ROP on ARM64 - a hands-on tutorial
2024-10-22 , Schengen 1 & 2

Return Oriented Programming (ROP) has been an essential part of exploit development since over a decade. The ROP landscape on ARM64 is bleak, thanks to severe restrictions laid down in the ARM64 ISA. This workshop provides a hands-on tutorial for starting out with ARM64 ROP gadgets and practical ROP chains. No prior knowledge of ARM64 assembly is required.


Part 1 - Introduction to essential ARM64 assembly

  • Introducing ARM64
  • Registers and their behaviour on ARM64
  • ARM64 vs ARM32 architecture and assembly language
  • A few ARM64 assembly instructions
  • Restrictions on operand usage

Part 2 - ROP Gadgets on ARM64

  • Commonly found ROP gadgets on ARM64
  • Where to look for ARM64 ROP gadgets
  • Practical Ret2System ROP chain on ARM64

Hands-On Workshop Requirements

  • Working Laptop running Docker
  • Linux or macOS preferred as the base OS.

Participants will be provided with an ARM64 emulator docker container for use during and after the workshop.

Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-Box, Deepsec and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world, and taking pictures.