Questions tagged [arm64]
The arm64 tag has no usage guidance.
37
questions
0
votes
1
answer
65
views
ARM64 RE Questions
I have a chunk of ARM code which I am trying to make sense of. I'm new to ARM, so would appreciate some help figuring this piece out. I have added some comments to show my progress so far.
My ...
- 3
2
votes
1
answer
79
views
WinDbg command to retrieve TTBR registers for Aarch64?
Aarch64 architecture has the following registers, that contain physical base addresses for the virtual-to-physical translation tables for different exception levels:
TTBR0_EL1, TTBR1_EL1, TTBR0_EL2, ...
- 1,711
0
votes
1
answer
99
views
Function calls to unmapped memory
I'm examining an iOS framework (extracted from a dyld shared cache) and there are a lot of branch-link instructions to functions which don't exist. For example,
bl #-0x50e7e04
Performing the ...
0
votes
0
answers
59
views
Debug Linux Kernel ARM64
I need to extract Initramfs from the kernel.
The initramfs archive itself is encrypted and located inside the kernel.
I couldn't extract the key.
I thought to run the kernel in Qemu, connect with the ...
- 1
0
votes
1
answer
86
views
IDA Pro could not disassemble native function properly
Looks like some obfuscation technique was applied to this piece of code (none of start opcodes were identified properly):
Is it possible to produce manually more readable assembly?
- 161
1
vote
1
answer
197
views
ARM64 Stack Layout - Why 100x'A' Doesn't Crash?
I'm trying to exploit a buffer overflow vulnerability in an ARM64 program from this blog.
When I give as input 100*'A', and I compile the program for ARM 32 bit (without canaries), the program crashes ...
- 113
1
vote
1
answer
68
views
Objective-C stub functions on AARCH64
I'm analyzing some functions I see in Machos binaries and I see that whenever there's bl instruction to an objective-c stub function that resides in the __objc_stubs section and in that function there'...
- 185
0
votes
0
answers
58
views
What are some open source encoder-decoder libraries/binaries for ARM v8 and above?
A basic search yielded me results for Capstone disassembler for ARM v8, can I get details on some open source encoders and decoders for ARM v8 and above?
- 1
2
votes
0
answers
238
views
Booting a Linux kernel ARM64 boot executable Image
I am self learning reverse engineering and working on reversing a firmware image for an unknown ioT device that's running on Zephyr. I have the firmware image (.img file), which returns 'Linux kernel ...
- 21
4
votes
0
answers
556
views
How to do live debugging of ARM64 binaries on macOS with M1/M2 chips?
I'm trying to figure out why NSSavePanel fails in my SwiftUI app. I tried every possible documentation, or asking on the Swift programming forums - to no avail.
I'm originally a Windows programmer, ...
- 1,711
2
votes
1
answer
103
views
Stuck decompiling ARM64 function
I am trying to figure out how this function squashes quaternion (double[4], dvar5..6 in the disassembly) data into the 2 int outputs vertexX and vertexY.
As far as I can tell, it reads the raw sensor ...
- 21
2
votes
1
answer
356
views
Deobfuscating IOS dll file (I think arm64)
I am just starting out my journey with modding IAP files. I use dnSPY to find the offsets of the methods I want to change and then use an arm64 to hex converter to then apply these changes.
I have ...
5
votes
0
answers
299
views
Cannot find references to functions in vtables
First time doing RE work and I am working on a rather large C++ binary.
In Ghidra, there are many functions that do not appear to have any meaningful references to them (unlike some functions where ...
- 151
1
vote
0
answers
552
views
Reinterpreting local function strings in Ghidra (ARM)
The program I'm working with has stuff like this all over:
strbuf = 0x20746567;
local_824 = (undefined *)0x6863616d;
local_820 = (undefined *)0x20656e69;
local_81c = (undefined ...
- 31
1
vote
1
answer
456
views
Visual Arm64 Emulator
I have an arm64 binary that I've been reversing and I've reached a point where it would be immensely useful to visually emulate / debug a section of code. I have the full binary and I can also find a ...
- 223