OrangePi5plus redroid + ebpf环境配置

两只羊 Lv3
  2026-01-20 02:52:48 2026-01-20 02:52:48 创建   2026-02-24 03:31:09 2026-02-24 03:31:09 更新    

基础配置

本来是想着为了学年论文努力在ebpf上做做文章了,最近直接入手了一块8g的香橙派5plus,喜提人生中第一块昂贵的开发板。

环境配置跟着官方wiki来也没出太多问题

30ea219388c219af732f29bcfe957278

tf卡的系统我刷的是Orangepi5plus_1.2.0_ubuntu_jammy_server,基本用不上,不过ssd主系统的配置文件出问题,无法正常启动时,还是要用它挂载并救回来

主系统我刷的是Joshua-Riek的ubuntu-rockchip-desktop,听说可以最大程度发挥RK3588的性能

desktop系统在初始化时一定要连接hdmi显示屏和外置鼠标硬盘初始化,不然根本进不去系统

刷好后就是非常经典的ubuntu界面了

c4b8a5af1e6fcb04122bc5405ddcd135

PC和开发版之间,我是通过网线连接PC,然后开启 Windows 的网络共享功能,用电脑充当路由器给香橙派分配 IP,也可以直接通过wifi模块或者直接插到路由器上

然后就可以开启ssh并从此抛弃桌面了()

redroid

安装docker,然后使用docker-compose构建,都是基操了

然后是关于binderfs的问题,我一开始因为这个卡了很久没办法启动,最后挂载整个/dev就好了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
version: '3'

services:
  redroid:
    image: redroid/redroid:12.0.0_64only-latest
    container_name: redroid
    privileged: true
    
    ports:
      - "5555:5555"
    
    volumes:
      - /dev:/dev
      - redroid-data:/data
    
    command:
      - androidboot.selinux=permissive
      - ro.adb.secure=0
    
    restart: unless-stopped

volumes:
  redroid-data:

通过adb连接屏幕,可以正常上网,也能在宿主机里获取到相关app的进程信息,很舒服

f58b8a55e7b8f17bb008a90d60af0984

虽然像hunter,momo这样的检测一个也过不了,但实际在测试APP时不太受影响

78341953-5ac7-4108-8a29-8d882c6fee42

ebpf环境配置

Joshua-Riek的ubuntu-rockchip镜像默认不开启ebpf支持,需要重新编译一份内核

在ubuntu虚拟机上安装工具链,使用交叉编译

1
2
3
4
5
6
sudo apt install -y \
  debhelper dh-python dpkg-dev fakeroot \
  bc bison flex libssl-dev libelf-dev dwarves \
  rsync kmod cpio \
  python3 \
  gcc-aarch64-linux-gnu

修改scripts/build-kernel.sh为

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/bash

set -eE
trap 'echo Error: in $0 on line $LINENO' ERR

if [ "$(id -u)" -ne 0 ]; then
    echo "Please run as root"
    exit 1
fi

cd "$(dirname -- "$(readlink -f -- "$0")")" && cd ..
mkdir -p build && cd build

if [[ -z ${SUITE} ]]; then
    echo "Error: SUITE is not set"
    exit 1
fi

# shellcheck source=/dev/null
source "../config/suites/${SUITE}.sh"

# Clone the kernel repo
if ! git -C linux-rockchip pull; then
    git clone --progress -b "${KERNEL_BRANCH}" "${KERNEL_REPO}" linux-rockchip --depth=2
fi

cd linux-rockchip
git checkout "${KERNEL_BRANCH}"

# shellcheck disable=SC2046
export $(dpkg-architecture -aarm64)
export CROSS_COMPILE=aarch64-linux-gnu-
export CC=aarch64-linux-gnu-gcc
export LANG=C

# IMPORTANT:
# Do NOT run make defconfig/olddefconfig in the source tree here,
# otherwise Ubuntu's debian/rules will fail with "source tree is not clean".
# Instead, patch the out-of-tree config generated by prepare-tree-rockchip.

