Chinaunix首页 | 论坛 | 博客
  • 博客访问: 511276
  • 博文数量: 110
  • 博客积分: 3971
  • 博客等级: 中校
  • 技术积分: 1175
  • 用 户 组: 普通用户
  • 注册时间: 2006-06-20 23:27
文章分类

全部博文(110)

文章存档

2015年(2)

2014年(1)

2013年(1)

2011年(9)

2010年(28)

2009年(12)

2008年(13)

2007年(23)

2006年(21)

我的朋友

分类: WINDOWS

2010-07-21 16:57:53

2.1.4 Conventions

There are a couple conventions to follow regarding packages:

  • files
    1. configuration files follow the convention
      .conf
    2. init files follow the convention
      .init
  • patches
    1. patches are numerically prefixed and named related to what they do

对于数据包来说有两个惯例需要遵守:

  • 文件

1.配置文件遵守.conf 惯例

2.初始化文件遵守.init惯例

  • 补丁

   1.补丁用数字前缀表示,根据它们的功能命名

 

 

 

2.1.5 Troubleshooting

2.1.5 检修

If you find your package doesn’t show up in menuconfig, try the following command to see if you get the correct description:

TOPDIR=$PWD make -C package/ DUMP=1 V=99

如果你发现自己的数据包没有出现在menuconfig中,试试以下命令看看你是否能得到正确的说明:

 

TOPDIR=$PWD make -C package/ DUMP=1 V=99

 

If you’re just having trouble getting your package to compile, there’s a few shortcuts you can take. Instead of waiting for make to get to your package, you can run one of the following:

  • make package//clean V=99
  • make package//install V=99

如果你在编制数据包中遇到问题,你可以采取几个简便方法。你不用等待数据包生成,你可以运行以下命令之一:

  • make package//clean V=99
  • make package//install V=99

 

Another nice trick is that if the source directory under build_dir/ is newer than the package directory, it won’t clobber it by unpacking the sources again. If you were working on a patch you could simply edit the sources under the build_dir// directory and run the install command above, when satisfied, copy the patched sources elsewhere and diff them with the unpatched sources. A warning though - if you go modify anything under package/ it will remove the old sources and unpack a fresh copy.

还有一个不错的办法是这样的:如果位于build_dir/资源目录比数据包目录新,再次拆解资源并不会使它崩溃。如果你的做的是补丁,你可以简单地在build_dir// 目录下编辑这些资源,并运行上面的安装命令,完成后把其他地方的补丁资源复制下来并把它们同修补的资源相区别。还需要提醒的是——如果你在package/ 下做任何修改,都会删除旧资源、拆解出一份全新的副本。

Other useful targets include:

  • make package//prepare V=99
  • make package//compile V=99
  • make package//configure V=99

其他有用的目标有:

  • make package//prepare V=99
  • make package//compile V=99
  • make package//configure V=99

 

2.1.6 Using build environments

OpenWrt provides a means of building images for multiple configurations which can use multiple targets in one single checkout. These environments store a copy of the .config file generated by make menuconfig and the contents of the ./files folder. The script ./scripts/env is used to manage these environments, it uses git (which needs to be installed on your system) as backend for version control.

2.1.6 运用创建环境

OpenWrt 提供了一种为多重配置创建图像的方法,这种方法可以在一个单一的校验里使用多重目标。这些environments 存储了一份由make menuconfig./files文件夹内容所生成的 .config 的副本。./scripts/env脚本是用来控制这些环境的,使用git(它需要被安装在你的系统里)作为版本控制的后台。

 

The command

    ./scripts/env help

produces a short help text with a list of commands.

To create a new environment named current, run the following command

./scripts/env new current

 ./scripts/env help 命令能够同一个命令列表一同产生简短的帮助文件。

创建一个新的环境,命名为current,运行如下命令

./scripts/env new current

 

This will move your .config file and ./files (if it exists) to the env/ subdirectory and create symlinks in the base folder.

