--- title: Introduction to ARM Binary Exploitation tags: ARM, shellcoding, binary , reverse engineering description: View the slide with "Slide Mode". --- # Introduction To ARM Binary Exploitation By @Chal13W1zz ![](https://media.giphy.com/media/lrW5C1vjtWKb3X2oom/giphy.gif) <!-- Put the link to this slide here so people can follow --> --- --- ## Who am I? ![](https://i.imgur.com/s8aDC3S.png) - <code class="blue">A Student and A CTF player with team fr334aks :smiling_face_with_smiling_eyes_and_hand_covering_mouth: </code> - <code class="blue">App Dev and Programming 3 years :computer: </code> - <code class="blue">Security Resesrcher and Exploit Dev 4+ years :computer:</code> - <code class="blue">Security Resesrcher and Exploit Dev 4+ years :computer:</code> - <code class="blue">I love Android and ARM :heart:</code> - <code class="blue">I use ParrotSec OS :cat:</code> --- ### Some Of My Work - Run a youtube channel teaching Android Bug Bounty, introduction to arm assembly and exploit development. - Host a couple security research blogs showcasing various cybersecurity techniques - Actively opensourcing and contributing to cybersecurity research on Github - Freelance Android App Pentesting and Dev --- --- ### Why Would Hackers Target ARM? - Almost all Smartphones , tablets and smartwatches run on ARM chips - Laptops are also shifting from intel to ARM chips - Embedded devices , routers , cars servers... --- ### ARM Assembly Basics ARM Registers | ARM | Name | | | :-- | :--------: | :----------: | | R0 - R12 | General purpose | | | R13 | Stack Pointer | | | R14 | Link Register | | | R15 | Program Counter | | --- ARM Modes - ARM - Thumb Commonly Used Instructions | INSTRUCTION | EXAMPLE |RESULT | | :-- | :--------: | :----------: | | MOV | mov r1, #0 | r1 = 0 | | ADD | add r2, #1 | r2 = r2 + 1 | | SUB | sub r1, r1 | r1 =0 | | ADR | adr r2, label | r2 = address of the label | | LDR | ldr r2, =text | r2 = contents of label text| | SWI/SVC | svc 0 | invoke a system call --- From C to ARM assembly - Assembler Directives - execution ---+demo :tada: --- ### Basic ARM Shellcoding ----+demo :tada: ->Spawn a shell in C • Step 1: system call discovery • Step 2: system call number identification • Step 3: functions arguments mapping • Step 4: Translation to assembly • Step 5: check for null bytes • Step 6: doing away with null bytes • Step 7: Converting the shellcode to hex - convert to hex [hexdump -v -e '"\\""x" 1/1 "%02x" ""' <binary name>] --- ### Classic Stack Buffer Overflow ----+demo :tada: #### Mitigation - Execute Never (XN) --- ### Basic ROP Exploit ---+demo :tada: attack/exploit structure: [Junk Characters/Padding] + [ChangeCmd() address] + [dummy Characters] + [secretFn() address] #### Mitigation - Address Space Layout Randomization (ASLR) [Bypass] - Bruteforce - Info leaks - Stack Canary --- ### Thank you! :sheep: - Youtube : https://www.youtube.com/c/FreeTechMods - Twitter : https://twitter.com/Chal13W1zz - GitHub : https://github.com/Chal13W1zz - Telegram : https://t.me/FreeTechMods - Email : chaliewizz4@gmail.com - WhatsApp/Call : +254795344966 ![](https://media.giphy.com/media/w9xqv7uWcPe2HRZ5sX/giphy.gif) --- --- # Questions? ![](https://media.giphy.com/media/l3vRacqRRQENTCIpy/giphy.gif)