Reversing and Exploiting ARM Binaries: rwthCTF Trafman
To set up a virtual ARM environment using Qemu, introduce ARM assembly, reverse ARM binaries, and demonstrate how to write basic exploits for ARM using the trafman challenge of rwthCTF as an example. Virtual ARM Environment To start we need an environment capable of running ARM binaries. Since I didn't have an ARM machine I created a virtual ARM environment using Qemu. Qemu is similar to VirtualBox or VMWare, except that it can support multiple architectures. This allows you the emulate ARM on your default x86 or x64 machine. First we need to know which ARM architecture to pick. Most Linux distributions support two architectures: armel and armhf. Armel supports the ARMv4 instruction set and emulates floating point operations in software, while armhf supports the ARMv7 instruction set and uses hardware floating point operations. At least that's the case for Debian, Ubuntu uses the term "armel" differently [Ubuntu FAQ, ARM FAQ].
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities
A powerful tool for detecting and identifying malware using a rule-based system.
A tool for identifying and analyzing Java serialized objects in network traffic
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
Interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features
UDcide provides an alternative approach to dealing with Android malware by targeting specific behaviors for removal.
A malware/botnet analysis framework with a focus on network analysis and process comparison.
Exploiting a vulnerability in HID iClass system to retrieve master authentication key for cloning cards and changing reader settings.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.