这会把你的.config文件和./files (如果存在的话)移动到 env/子目录下,并在基础文件夹中生成命令。

After running make menuconfig or changing things in files/, your current state will differ from what has been saved before. To show these changes, use:

./scripts/env diff

运行make menuconfig或者在files/中做改变以后,你的当前状态会同之前保存过的有所不同。要显示这些更改,请使用:

./scripts/env diff

 

If you want to save these changes, run:

    ./scripts/env save

If you want to revert your changes to the previously saved copy, run:

./scripts/env revert

如果你想保存这些更改,请运行:

    ./scripts/env save

如果你想把更改恢复到之前保存的副本,请运行:

./scripts/env revert

 

If you want, you can now create a second environment using the new command. It will ask you whether you want to make it a clone of the current environment (e.g. for minor changes) or if you want to start with a clean version (e.g. for selecting a new target).

如果愿意,现在你可以使用新的命令来创建第二个环境。它会询问你是想得到一个当前环境的翻版(也就是说修改较少)还是想开始一个全新的版本(也就是说选择一个新的目标)。

To switch to a different environment (e.g. test1), use:

    ./scripts/env switch test1

To rename the current branch to a new name (e.g. test2), use:

    ./scripts/env rename test2

If you want to get rid of environment switching and keep everything in the base directory again, use:

./scripts/env clear

要转换到不同的环境(例如,test1)请使用:

     ./scripts/env switch test1

把当前的分支重新命名(例如,test2)请使用:

    ./scripts/env rename test2

如果你想摆脱环境转变,并且把所有东西再次保存在基础目录里,请使用:

./scripts/env clear

 

 

 

2.2 Extra tools

2.2附加工具

2.2.1 Image Builder

2.2.1 图像创建者

2.2.2 SDK

2.2.2 SDK

2.3 Adding platform support

2.3增加平台支持

Linux is now one of the most widespread operating system for embedded devices due to its openess as well as the wide variety of platforms it can run on. Many manufacturer actually use it in firmware you can find on many devices: DVB-T decoders, routers, print servers, DVD players ... Most of the time the stock firmware is not really open to the consumer, even if it uses open source software.

对于嵌入式装置来说,由于Linux的开放性和可运行平台的多样性,它成为了目前最广泛使用的操作系统之一。事实上,生产商们在很多设备的固件中使用Linux,这些设备包括:DVB-T解码器,路由器,印刷服务器,DVD播放器......即使使用的是公共资源软件,大多数时候存储固件对于消费者并不真正公开。

You might be interested in running a Linux based firmware for your router for various reasons: extending the use of a network protocol (such as IPv6), having new features, new piece of software inside, or for security reasons. A fully open-source firmware is de-facto needed for such applications, since you want to be free to use this or that version of a particular reason, be able to correct a particular bug. Few manufacturers do ship their routers with a Sample Development Kit, that would allow you to create your own and custom firmware and most of the time, when they do, you will most likely not be able to complete the firmware creation process.

你也许会对为你的路由器运行一个基于Linux的固件感兴趣,原因在于:扩展网络协议(例如such as IPv6)的使用,拥有新的特性,内部的新软件,或者说是由于安全的原因。对于这些应用软件来说,一个完全开放的资源固件是实际存在的,因为出于一些特殊的原因,你想免费使用不同的版本,要能够改正一些特定错误。部分生产商的确是用Sample Development Kit来推出它们的路由器,这让你能够创建自己惯用的固件,大多数时候,当生厂商这么做的时候,你一般都不能完成固件创建的进程。

This is one of the reasons why OpenWrt and other firmware exists: providing a version independent, and tools independent firmware, that can be run on various platforms, known to be running Linux originally.

这就是 OpenWrt和其他固件存在的原因之一:如果是一个版本独立、工具独立的固件,这个固件可以在不同的平台上运行,而起初大家以为只能在Linux中运行。

2.3.1 Which Operating System does this device run?

2.3.1这个设备运行什么操作系统

There is a lot of methods to ensure your device is running Linux. Some of them do need your router to be unscrewed and open, some can be done by probing the device using its external network interfaces.

