So far we went trough the most important instructions of the AArch64 instruction set and it is time to move to something more practical. In these series of posts we are going to talk about structured programming in arm64. …

Previous posts: Basic definitions and registers, lab setup, offset and addressing modes, Load And Store, Branch, Data Processing Part 1 — In the first part of the data processing instruction set we talked about arithmetic, logical, move and shift operations. …

Previous posts: Basic definitions and registers, lab setup, offset and addressing modes, Load And Store, Branch — So far we talked about load, store and branch instructions and it is time to discuss about a (long) set of instructions that can be used to process data. …

Previous posts: Basic definitions and registers, lab setup, offset and addressing modes, Load And Store — In the previous post we talked about the ldr and str instructions which can be used to transfer data bidirectionally between a memory address and a register (or pair of registers): In this post we are going to talk about branch instructions and how they can be used in order…

Previous posts: Basic definitions and registers, lab setup, offset and addressing modes — As we discussed in the previous post: The AArch64 architecture supports a single instruction set called A64 which consists of fixed-length 32 bit instructions that can be used to: Load and store data, change the address of the next instruction to be executed, perform arithmetic or logical operations, perform a…

Lab Set up Before we start exploring the AArch64’s instruction set, let us first set up our lab and run the traditional “Hello world”, just to make things a bit more interesting. Here is a handy script which I found here to help you setup your raspberry pi testing machine: If everything…

Main Definitions ARM is an acronym for Advanced RISC Machines and if it is not followed by a noun, it refers to a family of processors (CPUs) that are designed based on the architecture developed by Arm Ltd., a British company based in Cambridge, England. RISC is another acronym which stands for…

Similarly to other heap exploitation attacks that we saw so far, the idea behind the House of Lore (HoL) is to trick malloc to return a pointer to a memory location which is controlled by the attacker. HoL (ab)uses the way that ptmalloc handles the small bin entries although the…

Few days ago I came across an interesting case of vulnerability posted at the AndroidInfoSec’s facebook page. Since there are not many references on the specific subject I decided to take a short break from my heap exploitation series and cover this topic in a blog post. Before we move…