fakeroot debian/rules clean

# 1) Generate out-of-tree build tree and its .config
fakeroot debian/rules prepare-tree-rockchip do_mainline_build=true

# 2) Patch the out-of-tree config
CFG="debian/build/build-rockchip/.config"
if [ ! -f "$CFG" ]; then
    echo "Error: expected config not found: $CFG"
    exit 1
fi

scripts/config --file "$CFG" --enable CONFIG_KPROBES
scripts/config --file "$CFG" --enable CONFIG_KPROBE_EVENTS
scripts/config --file "$CFG" --enable CONFIG_KPROBE_EVENTS_ON_NOTRACE

# Optional capability symbols; may not be user-settable
scripts/config --file "$CFG" --enable CONFIG_HAVE_KPROBES || true
scripts/config --file "$CFG" --enable CONFIG_ARCH_SUPPORTS_KPROBES || true

echo "=== KPROBE config in $CFG ==="
grep -E "CONFIG_KPROBES|CONFIG_KPROBE_EVENTS" "$CFG" || true

# 3) Build deb packages
fakeroot debian/rules binary-headers binary-rockchip do_mainline_build=true

编译,接下来是漫长的等待

1
sudo ./build.sh --board=orangepi-5-plus --suite=noble --kernel-only

在开发板上安装内核并重启

1
2
3
4
5
6
7
8
9
10
sudo dpkg -i \
  linux-image-5.10.0-1012-rockchip_5.10.0-1012.12_arm64.deb \
  linux-modules-5.10.0-1012-rockchip_5.10.0-1012.12_arm64.deb \
  linux-headers-5.10.0-1012-rockchip_5.10.0-1012.12_arm64.deb
  
sudo depmod -a
sudo update-initramfs -u -k 5.10.0-1012-rockchip

# 重启
sudo reboot

查看是否开启成功

1
2
3
4
5
6
7
twogoat@twogoat-orange5:~/ebpf$ sudo modprobe configs 2>/dev/null || true
twogoat@twogoat-orange5:~/ebpf$ zcat /proc/config.gz | grep -E 'CONFIG_KPROBES|CONFIG_KPROBE_EVENTS'
CONFIG_KPROBES=y
CONFIG_KPROBE_EVENTS=y
CONFIG_KPROBE_EVENTS_ON_NOTRACE=y
CONFIG_KPROBES_SANITY_TEST=y
twogoat@twogoat-orange5:~/ebpf$

接下来尝试在宿主系统直接使用ecapture抓取redroid的流量

利用pid信息抓包,并保存到pcap

1
2
3
4
5
6
sudo ./ecapture tls -m pcap \
  --pid 78260 \
  --libssl /proc/78260/root/system/lib64/libssl.so \
  --ssl_version="boringssl 1.1.1" \
  -i enP3p49s0 \
  --pcapfile=redroid_ecapture.pcapng

直接查看抓包结果

1
2
3
4
sudo ./ecapture tls \
  -m text \
  --pid 161149 \
  --libssl /proc/161149/root/system/lib64/libssl.so

天眼查是有证书校验的,正常抓包还要用frida先hook一波,虽然也不难绕过。用ecapture可以直接抓到,非常舒服

52c41d557edf97b68826ed934e40e6b7

  • 标题: OrangePi5plus redroid + ebpf环境配置
  • 作者: 两只羊
  • 创建于 : 2026-01-20 02:52:48
  • 更新于 : 2026-02-24 03:31:09
  • 链接: https://twogoat.github.io/2026/01/20/OrangePi5plus-redroid-ebpf环境配置/
  • 版权声明: 本文章采用 CC BY-NC-SA 4.0 进行许可。
评论
目录
OrangePi5plus redroid + ebpf环境配置
  1. 基础配置
  2. redroid
  3. ebpf环境配置