{"product_id":"blue-fox-isbn-9781119745303","title":"Blue Fox","description":"\u003cp\u003e\u003cb\u003eProvides readers with a solid foundation in Arm assembly internals and reverse-engineering fundamentals as the basis for analyzing and securing billions of Arm devices\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eFinding and mitigating security vulnerabilities in Arm devices is the next critical internet security frontier—Arm processors are already in use by more than 90% of all mobile devices, billions of Internet of Things (IoT) devices, and a growing number of current laptops from companies including Microsoft, Lenovo, and Apple. Written by a leading expert on Arm security, \u003ci\u003eBlue Fox: Arm Assembly Internals and Reverse Engineering\u003c\/i\u003e introduces readers to modern Armv8-A instruction sets and the process of reverse-engineering Arm binaries for security research and defensive purposes. \u003c\/p\u003e\u003cp\u003eDivided into two sections, the book first provides an overview of the ELF file format and OS internals, followed by Arm architecture fundamentals, and a deep-dive into the A32 and A64 instruction sets. Section Two delves into the process of reverse-engineering itself: setting up an Arm environment, an introduction to static and dynamic analysis tools, and the process of extracting and emulating firmware for analysis. The last chapter provides the reader a glimpse into macOS malware analysis of binaries compiled for the Arm-based M1 SoC. Throughout the book, the reader is given an extensive understanding of Arm instructions and control-flow patterns essential for reverse engineering software compiled for the Arm architecture. Providing an in-depth introduction into reverse-engineering for engineers and security researchers alike, this book: \u003c\/p\u003e\u003cul\u003e \u003cli\u003eOffers an introduction to the Arm architecture, covering both AArch32 and AArch64 instruction set states, as well as ELF file format internals\u003c\/li\u003e \u003cli\u003ePresents in-depth information on Arm assembly internals for reverse engineers analyzing malware and auditing software for security vulnerabilities, as well as for developers seeking detailed knowledge of the Arm assembly language\u003c\/li\u003e \u003cli\u003eCovers the A32\/T32 and A64 instruction sets supported by the Armv8-A architecture with a detailed overview of the most common instructions and control flow patterns\u003c\/li\u003e \u003cli\u003eIntroduces known reverse engineering tools used for static and dynamic binary analysis \u003c\/li\u003e \u003cli\u003eDescribes the process of disassembling and debugging Arm binaries on Linux, and using common disassembly and debugging tools \u003c\/li\u003e\n\u003c\/ul\u003e \u003cp\u003e\u003ci\u003eBlue Fox: Arm Assembly Internals and Reverse Engineering\u003c\/i\u003e is a vital resource for security researchers and reverse engineers who analyze software applications for Arm-based devices at the assembly level. \u003c\/p\u003e\u003cp\u003eIntroduction xxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I Arm Assembly Internals 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Introduction to Reverse Engineering 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to Assembly 3\u003c\/p\u003e \u003cp\u003eBits and Bytes 3\u003c\/p\u003e \u003cp\u003eCharacter Encoding 5\u003c\/p\u003e \u003cp\u003eMachine Code and Assembly 6\u003c\/p\u003e \u003cp\u003eAssembling 9\u003c\/p\u003e \u003cp\u003eCross- Assemblers 13\u003c\/p\u003e \u003cp\u003eHigh- Level Languages 15\u003c\/p\u003e \u003cp\u003eDisassembling 16\u003c\/p\u003e \u003cp\u003eDecompilation 17\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 ELF File Format Internals 21\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eProgram Structure 21\u003c\/p\u003e \u003cp\u003eHigh- Level vs. Low- Level Languages 22\u003c\/p\u003e \u003cp\u003eThe Compilation Process 24\u003c\/p\u003e \u003cp\u003eCross- Compiling for Other Architectures 25\u003c\/p\u003e \u003cp\u003eAssembling and Linking 27\u003c\/p\u003e \u003cp\u003eThe ELF File Overview 30\u003c\/p\u003e \u003cp\u003eThe ELF File Header 31\u003c\/p\u003e \u003cp\u003eThe ELF File Header Information Fields 32\u003c\/p\u003e \u003cp\u003eThe Target Platform Fields 33\u003c\/p\u003e \u003cp\u003eThe Entry Point Field 34\u003c\/p\u003e \u003cp\u003eThe Table Location Fields 34\u003c\/p\u003e \u003cp\u003eELF Program Headers 34\u003c\/p\u003e \u003cp\u003eThe PHDR Program Header 36\u003c\/p\u003e \u003cp\u003eThe INTERP Program Header 36\u003c\/p\u003e \u003cp\u003eThe LOAD Program Headers 36\u003c\/p\u003e \u003cp\u003eThe DYNAMIC Program Header 37\u003c\/p\u003e \u003cp\u003eThe NOTE Program Header 37\u003c\/p\u003e \u003cp\u003eThe TLS Program Header 38\u003c\/p\u003e \u003cp\u003eThe GNU_EH_FRAME Program Header 38\u003c\/p\u003e \u003cp\u003eThe GNU_STACK Program Header 39\u003c\/p\u003e \u003cp\u003eThe GNU_RELRO Program Header 41\u003c\/p\u003e \u003cp\u003eELF Section Headers 43\u003c\/p\u003e \u003cp\u003eThe ELF Meta- Sections 45\u003c\/p\u003e \u003cp\u003eThe String Table Section 46\u003c\/p\u003e \u003cp\u003eThe Symbol Table Section 46\u003c\/p\u003e \u003cp\u003eThe Main ELF Sections 46\u003c\/p\u003e \u003cp\u003eThe .text Section 47\u003c\/p\u003e \u003cp\u003eThe .data Section 47\u003c\/p\u003e \u003cp\u003eThe .bss Section 47\u003c\/p\u003e \u003cp\u003eThe .rodata Section 47\u003c\/p\u003e \u003cp\u003eThe .tdata and .tbss Sections 48\u003c\/p\u003e \u003cp\u003eSymbols 48\u003c\/p\u003e \u003cp\u003eGlobal vs. Local Symbols 50\u003c\/p\u003e \u003cp\u003eWeak Symbols 50\u003c\/p\u003e \u003cp\u003eSymbol Versions 51\u003c\/p\u003e \u003cp\u003eMapping Symbols 51\u003c\/p\u003e \u003cp\u003eThe Dynamic Section and Dynamic Loading 52\u003c\/p\u003e \u003cp\u003eDependency Loading (NEEDED) 53\u003c\/p\u003e \u003cp\u003eProgram Relocations 54\u003c\/p\u003e \u003cp\u003eStatic Relocations 55\u003c\/p\u003e \u003cp\u003eDynamic Relocations 56\u003c\/p\u003e \u003cp\u003eThe Global Offset Table (GOT) 57\u003c\/p\u003e \u003cp\u003eThe Procedure Linkage Table (PLT) 57\u003c\/p\u003e \u003cp\u003eThe ELF Program Initialization and Termination Sections 58\u003c\/p\u003e \u003cp\u003eInitialization and Termination Order 60\u003c\/p\u003e \u003cp\u003eThread- Local Storage 60\u003c\/p\u003e \u003cp\u003eThe Local- Exec TLS Access Model 65\u003c\/p\u003e \u003cp\u003eThe Initial- Exec TLS Access Model 65\u003c\/p\u003e \u003cp\u003eThe General- Dynamic TLS Access Model 66\u003c\/p\u003e \u003cp\u003eThe Local- Dynamic TLS Access Model 67\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 OS Fundamentals 69\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOS Architecture Overview 69\u003c\/p\u003e \u003cp\u003eUser Mode vs. Kernel Mode 70\u003c\/p\u003e \u003cp\u003eProcesses 70\u003c\/p\u003e \u003cp\u003eSystem Calls 72\u003c\/p\u003e \u003cp\u003eObjects and Handles 77\u003c\/p\u003e \u003cp\u003eThreads 79\u003c\/p\u003e \u003cp\u003eProcess Memory Management 80\u003c\/p\u003e \u003cp\u003eMemory Pages 82\u003c\/p\u003e \u003cp\u003eMemory Protections 82\u003c\/p\u003e \u003cp\u003eAnonymous and Memory- Mapped Memory 84\u003c\/p\u003e \u003cp\u003eMemory- Mapped Files and