In four action-packed hours we will learn how to read and code in the Arm assembly language and exploit Arm binaries using buffer-overflow exploits. Our lab will involve debugging Arm binaries, executing shellcode from the stack, and how to find and use ROP gadgets to allow exploitation even on NX-protected stacks. This lab includes a detailed workbook and a lab VM.
Prerequisites:
• Basic experience with Linux and using the command line
• Basic understanding of how C functions work
What students should bring:
• Laptop with 8GB RAM and around 30GB free disk space
• VMware Player/Workstation/Fusion or VirtualBox installed
PART 1
ARM 32-bit Architecture
Difference between Architecture and Microarchitecture
ARM processor types
RISC CPU features
Memory model, memory types, memory segments
ARM Assembly Language
Syntax of Assembly programs
User mode registers
Status registers (CPSR and SPSR)
Conditional execution
Thumb mode
Most common instructions
Data processing instructions
Load immediate restrictions
Literal pool
Load and store instructions
Load and store addressing modes and offset modes
Load and store multiple register processing
Function calls and subroutines (function prologue and epilogue)- Preserving runtime environment via stack
Writing ARM Shellcode
Overview of Shellcode writing process
Tracing system calls and determining Syscall number
Mapping out function parameters
Translation to assembly
Checking for null-bytes and avoiding them
Converting assembly into hex string
LAB: Reverse Shell – Students will translate the following function calls into assembly: socket, connect, execve, dup2. This exercise teaches them how system functions are being invoked in assembly and how to make use of the literal pool when trying to reference strings and values like IP addresses.
This lab continues after a break with Part 2