ARM Exploitation Series



There are at least a million+ ARM processors around us. That being said, the following link is an intro to ARM assembly from an exploit dev perspective. The author starts off by explaining the basics and in the next “pack” of series, she’ll introduce ARM pwning.

I figured it’d be a neat reference for those who are interested in exposing themselves to more than just the classic Intel arch.


+ARM Emulator

OS for raspberry pi
(face) #2

Thanks for sharing!


Just found out about an amazing cross-platform ARM emulator as well.

Check it out!


ARM is definitely worth looking at.
In the last couple of month I looked at several hardware devices from smaller to bigger ones to pwn them and almost all had an ARM chip.
The amount of hardware with ARM chips inside won’t decrease over the next years I think.
So knowing at least the basic will be damn helpful


Bit of a self promo but I somewhat recently finished an in-browser ARM assembler and simulator that might aid in some understanding of ARM. Features the full GAS syntax but it has its crashes here and there.

(Command-Line Ninja) #6

That is so awesome. The UI is alright too!

(xchg rbp, rsp) #7

Hey guys ! I started ARM exploitation few weeks ago. Didn’t check out 0x00sec for a while and I’m glad to see I’m not the only dealing with ARM here.

I’ve used my raspberry so far for arm binaries, but it’s a pain in the neck to take it out of its box every single time. I’ve tried to use qemu to get a debian(ish) arm box, but amongst all the gist and blogposts I’ve found, none of them allowed me to boot my fresh installed Debian ARM… Init complains about missing kernel modules… Moreover, it is always using Wheezy or old Ubuntu build.

Is there anyone playing with qemu as well ?

PS: I tried on archlinux boxes only and it might be the origin of the issue, I can’t tell so far


Did you read the resource I posted?

There is a section explaining the exact same thing.

Click me.

(xchg rbp, rsp) #9

I had read the ARM assembly basics but not this article. It is very useful. Actually I wanted to use something different than Raspbian and use other ARM machines (RAM is limited to 256 Mb with versatilepb) but hey, it is working :slight_smile:
Some of you may wonder why I complain about the versatilepb memory limitation. I agree that an ARM system is not supposed to run heavy software and a small amount of memory is supposed to be enough, but while installing radare2 I stumbled across this error:

That was the only task running. No big deal, but as I planned to use this vm for exploitation and reverse engineering, it bothers me.

PS: It seems that runs flawlessly. I’ve played with it for an hour now and with a decent amount of memory and tcp redirection for ssh, I enjoy it a lot. It is an old Debian though


This topic was automatically closed after 30 days. New replies are no longer allowed.