...
Firmware Reviewer Emulation Framework provides a collection of pre-built VMs, scripts, kernels and filesystem schemas to be used with our own patched version of QEMU to emulate IoT devices, aimed to facilitate IoT and Firmware Analysis by virtualising as much of the physical device as possible. It can emulate CPU different architectures and follows the IoT device boot-up process:
...
In the first part of the emulation process, Firmware Reviewer will use QEMU with a pre-built RTOS, QNX or Linux virtual machine running on simulating the target architecture with the same kernel level. Then transfer the firmware root file system into the VM and chroot into the root file system of the firmware, obtaining a working shell.
With a working shell, Firmware Reviewer will automatically navigate to /etc/rc.d or /etc/init.d and (or equivalent configurations files) and run the appropriate RC script to kick off the userland services. Closely analyze the rc.d folder (or equivalent) and inspect the scripts, and tweak the startup scripts to account for missing network interfaces, failing of NVRAM library call. This part of the emulation process is very much like dealing with encrypted firmware; each firmware will be a case of its own which is the very definition of research. In most cases Firmware Reviewer automatically choose to tweak the rcS scripts just enough to get the target service to run properly. This part of the process, if done manually, could take up weeks of investigation and additional work. Firmware Reviewer will do the job itself, supporting both MIPS and ARM as well as x86 processors. It will extract the root file system, infer network interfaces, and create the QEMU disk image for emulation. It also will attempt to emulate the NVRAM.
...