Blue Fox

Blue Fox

by Maria Markstedter
Released April 2023
Publisher(s): Wiley
ISBN: 9781119745303

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Provides readers with a solid foundation in Arm assembly internals and reverse-engineering fundamentals as the basis for analyzing and securing billions of Arm devices

Finding and mitigating security vulnerabilities in Arm devices is the next critical internet security frontier—Arm processors are already in use by more than 90% of all mobile devices, billions of Internet of Things (IoT) devices, and a growing number of current laptops from companies including Microsoft, Lenovo, and Apple. Written by a leading expert on Arm security, Blue Fox: Arm Assembly Internals and Reverse Engineering introduces readers to modern Armv8-A instruction sets and the process of reverse-engineering Arm binaries for security research and defensive purposes.

Divided into two sections, the book first provides an overview of the ELF file format and OS internals, followed by Arm architecture fundamentals, and a deep-dive into the A32 and A64 instruction sets. Section Two delves into the process of reverse-engineering itself: setting up an Arm environment, an introduction to static and dynamic analysis tools, and the process of extracting and emulating firmware for analysis. The last chapter provides the reader a glimpse into macOS malware analysis of binaries compiled for the Arm-based M1 SoC. Throughout the book, the reader is given an extensive understanding of Arm instructions and control-flow patterns essential for reverse engineering software compiled for the Arm architecture. Providing an in-depth introduction into reverse-engineering for engineers and security researchers alike, this book:

  • Offers an introduction to the Arm architecture, covering both AArch32 and AArch64 instruction set states, as well as ELF file format internals
  • Presents in-depth information on Arm assembly internals for reverse engineers analyzing malware and auditing software for security vulnerabilities, as well as for developers seeking detailed knowledge of the Arm assembly language
  • Covers the A32/T32 and A64 instruction sets supported by the Armv8-A architecture with a detailed overview of the most common instructions and control flow patterns
  • Introduces known reverse engineering tools used for static and dynamic binary analysis
  • Describes the process of disassembling and debugging Arm binaries on Linux, and using common disassembly and debugging tools

Blue Fox: Arm Assembly Internals and Reverse Engineering is a vital resource for security researchers and reverse engineers who analyze software applications for Arm-based devices at the assembly level.

Table of contents

  1. Cover
  2. Title Page
  3. Introduction
    1. Notes
  4. Part I: Arm Assembly Internals
    1. Chapter 1: Introduction to Reverse Engineering
      1. Introduction to Assembly
      2. High‐Level Languages
      3. Disassembling
      4. Decompilation
      5. Notes
    2. Chapter 2: ELF File Format Internals
      1. Program Structure
      2. High‐Level vs. Low‐Level Languages
      3. The Compilation Process
      4. The ELF File Overview
      5. The ELF File Header
      6. ELF Program Headers
      7. ELF Section Headers
      8. The Dynamic Section and Dynamic Loading
      9. Thread‐Local Storage
      10. Notes
    3. Chapter 3: OS Fundamentals
      1. OS Architecture Overview
      2. Process Memory Management
      3. Notes
    4. Chapter 4: The Arm Architecture
      1. Architectures and Profiles
      2. The Armv8‐A Architecture
      3. The AArch64 Execution State
      4. The AArch32 Execution State
      5. Notes
    5. Chapter 5: Data Processing Instructions
      1. Shift and Rotate Operations
      2. Logical Operations
      3. Arithmetic Operations
      4. Multiplication Operations
      5. Division Operations
      6. Move Operations
      7. Notes
    6. Chapter 6: Memory Access Instructions
      1. Instructions Overview
      2. Addressing Modes and Offset Forms
      3. Load and Store Instructions
      4. Notes
    7. Chapter 7: Conditional Execution
      1. Conditional Execution Overview
      2. Conditional Codes
      3. Conditional Instructions
      4. Flag‐Setting Instructions
      5. Conditional Select Instructions
      6. Conditional Comparison Instructions
      7. Notes
    8. Chapter 8: Control Flow
      1. Branch Instructions
      2. Functions and Subroutines
      3. Notes
  5. Part II: Reverse Engineering
    1. Chapter 9: Arm Environments
      1. Arm Boards
      2. Emulation with QEMU
      3. Notes
    2. Chapter 10: Static Analysis
      1. Static Analysis Tools
      2. Call‐By‐Reference Example
      3. Control Flow Analysis
      4. Analyzing an Algorithm
      5. Notes
    3. Chapter 11: Dynamic Analysis
      1. Command‐Line Debugging
      2. Remote Debugging
      3. Debugging a Memory Corruption
      4. Debugging a Process with GDB
      5. Notes
    4. Chapter 12: Reversing arm64 macOS Malware
      1. Background
      2. Hunting for Malicious arm64 Binaries
      3. Analyzing arm64 Malware
      4. Conclusion
      5. Notes
  6. Index
  7. Copyright
  8. Dedication
  9. About the Authors
  10. Acknowledgments
  11. End User License Agreement

Product information

  • Title: Blue Fox
  • Author(s): Maria Markstedter
  • Release date: April 2023
  • Publisher(s): Wiley
  • ISBN: 9781119745303