Cantitate/Preț
Produs
Total produse
Vezi coșul
Blue Fox de Maria Markstedter

Blue Fox

Autor Maria Markstedter
en Limba Engleză Paperback – 25 apr 2023

Evoluția recentă a infrastructurii computaționale, marcată de tranziția masivă a laptopurilor și a sistemelor server către arhitectura Arm, a transformat analiza binară dintr-o nișă de nișă într-o competență critică de securitate. Blue Fox de Maria Markstedter răspunde acestei schimbări de paradigmă, oferind un ghid tehnic riguros pentru înțelegerea modului în care funcționează codul la cel mai jos nivel pe dispozitivele moderne. Putem afirma că lucrarea depășește sfera unui simplu manual de programare, devenind un instrument esențial pentru cercetătorii de securitate care trebuie să navigheze între seturile de instrucțiuni A32 și A64. Considerăm că structura logică a cărții facilitează o progresie naturală a învățării. Prima parte este dedicată mecanismelor interne, de la biți și octeți la complexitatea formatului de fișier ELF și a modului în care sistemele de operare gestionează procesele. A doua parte se concentrează pe aplicabilitatea practică: configurarea mediilor de analiză, utilizarea instrumentelor de dezasamblare și depanare, culminând cu studii de caz relevante, precum analiza de malware pe arhitectura M1 de la Apple. Această abordare completează perspectiva oferită de Foundations of ARM64 Linux Debugging, Disassembling, and Reversing, adăugând detalii specifice despre mediul macOS și o analiză mai profundă a setului de instrucțiuni AArch32, nu doar a celui pe 64 de biți. De asemenea, volumul se distinge de Learning Linux Binary Analysis prin focalizarea strictă pe ecosistemul Arm, oferind detalii despre control-flow patterns și emularea firmware-ului, elemente vitale pentru securitatea IoT. Stilul autoarei este precis, ancorat în realitățile industriei, transformând Blue Fox într-o resursă de referință pentru oricine dorește să stăpânească ingineria inversă pe cele mai răspândite procesoare din lume.

Citește tot Restrânge

Preț: 27263 lei

Puncte Express: 409

Carte disponibilă

Livrare economică 08-22 iunie
Livrare express 23-29 mai pentru 5933 lei

 Adaugă în coș

Wish list
Gift list
Am citit!
Adaugă în listă

Specificații

ISBN-13: 9781119745303
ISBN-10: 1119745306
Pagini: 480
Dimensiuni: 183 x 232 x 28 mm
Greutate: 0.89 kg
Ediția:1
Editura: Wiley
Locul publicării:Hoboken, United States

De ce să citești această carte

Această lucrare este esențială pentru inginerii de securitate și dezvoltatorii care doresc să înțeleagă arhitectura Armv8-A în profunzime. Cititorul câștigă competențe practice în reverse engineering, învățând să analizeze vulnerabilități și malware pe dispozitive mobile, IoT și noile generații de laptopuri. Este un ghid tehnic actualizat care acoperă tranziția către 64 de biți, oferind instrumentele necesare pentru a securiza miliardele de dispozitive bazate pe Arm.

Despre autor

Maria Markstedter este o specialistă recunoscută la nivel mondial în securitatea arhitecturii Arm, fiind fondatoarea Azeria Labs. Expertiza sa în reverse engineering și exploatarea vulnerabilităților a ajutat numeroase organizații să își securizeze implementările pe sisteme embedded și mobile. Prin activitatea sa de instruire și cercetare, Markstedter a devenit o voce autoritară în domeniu, fiind premiată pentru contribuțiile sale la educația în securitate cibernetică. În Blue Fox, ea sintetizează ani de experiență practică în analiza binară, oferind o resursă academică și profesională de neegalat.

Notă biografică

MARIA MARKSTEDTER is the CEO and founder of Azeria Labs, offering high-quality training courses on Arm reverse engineering and exploitation. She has an extensive educational background, holding a Bachelor's degree in Corporate Security and a Master's degree in Enterprise Security, and has collaborated with Arm on exploit mitigation research. Maria's outstanding contributions to the cybersecurity industry have earned her a place on Forbes' "30 under 30" list for technology in Europe (2018) and the title of Forbes Person of the Year in Cybersecurity in 2020.