Modules 84\u003c\/p\u003e \u003cp\u003eAddress Space Layout Randomization 87\u003c\/p\u003e \u003cp\u003eStack Implementations 90\u003c\/p\u003e \u003cp\u003eShared Memory 91\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 The Arm Architecture 93\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eArchitectures and Profiles 93\u003c\/p\u003e \u003cp\u003eThe Armv8- A Architecture 95\u003c\/p\u003e \u003cp\u003eException Levels 96\u003c\/p\u003e \u003cp\u003eArmv8- A TrustZone Extension 97\u003c\/p\u003e \u003cp\u003eException Level Changes 99\u003c\/p\u003e \u003cp\u003eArmv8- A Execution States 101\u003c\/p\u003e \u003cp\u003eThe AArch64 Execution State 102\u003c\/p\u003e \u003cp\u003eThe A64 Instruction Set 103\u003c\/p\u003e \u003cp\u003eAArch64 Registers 104\u003c\/p\u003e \u003cp\u003eThe Program Counter 106\u003c\/p\u003e \u003cp\u003eThe Stack Pointer 107\u003c\/p\u003e \u003cp\u003eThe Zero Register 107\u003c\/p\u003e \u003cp\u003eThe Link Register 108\u003c\/p\u003e \u003cp\u003eThe Frame Pointer 109\u003c\/p\u003e \u003cp\u003eThe Platform Register (x18) 109\u003c\/p\u003e \u003cp\u003eThe Intraprocedural Call Registers 110\u003c\/p\u003e \u003cp\u003eSIMD and Floating- Point Registers 110\u003c\/p\u003e \u003cp\u003eSystem Registers 111\u003c\/p\u003e \u003cp\u003ePSTATE 112\u003c\/p\u003e \u003cp\u003eThe AArch32 Execution State 114\u003c\/p\u003e \u003cp\u003eA32 and T32 Instruction Sets 114\u003c\/p\u003e \u003cp\u003eThe A32 Instruction Set 114\u003c\/p\u003e \u003cp\u003eThe T32 Instruction Set 115\u003c\/p\u003e \u003cp\u003eSwitching Between Instruction Sets 115\u003c\/p\u003e \u003cp\u003eAArch32 Registers 118\u003c\/p\u003e \u003cp\u003eThe Program Counter 119\u003c\/p\u003e \u003cp\u003eThe Stack Pointer 120\u003c\/p\u003e \u003cp\u003eThe Frame Pointer 120\u003c\/p\u003e \u003cp\u003eThe Link Register 121\u003c\/p\u003e \u003cp\u003eThe Intraprocedural Call Register (IP, r12) 121\u003c\/p\u003e \u003cp\u003eThe Current Program Status Register 121\u003c\/p\u003e \u003cp\u003eThe Application Program Status Register 122\u003c\/p\u003e \u003cp\u003eThe Execution State Registers 124\u003c\/p\u003e \u003cp\u003eThe Instruction Set State Register 124\u003c\/p\u003e \u003cp\u003eThe IT Block State Register (ITSTATE) 125\u003c\/p\u003e \u003cp\u003eEndianness state 126\u003c\/p\u003e \u003cp\u003eMode and Exception Mask Bits 126\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Data Processing Instructions 129\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eShift and Rotate Operations 131\u003c\/p\u003e \u003cp\u003eLogical Shift Left 132\u003c\/p\u003e \u003cp\u003eLogical Shift Right 133\u003c\/p\u003e \u003cp\u003eArithmetic Shift Right 133\u003c\/p\u003e \u003cp\u003eRotate Right 134\u003c\/p\u003e \u003cp\u003eRotate Right with Extend 134\u003c\/p\u003e \u003cp\u003eInstruction Forms 135\u003c\/p\u003e \u003cp\u003eShift by a Constant Immediate Form 136\u003c\/p\u003e \u003cp\u003eShift by Register Form 138\u003c\/p\u003e \u003cp\u003eBitfield Manipulation Operations 140\u003c\/p\u003e \u003cp\u003eBitfield Move 141\u003c\/p\u003e \u003cp\u003eSign- and Zero- Extend Operations 145\u003c\/p\u003e \u003cp\u003eBitfield Extract and Insert 150\u003c\/p\u003e \u003cp\u003eLogical Operations 153\u003c\/p\u003e \u003cp\u003eBitwise AND 153\u003c\/p\u003e \u003cp\u003eThe TST Instruction 154\u003c\/p\u003e \u003cp\u003eBitwise Bit Clear 155\u003c\/p\u003e \u003cp\u003eBitwise OR 155\u003c\/p\u003e \u003cp\u003eBitwise OR NOT 156\u003c\/p\u003e \u003cp\u003eBitwise Exclusive OR 158\u003c\/p\u003e \u003cp\u003eThe TEQ instruction 158\u003c\/p\u003e \u003cp\u003eExclusive OR NOT 159\u003c\/p\u003e \u003cp\u003eArithmetic Operations 159\u003c\/p\u003e \u003cp\u003eAddition and Subtraction 159\u003c\/p\u003e \u003cp\u003eReverse Subtract 161\u003c\/p\u003e \u003cp\u003eCompare 162\u003c\/p\u003e \u003cp\u003eCMP Instruction Operation Behavior 163\u003c\/p\u003e \u003cp\u003eMultiplication Operations 165\u003c\/p\u003e \u003cp\u003eMultiplications on A64 166\u003c\/p\u003e \u003cp\u003eMultiplications on A32\/T32 167\u003c\/p\u003e \u003cp\u003eLeast Significant Word Multiplications 169\u003c\/p\u003e \u003cp\u003eMost Significant Word Multiplications 171\u003c\/p\u003e \u003cp\u003eHalfword Multiplications 173\u003c\/p\u003e \u003cp\u003eVector (Dual) Multiplications 176\u003c\/p\u003e \u003cp\u003eLong (64- Bit) Multiplications 179\u003c\/p\u003e \u003cp\u003eDivision Operations 186\u003c\/p\u003e \u003cp\u003eMove Operations 187\u003c\/p\u003e \u003cp\u003eMove Constant Immediate 188\u003c\/p\u003e \u003cp\u003eMove Immediate and MOVT on A32\/T32 188\u003c\/p\u003e \u003cp\u003eMove Immediate, MOVZ, and MOVK on A64 189\u003c\/p\u003e \u003cp\u003eMove Register 190\u003c\/p\u003e \u003cp\u003eMove with NOT 192\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Memory Access Instructions 195\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInstructions Overview 195\u003c\/p\u003e \u003cp\u003eAddressing Modes and Offset Forms 197\u003c\/p\u003e \u003cp\u003eOffset Addressing 200\u003c\/p\u003e \u003cp\u003eConstant Immediate Offset 201\u003c\/p\u003e \u003cp\u003eRegister Offsets 207\u003c\/p\u003e \u003cp\u003ePre- Indexed Mode 209\u003c\/p\u003e \u003cp\u003ePre- Indexed Mode Example 210\u003c\/p\u003e \u003cp\u003ePost- Indexed Addressing 212\u003c\/p\u003e \u003cp\u003ePost- Indexed Addressing Example 213\u003c\/p\u003e \u003cp\u003eLiteral (PC- Relative) Addressing 214\u003c\/p\u003e \u003cp\u003eLoading Constants 215\u003c\/p\u003e \u003cp\u003eLoading an Address into a Register 218\u003c\/p\u003e \u003cp\u003eLoad and Store Instructions 222\u003c\/p\u003e \u003cp\u003eLoad and Store Word or Doubleword 222\u003c\/p\u003e \u003cp\u003eLoad and Store Halfword or Byte 224\u003c\/p\u003e \u003cp\u003eExample Using Load and Store 226\u003c\/p\u003e \u003cp\u003eLoad and Store Multiple (A32) 228\u003c\/p\u003e \u003cp\u003eExample for STM and LDM 235\u003c\/p\u003e \u003cp\u003eA More Complicated Example Using STM and LDM 237\u003c\/p\u003e \u003cp\u003eLoad and Store Pair (A64) 238\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Conditional Execution 243\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eConditional Execution Overview 243\u003c\/p\u003e \u003cp\u003eConditional Codes 244\u003c\/p\u003e \u003cp\u003eThe NZCV Condition Flags 245\u003c\/p\u003e \u003cp\u003eSigned vs. Unsigned Integer Overflows 246\u003c\/p\u003e \u003cp\u003eCondition Codes 248\u003c\/p\u003e \u003cp\u003eConditional Instructions 249\u003c\/p\u003e \u003cp\u003eThe If- Then (IT) Instruction in Thumb 250\u003c\/p\u003e \u003cp\u003eFlag- Setting Instructions 252\u003c\/p\u003e \u003cp\u003eThe Instruction “S” Suffix 253\u003c\/p\u003e \u003cp\u003eThe S Suffix on Add and Subtract Instructions 253\u003c\/p\u003e \u003cp\u003eThe S Suffix on Logical Shift Instructions 256\u003c\/p\u003e \u003cp\u003eThe S Suffix on Multiply Instructions 257\u003c\/p\u003e \u003cp\u003eThe S Suffix on Other Instructions 257\u003c\/p\u003e \u003cp\u003eTest and Comparison Instructions 257\u003c\/p\u003e \u003cp\u003eCompare (CMP) 258\u003c\/p\u003e \u003cp\u003eCompare Negative (CMN) 260\u003c\/p\u003e \u003cp\u003eTest Bits (TST) 261\u003c\/p\u003e \u003cp\u003eTest Equality (TEQ) 264\u003c\/p\u003e \u003cp\u003eConditional Select Instructions 265\u003c\/p\u003e \u003cp\u003eConditional Comparison Instructions 268\u003c\/p\u003e \u003cp\u003eBoolean AND Conditionals Using CCMP 269\u003c\/p\u003e \u003cp\u003eBoolean OR Conditionals Using CCMP 272\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Control Flow 275\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBranch Instructions 275\u003c\/p\u003e \u003cp\u003eConditional Branches and Loops 277\u003c\/p\u003e \u003cp\u003eTest and Compare Branches 281\u003c\/p\u003e \u003cp\u003eTable Branches (T32) 282\u003c\/p\u003e \u003cp\u003eBranch and Exchange 284\u003c\/p\u003e \u003cp\u003eSubroutine Branches 288\u003c\/p\u003e \u003cp\u003eFunctions and Subroutines 290\u003c\/p\u003e \u003cp\u003eThe Procedure Call Standard 291\u003c\/p\u003e \u003cp\u003eVolatile vs. Nonvolatile Registers 293\u003c\/p\u003e \u003cp\u003eArguments and Return Values 293\u003c\/p\u003e \u003cp\u003ePassing Larger Values 295\u003c\/p\u003e \u003cp\u003eLeaf and Nonleaf Functions 298\u003c\/p\u003e \u003cp\u003eLeaf Functions 298\u003c\/p\u003e \u003cp\u003eNonleaf Functions 299\u003c\/p\u003e \u003cp\u003ePrologue and Epilogue 299\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II Reverse Engineering 305\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Arm Environments 307\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eArm Boards 308\u003c\/p\u003e \u003cp\u003eEmulation with QEMU 310\u003c\/p\u003e \u003cp\u003eQEMU User- Mode Emulation 310\u003c\/p\u003e \u003cp\u003eQEMU Full- System Emulation 314\u003c\/p\u003e \u003cp\u003eFirmware Emulation 315\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Static Analysis 321\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eStatic Analysis Tools 322\u003c\/p\u003e \u003cp\u003eCommand- Line Tools 322\u003c\/p\u003e \u003cp\u003eDisassemblers and Decompilers 322\u003c\/p\u003e \u003cp\u003eBinary Ninja Cloud 323\u003c\/p\u003e \u003cp\u003eCall- By- Reference Example 328\u003c\/p\u003e \u003cp\u003eControl Flow Analysis 334\u003c\/p\u003e \u003cp\u003eMain Function 336\u003c\/p\u003e \u003cp\u003eSubroutine 336\u003c\/p\u003e \u003cp\u003eConverting to char 341\u003c\/p\u003e \u003cp\u003eif Statement 343\u003c\/p\u003e \u003cp\u003eQuotient Division 345\u003c\/p\u003e \u003cp\u003efor Loop 347\u003c\/p\u003e \u003cp\u003eAnalyzing an Algorithm 349\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Dynamic Analysis 363\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCommand- Line Debugging 364\u003c\/p\u003e \u003cp\u003eGDB Commands 365\u003c\/p\u003e \u003cp\u003eGDB Multiuser 366\u003c\/p\u003e \u003cp\u003eGDB Extension: GEF 368\u003c\/p\u003e \u003cp\u003eInstallation 369\u003c\/p\u003e \u003cp\u003eInterface 370\u003c\/p\u003e \u003cp\u003eUseful GEF Commands 370\u003c\/p\u003e \u003cp\u003eExamine Memory 374\u003c\/p\u003e \u003cp\u003eWatch Memory Regions 376\u003c\/p\u003e \u003cp\u003eVulnerability Analyzers 377\u003c\/p\u003e \u003cp\u003echecksec 379\u003c\/p\u003e \u003cp\u003eRadare2 381\u003c\/p\u003e \u003cp\u003eDebugging 382\u003c\/p\u003e \u003cp\u003eRemote Debugging 385\u003c\/p\u003e \u003cp\u003eRadare2 386\u003c\/p\u003e \u003cp\u003eIDA Pro 388\u003c\/p\u003e \u003cp\u003eDebugging a Memory Corruption 390\u003c\/p\u003e \u003cp\u003eDebugging a Process with GDB 398\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Reversing arm64 macOS Malware 405\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBackground 406\u003c\/p\u003e \u003cp\u003emacOS arm64 Binaries 407\u003c\/p\u003e \u003cp\u003emacOS