Antid0te

ARM64 Reverse Engineering and Exploitation Training (November 2018)

Posted: by Stefan Esser   |  More posts about Blog Training ARM64 Reverse-engineering Exploitation
/images/arm64_training.jpg
Instructor: Stefan Esser (Antid0te SG Pte. Ltd.)
Dates: 12th November - 16th November 2018 (5 days)
Venue: Novotel Clarke Quay, Singapore
Availability: 20 Seats
Language: English

Today's world of mobile devices is mostly dominated by ARM based systems. While many of these devices are still running with 32 bit ARM CPU cores the move powerhungry applications have meanwhile all moved over to 64 bit ARMv8/ARM64 CPU cores. For software reverse engineers and exploit developers this means they have to learn yet another CPU architecture, because the 64 bit moder (AARCH64) of these CPUs is like a completely new architecture and requires them to learn a completely new instruction set called A64.

Our newly designed course begins with an introduction of the ARM64 architecture and its new A64 instruction sets. The trainees will learn to understand and reverse engineer snippets of ARM64 assembly. The course then moves over to the exploitation of vulnerabilities. Trainees will learn about ARM64 stack buffer overflows and return oriented programming, differences between Android/Linux and iOS and the training will end with heap exploitation topics.

The hands-on tasks of this training will be executed on a mixture of emulated ARM64 devices, actual Android and iOS devices and on ODROID-C2 devices running linux. Trainees will each take home an ODROID-C2 ARM64 device.

The goal of this training is to enable you to understand the ARM64 architecture, understand A64 assembly language and write exploits for a variety of ARM64 android/linux/iOS targets.

Course Outline

  • Day 1
    • Introduction to the ARM64 CPU architecture
    • Understanding the different ARM64 Calling Conventions
    • Exploring the A64 Instruction Set
    • Reverse Engineering of small code snippets
    • Exploring the ARM64 System Registers
    • Understanding ARM64 Page Tables
  • Day 2
    • Introduction to ARM64 debugging with gdb and lldb
    • Crashdumps, Coredumps and Kernel Panics
    • System Calls and Writing Shellcode in ARM64 (for later conversion into ROP)
    • Exploitation of ARM64 stack buffer overflows
    • Exploit Mitigations Part I ((P)XN, ASLR, Stack Cookies)
    • Bypassing Stack Cookies with Infoleaks
    • ARM64 Return Oriented Programming
  • Day 3
    • differences ROP / BOP / code reuse
    • manual and tool driven ARM64 ROP gadget search
    • building practical ROP chains
    • Hands-on: writing exploit with ROP chains
    • breaking ASLR with brutefore / infoleaks
    • Hands-on: changing exploit to defeat ASLR
  • Day 4
    • Heap Vulnerabilities (memory corruption, use after free, double free, ...)
    • Introduction to various heap implementations
    • Differences of heap implementations in Linux/Android/iOS
  • Day 5
    • How to exploit Use After Free bugs
    • Hands-on: exploit a use after free vulnerability
    • How to exploit Heap memory Corruptions
    • Hands-on: exploit a heap memory corruption

Training Takeaways

  • All students will take home an ODROID-C2 ARM64 device
  • The whole training material (multiple hundred slides) will be handed to the students in digital form.

Training Requirements

  • Student Requirements
    • training is for intermediate students that have had prior contact to exploitation
    • capable of performing basic tasks within the OS they bring
    • capable of operating the command line of their OS
    • capable to use the VMWare virtualization software to run a virtual machine provided by trainer
    • knowledge of basic shell scripting, python, C programming language
    • knowledge in at least one non ARM64 assembly language (e.g. ARM, x86, x86_64)
  • Hardware Requirements
    • Notebook powerful enough to run a virtual machine (no netbook, no tablet, no iPad)
    • at least 8 GB or RAM
    • 40 GB of free harddisk space
    • wireless network card
    • for notebooks with USB-C students must bring USB-A adaptors or hubs
    • further ARM64 hardware will be provided by the trainer
  • Software Requirements
    • ARM64 disassembler (e.g. IDA Pro 6.x with ARM64 support, Hopper, Binary Ninja)
    • Linux / Windows / Mac OS X desktop operating systems
    • MANDATORY: VMWare Player / VMWare Workstation / VMWare Fusion (installed and tested)
    • MANDARORY: Students require Administrator / root access

Venue

The training will be held at Novotel Clarke Quay (Singapore). The Novotel is located near Clarke Quay MRT (purple line) and near Fort Canning (downtown line) in Singapore.

Address:
Novotel Singapore Clarke Quay
177A River Valley Rd
Singapore 179031



No special deal has been made with the hotel concerning rooms for the attendees. Attendees are free to choose whatever hotel is nearby.

Pricing

We offer the following rates for this training. The prices are in Singapore Dollars and include 7% GST.

  Price
Early Bird (before 15th August) S$ 5350
Regular (before 1st November) S$ 6420
Registration closes 1st November  

The training ticket price include daily lunch, morning and afternoon coffee breaks.

Register

If you have further questions about this training please contact us by e-mail training@antid0te-sg.com. If you want to sign up for this training please do this via COSEINC, here. Please notice that signup and billing of the training is performed by COSEINC. Execution of the training however is done by Antid0te SG Pte. Ltd.

In-House Training / Conferences / Additional Trainings

If you are interested in this training, but want us to perform the training for your people at your office, want to feature our training at your conference or would just like to know if we provide the training again at a later time please contact us by e-mail training@antid0te-sg.com.