Baremetal Rasberry Pi Zero CTF Challenges

Motivation

  • Develop unique CTF Challenges
  • Give myself a challenge
  • Realistic view of how ARM is used in microcontrollers

Key Differences (from reversing Linux binaries)

  • No Operating System 
    • No Security Features
    • No File System
    • No Heap (needs to be implemented)
    • Code + Data in same memory section
       
  • No Standard Libraries by Default
     
  • No Symbols/Not an ELF file
     
  • No Virtual Memory by Default

What that means for Developers?

Really, really weird things...

Malloc Implenetation Example

Linux Implementation

  • https://code.woboq.org/userspace/glibc/malloc/malloc.c.html
  • Over 5500 lines to ensure that it is writing in heap correctly
  • Virtual Memory

What that means for Exploiters/Reverse Engineers? 

Resources

  • https://github.com/bztsrc/raspi3-tutorial
    • Learning Baremetal Firmware Development
       
  • https://medium.com/codex/reverse-engineering-bare-metal-low-level-kernel-images-with-qemu-getting-started-c705b7b14d35
    • Full Walkthrough of Solving Furor
       
  • https://ctftime.org/writeup/27578

Baremetal Rasberry Pi Zero Reverse Engineering

By Ragnar Security

Baremetal Rasberry Pi Zero Reverse Engineering

  • 120