Today's world of mobile devices is mostly dominated by ARM based systems. While many of these devices are still running with 32 bit ARM CPU cores the move powerhungry applications have meanwhile all moved over to 64 bit ARMv8/ARM64 CPU cores. For software reverse engineers and exploit developers this means they have to learn yet another CPU architecture, because the 64 bit mode (AARCH64) of these CPUs is like a completely new architecture and requires them to learn a completely new instruction set called A64.
Our newly designed course begins with an introduction of the ARM64 architecture and its new A64 instruction sets. The trainees will learn to understand and reverse engineer snippets of ARM64 assembly. The course then moves over to the exploitation of vulnerabilities. Trainees will learn about ARM64 exploitation on Android and Linux targets. Unlike our previous year's course this training will focus on heap exploitation topics demonstrated by a mix of self made toy targets and real vulnerabilities. Please notice that this training will not cover iOS as a target platform. If you are interested in iOS we recommend our Advanced iOS 12/13 Userspace Exploitation Training at the beginning of November 2019.
The hands-on tasks of this training will be executed on a mixture of emulated ARM64 devices, Android devices (Google Pixel 3A) and on ODROID-C2 devices running linux. Trainees will each take home an ODROID-C2 ARM64 device and a Google Pixel 3A.
The goal of this training is to enable you to understand the ARM64 architecture, understand A64 assembly language and write exploits for a variety of ARM64 android/linux targets.
All trainees that signup will be allowed to keep the Google Pixel 3a after the training for no extra charge.
Introduction to the ARM64 CPU architecture
Understanding ARM64 Calling Conventions
Exploring the A64 Instruction Set
Reverse Engineering of small code snippets
Exploring the ARM64 System Registers
Understanding ARM64 Page Tables
Introduction to ARM64 debugging with gdb
Crashdumps, Coredumps and Kernel Panics
Exploit Mitigations Part I ((P)XN, ASLR, Stack Cookies)
differences ROP / BOP / code reuse
manual and tool driven ARM64 ROP gadget search
building practical ROP chains
Hands-on: writing exploit with ROP chains
breaking ASLR with brutefore / infoleaks
Hands-on: changing exploit to defeat ASLR
Heap Vulnerabilities (memory corruption, use after free, double free, ...)
Introduction to various heap implementations for Linux/Android targets
Debugging and Visualizing Heap
Heap Feng Shui vs. Heap Spraying
How to exploit Use After Free bugs
Hands-on: exploitation of multiple use after free bugs
How to exploit Heap memory Corruptions
Hands-on: exploitation of multiple heap memory corruption
Please understand that above course layout is a guideline and exact topics might appear in different order or might be updated.
All students will take home an ODROID-C2 ARM64 device
All students will take home a Google Pixel 3A
The whole training material (multiple hundred slides) will be handed to the students in digital form.
training is for students that have had prior contact to exploitation but never looked at ARM64
capable of performing basic tasks within the OS they bring
capable of operating the command line of their OS
capable to use the VMWare virtualization software to run a virtual machine provided by trainer
knowledge of basic shell scripting, python, C programming language
knowledge in at least one non ARM64 assembly language (e.g. ARM, x86, x86_64)
Notebook powerful enough to run a virtual machine (no netbook, no tablet, no iPad)
at least 8 GB or RAM
40 GB of free harddisk space
wireless network card
for notebooks with USB-C students must bring USB-A adaptors or hubs
further ARM64 hardware will be provided by the trainer
ARM64 disassembler (e.g. IDA Pro 6.x with ARM64 support, Ghidra, Hopper, Binary Ninja)
Linux / Windows / Mac OS X desktop operating systems
MANDATORY: VMWare Player / VMWare Workstation / VMWare Fusion (installed and tested)
MANDARORY: Students require Administrator / root access
The training will be held at Novotel Clarke Quay (Singapore). The Novotel is located near Clarke Quay MRT (purple line) and near Fort Canning (downtown line) in Singapore.
Novotel Singapore Clarke Quay
177A River Valley Rd
No special deal has been made with the hotel concerning rooms for the attendees. Attendees are free to choose whatever hotel is nearby.
We offer the following rates for this training. Please understand that Antid0te SG is not yet required to register for GST in Singapore and therefore attendees do not have to pay GST on top of the base price.
Early Bird (before 15th July)
Regular (After 15th July)
The training ticket price includes daily lunch, morning and afternoon coffee breaks.
If you have further questions about this training or want to register please contact us by e-mail firstname.lastname@example.org.
In-House Training / Conferences / Additional Trainings
If you are interested in this training, but want us to perform the training for your people at your office, want to feature our training at your conference or would just like to know if we provide the training again at a later time please contact us by e-mail email@example.com.