"Protocol not supported" on tendaac1518 example

[Olasergiolas]

*Describe the bug I am trying to use the example provided for Tenda's router with its intented firmware by following the steps commented at the beginning of the script but it ends up crashing with error "OSError: [Errno 93] Protocol not supported". I'm running qiling latest dev version on Python 3.9, Kali Linux Rolling.

Sample Code

#!/usr/bin/env python3
# 
# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
#


# 1. Download AC15 Firmware from https://down.tenda.com.cn/uploadfile/AC15/US_AC15V1.0BR_V15.03.05.19_multi_TD01.zip
# 2. unzip
# 3. binwalk -e US_AC15V1.0BR_V15.03.05.19_multi_TD01.bin
# 4. locate squashfs-root
# 5. rm -rf webroot && mv webroot_ro webroot
#
# notes: we are using rootfs in this example, so rootfs = squashfs-root
# 

import os, socket, threading

import sys
sys.path.append("..")

from qiling import Qiling
from qiling.const import QL_VERBOSE

def patcher(ql: Qiling):
    br0_addr = ql.mem.search("br0".encode() + b'\x00')

    for addr in br0_addr:
        ql.mem.write(addr, b'lo\x00')

def nvram_listener():
    server_address = 'squashfs-root/var/cfm_socket'
    data = ""

    try:
        os.unlink(server_address)
    except OSError:
        if os.path.exists(server_address):
            raise

    # Create UDS socket
    sock = socket.socket(socket.AF_UNIX,socket.SOCK_STREAM)
    sock.bind(server_address)
    sock.listen(1)

    while True:
        connection, _ = sock.accept()

        try:
            while True:
                data += str(connection.recv(1024))

                if "lan.webiplansslen" in data:
                    connection.send('192.168.170.169'.encode())
                else:
                    break

                data = ""
        finally:
            connection.close()

def myvfork(ql: Qiling):
    regreturn = 0
    ql.log.info("vfork() = %d" % regreturn)

    return regreturn

def my_sandbox(path, rootfs):
    ql = Qiling(path, rootfs, verbose=QL_VERBOSE.DEBUG)
    ql.add_fs_mapper("/dev/urandom","/dev/urandom")
    ql.hook_address(patcher, ql.loader.elf_entry)

    # $ gdb-multiarch -q rootfs/bin/httpd 
    # gdb> set remotetimeout 100
    # gdb> target remote localhost:9999
    ql.debugger = False

    if ql.debugger == True:
        ql.os.set_syscall("vfork", myvfork)

    ql.run()

if __name__ == "__main__":
    nvram_listener_therad = threading.Thread(target=nvram_listener, daemon=True)
    nvram_listener_therad.start()

    my_sandbox(["squashfs-root/bin/httpd"], "squashfs-root")

Expected behavior The http server should start without issues.

Additional context Console output:

[Olasergiolas]

Seems to be working fine with qiling stable though

[chinggg]

6989e5a6bde0e200ff3b0534e4f529d97bdb1bac is the first bad commit, will inspect it

[elicn]

Looks like it could be my fault.. :)

However, that is a bit weird because the source files on the exception trace look like they come from a Qiling installation rather than a cloned repo.

Either way, please let me know what you find.

[chinggg]

@elicn Protocol not supported occurs when sockect_protocol is 0, which means unspecified. The regression is caused by the removed except block in https://github.com/chinggg/qiling/blob/6989e5a6bde0e200ff3b0534e4f529d97bdb1bac/qiling/os/posix/syscall/socket.py#L97, which could catch the exception.

For your question of the source file, someone like me may pip install . (the docs of Qiling even suggests sudo pip3 install . , which is dangerous IMO) so the installation is also newest.

[elicn]

Cool; it's just because they said that stable works fine where the error trace could indicate this is actually the stable branch that failed.

[xwings]

This should be solved.