Thursday, July 15, 2010

ARM - Reverse Engineering

I've spended the hole day with reverse engineering of a little application on my mobilephone. It was the first time I've been working with ARM-Assembler. Now, after a couple of hours I was successful. I have found the functions which I had been looking for and I was able to bring them back in a higher programming language.

Some important things in ARM:

  1. calling conventions:
    MOVR1, #5
    MOVR0, [R11,#0x38]
    BLCFoo::bar(int)
    In this example the method bar(int) is called from an object of type CFoo. R0 contains the address of the object and R1 the first parameter. The second parameter would be stored in R2, the third in R3, etc. If you call a static function or a global function, then starts the arguments with R0. The return value of a function will be stored in R0.
  2. Operations with condition:
    ARM supports to specify operations with condition. So you can specify for example mov-operations which will be only executed if a condition is true. You will find a good cheatsheet here: http://simplemachines.it/doc/QRC0001H_rvct_v2.1_arm.pdf
  3. Combined instructions:
    In ARM you can combine many instructions with shift operations. (Refer to http://simplemachines.it/doc/arm_inst.pdf)

Greetz
BlueC0re
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)