WS-03

ARM Reverse Engineering & Exploitation Primer

Oct 4th and 5th, 2023

Grand Hyatt, Kochi, India

WS-03

ARM Reverse Engineering & Exploitation Primer

These days, due to relatively large amount of prerequisites, intrinsically subtle nature of memory corruption bugs and decades of evolution in software security area, it can get quite challenging to keep the first-foot in the world of exploitation.

This 2-day hands-on workshop is designed to fill that gap and help the attendees kickstart their exploitation journey in ARM environment, which is almost everywhere in IoT world. It starts with familiarising the attendees with ARM ecosystem (intricacies of architecture and instruction set) and move into reverse engineering ARM binaries to develop a higher-level understanding of software components. On day-2, we demonstrate how exploitation of a vulnerable component in software can lead to compromise of victim machine. After achieving code execution, we dive into crafting custom shellcode allowing us to control victim machine according to our will.

Course Content (ToC):

Topic marked as (*) are optional and are subject to time constraints.

Day-1 (ARM assembly and Software Reverse Engineering)
- Understanding ARM Assembly
  - Introduction to ARM Architecture
  - ARM Instruction Set Architecture
    - Data Processing Instructions
    - Data Movement Instructions
    - Control Flow instructions
  - ARM Function calling conventions
    - Procedure Call Standard (AAPCS)
    - Stack Operations
  - System calling conventions
  - RTFM
- Introduction to Software Reverse Engineering – Reconstructing Source Code
  - Static Analysis using Ghidra
  - Dynamic Analysis
- *RE challenge
Day-2 (Exploitation and Shellcoding)
- Exploitation
  - Introduction to Process Memory Model
  - Introduction to Process Memory Model
    - jumping to legitimate feature.
    - jumping inside vulnerable buffer.
    - Case study - why does my exploit fails outside GDB ?
  - Achieving reliable shellcode execution using process environment
- *Brief Introduction to Exploit Protections
  - ASLR
  - XN/NX/DEP
  - Stack canaries
  - RELRO
- The Dark Art of Writing ARM Shellcode
  - Introduction to Position Independent Code
  - Constraints while crafting poison pills
  - execve shellcode
  - bind shell payload
  - reverse shell payload
- *Demo – Dancing LEDs using bare-metal shellcode.

Pre-requisite:

Familiarity with Linux command line.
Being able to read source code for C programming language

Participants Requirements:

Laptop with approx. 50 GB of free space.
Virtualbox installed on host OS (latest version – 7.x)
8+ GB minimum RAM (4+GB for the VM).
Admin access to the laptop

Duration:

2 Days (6-8 hours/day)

Who should attend

Software/Security Engineers.
Security Researchers
Penetration Tester
Anyone having keen interest in reverse engineering, exploit development and shellcoding.

What to expect

By the end of this workshop, attendees should independently be kickstart their journey into software security research. Attendees should expect solid foundation on -

 Reverse Engineer software targetted to run on ARM CPUs.
Software execution at CPU level.
Exploitation of stack buffer overflows
Writing custom shellcode.

What not to expect:

Becoming a software security expert overnight.

Speakers

Abhinav Thakur

Security Researcher , Payatu Security Consulting Pvt. Ltd. , India

Abhinav Thakur is currently working as an IoT Security Researcher at Payatu. Having experience working with malicious software and binary analysis, he specializes in reverse engineering and breaking digital devices. Currently targeting IoT devices varying from simple bare-metal systems to complex OS-based systems. He spends most of the day understanding system internals and developing payload to achieve unintended behaviour on his targets.