Hacking low-level code on ARM processors just became a little easier after a researcher who operates under the name Azeria Labs put together virtual machines that emulate common hardware.
Azeria’s ARM Lab Environment, here, is a VM that offers a QEMU ARMv6 image on Ubuntu.
There’s also a “basic cheat sheet” here, covering how to write ARM assembly, organisation of registers and memory, the ARM instruction set and so on.
Oh, and there are also pages explaining ARM shellcode, process memory, and memory corruption, for when you’re ready to try and craft exploits.
Azeria notes its system is useful beyond ARM: hackers can also get ready-to-go QEMU images for MIPS, PowerPC, Sparc, and AARCH64.
It's pretty easy to set up a non-x86 virtual machine if you know what you're doing. If you're a newbie looking to get into reverse engineering low-level code or practicing on new CPU architectures, these VMs are for you.
Exploits at the firmware level have hit the headlines this year, with most attention directed towards the dominant Intel architecture (such as, for example, Chipzilla’s Intel Management Engine, which shipped without a password, and it turned out, also has an attack path via USB).
Hackers are showing growing interest in ARM-based processors as well, because they’re the dominant architecture in Internet-of-Things products (which have to be lightweight and low-power).
In September, for example, we noted this demonstration at Usenix. Adrian Tang and his co-conspirators found a way past ARM’s TrustZone by watching its power messages. ARM hasn’t sat idle in the face of such threats: last month it announced a free hardened BIOS as part of a strategy to improve Thing security. ®