Highest Voted 'arm' Questions - Reverse Engineering Stack Exchange

11

votes

1 answer

Why is this ARM binary throwing an 'Illegal instruction' error and quitting?

Issue I'm hoping someone can help me determine why this binary won't execute. It is a closed-source, stripped ARM binary. That said, it is freely downloadable on the internet so there is a link to it at the bottom of this post. The target is an ARM…

arm

asked Jun 19 '18 at 02:54

gatorface

113
1
1
5

5

votes

2 answers

Is the output of the gcc compilers the same for all ARM platforms?

Trying to understand how the code is converted in ARM platform from code to binary. Are the gcc compilers used in the different ARM platforms (iOS, Android, Blackberry) the same compiler, except that the header and library files are different? Or…

arm

asked Sep 21 '13 at 00:32

tuckmeng

59
1

5

votes

1 answer

ARM bx instruction branches to address not specified as argument

I'm debugging an ARM cortex M4 (STM32F4) running FreeRTOS. Inside the assembly FreeRTOS function vPortSVCHandler, there's a branch instruction bx r14 using GDB, I step through instruction by instruction and find that r14 (lr) contains the value…

arm

asked Jun 09 '20 at 05:10

RemarkableBucket

153
3

4

votes

3 answers

Help finding CPU/SOC on a board

I have some difficult to find CPU from a board. First I though that CPU/SOC was this one : All I know (about CPU) is that's an ARM core little-endian (because I begin reverse firmware in IDA) but I lack of information on it. The hardware is a 8…

arm

asked May 05 '17 at 15:55

user2296435

185
6

3

votes

1 answer

Computing the length of a string in ARM

I was trying to reverse the following ARM code. mystery7 02 46 MOV R2, R0 08 B9 CBNZ R0, loc_100E1D8 00 20 MOVS R0, #0 70 47 BX LR loc_100E1D8 90 F9 00 30 LDRSB.W R3, [R0] 02 E0 B…

arm

asked Jun 20 '15 at 14:58

user1743

3

votes

1 answer

Division on ARM

When performing division on ARM, this is the code snippet that I encountered. 0x83d8 : mov r3, #10 0x83dc : str r3, [r11, #-8] 0x83e0 : ldr r3, [r11, #-8] => 0x83e4 : ldr r2, [pc, #40] ;;…

arm

asked May 26 '15 at 14:35

user1743

3

votes

1 answer

Understanding STM32L151's disassembled firmware

I have been sorting through disassembled code for a couple of days and I have a few questions. Note: This is my first reverse engineering side project and I apologize if these are rather newbie questions... 1) I wrote a simple program that blinks an…

arm

asked Jul 12 '16 at 16:00

Tyler

69
1
9

2

votes

2 answers

Floating point registers on ARM

When I disassemble ARM code that deals with floating point values, how can I print out the registers? (I'm using Gdb). 0x000083d8 <+12>: ldr r3, [pc, #56] ; 0x8418 0x000083dc <+16>: str r3, [r11, #-8] 0x000083e0 <+20>: …

arm

asked May 26 '15 at 14:30

user1743

2

votes

2 answers

Conditional instructions on ARM

I'm trying to understand the syntax of the IT instruction that is to be used to enable conditional execution of instructions on ARM, in Thumb2 mode. The way I understand it, the bits in the CPSR register along with the IT instruction make…

arm

asked May 26 '15 at 12:26

user1743

2

votes

1 answer

has anyone used PIN for ARM

While looking around for "PIN for ARM" I came across this. However, I don't seem to be able to locate it. Is it even made publicly available? Has anyone used this or anything similar?

arm

asked Nov 08 '14 at 23:24

user1743

2

votes

2 answers

Can't extract machine code from Cortex-M3 firmware

I want to extract machine code from XBee DigiMesh firmware (Cortex-M3, EM357), so I have SREC file with 3 sections inside. I suppose that one of these sections is a code section, but arm-none-eabi-objdump reports "unknown instruction" very often.…

arm

asked Mar 29 '17 at 15:27

Sergey Nazaryev

23
5

1

vote

0 answers

Using Hopper to flip branching instruction

Is it possible to flip branch instruction such as tbz to tbnz and b.ne to b.eq, I tried the hopper it gives syntax error Is it possible to set a NOP on a bl or equivalent instruction using Hopper so the application stop executing. Is it possible…

arm

asked Feb 15 '23 at 09:21

A O

161
3

1

vote

0 answers

ARMv7 Word Patch (CBZ)

I'm disassembling an iPhone app I'm trying to batch the instruction CBZ -> CBNZ Instruction Code: D9 09 00 34 As per my understanding, CBZ will jump to the address if value of register is 0 I have tried to convert it to CBNZ D9 09 00 35 but that…

arm

asked May 30 '20 at 17:20

kakarot

11
1

1

vote

1 answer

How is thumb branch calculated

I have the instruction which is: 5ff1aed4 bl sub_5ff171d0 which assembles to: FCF77CF9 This appears to mean that the program is branching backwards, However I can't seem to find the offset it is adding onto the PC when I try to…

arm

asked Mar 14 '19 at 23:20

Douglas Inglis

13
2

1

vote

3 answers

Firmware reverse engineering

this question is a follow-up from this previous post: Flash dump binwalk blank, low entropy I need to reverse engineer a firmware from a very secure device. I was able to reverse engineer the PCB and create a JTAG connector, which I used to read…

arm

asked Feb 06 '19 at 09:59

Fabio Lanza

11
1

Questions tagged [arm]