So while thinking about #3, I wanted to see if I could get Dropbear running.
I compiled Dropbear on an RPI:
./configure --host arm-linux-gnueabihf
make
binwalk
shows:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ELF, 32-bit LSB shared object, ARM, version 1 (SYSV)
When I try running it on the dongle, it says it can't find the binary.
So then I tried making a static build:
./configure --host arm-linux-gnueabihf --enable-static
make
binwalk
now shows:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ELF, 32-bit LSB executable, ARM, version 1 (SYSV)
During the build, I did notice these warnings (which are probably important as I will get to later):
make[1]: Leaving directory '/home/pi/dropbear-2020.81/libtomcrypt'
arm-linux-gnueabihf-gcc -static -o dropbear dbutil.o buffer.o dbhelpers.o dss.o bignum.o signkey.o rsa.o dbrandom.o queue.o atomicio.o compat.o fake-rfc2553.o ltc_prng.o ecc.o ecdsa.o crypto_desc.o curve25519.o ed25519.o dbmalloc.o gensignkey.o gendss.o genrsa.o gened25519.o common-session.o packet.o common-algo.o common-kex.o common-channel.o common-chansession.o termcodes.o loginrec.o tcp-accept.o listener.o process-packet.o dh_groups.o common-runopts.o circbuffer.o list.o netio.o chachapoly.o gcm.o svr-kex.o svr-auth.o sshpty.o svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o svr-tcpfwd.o svr-authpam.o libtomcrypt/libtomcrypt.a libtommath/libtommath.a -lutil -lz -lcrypt
/usr/bin/ld: svr-auth.o: in function `recv_msg_userauth_request':
svr-auth.c:(.text+0x638): warning: Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: svr-chansession.o: in function `execchild':
svr-chansession.c:(.text+0x794): warning: Using 'initgroups' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: sshpty.o: in function `pty_setowner':
sshpty.c:(.text+0x2ec): warning: Using 'getgrnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: common-session.o: in function `fill_passwd':
common-session.c:(.text+0xab4): warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: dbutil.o: in function `expand_homedir_path':
dbutil.c:(.text+0xc24): warning: Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: netio.o: in function `connect_remote':
netio.c:(.text+0x120): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: common-session.o: in function `fill_passwd':
common-session.c:(.text+0xafc): warning: Using 'getspnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
So I start Dropbear in U2W.sh
:
#!/bin/sh
# turn off red light
echo 1 >/sys/class/gpio/gpio2/value;
# copy dropbear to sbin
cp /mnt/UPAN/dropbear /usr/sbin/
chmod 775 /usr/sbin/dropbear
# launch dropbear
/usr/sbin/dropbear -F -E -B -v
# turn on red light
echo 0 >/sys/class/gpio/gpio2/value;
exit 0
I then connect to the dongle's wifi, and attempt to ssh into dropbear 1000 different ways. I tried authorized_keys, adding a new user account, no luck.
(I noticed that in shadow-
it was set to 123456, so I tried that too).
Anyway, since -F
doesn't fork Dropbear, all the logs are getting written to U2W.txt
TRACE (198) 54.491933: leave recv_msg_service_request: done ssh-userauth
TRACE (198) 54.493978: empty queue dequeing
TRACE (198) 54.494281: process_packet: packet type = 50, len 40
TRACE (198) 54.494417: enter recv_msg_userauth_request
TRACE (198) 54.494516: enter checkusername
TRACE (198) 54.511983: leave checkusername: user 'root' doesn't exist
[198] Jan 02 00:01:04 Login attempt for nonexistent user
TRACE (198) 54.512243: recv_msg_userauth_request: 'none' request
TRACE (198) 54.512318: enter send_msg_userauth_failure
TRACE (198) 54.512399: auth fail: methods 6, 'publickey,password'
user 'root' doesn't exist
is coming from:
https://github.com/mkj/dropbear/blob/master/svr-auth.c#L266
The user comes from a call to getpwnam
which was one the warnings from above:
Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Any thoughts on how to possibly link with the correct glibc
?