Authored by Andrea Sindoni

Introduction and motivation

A year ago while I was attending a conference, I’ve noticed that price tag for the proposed ARM exploitation cource for IoT was quite substantial and decided to write my own to allow those who can’t afford to spend that much to still be able to study the topic. Course will be presented in three different episodes.

Surely these articles are not comparable to a live course, but still I feel like making my own small contribution.

The content has been divided as follows:

– Episode 1: Reversing ARM applications

This episode is focused on a compiling simple “Hello World” application and reversing back the very same application, without knowing its source code.

You can see the detailed process on https://quequero.org/2017/07/arm-exploitation-iot-episode-1/

– Episode 2:

In part 1 we’ve seen an introduction in reversing of some simple ARM applications, we’ve also seen how to set up the work environment and how to write a hello world (also with syscall).

In this episode we will use the same working environment.

ARM shellcoding

We will see some basic shellcode:

Shell spawning shellcode
Bind TCP shellcode
Reverse shell shellcode
Load and execute a shell from memory
Encode the shellcode

You can see the detailed process on https://quequero.org/2017/09/arm-exploitation-iot-episode-2/

– Episode 3:

In the previous episodes we have seen some basic concepts regarding ARM reversing and shellcode writing.
In this last part will see a brief introduction to exploit writing and we’ll keep it as simple as possible.

The list of topics is:

  • Modify the value of a local variable
  • Redirect the execution flow
  • Overwrite return address
  • GOT overwrite
  • C++ virtual table

You can see the detailed process on https://quequero.org/2017/11/arm-exploitation-iot-episode-3/