Provides readers with a solid foundation in Arm assembly internals and reverse-engineering fundamentals as the basis for analyzing and securing billions of Arm devices

Finding and mitigating security vulnerabilities in Arm devices is the next critical internet security frontier―Arm processors are already in use by more than 90% of all mobile devices, billions of Internet of Things (IoT) devices, and a growing number of current laptops from companies including Microsoft, Lenovo, and Apple. Written by a leading expert on Arm security, Blue Fox: Arm Assembly Internals and Reverse Engineering introduces readers to modern Armv8-A instruction sets and the process of reverse-engineering Arm binaries for security research and defensive purposes.

Divided into two sections, the book first provides an overview of the ELF file format and OS internals, followed by Arm architecture fundamentals, and a deep-dive into the A32 and A64 instruction sets. Section Two delves into the process of reverse-engineering itself: setting up an Arm environment, an introduction to static and dynamic analysis tools, and the process of extracting and emulating firmware for analysis. The last chapter provides the reader a glimpse into macOS malware analysis of binaries compiled for the Arm-based M1 SoC. Throughout the book, the reader is given an extensive understanding of Arm instructions and control-flow patterns essential for reverse engineering software compiled for the Arm architecture. Providing an in-depth introduction into reverse-engineering for engineers and security researchers alike, this book:

• Offers an introduction to the Arm architecture, covering both AArch32 and AArch64 instruction set states, as well as ELF file format internals
• Presents in-depth information on Arm assembly internals for reverse engineers analyzing malware and auditing software for security vulnerabilities, as well as for developers seeking detailed knowledge of the Arm assembly language
• Covers the A32/T32 and A64 instruction sets supported by the Armv8-A architecture with a detailed overview of the most common instructions and control flow patterns
• Introduces known reverse engineering tools used for static and dynamic binary analysis
• Describes the process of disassembling and debugging Arm binaries on Linux, and using common disassembly and debugging tools

Blue Fox: Arm Assembly Internals and Reverse Engineering is a vital resource for security researchers and reverse engineers who analyze software applications for Arm-based devices at the assembly level.

Explore the core of Arm and unlock the secrets behind 90% of mobile and IoT devices through reverse engineering

The popularity of Arm architecture in mobile and IoT devices, laptops, and servers makes it a perfect subject for anyone interested in reverse engineering. The details and intricacies of Arm assembly language offer an invaluable opportunity to stay up to date with a quickly evolving technological landscape.

Blue Fox: Arm Assembly Internals and Reverse Engineering is a comprehensive guide perfect for both beginners and seasoned professionals. The book delivers an intuitive presentation of a processor language that is surging in popularity and demand. It skillfully presents material that readers need to dramatically improve their vulnerability discovery and analysis, exploit development, and malware analysis skills.

The book equips readers with the foundational knowledge required for effective reverse engineering. The initial chapters delve into topics such as the ELF file format, operating system fundamentals, and the Arm architecture, while subsequent chapters provide an overview of the three instruction sets: A64, A32, and T32. They offer coverage of a variety of instruction types including data processing and memory access instructions, conditional execution, and control flow patterns.

The second part of the book immerses readers in the world of reverse engineering, covering critical subjects, including different types of Arm environments, practical router firmware emulation, the process of static analysis, dynamic analysis and debugging of binaries during run-time, and an overview of frequently used reverse engineering tools and techniques.

The author also provides an in-depth chapter on reversing arm64 macOS malware, which includes the real-world anti-analysis techniques used by malware in the wild, making this book an essential resource for anyone interested in malware analysis.

About the Author

MARIA MARKSTEDTER is the CEO and founder of Azeria Labs, offering high-quality training courses on Arm reverse engineering and exploitation. She has an extensive educational background, holding a Bachelor’s degree in Corporate Security and a Master’s degree in Enterprise Security, and has collaborated with Arm on exploit mitigation research. Maria’s outstanding contributions to the cybersecurity industry have earned her a place on Forbes’ “30 under 30” list for technology in Europe (2018) and the title of Forbes Person of the Year in Cybersecurity in 2020.