Cuprins

Introduction xxi Part I Arm Assembly Internals 1 Chapter 1 Introduction to Reverse Engineering 3 Introduction to Assembly 3 Bits and Bytes 3 Character Encoding 5 Machine Code and Assembly 6 Assembling 9 Cross- Assemblers 13 High- Level Languages 15 Disassembling 16 Decompilation 17 Chapter 2 ELF File Format Internals 21 Program Structure 21 High- Level vs. Low- Level Languages 22 The Compilation Process 24 Cross- Compiling for Other Architectures 25 Assembling and Linking 27 The ELF File Overview 30 The ELF File Header 31 The ELF File Header Information Fields 32 The Target Platform Fields 33 The Entry Point Field 34 The Table Location Fields 34 ELF Program Headers 34 The PHDR Program Header 36 The INTERP Program Header 36 The LOAD Program Headers 36 The DYNAMIC Program Header 37 The NOTE Program Header 37 The TLS Program Header 38 The GNU_EH_FRAME Program Header 38 The GNU_STACK Program Header 39 The GNU_RELRO Program Header 41 ELF Section Headers 43 The ELF Meta- Sections 45 The String Table Section 46 The Symbol Table Section 46 The Main ELF Sections 46 The .text Section 47 The .data Section 47 The .bss Section 47 The .rodata Section 47 The .tdata and .tbss Sections 48 Symbols 48 Global vs. Local Symbols 50 Weak Symbols 50 Symbol Versions 51 Mapping Symbols 51 The Dynamic Section and Dynamic Loading 52 Dependency Loading (NEEDED) 53 Program Relocations 54 Static Relocations 55 Dynamic Relocations 56 The Global Offset Table (GOT) 57 The Procedure Linkage Table (PLT) 57 The ELF Program Initialization and Termination Sections 58 Initialization and Termination Order 60 Thread- Local Storage 60 The Local- Exec TLS Access Model 65 The Initial- Exec TLS Access Model 65 The General- Dynamic TLS Access Model 66 The Local- Dynamic TLS Access Model 67 Chapter 3 OS Fundamentals 69 OS Architecture Overview 69 User Mode vs. Kernel Mode 70 Processes 70 System Calls 72 Objects and Handles 77 Threads 79 Process Memory Management 80 Memory Pages 82 Memory Protections 82 Anonymous and Memory- Mapped Memory 84 Memory- Mapped Files and Modules 84 Address Space Layout Randomization 87 Stack Implementations 90 Shared Memory 91 Chapter 4 The Arm Architecture 93 Architectures and Profiles 93 The Armv8- A Architecture 95 Exception Levels 96 Armv8- A TrustZone Extension 97 Exception Level Changes 99 Armv8- A Execution States 101 The AArch64 Execution State 102 The A64 Instruction Set 103 AArch64 Registers 104 The Program Counter 106 The Stack Pointer 107 The Zero Register 107 The Link Register 108 The Frame Pointer 109 The Platform Register (x18) 109 The Intraprocedural Call Registers 110 SIMD and Floating- Point Registers 110 System Registers 111 PSTATE 112 The AArch32 Execution State 114 A32 and T32 Instruction Sets 114 The A32 Instruction Set 114 The T32 Instruction Set 115 Switching Between Instruction Sets 115 AArch32 Registers 118 The Program Counter 119 The Stack Pointer 120 The Frame Pointer 120 The Link Register 121 The Intraprocedural Call Register (IP, r12) 121 The Current Program Status Register 121 The Application Program Status Register 122 The Execution State Registers 124 The Instruction Set State Register 124 The IT Block State Register (ITSTATE) 125 Endianness state 126 Mode and Exception Mask Bits 126 Chapter 5 Data Processing Instructions 129 Shift and Rotate Operations 131 Logical Shift Left 132 Logical Shift Right 133 Arithmetic Shift Right 133 Rotate Right 134 Rotate Right with Extend 134 Instruction Forms 135 Shift by a Constant Immediate Form 136 Shift by Register Form 138 Bitfield Manipulation Operations 140 Bitfield Move 141 Sign- and Zero- Extend Operations 145 Bitfield Extract and Insert 150 Logical Operations 153 Bitwise AND 153 The TST Instruction 154 Bitwise Bit Clear 155 Bitwise OR 155 Bitwise OR NOT 156 Bitwise Exclusive OR 158 The TEQ instruction 158 Exclusive OR NOT 159 Arithmetic Operations 159 Addition and Subtraction 159 Reverse Subtract 161 Compare 162 CMP Instruction Operation Behavior 163 Multiplication Operations 165 Multiplications on A64 166 Multiplications on A32/T32 167 Least Significant Word Multiplications 169 Most Significant Word Multiplications 171 Halfword Multiplications 173 Vector (Dual) Multiplications 176 Long (64- Bit) Multiplications 179 Division Operations 186 Move Operations 187 Move Constant Immediate 188 Move Immediate and MOVT on A32/T32 188 Move Immediate, MOVZ, and MOVK on A64 189 Move Register 190 Move with NOT 192 Chapter 6 Memory Access Instructions 195 Instructions Overview 195 Addressing Modes and Offset Forms 197 Offset Addressing 200 Constant Immediate Offset 201 Register Offsets 207 Pre- Indexed Mode 209 Pre- Indexed Mode Example 210 Post- Indexed Addressing 212 Post- Indexed Addressing Example 213 Literal (PC- Relative) Addressing 214 Loading Constants 215 Loading an Address into a Register 218 Load and Store Instructions 222 Load and Store Word or Doubleword 222 Load and Store Halfword or Byte 224 Example Using Load and Store 226 Load and Store Multiple (A32) 228 Example for STM and LDM 235 A More Complicated Example Using STM and LDM 237 Load and Store Pair (A64) 238 Chapter 7 Conditional Execution 243 Conditional Execution Overview 243 Conditional Codes 244 The NZCV Condition Flags 245 Signed vs. Unsigned Integer Overflows 246 Condition Codes 248 Conditional Instructions 249 The If- Then (IT) Instruction in Thumb 250 Flag- Setting Instructions 252 The Instruction "S" Suffix 253 The S Suffix on Add and Subtract Instructions 253 The S Suffix on Logical Shift Instructions 256 The S Suffix on Multiply Instructions 257 The S Suffix on Other Instructions 257 Test and Comparison Instructions 257 Compare (CMP) 258 Compare Negative (CMN) 260 Test Bits (TST) 261 Test Equality (TEQ) 264 Conditional Select Instructions 265 Conditional Comparison Instructions 268 Boolean AND Conditionals Using CCMP 269 Boolean OR Conditionals Using CCMP 272 Chapter 8 Control Flow 275 Branch Instructions 275 Conditional Branches and Loops 277 Test and Compare Branches 281 Table Branches (T32) 282 Branch and Exchange 284 Subroutine Branches 288 Functions and Subroutines 290 The Procedure Call Standard 291 Volatile vs. Nonvolatile Registers 293 Arguments and Return Values 293 Passing Larger Values 295 Leaf and Nonleaf Functions 298 Leaf Functions 298 Nonleaf Functions 299 Prologue and Epilogue 299 Part II Reverse Engineering 305 Chapter 9 Arm Environments 307 Arm Boards 308 Emulation with QEMU 310 QEMU User- Mode Emulation 310 QEMU Full- System Emulation 314 Firmware Emulation 315 Chapter 10 Static Analysis 321 Static Analysis Tools 322 Command- Line Tools 322 Disassemblers and Decompilers 322 Binary Ninja Cloud 323 Call- By- Reference Example 328 Control Flow Analysis 334 Main Function 336 Subroutine 336 Converting to char 341 if Statement 343 Quotient Division 345 for Loop 347 Analyzing an Algorithm 349 Chapter 11 Dynamic Analysis 363 Command- Line Debugging 364 GDB Commands 365 GDB Multiuser 366 GDB Extension: GEF 368 Installation 369 Interface 370 Useful GEF Commands 370 Examine Memory 374 Watch Memory Regions 376 Vulnerability Analyzers 377 checksec 379 Radare2 381 Debugging 382 Remote Debugging 385 Radare2 386 IDA Pro 388 Debugging a Memory Corruption 390 Debugging a Process with GDB 398 Chapter 12 Reversing arm64 macOS Malware 405 Background 406 macOS arm64 Binaries 407 macOS Hello World (arm64) 410 Hunting for Malicious arm64 Binaries 413 Analyzing arm64 Malware 419 Anti- Analysis Techniques 420 Anti- Debugging Logic (via ptrace) 421 Anti- Debugging Logic (via sysctl) 425 Anti- VM Logic (via SIP Status and the Detection of VM Artifacts) 429 Conclusion 435 Index 437

