-info-table -sort isolinux/iso.sort -b isolinux/isolinux.bin -c isolinux/isolinux.boot . # create mojiso.iso from the current direcotry (.) . ISO becomes bootable, which as bootloader uses isolinux.
  • unsquashfs filesystem.squashfs # unpack squashfs.
  • mksquashfs mojimenik filesystem.squashfs -nolzma # pack mojimenik (directory) into squashfs
Zadnja sprememba: sreda, 29. april 2020, 12.32