pwn@host$ mkdir aarch64_tests && cd aarch64_tests pwn@host$ wget https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2022-01-28/2022-01-28-raspios-bullseye-arm64.zip | busybox unzip - pwn@host$ sudo mkdir /mnt/raspbian pwn@host$ fdisk -l 2022-01-28-raspios-bullseye-arm64.img # Check the 'Start' value of 2022-01-28-raspios-bullseye-arm64.img1 and multiply by 512 That will be your **N** pwn@host$ sudo mount -v -o offset=N -t vfat 2022-01-28-raspios-bullseye-arm64.img /mnt/raspbian pwn@host$ cp /mnt/raspbian/kernel8.img $(pwd) pwn@host$ cp /mnt/raspbian/bcm2710-rpi-3-b-plus.dtb $(pwd) pwn@host$ sudo umount /mnt/raspbian # Ensure you have QEMU 7.0 installed at this point pwn@host$ qemu-img resize 2022-01-28-raspios-bullseye-arm64.img 8G pwn@host$ qemu-system-aarch64 -m 1024 -M raspi3b -kernel kernel8.img -dtb bcm2710-rpi-3-b-plus.dtb -sd 2022-01-28-raspios-bullseye-arm64.img -append "console=ttyAMA0 root=/dev/mmcblk0p2 rw rootwait rootfstype=ext4" -nographic -device usb-net,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22 # At this point raspbian should boot on the terminal raspberrypi login: pi Password: raspberry pi@raspberry:~$ sudo service ssh start pi@raspberry:~$ sudo update-rc.d ssh enable # At this point we should have been inside the QEMU RaspbianOS instance with ssh pwn@host$ ssh pi@127.0.0.1 -p 5555 pi@raspberry:~$ sudo apt update && sudo apt install neovim nasm -y && bash -c "$(curl -fsSL http://gef.blah.cat/sh)"
deb https://mirrors.bfsu.edu.cn/debian/ bullseye main contrib non-free # deb-src https://mirrors.bfsu.edu.cn/debian/ bullseye main contrib non-free deb https://mirrors.bfsu.edu.cn/debian/ bullseye-updates main contrib non-free # deb-src https://mirrors.bfsu.edu.cn/debian/ bullseye-updates main contrib non-free deb https://mirrors.bfsu.edu.cn/debian/ bullseye-backports main contrib non-free # deb-src https://mirrors.bfsu.edu.cn/debian/ bullseye-backports main contrib non-free deb https://mirrors.bfsu.edu.cn/debian-security bullseye-security main contrib non-free # deb-src https://mirrors.bfsu.edu.cn/debian-security bullseye-security main contrib non-free
# 编辑 `/etc/apt/sources.list.d/raspi.list` 文件,删除原文件所有内容,用以下内容取代: deb http://mirrors.bfsu.edu.cn/raspberrypi/ bullseye main