Home

Awesome

Barbervisor

Intel x86 bare metal hypervisor for researching snapshot fuzzing ideas.

The blog describing the development can be found here

The underlying kernel for this hypervisor is Orange Slice by Brandon Falk and the packet structure for network traffic is a fork of smoltcp.

Building

Ensure i586-pc-windows-msvc and x86_64-pc-windows-msvc toolchains are installed and running nightly Rust.

> rustup target add i586-pc-windows-msvc
> rustup target add x86_64-pc-windows-msvc 

> rustup toolchain list
nightly-x86_64-pc-windows-msvc (default)

Download LLVM and have lld-link in the path. Download NASM and have nasm in the path.

Change the IP address in tftp-server/src/main to bind to the wanted network address.

> cargo run

Snapshots

Snapshots are currently gathered from VirtualBox.

After snapshotting from VirtualBox, place the result of writecore at snapshot/snapshot.dmp and the result of .pgmphystofile at snapshot/snapshot.phys. These paths are hard coded and are required for most of the utilities.

Deploying

Copy barberslice.boot and barberslice.kern to a TFTPD server folder configured for PXE booting. Also set the PXE boot filename to barberslice.boot in your DHCP server.

Bochs

The kernel can be tested in Bochs before testing on bare metal.

bochs -q -f emu/bochsrc

Be sure to change the following lines of the bochsrc to point to your local Bochs install:

romimage: file="C:\Users\user\git\bochs\bios\BIOS-bochs-latest", address=0x0, options=none
vgaromimage: file="C:\Users\user\git\bochs\bios\VGABIOS-lgpl-latest"
ata0-master: type=cdrom, path="C:\Users\user\git\barberslice\ipxe\src\bin\ipxe.iso", status=inserted
e1000: enabled=1, mac=52:54:00:12:34:56, ethmod=vnet, ethdev="C:\Users\user\git\barberslice\emu"

iPXE

iPXE build is included if wanted to test in Bochs using PXE.

On linux:

sudo apt-get install liblzma liblzma-dev isolinux mkisofs
git clone https://github.com/ipxe/ipxe
cd ipxe/src
make bin/ipxe.iso EMBED=../../emu/boot.ipxe

Utilities

Docs

The main kernel docs can be found:

cd kernel
cargo doc --open

The utilities also have READMEs giving a high level overview of what the tool is used for.