A Lackluster ‘Hack Cluster’: ARM Exploitation Lab Preview

Posted on March 1, 2012 by


As we have announced in other blogposts we’ve been researching mobile platforms quite a bit (specifically those that use the ARM microprocessor). We compiled all of our notes on ARM reverse engineering and ARM exploitation and built a course called “Practical ARM Exploitation” that we will be publicly debuting this coming week at CanSecWest.  The class is sold out but we are happy to also announce that (for those of you that missed CanSecWest) we will also be offering this course at BlackHat Las Vegas. Previously, this course was developed using QEMU to simulate the hardware of an ARM processor. Well that is no more. For CanSecWest we will be debuting the course the  on custom hardware based on the GumStix Overo Water COM (Computer-On-Module) platform.

These machines are tiny! Much smaller than we were expecting. The Tobi development boards we use for them (which give us access to all the ports in standard formats) account for most of what you see when looking at the whole rig, but all the actual chips and logic are on the Water COM itself.

These machines all run our custom linux build preloaded with all the lab exercises. Each student will have their own dedicated COM. To avoid hardware failures from mishandling or other accidents, instead of students using serial consoles to connect to the COMs (which we planned originally) they will instead ssh into their dedicated machine in the cluster which will be situated centrally in the room.

Getting all this hardware configured properly (e.g. kernels installed/compiled, debuggers and stuff installed, handling odd hardware errors, fixing labs to make sure  exploit payloads still worked, etc.) was INCREDIBLY painstaking.  There were many late nights spent trying to get the software build just right (class participants have Lawler to thank for getting the Linux build working properly without randomly kernel panicing!) Transporting this around will also prove to be very challenging, so if we can get it across the border into Canada without much trouble,  we will be really excited to finally make this available to all participants in the course.  We hope that having the physical hardware will lend some more realism and excitement to the course. For those of you enrolled, we look forward to seeing you there!
A screenshot of the lab environment running on one of these embedded systems is above.

The Syllabus  and detailed explanation of all those lab exercises is available here.

[vimeo 37762710]