0x000A - Qemu (Quick Emulator) Install | setup VGA | qemu image as root | qemu networking (part 1)

Qemu (Quick Emulator) Install | setup VGA | qemu image as root | qemu networking (part 1)

0x000A - Qemu (Quick Emulator) Install | setup VGA | qemu image as root | qemu networking (part 1)

qemu - Quick Emulator.  In short it is the one of the best options out there. VirtualBox has entire articles dedicated to how much Oracle's 'free' or 'crippleware' lacks

Debian / Ubuntu Install:

#Debian / Ubuntu
sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils
yum install -y qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer

Centos / Build from Source Install:

  • There are a few more moving parts to this.
  • Browse to qemu.org download the latest tarball.  In this example we are installing https://download.qemu.org/qemu-7.1.0.tar.xz
# Part 1: Build Environment
# Group install a set of development tools
sudo yum groups list
sudo yum groupinstall "Development Tools" -y
sudo yum install git -y
sudo yum install -y centos-release-scl
sudo yum install -y devtoolset-9

# Part 2: Install Ninja
sudo git clone https://github.com/ninja-build/ninja.git
cd ninja
git checkout release
sudo ./configure.py --bootstrap
sudo mv ninja /usr/bin

# Part 3 : Install qemu
wget https://download.qemu.org/qemu-7.1.0/tar.xz
tar -xvf qemu-7.1.0.tar.xz
cd qemu-7.1.0/

Now you can install a virtual manager to create / add / remove images and mount as you see fit.

But it is good to know how to do this from the command line.

qemu-system-i386 -cdrom /path/to/iso -hda /path/to/file.img -net user -daemonize

Once we get it downloaded it is just a matter of making a hard drive then booting it with a virtual CPU / and a virtual CDROM.  To make a disk partition:

qemu-img create drive.img 60G

What is fantastic about qemu:

  • It automatically initiated an X-11 session
  • It took a very simple command line
  • qemu-system-x86_64  (there are actually a number of options here to run different sets of qemu based upon your CPU setup.
  • -cdrom bb.iso  (The cdrom will automatically have a virtual iso loaded)
  • -drive format=raw,file=drive.img
  • -enable-kvm  (Enable virtualization mode)
  • -m 11G  (Assign 11G of ram to this VM)
  • -smp 8  (Assign 8 cores of the base system to this VM)
  • -vga virtuo (Allow screen size scaling)
qemu-system-x86_64 -cdrom windows.iso -hda drive.img -m 6000m
qemu-system-x86_64 -cdrom bb.iso -drive format=raw,file=drive.img -enable-kvm -m 11G -smp 8 -vga virtuo

The hidden virtualization setting in the Ryzen series CPU's

  • Initially trying to use qemu was very slow.  All kinds of posts to stackoverflow did not actually suggest the real solution:

Once this was set the performance difference was dramatic. Running an entire BackBox VM for pentesting:

Adding sound is well covered here: https://computernewb.com/wiki/QEMU/Devices/Sound_cards

Do note that options are offered for various sound setups.

qemu-system-x86_64: warning: '-soundhw sb16' is deprecated, please use '-device sb16' instead
qemu-system-x86_64: warning: '-soundhw pcspk' is deprecated, please set a backend using '-machine pcspk-audiodev=<name>' instead
qemu-system-x86_64: warning: '-soundhw hda' is deprecated, please use '-device intel-hda -device hda-duplex' instead
qemu-system-x86_64: warning: '-soundhw gus' is deprecated, please use '-device gus' instead
qemu-system-x86_64: warning: '-soundhw es1370' is deprecated, please use '-device ES1370' instead
qemu-system-x86_64: warning: '-soundhw cs4231a' is deprecated, please use '-device cs4231a' instead
qemu-system-x86_64: warning: '-soundhw adlib' is deprecated, please use '-device adlib' instead
qemu-system-x86_64: warning: '-soundhw ac97' is deprecated, please use '-device AC97' instead

Enabling root

  • This is useful for enabling networking, but it's downfall is that you are launching images from root.
sudo xauth add $(xauth -f ~<user>/.Xauthority list|tail -1)

Making your QEMU VM Network

Networking is great! As long as all you want your VM to do is only  reach the internet (and be inaccessible to everything else.)  But what if you want it to be reachable to the host network?

  • There are a lot of poorly written outdated guides that give over-confusing instructions.
  • Let's make this really simple (or try.. to at least)

The steps are simply this:

  1. Make a Virtual NIC (tap0) (A method: tunctl  | B method: ip)
  2. Make a Virtual Bridge (virbr0) (Using brctl)
  3. Chain the Virtual NIC (tap0) to the Virtual Bridge (virbr0) and make it route.
  4. Give the (tap0) an ip address (or the rest)
  5. Setup QEMU with tap networking option and bind to (tap0)
  6. Verify that the host can now access and route to the QEMU VM.
  7. Add a second host via this method.

Make a Virtual NIC (tap0)

A. Method : Installing tunctl (so we can make a virtual nic)

sudo apt-get install uml-utilities
# or for Centos
sudo yum install uml-utilities

Once you have it we can make a virtual interface simply with:

sudo tunctl -u <user>

This will make a 'virtual nic'

B Method : Make with ip. Alternately you can also simply do this with ip:

sudo ip tuntap add tap<n> mode tap

You can see it simply with:

ip addr

2. Make a Virtual Bridge (virbr0)

sudo apt install bridge-utils net-tools

Now add a virtual bridge..

brctl addbr virbr0
brctl show virbr0

3. Chain the Virtual NIC (tap0) to the Virtual Bridge (virbr0) and make it route.

sudo brctl addif virbr0 tap0

In this example we have added three virtual taps to the bridge:

4. Give the tap(0) an ip address

sudo ip addr add dev tap0
sudo ip addr add dev tap3

They should be pingable by now:

5. Setup QEMU to bind to the tap0 device as it's networking option.

 -netdev tap,id=tap0,ifname=tap0 \ 
 -device e1000,netdev=tap0,mac=52:55:00:d1:55:01

Reviewing this command:

  • -netdev tap,id=tap0  We are specifying the host side will be a type tap, we will map to ifname=tap0
  • -device e1000, netdev=tap0 (Create the default virtual device, mode tap 0., Set mac=...

6. Verify the Host can talk to the QEMU VM and back and forth.

Inside your VM your IP will show up as:

Outside your VM your IP will show up as:

From outside your VM you can ping now to it's internal IP:

From inside your QEMU VM you can ping back to your external IP:

7. Add a second QEMU and confirm.

Linux Rocks Every Day