有很多方法可以确保你的设备正在运行Linux。有些方法的确需要你的路由器是松开式和开放的,有些办法则通过利用外部网络接口探测设备来实现。

 

Operating System fingerprinting and port scanning

操作系统指纹和移植扫描

A large bunch of tools over the Internet exists in order to let you do OS fingerprinting, we will show here an example using nmap:

 

网络上大量工具的存在是为了让你可以做OS fingerprinting,这里我们将展示一个使用nmap的例子:

  nmap -P0 -O 
  Starting Nmap 4.20 ( http://insecure.org ) at 2007-01-08 11:05 CET
  Interesting ports on 192.168.2.1:
  Not shown: 1693 closed ports
  PORT   STATE SERVICE
  22/tcp open  ssh
  23/tcp open  telnet
  53/tcp open  domain
  80/tcp open  http
  MAC Address: 00:13:xx:xx:xx:xx (Cisco-Linksys)
  Device type: broadband router
  Running: Linksys embedded
  OS details: Linksys WRT54GS v4 running OpenWrt w/Linux kernel 2.4.30
  Network Distance: 1 hop

nmap is able to report whether your device uses a Linux TCP/IP stack, and if so, will show you which Linux kernel version is probably runs. This report is quite reliable and it can make the distinction between BSD and Linux TCP/IP stacks and others.

nmap能报告你的设备是否在使用Linux TCP/IP栈,如果使用了,它会向你显示哪一个Linux内核版本可能在运行。此报告是很可靠的,可以把DSDLinux TCP/IP 栈和其他东西相区别。

Using the same tool, you can also do port scanning and service version discovery. For instance, the following command will report which IP-based services are running on the device, and which version of the service is being used:

使用相同的工具,你还可以进行移植扫描和发现服务版本。例如,以下的命令会报告出哪一个基于IP的服务正在设备上运行,以及正在使用的是哪一个服务的版本:

nmap -P0 -sV   
Starting Nmap 4.20 ( http://insecure.org ) at 2007-01-08 11:06 CET  
Interesting ports on 192.168.2.1:  
Not shown: 1693 closed ports  
PORT   STATE SERVICE VERSION  
22/tcp open  ssh     Dropbear sshd 0.48 (protocol 2.0)  
23/tcp open  telnet  Busybox telnetd  
53/tcp open  domain  ISC Bind dnsmasq-2.35  
80/tcp open  http    OpenWrt BusyBox httpd  
MAC Address: 00:13:xx:xx:xx:xx (Cisco-Linksys)  
Service Info: Device: WAP

The web server version, if identified, can be determining in knowing the Operating System. For instance, the BOA web server is typical from devices running an open-source Unix or Unix-like.

如果被识别出的话,网络服务器版本能够了解操作系统。例如说,BOA网络服务器通常来自于使用开放资源的Unix或者是类似Unix的设备。

Wireless Communications Fingerprinting

无线通信指纹

Although this method is not really known and widespread, using a wireless scanner to discover which OS your router or Access Point run can be used. We do not have a clear example of how this could be achieved, but you will have to monitor raw 802.11 frames and compare them to a very similar device running a Linux based firmware.

虽然这个方法还没有完全被了解和传播,使用扫描设备来发现路由器或者是 Access Point运行可以使用哪一个OS。关于效果如何,我们没有一个明确的例子,但是你需要检测raw 802.11 框架,然后把它们同一个运行基于Linux的固件的类似设备相比较。

Web server security exploits

网络服务器安全开发

The Linksys WRT54G was originally hacked by using a "ping bug" discovered in the web interface. This tip has not been fixed for months by Linksys, allowing people to enable the "boot_wait" helper process via the web interface. Many web servers used in firmwares are open source web server, thus allowing the code to be audited to find an exploit. Once you know the web server version that runs on your device, by using nmap -sV or so, you might be interested in using exploits to reach shell access on your device.

 Linksys WRT54G最初是由于使用网络接口中发现的"ping bug"被黑的。几个月之内Linksys都没有稳定住这个小东西,让人们可以通过网络接口使用"boot_wait"助手程序。固件中使用的许多网络服务器都是开放的资源网络服务器,这就使得编码被审计从而找到利用。一旦你知道了在你的设备上运行的网络服务器版本,通过使用nmap -sV或者类似的,你也许会有兴趣使用设备上的shell通道。

Native Telnet/SSH access

本地Telnet/SSH 通道

Some firmwares might have restricted or unrestricted Telnet/SSH access, if so, try to log in with the web interface login/password and see if you can type in some commands. This is actually the case for some Broadcom BCM963xx based firmwares such as the one in Neuf/Cegetel ISP routers, Club-Internet ISP CI-Box and many others. Some commands, like cat might be left here and be used to determine the Linux kernel version.

