Back to All Events

The ARM IoT Exploit Lab


"There's an Intel on every desktop, but an ARM in every pocket." ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The ARM IoT Exploit Laboratory is a 4-day intermediate (approaching advanced) level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers everything from an introduction to ARM assembly all the way to Return Oriented Programming (ROP) on ARM architectures. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM based Linux systems and IoT devices. The class concludes with an end-to-end "Firmware-To-Shell" hack, where we extract the firmware from a popular SoHo router and an IP Camera, build a virtual environment to emulate and debug them, and then build exploits to gain a shell on the actual hardware devices. The 4-day format features lots of hands-on exercises allowing students to internalise concepts taught in class.

This class is perfectly suited for students who are keen to dive into the world of modern ARM exploit development. As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over 12 years, have been working hard in putting together an all new class based on past feedback!

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Learning Objectives

  • Introduction to the ARM CPU architecture
  • Exploring ARM assembly language
  • Understanding how functions work in ARM
  • Debugging on ARM systems
  • Exploiting Stack Overflows on ARM
  • Writing ARM Shellcode from the ground up
  • Introduction to Return Oriented Programming
  • Bypassing exploit mitigation using ROP
  • Practical ARM ROP
  • An Introduction to firmware extracting
  • Emulating and debugging a SoHo router's firmware in a virtual environment
  • "Firmware-To-Shell" - exploiting an actual SoHo router
  • "Firmware-To-Shell" - exploiting an actual IP camera
  • The Lab environment is a mixture of physical ARM hardware and ARM virtual machines.

Students will be provided with all the lab images used in the class. The ARM IoT Exploit Laboratory uses a "Live Notes" system that provides a running transcript of the instructor's system to all the students. Our lab environment, plus about 700MB of curated reading material, will be made available to all attendees to take with them and continue learning after the training ends.

TARGET AUDIENCE

  • Past x86 Exploit Laboratory students who want to take their elite exploitation skills to the ARM platform
  • Pentesters working on ARM embedded environments. (SoCs, IoT, etc)
  • Red Team members, who want to pen-test custom binaries and exploit custom built applications
  • Bug Hunters, who want to write exploits for all the crashes they find
  • Members of military or government cyberwarfare units
  • Members of reverse engineering research teams. - People frustrated at software to the point they want to break it!

PREREQUISITES

  • A conceptual understanding of how functions work in C programming
  • Knowledge of how a stack works, basic stack operations
  • Familiarity with debuggers (gdb, WinDBG, OllyDBG or equivalent)
  • Not be allergic to command line tools
  • Have a working knowledge of shell scripts, cmd scripts or Perl
  • If none of the above apply, then enough patience to go through the pre-class tutorials.

Course Outline


DAY 1

  • Introduction to the ARM CPU architecture
  • Exploring ARM assembly language
  • EXERCISE - Examples in ARM Assembly Language
  • Debugging on ARM systems
  • Understanding how functions work in ARM
  • Exploiting Stack Overflows on ARM
  • EXERCISE - ARM Stack Overflows

DAY 2

  • Writing ARM Shellcode from the ground up
  • Simple ARM Shellcode
  • Complex ARM Shellcode
  • Shellcode optimization and avoiding NULL bytes
  • EXERCISE - Embedded Web Server exploit
  • Introduction to Exploit Mitigation Techniques (XN/DEP and ASLR)
  • Introduction to ARM Return Oriented Programming
  • Bypassing exploit mitigation on ARM using ROP
  • ARM ROP Tools
  • EXERCISE - Searching for ARM ROP Gadgets

DAY 3

  • Practical ROP Chains on ARM
  • EXERCISE - Exploit featuring ARM ROP Chains
  • Bypassing ASLR
  • EXERCISE - End to end exploit with ASLR and XN/DEP bypass

DAY 4

  • An Introduction to firmware extracting
  • Emulating and debugging a SoHo router's firmware in a virtual environment
  • "Firmware-To-Shell" - exploiting an actual SoHo router
  • EXERCISE - Attacking a DLINK DIR-880L ARM Router - from firmware to shell
  • EXERCISE - Attacking a Trivision ARM IP Camera - from firmware to shell

REQUIREMENTS

The following tutorials have been specially prepared to get students up to speed on essential concepts before coming to class. 
a) Operating Systems - A Primer b) How Functions Work c) Introduction to Debuggers

HARDWARE REQUIREMENTS:

  • A working laptop (no Netbooks, no Tablets, no iPads)
  • Intel Core i3 (equivalent or superior) required
  • 8GB RAM required, at a minimum
  • Wireless network card
  • 40 GB free Hard disk space
  • If you're using a new Macbook or Macbook Pro, please bring your dongle-kit

 

SOFTWARE REQUIREMENTS:

  • Linux / Windows / Mac OS X desktop operating systems
  • VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
  • Administrator / root access MANDATORY