Busybox

The swiss army knife of Embedded Linux

It provides a tiny all-in-one Linux CLI tools, which is widely used in Enbedded Linux.

1. Tips

Because Busybox is a sort of a tiny swiss army knife thing, sometimes some commands and options are missed. Here is a collection of possible replacements of some missed options and commands.

Improvise. Adapt. Overcome.

— Bear Grylls

Most of tips are focused on `alternative' way to invoke some commands, for example, LD_TRACE_LOADED_OBJECT=1 /bin/busybox if ldd /bin/busybox. But some tips in here are describing actual `tips', how to iterate $PATH to run command.

1.1. `ldd`

The ldd command lists paths of shared objects, mostly dependencies of libraries, of an executable. Of course there are many options, but ldd <binary> is simple yet strong enough.

And there are no ldd command in the busybox. But you can try one of these:

# objdump -p $(which fish) | grep NEEDED
  NEEDED               libncursesw.so.6
  NEEDED               libdl.so.2
  NEEDED               libpcre2-32.so.0
  NEEDED               libstdc++.so.6
  NEEDED               libm.so.6
  NEEDED               libgcc_s.so.1
  NEEDED               libc.so.6
  NEEDED               ld-linux-x86-64.so.2

In my case, I cannot even use objdump.

# LD_TRACE_LOADED_OBJECTS=1 /bin/busybox
        linux-vdso32.so.1 =>  (0x00100000)
        libc.so.6 => /lib/libc.so.6 (0x0fe70000)
        /lib/ld.so.1 (0x48000000)

See here for details.

I faced another cases, LD_TRACE_LOADED_OBJECTS says nothing.

$ LD_TRACE_LOADED_OBJECTS /bin/my-daemon
$

Then you can look around /proc directory. In my case it is daemon that is running, I can get a pid of it.

$ ps -e | grep my-daemon
39483 ?        00:00:00 my-daemon

The memory mapping file in /proc/<pid>/ will say which libraries are loaded.

cat /proc/39483/maps

It is how actually radare2 and pwndbg print virtually memory mapped, AFAIK.

1.2. `find -nouser` or `find -nogroup`

Even find util is simplifier than usual linux one. As a security expert or Linux server maintainer, you might want to find the files of deleted, therefore does not exist, users and groups.

You can do it; stat command can help you.

# 1. `find` all files in directory (/), then execute `stat` command
# 2. `stat` command with format option. Aligning it for `awk` command
# 3. Print file names, when the user name or the group name from `stat` command is "UNKNOWN"
find / -type f -exec stat -c "%U %G %n" {} + | awk '$1 == "UNKNOWN" || $2 == "UNKNOWN" {print $3}'

1.3. `hexdump` and `xxd`

Sometimes there is no hexdump and xxd, you might find out the od command. The od command dumps file or text in a form of octal, there is a way to dump it in hexadecimal: od command with -t option.

$ echo "Welcome to Ch1keen Wiki: The place you can get pro tips about Linux, infosec, and hacking" | od -t x1z
0000000 57 65 6c 63 6f 6d 65 20 74 6f 20 43 68 31 6b 65  >Welcome to Ch1ke<
0000020 65 6e 20 57 69 6b 69 3a 20 54 68 65 20 70 6c 61  >en Wiki: The pla<
0000040 63 65 20 79 6f 75 20 63 61 6e 20 67 65 74 20 70  >ce you can get p<
0000060 72 6f 20 74 69 70 73 20 61 62 6f 75 74 20 4c 69  >ro tips about Li<
0000100 6e 75 78 2c 20 69 6e 66 6f 73 65 63 2c 20 61 6e  >nux, infosec, an<
0000120 64 20 68 61 63 6b 69 6e 67 0a                    >d hacking.<
0000132

If there is no od command, you can try using awk command.

1.4. Upload statically compiled binary

If you can transfer a data to the system, it is considerable that statically build the commands that you want to use, and transfer them to the system.

You can find statically compiled commands online, like here.

1.5. How to iterate `$PATH` environmental variable to run commands

$PATH variable in Linux uses colon(:) as a delimiter.

/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin

It is easily get iterated by setting IFS, Internal Field Seperator. In this example, the one-line command will find specific strings by running grep -r commands.

(IFS=:; for p in $PATH; do grep -rn "\/dev" "$p"; done)

Breakdown:

( IFS=:
  for p in $PATH
  do
    grep -rn "\/dev" "$p"
  done
)

2. References

https://www.busybox.net/downloads/BusyBox.html A list of commands that can be used with Busybox

3. See Also

In Linux document I write how to compile Linux kernel and boot with Busybox embedded environment.
util-linux provides feature-rich utilities, and it is widely adopted in many modern Linux distros.
Toybox is another simple, small, and fast collection of tools like BusyBox. You can see it if you’re trying to do something with Android environment.