Hello World (arm64) 410\u003c\/p\u003e \u003cp\u003eHunting for Malicious arm64 Binaries 413\u003c\/p\u003e \u003cp\u003eAnalyzing arm64 Malware 419\u003c\/p\u003e \u003cp\u003eAnti- Analysis Techniques 420\u003c\/p\u003e \u003cp\u003eAnti- Debugging Logic (via ptrace) 421\u003c\/p\u003e \u003cp\u003eAnti- Debugging Logic (via sysctl) 425\u003c\/p\u003e \u003cp\u003eAnti- VM Logic (via SIP Status and the Detection of VM Artifacts) 429\u003c\/p\u003e \u003cp\u003eConclusion 435\u003c\/p\u003e \u003cp\u003eIndex 437\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eMARIA MARKSTEDTER \u003c\/b\u003eis the CEO and founder of Azeria Labs, offering high-quality training courses on Arm reverse engineering and exploitation. She has an extensive educational background, holding a Bachelor’s degree in Corporate Security and a Master’s degree in Enterprise Security, and has collaborated with Arm on exploit mitigation research. Maria’s outstanding contributions to the cybersecurity industry have earned her a place on Forbes’ “30 under 30” list for technology in Europe (2018) and the title of Forbes Person of the Year in Cybersecurity in 2020.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eExplore the core of Arm and unlock the secrets behind 90% of mobile and IoT devices through reverse engineering\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eThe popularity of Arm architecture in mobile and IoT devices, laptops, and servers makes it a perfect subject for anyone interested in reverse engineering. The details and intricacies of Arm assembly language offer an invaluable opportunity to stay up to date with a quickly evolving technological landscape. \u003c\/p\u003e\u003cp\u003e\u003ci\u003eBlue Fox: Arm Assembly Internals and Reverse Engineering \u003c\/i\u003eis a comprehensive guide perfect for both beginners and seasoned professionals. The book delivers an intuitive presentation of a processor language that is surging in popularity and demand. It skillfully presents material that readers need to dramatically improve their vulnerability discovery and analysis, exploit development, and malware analysis skills. \u003c\/p\u003e\u003cp\u003eThe book equips readers with the foundational knowledge required for effective reverse engineering. The initial chapters delve into topics such as the ELF file format, operating system fundamentals, and the Arm architecture, while subsequent chapters provide an overview of the three instruction sets: A64, A32, and T32. They offer coverage of a variety of instruction types including data processing and memory access instructions, conditional execution, and control flow patterns. \u003c\/p\u003e\u003cp\u003eThe second part of the book immerses readers in the world of reverse engineering, covering critical subjects, including different types of Arm environments, practical router firmware emulation, the process of static analysis, dynamic analysis and debugging of binaries during run-time, and an overview of frequently used reverse engineering tools and techniques. \u003c\/p\u003e\u003cp\u003eThe author also provides an in-depth chapter on reversing arm64 macOS malware, which includes the real-world anti-analysis techniques used by malware in the wild, making this book an essential resource for anyone interested in malware analysis.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47988848689381,"sku":"NP9781119745303","price":45.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119745303.jpg?v=1761781762","url":"https:\/\/k12savings.com\/products\/blue-fox-isbn-9781119745303","provider":"K12savings","version":"1.0","type":"link"}