IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [arm]

A family of processor architectures used in many embedded applications, network and other appliances, and almost all smartphones.

ARM is a family of processor architectures especially used in low-power devices. It is commonly found in many embedded applications in consumer and industrial products, in network appliances, in almost all smartphones and tablets, and in some servers.

ARM (the company) designs the instruction set and logical architecture. The physical architecture, as well as companion processors and boot code, is made by system-on-a-chip (SoC) vendors.

Major operating systems for arm include (Windows CE and Windows RT only), , , , , …

27 questions
73
votes
2 answers

Diffie Hellman parameters still calculating after 24 hours

I have a fresh install of Arch Linux on a RaspberryPi model B. I'm setting up OpenVPN and using easy-rsa with OpenSSL 1.0.2d to generate initial keys and certificates. All went fine until I ran ./build-dh(script here). It was 24 hours later when I…
kgizdov
  • 853
  • 1
  • 7
  • 6
28
votes
4 answers

A tiny version of wget (51 bytes?)

On this ISC article on DVR compromise the author talks about the compromise of an embedded system. In particular, the attacker executes a series of echo commands on the remote host, and: This DVR has no "upload" feature. There is no wget nor is…
lorenzog
  • 1,911
  • 11
  • 18
19
votes
2 answers

Does the ARM TrustZone technology support sealing a private key under a code hash?

One of the extremely valuable functions of a Trusted Platform Module (TPM) chip is its ability to seal a private key under the hash of the code that will use it. This means that one can create a private key which can only be read by a a piece of…
runeks
  • 393
  • 1
  • 2
  • 8
9
votes
3 answers

Ring -3 exploits and existence of other rings

Concept of Rings Rings were introduced in the forerunner of UNIX, Multics, and had 8 rings for reading, writing, executing and calling (I don't quite understand why it needed 8 rings to do this, if anybody does consider that a bonus question!). The…
LTPCGO
  • 965
  • 1
  • 5
  • 22
7
votes
1 answer

ROP Programming/Exploitation on ARM - Gadget chain

Unfortunately, I cannot find this gadget in my libc.so. How can we reprogram this using different instructions: pop {r0, r1, r2, r3, pc} Which instructions will achieve the same? What gadgets I have to look for? It relates to this exploit # pivot…
dev
  • 937
  • 1
  • 8
  • 23
6
votes
1 answer

Hardware enforced DEP on different CPUs

Are there any differences how hardware DEP is implemented on CPUs from different manufacturers (Intel, AMD, nVidia, Texas,...)? Are there any significant differences how hardware DEP works on x86 and ARM?
StupidOne
  • 2,802
  • 21
  • 35
6
votes
2 answers

How to Check Compilation Options For SO File - Android Application VA

During the security assessment of Android applications, I have encountered multiple instances where .so (Shared Objects) files are present in lib directory. What can be possible security test cases for the same. I have one test case, i.e. Insecure…
Shiv Sahni
  • 921
  • 8
  • 16
5
votes
2 answers

Loading code securely in the Trusted Execution Environment (ARM)

I am reading up on TEE in ARM. I am looking for pointers for the following questions: How does the TEE load code from the OS securely and guarantee that its not malicious code? I am guessing the code is signed and the TEE can verify the signature.…
user220201
  • 893
  • 9
  • 22
5
votes
1 answer

ROP Exploitation on ARM

I was wondering about since, Ret2Libc attack doesn't works on ARM, and we have to rely on ROP for that. How different is ROP on ARM from the x86 architecture. Are there any tools, such as mona.py for x86, for ARM? Which would generate me long…
Robert Shane
  • 115
  • 2
  • 6
4
votes
1 answer

Building a project on ARM Cortex-M, anything I can do to keep IP secure? Dealing with Chinese knockoffs and sick of it

Chinese have decided to ripoff a PIC product I make. Switching to ARM for other reasons anyhow, mainly that Microchip is a joke, either STM32 or NXP LPC, exact chip is open still. There are sites that claim to have vulnerabilities for various…
mint branch conditioner
  • 41
  • 1
4
votes
1 answer

What are security implications of enabling access to performance counters on ARM Cortex A9?

On an ARM Cortex A9 core, privileged instructions have to be executed so that unprivileged code can use performance counters. For instance with this GCC inline code, which would have to be run in a kernel: /* Allow access to perf counter */ __asm__…
Kaz
  • 2,303
  • 16
  • 17
4
votes
1 answer

Does Linux support the NX-bit on ARM processors?

Does Linux (kernel and applications) support the NX-bit on ARM processors? If so, how can I check if an ARM-binary is compiled with this protection enabled?
inorik
  • 197
  • 5
4
votes
2 answers

Decrypting keys wrapped by the Storage Root Key (SRK) of a TPM

Lets say I have a symmetric key wrapped with a storage root key (SRK) in a TPM. The SRK cannot be read by an attacker and so I perform the decryption and using the SRK and get the symmetric key in memory to do subsequent operations using the…
user220201
  • 893
  • 9
  • 22
4
votes
2 answers

Does Intel or Arm support private key memory?

I know some security processors have an isolated bus where you can store a private key and use it with hardware encryption without the key ever being stored in memory. Some even have key storage inside the SoC on an isolated bus so there's no…
Michael Fox
  • 143
  • 5
3
votes
3 answers

Stack Overflow on ARM : Null Bytes Issue

I am trying to follow the research paper by Tiger Security for ARM Exploitation : Link For the simple stack overflow exploitation, the code is : #include #include #include void donuts(){ puts("Donuts...") ; exit(0)…
Robert Shane
  • 115
  • 2
  • 6
1
2