ARM64 Reverse Engineering and Android/Linux Exploitation Training (October 2019)


Posted: by Stefan Esser   |  More posts about Blog Training ARM64 Reverse-engineering Exploitation
/images/arm64_training.jpg
Instructor: Stefan Esser (Antid0te SG Pte. Ltd.)
Dates: 7th October - 11th October 2019 (5 days)
Venue: Novotel Clarke Quay, Singapore
Availability: 10 Seats
Language: English

Today's world of mobile devices is mostly dominated by ARM based systems. While many of these devices are still running with 32 bit ARM CPU cores the move powerhungry applications have meanwhile all moved over to 64 bit ARMv8/ARM64 CPU cores. For software reverse engineers and exploit developers this means they have to learn yet another CPU architecture, because the 64 bit mode (AARCH64) of these CPUs is like a completely new architecture and requires them to learn a completely new instruction set called A64.

Our newly designed course begins with an introduction of the ARM64 architecture and its new A64 instruction sets. The trainees will learn to understand and reverse engineer snippets of ARM64 assembly. The course then moves over to the exploitation of vulnerabilities. Trainees will learn about ARM64 exploitation on Android and Linux targets. Unlike our previous year's course this training will focus on heap exploitation topics demonstrated by a mix of self made toy targets and real vulnerabilities. Please notice that this training will not cover iOS as a target platform. If you are interested in iOS we recommend our Advanced iOS 12/13 Userspace Exploitation Training at the beginning of November 2019.

The hands-on tasks of this training will be executed on a mixture of emulated ARM64 devices, Android devices (Google Pixel 3A) and on ODROID-C2 devices running linux. Trainees will each take home an ODROID-C2 ARM64 device and a Google Pixel 3A.

The goal of this training is to enable you to understand the ARM64 architecture, understand A64 assembly language and write exploits for a variety of ARM64 android/linux targets.

Special Offer

All trainees that signup will be allowed to keep the Google Pixel 3a after the training for no extra charge.

Course Outline

  • Day 1
    • Introduction to the ARM64 CPU architecture
    • Understanding ARM64 Calling Conventions
    • Exploring the A64 Instruction Set
    • Reverse Engineering of small code snippets
    • Exploring the ARM64 System Registers
    • Understanding ARM64 Page Tables
  • Day 2
    • Introduction to ARM64 debugging with gdb
    • Crashdumps, Coredumps and Kernel Panics
    • Exploit Mitigations Part I ((P)XN, ASLR, Stack Cookies)
    • differences ROP / BOP / code reuse
    • manual and tool driven ARM64 ROP gadget search
    • building practical ROP chains
    • Hands-on: writing exploit with ROP chains
    • breaking ASLR with brutefore / infoleaks
    • Hands-on: changing exploit to defeat ASLR
  • Day 3
    • Heap Vulnerabilities (memory corruption, use after free, double free, ...)
    • Introduction to various heap implementations for Linux/Android targets
    • Debugging and Visualizing Heap
    • Heap Feng Shui vs. Heap Spraying
  • Day 4
    • How to exploit Use After Free bugs
    • Hands-on: exploitation of multiple use after free bugs
  • Day 5
    • How to exploit Heap memory Corruptions
    • Hands-on: exploitation of multiple heap memory corruption

Please understand that above course layout is a guideline and exact topics might appear in different order or might be updated.

Training Takeaways

  • All students will take home an ODROID-C2 ARM64 device
  • All students will take home a Google Pixel 3A
  • The whole training material (multiple hundred slides) will be handed to the students in digital form.

Training Requirements

  • Student Requirements
    • training is for students that have had prior contact to exploitation but never looked at ARM64
    • capable of performing basic tasks within the OS they bring
    • capable of operating the command line of their OS
    • capable to use the VMWare virtualization software to run a virtual machine provided by trainer
    • knowledge of basic shell scripting, python, C programming language
    • knowledge in at least one non ARM64 assembly language (e.g. ARM, x86, x86_64)
  • Hardware Requirements
    • Notebook powerful enough to run a virtual machine (no netbook, no tablet, no iPad)
    • at least 8 GB or RAM
    • 40 GB of free harddisk space
    • wireless network card
    • for notebooks with USB-C students must bring USB-A adaptors or hubs
    • further ARM64 hardware will be provided by the trainer
  • Software Requirements
    • ARM64 disassembler (e.g. IDA Pro 6.x with ARM64 support, Ghidra, Hopper, Binary Ninja)
    • Linux / Windows / Mac OS X desktop operating systems
    • MANDATORY: VMWare Player / VMWare Workstation / VMWare Fusion (installed and tested)
    • MANDARORY: Students require Administrator / root access

Venue

The training will be held at Novotel Clarke Quay (Singapore). The Novotel is located near Clarke Quay MRT (purple line) and near Fort Canning (downtown line) in Singapore.

Address:
Novotel Singapore Clarke Quay
177A River Valley Rd
Singapore 179031



No special deal has been made with the hotel concerning rooms for the attendees. Attendees are free to choose whatever hotel is nearby.

Pricing

We offer the following rates for this training. Please understand that Antid0te SG is not yet required to register for GST in Singapore and therefore attendees do not have to pay GST on top of the base price.

  Price
Early Bird (before 15th July) S$ 5500
Regular (After 15th July) S$ 6000

The training ticket price includes daily lunch, morning and afternoon coffee breaks.

Register

If you have further questions about this training or want to register please contact us by e-mail training@antid0te-sg.com.

In-House Training / Conferences / Additional Trainings

If you are interested in this training, but want us to perform the training for your people at your office, want to feature our training at your conference or would just like to know if we provide the training again at a later time please contact us by e-mail training@antid0te-sg.com.