一些aarch64 pwn

从x86_64过来,把这个看完,arm-aarch64基本上心里有底了,讲的蛮好的
https://xz.aliyun.com/t/3154

一些汇编指令和示例
https://zhuanlan.zhihu.com/p/673591189
https://liujiaboy.github.io/2021/04/13/%E9%80%86%E5%90%91/ARM%E6%B1%87%E7%BC%96-2/


和x86_64的差别不大,就是需要注意一下arm-lr,aarch64-x30
arm

   0x00010490 <+0>:	push	{r7, lr}
...
   0x000104c8 <+56>:	pop	{r7, pc}

aarch64

   0x0000000000400678 <+0>:		stp	x29, x30, [sp, #-32]!
...
   0x0000000000400690 <+24>:	ldp	x29, x30, [sp], #32
   0x0000000000400694 <+28>:	ret

包含了arm,aarch64,一些基本上示例和解决方案和分析(主要是练习arm/aarch64 rop)
https://github.com/xairy/easy-linux-pwn/


包含了arm,aarch64,多种漏洞类型都有
https://github.com/bkerler/exploit_me


一个堆相关的,主要是讲rop的题 insomnihack-teaser-2019 nyanc
https://blog.perfect.blue/ROPing-on-Aarch64


没找到题目,唉,就是不让你看源程序,函数返回时sp加了多少,就是让你烦躁
https://blog.csdn.net/FUCKING12/article/details/128158210
https://blog.csdn.net/zzq487782568/article/details/126919848

c8	gadget
d0  0
d8  0 -------- new sp
e0  0
e8  system_addr
f0  0
f8  bin_sh

一个aarch64内核的题:栈溢出
注意一些关于返回用户态这个章节
https://bbs.kanxue.com/thread-272397.htm
https://bbs.kanxue.com/thread-272376.htm


一些题目,给会的人讲的
https://bbs.kanxue.com/thread-272332.htm


DEF CON CTF Qualifier 2021
https://ctftime.org/writeup/28124

WPICTF 2021 strong-arm
https://ctftime.org/writeup/27929

ByteCTF 2021 AArch64 Pwn Master of HTTPD
https://xuanxuanblingbling.github.io/ctf/pwn/2021/12/13/aarch64/

逆向烦人
https://www.anquanke.com/post/id/237900

你可能感兴趣的:(二进制安全,linux,pwn)