ED 50: Emulating RISC-V on Ubuntu 22.04 (15 pts extra)

Purpose

To get a RISC-V emulator running to practice exploits and shellcode.

Installing the Ubuntu Host

Download an Ubuntu 22.04 Server ISO from:

https://ubuntu.com/download/server

I tried both the x64_64 on a Mac Intel and the ARM64 on a Mac M1 and they both worked.

Install Ubuntu Server in a virtual machine. I used VMware Fusion.

Include openssh-server during installation.

It hangs at
downloading and installing security updates
curtin command in-target
Cancel the update and reboot.

It says "Failed unmounting /cdrom"
Force power off
Disconnect CD
Boot up
Connect via SSH 

sudo apt update
sudo apt install qemu-system-riscv64 unzip -y
Download a pre-built Debian RISC-V image: 
wget "https://gitlab.com/api/v4/projects/giomasce%2Fdqib/jobs/artifacts/master/download?job=convert_riscv64-virt" -O debian-rv64.zip
Unpack the files: 
mkdir debian-rv64
cd debian-rv64
unzip ../debian-rv64.zip

sudo apt install u-boot-qemu opensbi -y
cd dqib_riscv64-virt
qemu-img create -o backing_file=image.qcow2,backing_fmt=qcow2 -f qcow2 overlay.qcow2

cd
nano start_RISCV.sh
Enter this code: 
#!/bin/bash

cd debian-rv64/dqib_riscv64-virt

qemu-system-riscv64 \
    -machine virt \
    -cpu rv64 \
    -m 1G \
    -device virtio-blk-device,drive=hd \
    -drive file=overlay.qcow2,if=none,id=hd \
    -device virtio-net-device,netdev=net \
    -netdev user,id=net,hostfwd=tcp::2222-:22 \
    -bios /usr/lib/riscv64-linux-gnu/opensbi/generic/fw_jump.elf \
    -kernel /usr/lib/u-boot/qemu-riscv64_smode/uboot.elf \
    -object rng-random,filename=/dev/urandom,id=rng \
    -device virtio-rng-device,rng=rng \
    -append "root=LABEL=rootfs console=ttyS0" \
    --nographic
Save the file with Ctrl+X, Y, Enter. 
chmod +x start_RISCV.sh
./start_RISCV.sh
Choose boot option 1

Log in with username debian and password debian
uname -a shows risc64!

Open another SSH window into the Ubuntu host. In that SSH window, execute this command: 

ssh debian@localhost -p 2222
Password is debian

In the RISC-V system, at the >debian@debian:~$ prompt, execute this command: 

su root
Enter a password of root

Execute these commands. 

apt install sudo 
nano /etc/group
Change this line 
sudo:x:27:
to this 
sudo:x:27:debian
Save the file with Ctrl+X, Y, Enter.

In an SSH window onto your Ubuntu server, execute this command to shutdown the RISC-V machine: 

pkill qemu
Restart the RISC-V emulator with these commands: 
cd
./start_RISCV.sh
In the other SSH session to Ubuntu, execute this command: 
ssh debian@localhost -p 2222
Now sudo works :)

Flag ED 50.1: hwinfo (15 pts)

On your RISC-V emulated machine, in the console running netcat, execute these commands: 

sudo apt install hwinfo -y
sudo hwinfo
The flag is covered by a green rectangle in the image below.

References

Getting started with RISC-V in QEMU

My RISC-V development environment for programming and reverse engineering purposes