reverse engineering arm binaries with ghidra

Training Details

1-DAY TRAINING, 4 SEPTEMBER @ MEERVAART AMSTERDAM
TICKET PRICE: €900 EX BTW

This training will get you bootstrapped for reverse engineering with Ghidra! We will look into Arm binaries as frequently found on Linux-based IoT devices and uncover their secrets, such as hidden interfaces or hardcoded passwords.

For this, we will learn the basics of Arm assembly, discuss the inner workings of binary programs, and explore how to analyze them. The training will combine theoretical discussions with hands-on exercises, inspired by findings from real-world devices.

After this training, you will have a profound starting point to dive into the world of reverse engineering and know your way around one of the most prominent reverse engineering frameworks. The learned concepts will easily transfer to other instruction set architectures and RE frameworks.

Training Outline

Basic Usage of Ghidra

• Loading a Binary
• The different views & navigation
• General usage tips
• Hands-On Exercise #1

Binary Programs

• Registers & Memory Layout
• ARM Assembly 101
• Control Flow & Calling conversions
• Hands-On Exercise #2

ARM Reverse Engineering

• Execution Modes: ARM vs Thumb
• OS Interaction & system calls
• Reverse engineering strategies
• Hands-On Exercise #3

Advanced Ghidra Usage

• Introduction to Ghidra Scripting
• 1-2 further topics based on student requests, examples:
  • Loading Binary Blobs
  • Pattern Matching with Function ID
  • Developing Ghidra Plugins
  • Aiding reversing with dynamic tooling
• Hands-On Exercise #4

Prerequisites

• Knowledge of at least one programming language (experience in a low-level language such as C is a plus)
• Prior experience with assembly or reverse engineering frameworks is not required

Software Requirements

Ghidra, Docker (setup guide will be provided)