Descriere

Provides readers with a solid foundation in Arm assembly internals and reverse-engineering fundamentals as the basis for analyzing and securing billions of Arm devices Finding and mitigating security vulnerabilities in Arm devices is the next critical internet security frontier—Arm processors are already in use by more than 90% of all mobile devices, billions of Internet of Things (IoT) devices, and a growing number of current laptops from companies including Microsoft, Lenovo, and Apple. Written by a leading expert on Arm security, Blue Fox: Arm Assembly Internals and Reverse Engineering introduces readers to modern Armv8-A instruction sets and the process of reverse-engineering Arm binaries for security research and defensive purposes. Divided into two sections, the book first provides an overview of the ELF file format and OS internals, followed by Arm architecture fundamentals, and a deep-dive into the A32 and A64 instruction sets. Section Two delves into the process of reverse-engineering itself: setting up an Arm environment, an introduction to static and dynamic analysis tools, and the process of extracting and emulating firmware for analysis. The last chapter provides the reader a glimpse into macOS malware analysis of binaries compiled for the Arm-based M1 SoC. Throughout the book, the reader is given an extensive understanding of Arm instructions and control-flow patterns essential for reverse engineering software compiled for the Arm architecture. Providing an in-depth introduction into reverse-engineering for engineers and security researchers alike, this book: Offers an introduction to the Arm architecture, covering both AArch32 and AArch64 instruction set states, as well as ELF file format internals Presents in-depth information on Arm assembly internals for reverse engineers analyzing malware and auditing software for security vulnerabilities, as well as for developers seeking detailed knowledge of the Arm assembly language Covers the A32/T32 and A64 instruction sets supported by the Armv8-A architecture with a detailed overview of the most common instructions and control flow patterns Introduces known reverse engineering tools used for static and dynamic binary analysis Describes the process of disassembling and debugging Arm binaries on Linux, and using common disassembly and debugging tools Blue Fox: Arm Assembly Internals and Reverse Engineering is a vital resource for security researchers and reverse engineers who analyze software applications for Arm-based devices at the assembly level.