So, why aren’t more people focusing on ARM? Perhaps because there are more learning resources out there covering exploitation on Intel than there are for ARM. Yet, we have more experts specialized in x86 security research than we have for ARM, although ARM assembly language is perhaps the easiest assembly language in widespread use. Given the widespread usage of ARM based devices and the potential for misuse, attacks on these devices have become much more common. Which brings us to the fact that like PCs, IoT devices are susceptible to improper input validation abuse such as buffer overflows. This includes phones, routers, and not to forget the IoT devices that seem to explode in sales these days. That said, the ARM processor has become one of the most widespread CPU cores in the world. When I look around me, I can count far more devices that feature an ARM processor in my house than Intel processors. You might have already noticed that ARM processors are everywhere around you. Especially for those of you who are interested in exploit writing on the ARM platform. This tutorial is generally for people who want to learn the basics of ARM assembly. In this tutorial, the focus will be on ARM 32-bit, and the examples are compiled on an ARMv6. If you are not familiar with basic debugging with GDB, you can get the basics in this tutorial. If you don’t have an ARM device (like Raspberry Pi), you can set up your own lab environment in a Virtual Machine using QEMU and the Raspberry Pi distro by following this tutorial. To follow along with the examples, you will need an ARM based lab environment. Part 6: Conditional Execution and Branching Part 4: Memory Instructions: Loading and Storing Data The following topics will be covered step by step: Before we can dive into creating ARM shellcode and build ROP chains, we need to cover some ARM Assembly basics first. This is the preparation for the followup tutorial series on ARM exploit development. Welcome to this tutorial series on ARM assembly basics.
0 Comments
Leave a Reply. |