Writing Bare-Metal ARM Shellcode

November 18th @ 16:00 - 18:00 (GMT +4) // Track 3 @ HITB Labs


Skill Level








The great power of the Internet Of Things comes with the great responsibility of security”. Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Almost all of the IoT devices are driven by the ARM processor. Since the safety and security repercussions are serious and at times life-threatening, there is no way you can afford to neglect the security of IoT products.

“The art & craft of writing ARM shellcode” is a unique hands-on Labs which offers security professionals, a comprehensive understanding of the ARM Architecture and helps in reversing the ARM binaries and find vulnerabilities and exploit it.

We will start with a brief discussion of ARM architecture and instruction set and then discuss various system calling convention and using this knowledge we will start with our first hands-on labs on Shellcoding. In this lab, participants will write ARM Linux shell code to spawn a shell. We will also discuss a few tips on how to make your shellcode smaller and reliable so that it could be executed even in a very stringent environment where there is a restriction on the payload size and we will later do the hands-on on those concepts.

At the end of the workshop, I will demo an attack on a vulnerable ARM-based IoT Device running a Bare-Metal firmware. In the demo, I will exploit a buffer overflow vulnerability and control the GPIO pins of the hardware. Writing a shellcode for Bare-metal system is very different from writing it for Operating System like Linux or Windows. I explain in detail how this shell code different and how it is injected in the device, and I will also explain how this payload manages to control the hardware component connected to the device.




A brief discussion on the ARM Architecture instruction set will be done but having a basic understanding of it will smoothen your learning experience of this Labs and you can focus your energy on other important concepts.

Ready To HACK?

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp



IoT Security Researcher, Payatu Software Labs LLP

Munawwar Hussain Shelia

Munawwar Hussain Shelia works as an IoT Security Researcher at Payatu, where his full-time responsibility involves looking for bugs in customers IoT Devices and developing tools for pen-testing. He has a background in Computer Science and 4+ years of software development experience, having a development background helps him to think how products are designed and created which help him to break them viciously. He has delivered “Practical IoT Hacking” Training in Nullcon 2019, and a workshop on the same topic in CPX 360 (2019). He has also delivered a talk in c0c0n and Besides Delhi conference in 2020. His main focus areas are Reverse engineering, Binary Analysis, Malware Analysis and Software Exploitation, he also writes about this on his blog taintedbits.com. He has also delivered training to numerous governmental and private organizations around the globe. He has discovered and reported vulnerability(CVE-2020-12763) in IoT Device and has also published a paper on Android Malware.