You're reading from Reverse Engineering Armv8-A Systems A practical guide to kernel, firmware, and TrustZone analysis

Product type Paperback

Published in Aug 2025

Publisher Packt

ISBN-13 9781835088920

Length 446 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Austin Kim

View More author details

Table of Contents (22) Chapters

Preface

1. Part I: Fundamentals of Armv8-A Architecture

2. Learning Fundamentals of Arm Architecture FREE CHAPTER

3. Understanding the ELF Binary Format

4. Manipulating Data with Arm Data Processing Instructions

5. Reading and Writing with Memory Access Instructions

6. Controlling Execution with Flow Control Instructions

7. Part II: Background Knowledge for Binary Analysis

8. Introducing Reverse Engineering

9. Setting Up a Practice Environment with an Arm Device

10. Unpacking the Kernel with Linux Fundamentals

11. Part III: Unlocking Key Binary Analysis Skills for Reverse Engineering

12. Understanding Basic Static Analysis

13. Going Deeper with Advanced Static Analysis

14. Analyzing Program Behavior with Basic Dynamic Analysis

15. Expert Techniques in Advanced Dynamic Analysis

16. Tracing Execution with uftrace

17. Part IV: Security Features in Armv8-A Systems

18. Securing Execution with Armv8-A TrustZone

19. Building Defenses with Key Security Features of Armv8-A

20. Other Books You May Enjoy

21. Index

Summary

In this chapter, we learned how to analyze kernel binaries. First, we discussed the approach to performing static analysis and highlighted the differences between static and dynamic analysis.

Then, we introduced typical kernel binaries, such as *.ko files and vmlinux, and explained how these files are organized using the ELF format. We also examined common patterns found in kernel binaries. For *.ko files, we looked at the metadata found in the .modinfo section.

We also explored assembly routines that can only be found in kernel binaries. When analyzing kernel binaries, you will see assembly routines that access system resources through various system registers. This pattern is not found in user-space binaries because the kernel runs at EL1, which has the privilege to control hardware resources.

Finally, we discussed the common patterns used to access fields within a struct, a data structure widely used in both kernel and user-space binaries to manage data.

...