有些固件也许会有受限的或者是不受限的Telnet/SSH通道,如果是这样的话,试着用网络界面登陆/密码进行登陆,以此来查看你是否可以键入命令。实际上,这是一些基于Broadcom BCM963xx固件(例如Neuf/Cegetel ISP路由器中的固件、Club-Internet ISP CI-Box中的固件、还有很多其他的固件)的情形。有些命令,比如cat 也许会留下,并用来决定Linux内核版本。

 

Analysing a binary firmware image

分析二进制固件图像

You are very likely to find a firmware binary image on the manufacturer website, even if your device runs a proprietary operating system. If so, you can download it and use an hexadecimal editor to find printable words such as vmlinux, linux, ramdisk, mtd and others.

即使你的设备运行的是一种专利的操作系统,你也很可能在生厂商网站上可以找到一种固件二进制图像。如果找到了,你可以下载下来并使用十六进制的编辑器找到可印刷的文字,例如  vmlinux, linux, ramdisk, mtd

Some Unix tools like hexdump or strings can be used to analyse the firmware. Below there is an example with a binary firmware found other the Internet:

一些Unix工具,比如hexdump 或者strings可以用来分析指令。以下是一个在网上找到的拥有二进制固件的例子:

hexdump -C  | less (more)  
00000000  46 49 52 45 32 2e 35 2e  30 00 00 00 00 00 00 00  |FIRE2.5.0.......|  
00000010  00 00 00 00 31 2e 30 2e  30 00 00 00 00 00 00 00  |....1.0.0.......|  
00000020  00 00 00 00 00 00 00 38  00 43 36 29 00 0a e6 dc  |.......8.C6)..??|  
00000030  54 49 44 45 92 89 54 66  1f 8b 08 08 f8 10 68 42  |TIDE..Tf....?.hB|  
00000040  02 03 72 61 6d 64 69 73  6b 00 ec 7d 09 bc d5 d3  |..ramdisk.?}.???|  
00000050  da ff f3 9b f7 39 7b ef  73 f6 19 3b 53 67 ea 44  |???.?9{?s?.;Sg?D|

Scroll over the firmware to find printable words that can be significant.

查看固件以找到可印刷的有意义的文字。

 

Amount of flash memory

闪存数量

Linux can hardly fit in a 2MB flash device, once you have opened the device and located the flash chip, try to find its characteristics on the Internet. If your flash chip is a 2MB or less device, your device is most likely to run a proprietary OS such as WindRiver VxWorks, or a custom manufacturer OS like Zyxel ZynOS.

Linux几乎不能适应一个2MB的闪存设备,一旦你打开设备定位好闪存芯片后,试着在网上找到它的特点。如果你的闪存芯片是2MB或者更少的设备,你的设备很有可能运行一个专利的OS,例如WindRiver VxWorks,或者是一个常规生产商OS,例如Zyxel ZynOS

 

OpenWrt does not currently run on devices which have 2MB or less of flash memory. This limitation will probably not be worked around since those devices are most of the time micro-routers, or Wireless Access Points, which are not the main OpenWrt target.

 OpenWrt目前不能在2MB或者更少的闪存记忆设备上运行。因为大多数时候这些设备都是宏-路由器或者是Wireless Access Points,它们都不是主要的OpenWrt目标,所以这个限制条件也许无法避免。

Pluging a serial port

插入串行端口

By using a serial port and a level shifter, you may reach the console that is being shown by the device for debugging or flashing purposes. By analysing the output of this device, you can easily notice if the device uses a Linux kernel or something different.

通过使用串行端口和电平转换,你能够到达控制台,控制台是被设备以调试或者闪光效果显示出来的。通过分析此设备的输出,你可以轻松地注意到设备使用的是Linux内核还是其他。
阅读(1058) | 评论(0) | 转发(0) |
0

上一篇:openwrt5

下一篇:openwrt7

给主人留下些什么吧!~~