Return Oriented Programming on ARM (32-bit)

exploitation
reverseengineering
#1

Hi!
I’ve always just lurked on here, this is my first post.

So as a part of my summer internship, I’ve been working at an IoT security firm. I’ve been teaching myself ARM security and reversing to apply in IoT security. I figured I’d share what I’ve learnt so far :slight_smile:

5 Likes

#2

Hi, I liked your post - especially the good resources you list! I did not enjoy that scroll hijack though :face_with_hand_over_mouth:

1 Like

#3

Hey, thanks! Honestly, I’m not sure what scroll hijack you’re referring to. Here’s the source code of my site.

0 Likes

#4

Thanks for posting the source - I’ll see if I can trace it! Maybe I used the wrong term, but I’m unable to “fling” while scrolling. Just to reiterate - don’t let this come across as anything negative, your content is still great and valuable

1 Like

#5

I see. I do recall someone else mentioning this thing about “flinging”. Are you on mobile or desktop?
And nah mate, all good : )
Thanks again!

0 Likes

(Leader & Offsec Engineer & Forum Daddy) #6

Ahhh yes I see that too! Interesting…

0 Likes

#7

Okay now I really have to fix this… whatever it is. I’m confused. And I’m not even running any JS on my site; it’s all static. Any way I can repro this? It all seems normal to me.

0 Likes

#8

Great post! All the ROP I’ve done so far has been through hackthebox, cool to see other resources on it.

I’m not sure what the rest of you are talking about with the scrolljacking thing, even with all scripts enabled I can still scroll.
Hopefully whatever was happening was fixed?

0 Likes

#9

Thanks mate! And no I haven’t fixed anything yet, because I have no idea what the problem is lmao.

0 Likes