Blue Fox Edition
Arm Reverse Engineering Assembly Internals
For Security Researchers Software Engineers Hackers Defenders Malware Analysts
This book begins with an introduction explaining what instructions are and where they come from. In the second chapter, you will learn about the ELF file format and its sections, along with a basic overview of the compilation process. Since binary analysis would be incomplete without understanding the context they are executed in, the third chapter provides an overview of operating system fundamentals. With this background knowledge, you are well prepared to delve into the Arm architecture in the fourth chapter.
In this section of the book, you will learn about the two primary instruction sets of the Armv8-A architecture: A32 and A64. You will gain a thorough understanding of data processing instructions, memory access instructions, conditional execution, and control flow instruction. This exploration of the Armv8-A architecture's core components equips you with the essential knowledge required to embark on your reverse engineering journey.
The reverse engineering part of the book starts with an overview of Arm environments.
Knowing the different types of Arm environments is crucial, especially when
you perform dynamic analysis and need to analyze binaries during execution.
The Static Analysis chapter includes an overview of the most common static analysis tools, followed by practical static analysis examples you can follow step-by-step.
Reverse engineering would be boring without dynamic analysis to observe how a program behaves during execution. In the Dynamic Analysis, you will learn about the most common dynamic analysis tools as well as examples of useful commands you can use during your analysis. This chapter concludes with two practical debugging examples: debugging a memory corruption vulnerability and debugging a process in GDB.
Reverse engineering offers numerous applications, enabling you to expand your skillset into areas such as vulnerability analysis and malware analysis. To get you started in the area of malware analysis, this book includes a chapter on analyzing arm64 macOS malware, written in collaboration witg Patrick Wardle (author of The Art of Mac Malware). This chapter introduces you to common anti-analysis techniques that macOS malware uses to avoid analysis.
Architecture & OS Internals
Don't worry if you see a different release date on your regional Amazon page. The book is set to release on May 9th globally. The release date will update to May (or June latest) for all regions once the book arrives in Amazon warehouses by late April, with shipping everywhere. To access the Amazon book page for your region, change the TLD to your region.
Founder and CEO, Azeria Labs
Maria is the founder and CEO of Azeria Labs, offering services and private training courses for large tech companies. She holds a Bachelor’s degree in Corporate and IT Security and a Master’s degree in Enterprise and IT Security. In 2018, Maria became a Forbes “30 under 30” list member for technology and has been featured in Vogue Business Magazine. In 2020 Maria was named the Forbes Person of the Year in Cybersecurity. She is a member of both the Black Hat® EU and US Trainings and Briefings Review Board.
Her research focus is on Mobile and IoT reverse engineering and binary exploitation, as well as exploit mitigations and bypasses. Maria worked on exploit mitigation research alongside Arm in Cambridge and continues to educate security researchers and developers around the world on attacking and defending Arm binary applications.
Chapter 12: Reversing M1 macOS Malware
Founder of Objective-See Foundation
Patrick Wardle is the creator of the non-profit Objective-See Foundation, author of the "The Art of Mac Malware" book series, and founder of the "Objective by the Sea" macOS Security conference. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing both books, and free open-source security tools to protect Mac users.
Computer Architect, Google
Jon Masters is a Computer Architect at Google, where he works on Arm server related technology. Prior to Google, Jon spent 12 years leading Red Hat’s Arm server program from its inception through its first shipping product, driving industry standardization of Arm server platforms along the way. He co-authored several of the core Arm server specifications, and co-created the Linaro Enterprise Group to help drive Open Source ecosystem enablement for Arm architecture. He also spent several years leading Red Hat’s efforts mitigating speculative execution side-channel vulnerabilities including Meltdown and Spectre across all architectures. Between his time at Red Hat and Google, Jon was VP of Software for NUVIA, an Arm server startup. Jon has authored several books on Linux and began a Computer Science degree at the age of 13. He has a keen interest in understanding all levels of computer architecture. Jon has run over a dozen marathons, most of them while wearing Arm branded gear.
Staff Research Engineer, Arm Ltd.
Matthias Boettcher (PhD) is a Staff Research Engineer at Arm Ltd. When joining Arm’s Cambridge offices in the early 2010s, he initially investigated data-, instruction-, and threat-level parallelization techniques for CPUs. This contributed to what was later released as Arm’s Scalable Vector Extension (SVE). Since then, his personal interests and work focus shifted towards architectural and micro-architectural security. Among other things, he contributed to the release of features to accelerate symmetric, post-quantum and fully homomorphic algorithms, and to support pointer authentication and hardware enforced compartmentalization.
Security Researcher, Google Project Zero
Maddie Stone is a Security Researcher on Google Project Zero where she focuses on 0-days actively exploited in-the-wild. She has previously worked as a reverse engineer and team lead on the Android Security team. Maddie also spent many years deep in the circuitry and firmware of embedded devices while working at the Johns Hopkins Applied Physics Lab.
Daniel Cuthbert is the Global Head of Security Research for Banco Santander. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).
Follow For Updates
Subscribe for Updates
Sign up to get the latest developments on this book, new blogs, and online training releases delivered straight to your inbox.