Abstract:We describe a methodology to automatically turn arbitrary ARMv8 programs into alphanumeric executable polymorphic shellcodes. Shellcodes generated in this way can evade detection and bypass filters, broadening the attack surface of ARM-powered devices such as smartphones.
“…Although this technique has allowed us to effectively bypass the aforementioned checks, we must observe that it reduces the number of machine instructions that can appear inside a malicious payload: besides a prologue composed of binary instructions, the rest of the payload is obviously limited to machine instructions that are also ASCII characters. It is important to note that the metamorphic and polymorphic transformations are independent of the ASCII encoding as shown in [7] where the authors describe a technique for turning an arbitrary ARMv8 code into alphanumeric (ASCII) executable code. The technique is generic and may well apply to other architectures.…”
Some rights reserved. The terms and conditions for the reuse of this version of the manuscript are specified in the publishing policy. For all terms of use and more information see the publisher's website. This is the final peer-reviewed author's accepted manuscript (postprint) of the following publication:This item was downloaded from IRIS Università di Bologna (https://cris.unibo.it/).When citing, please refer to the published version.
“…Although this technique has allowed us to effectively bypass the aforementioned checks, we must observe that it reduces the number of machine instructions that can appear inside a malicious payload: besides a prologue composed of binary instructions, the rest of the payload is obviously limited to machine instructions that are also ASCII characters. It is important to note that the metamorphic and polymorphic transformations are independent of the ASCII encoding as shown in [7] where the authors describe a technique for turning an arbitrary ARMv8 code into alphanumeric (ASCII) executable code. The technique is generic and may well apply to other architectures.…”
Some rights reserved. The terms and conditions for the reuse of this version of the manuscript are specified in the publishing policy. For all terms of use and more information see the publisher's website. This is the final peer-reviewed author's accepted manuscript (postprint) of the following publication:This item was downloaded from IRIS Università di Bologna (https://cris.unibo.it/).When citing, please refer to the published version.
“…The technique however does not carry over to more recent implementations. In 2016, Barral et al introduced the first tool capable of compiling arbitrary ARMv8 code into alphanumeric executable code [3]. This is a tour de force but also and most importantly it introduces a generic approach to design such tools.…”
Section: Prior and Related Workmentioning
confidence: 99%
“…Through a three-staged modular design, these shellcodes achieve arbitrary code execution on this platform. This is the second architecture which can be addressed using the methodology from [3], which is an argument in favor of such generic approaches (rather than ad hoc ones). Our approach differs on the fact that we do not manually assemble available instructions into higher-level constructs for building the unpacker in a bottom-up fashion and instead opt for a partially automated strategy to generate the required alphanumeric instruction sequences to achieve the desired results.…”
Section: Our Contributionmentioning
confidence: 99%
“…Hereafter, we provide a review of those instructions, by explaining their semantics and some insight on the available operands. For simplicity and following the methodology introduced by Barral et al in [3], we cluster instructions as control-flow, data processing, and memory manipulation instructions.…”
We explain how to design RISC-V shellcodes capable of running arbitrary code, whose ASCII binary representation use only letters a-zA-Z, digits 0-9, and either of the three characters: #, /, '.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.