Use QEMU to run binary file from IP-Camera firmware

QEMU With Dynamic Linker

user@server:~/cross$ qemu-arm hello.out

/lib/ld-linux-armhf.so.3: No such file or directory

Response: Error

Fast fix: Add Static Linker when Compile

user@server:~/cross$ arm-linux-gnueabihf-gcc -static  -o hello.out hello.c

user@server:~/cross$ qemu-arm hello.out

Hello, World!

Response: OK

Run Busybox file from ip-camera firmware

user@server:~/Dahua IPC/6_romfs/bin$ qemu-arm busybox

/lib/ld-uClibc.so.0: No such file or directory

Response: Fail Need lib

Fix by "ln" command

user@server:~/Dahua IPC/6_romfs/bin$ sudo ln -s /home/sun89/Dahua\ IPC/6_romfs/lib/ld-uClibc.so.0 /lib/ld-uClibc.so.0

user@server:~/Dahua IPC/6_romfs/bin$ qemu-arm busybox

busybox: can't load library 'libcrypt.so.0'

user@server:~/Dahua IPC/6_romfs/bin$ sudo ln -s /home/sun89/Dahua\ IPC/6_romfs/lib/libcrypt.so.0 /lib/

user@server:~/Dahua IPC/6_romfs/bin$ qemu-arm busybox

busybox: can't load library 'libm.so.0'

user@server:~/Dahua IPC/6_romfs/bin$ sudo ln -s /home/sun89/Dahua\ IPC/6_romfs/lib/libm.so.0 /lib/

user@server:~/Dahua IPC/6_romfs/bin$ qemu-arm busybox

busybox: can't load library 'libc.so.0'

user@server:~/Dahua IPC/6_romfs/bin$ sudo ln -s /home/sun89/Dahua\ IPC/6_romfs/lib/libc.so.0 /lib/

user@server:~/Dahua IPC/6_romfs/bin$ qemu-arm busybox

BusyBox v1.18.4 (2016-11-14 11:07:11 CST) multi-call binary.

Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko

and others. Licensed under GPLv2.

See source distribution for full notice.

Usage: busybox [function] [arguments]...

   or: busybox --list[-full]

   or: function [arguments]...

        BusyBox is a multi-call binary that combines many common Unix

        utilities into a single executable.  Most people will create a

        link to busybox for each function they wish to use and BusyBox

        will act like whatever it was invoked as.

Currently defined functions:

        [, [[, arp, arping, ash, awk, bash, cat, chgrp, chmod, chown, chroot, cp, cut, date, df, dhcprelay, dmesg, du, dumpleases, echo, egrep, eject, env,

        fdisk, fgrep, find, flash_eraseall, free, fsync, getty, grep, halt, head, ifconfig, ifenslave, inetd, init, insmod, ip, ipaddr, iplink, iproute,

        iprule, iptunnel, kill, killall, killall5, less, linuxrc, ln, login, ls, lsmod, lspci, lsusb, lzcat, lzma, mdev, mkdir, mknod, modinfo, more, mount,

        mv, nanddump, nandwrite, netstat, nice, ping, ping6, pkill, poweroff, printenv, ps, pwd, reboot, rm, rmdir, rmmod, route, sed, seq, sh, sleep, stat,

        sync, tail, tcpsvd, telnet, telnetd, test, tftp, tftpd, top, touch, ubiattach, ubidetach, ubimkvol, ubirmvol, ubirsvol, ubiupdatevol, udhcpd, udpsvd,

        umount, uname, unlzma, unzip, vi, who, whoami

user@server:~/Dahua IPC/6_romfs/bin$ qemu-arm busybox ping 8.8.8.8.

ping: bad address '8.8.8.8.'

user@server:~/Dahua IPC/6_romfs/bin$ qemu-arm busybox ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes

ping: permission denied (are you root?)

user@server:~/Dahua IPC/6_romfs/bin$ sudo qemu-arm busybox ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes

64 bytes from 8.8.8.8: seq=0 ttl=113 time=30.814 ms

64 bytes from 8.8.8.8: seq=1 ttl=113 time=29.257 ms

64 bytes from 8.8.8.8: seq=2 ttl=113 time=30.371 ms

64 bytes from 8.8.8.8: seq=3 ttl=113 time=29.158 ms

^C

--- 8.8.8.8 ping statistics ---

4 packets transmitted, 4 packets received, 0% packet loss

round-trip min/avg/max = 29.158/29.900/30.814 ms

user@server:~/Dahua IPC/6_romfs/bin$

It's Work!