Skip to content

mytechnotalent/0x03-ARM-32-Hacking-Float

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
0x03_arm_32_hacking_float.c
0x03_arm_32_hacking_float.c
 
 
1.png
1.png
 
 
2.png
2.png
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
RPI32AAHF.png
RPI32AAHF.png
 
 
build
build
 
 
schematic.png
schematic.png
 
 

Repository files navigation

image

FREE Reverse Engineering Self-Study Course HERE


0x03_arm_32_hacking_float

ARM 32-bit Raspberry Pi Hacking Float example in Kali Linux.


Join DC540 Discord HERE


Schematic

image


Parts

Raspberry Pi 4
64GB Micro SD Card
Micro SD Card Reader/Writer


STEP 1: Download Kali Linux ARM Image - Raspberry Pi 32-bit

Download [https://www.offensive-security.com/kali-linux-arm-images/]

STEP 2: Download balenaEtcher

Download

STEP 3: Flash Kali Linux ARM Image

Watch YT Null Byte Video

STEP 4: Power Up RPI & Login

POWER UP DEVICE AND LOGIN AS KALI AND SET UP SSH

STEP 5: Create File In VIM

#include <stdio.h>

int main()
{
    float x;

    x = 10.5;

    printf("%0.2f\n", x);

    return 0;
}

STEP 6: Save File As - 0x03_arm_32_hacking_float.c [:wq]

STEP 7: Build & Link

gcc -o 0x03_arm_32_hacking_float 0x03_arm_32_hacking_float.c

STEP 8: Run Binary

./0x03_arm_32_hacking_float
10.50

STEP 9: Run Radare2 - Debug Mode

r2 -d ./0x03_arm_32_hacking_float

STEP 10: Run Radare2 - Debug Step 1 [Examine Binary @ Entry Point]

aaa
s main
vv

image

STEP 11: Run Radare2 - Debug Step 2 [Examine LSB & MSB @ R3]

q
[0x0046550c]> pd 2 @ 0x00465512
│           0x00465512      4ff00003       mov.w r3, 0
│           0x00465516      c4f22813       movt r3, 0x4128

STEP 12: Run Radare2 - Debug Step 3 [Hack float]

wa movw r3, 0xd70a @0x00465512
wa movt r3, 0x4127 @0x00465516

STEP 13: Run Radare2 - Debug Step 4 [Review Hack]

[0x0046550c]> pd 2 @ 0x00465512
│           0x00465512      4df20a73       movw r3, 0xd70a
│           0x00465516      c4f22713       movt r3, 0x4127

STEP 14: Run Radare2 - Debug Step 5 [Hack Binary Permanently]

q
r2 -w ./0x03_arm_32_hacking_float
[0x000003fc]> aaa
[0x000003fc]> s main
[0x0000050c]> vv

image

q
[0x0000050c]> wa movw r3, 0xd70a @0x00000512
[0x0000050c]> wa movt r3, 0x4127 @0x00000516

STEP 15: Prove Hack

./0x03_arm_32_hacking_float
10.49

** NOTE ** If you wanted to hack from 10.50 to 10.51 instead you would simply:

[0x0000050c]> wa movw r3, 0x28f6 @0x00000512
[0x0000050c]> wa movt r3, 0x4128 @0x00000516

This should give you a good idea how the LSB and MSB work for floating point numbers now.


License

Apache License, Version 2.0

About

ARM 32-bit Raspberry Pi Hacking Float example in Kali Linux.

Topics

c iot arm hack assembly reverse-engineering assembler hacking cybersecurity assembly-language cyber assembly-language-programming radare2 cyber-security red-team red-team-engagement radare reverse-engineering-tutorial cyber-threat-intelligence cyber-security-team

Resources

Readme

License

Apache-2.0 license
Activity

Stars

5 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages