Reverse Engineering Armv8-A Systems E-Book

Reverse Engineering Armv8-A Systems

First Edition

A practical guide to kernel, firmware, and TrustZone analysis

Austin Kim

Reverse Engineering Armv8-A Systems

First Edition

Copyright © 2025 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Portfolio Director: Rohit Rajkumar

Relationship Lead: Tanisha Mehrotra

Project Manager: Sandip Tadge

Content Engineer: Anuradha Vishwas Joglekar

Technical Editor: Tejas Mhasvekar

Copy Editor: Safis Editing

Indexer: Pratik Shirodkar

Proofreader: Anuradha Vishwas Joglekar

Production Designer: Pranit Padwal

Growth Lead: Namita Velgekar

Marketing Owner: Nivedita Pandey

First published: August 2025

Production reference: 1170725

Published by Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB, UK.

ISBN 978-1-83508-892-0

www.packtpub.com

To my wife, Helen, for encouraging me when I needed it and for standing by my side throughout my life.

– Austin Kim

Foreword

The era of artificial intelligence (AI) is here, capturing the attention of tech enthusiasts, innovators, and students everywhere. With AI at the center of tech discussions, many people, from new developers to experienced professionals, are eager to learn its complexities. But is this the right path? Is AI really the ultimate answer – the “super-hero” of technology? Should every new developer and even those already established focus only on AI? These questions remain as we move through this exciting time.

Alongside the AI excitement, another important topic is emerging: protecting personal information. In our connected world, people highly value their privacy. Yet, everyone knows that once personal data goes to the cloud, it’s no longer fully secure. The best way to keep personal data safe is to store it locally, on embedded devices rather than sending it to the cloud.

This reality shows the growing importance of embedded systems, where Arm processors are already the most widely used technology. As the need for secure, local computing grows, Arm processors will become even more common, and the demand for Arm experts will rise. Moreover, while AI is strong in many areas, system software engineering, especially in reverse engineering, where AI often struggles, remains a vital and expanding field. Skills in this area will become even more essential as industries focus on secure, efficient, and reliable embedded solutions.

Here enters Austin Kim, a well-known writer in South Korea’s tech community, famous for their insightful books on Arm architecture and the Linux kernel. Having read all of his books, I can say their greatest strength is how easy they are to read. Many technical books, even if full of great information, sit unread because they’re hard to follow. But Kim’s books are engaging and simple to understand. This ease doesn’t mean they lack depth; it helps readers grasp complex ideas effortlessly. When I heard Austin Kim was writing a book in English, I wondered if their clear style would carry over. After reading this new book, I’m happy to say that he has a special talent for writing clearly and engagingly, no matter the language.

I strongly recommend this book to anyone wanting to learn more about Arm processors, system software engineering, or embedded systems in today’s AI-driven world. Whether you’re a new developer exploring this field, an experienced engineer shifting to embedded systems, or a professional aiming to stay ahead in a fast-changing industry, this book offers valuable knowledge. This book is a must-read for those eager to master a field that will only grow in importance, delivered with the clarity and engagement that only Kim can provide.

Bojun Seo

Software Engineer, LG Electronics

Contributors

About the author

Austin Kim has more than 14 years of experience in embedded Linux BSP development. He has worked on many tasks, such as board bring-up, crash and performance troubleshooting, and bootloader development for Arm-based devices. He has strong skills in binary analysis and has analyzed many memory dumps using TRACE32, Crash Utility, and ftrace. He has solved various kernel issues, including crashes, system lockups, and watchdog resets. Currently, he works as a Linux kernel BSP engineer and technical lecturer at LG Electronics. He enjoys sharing practical debugging skills, especially in areas such as Armv8-A architecture and kernel crash analysis.

I sincerely thank my wife, Helen Song, for her patience and support. Her dedication gave me the strength to complete this work. I’m also grateful for the guidance from mentors and leaders: Mike Seo, Dr. Reddy, Dr. Namseok Kim, and Dr. Gunho Lee. I also sincerely thank the technical reviewers: Bojun Seo, Rafiuddin Syed, Namhyung Kim, and Youngmin Nam. Lastly, I thank the Packt team, who supported me with great patience and professionalism.

About the reviewers

Bojun Seo is an open source developer at LG Electronics, developing advanced developer tools leveraging eBPF (extended Berkeley Packet Filter). He has an interest and experience in various fields related to computer science engineering, which include computer architecture, software architecture, parallel computing, General-Purpose Computing on Graphics Processing Units (GPGPU), memory management, algorithms, security, open source culture, and so on. He actively engages with other developers, enjoying presentations on his current tools at C++ Now, LG Software Developer Conference, and the Korean Linux Kernel Developers Meetup. He lives in Seoul and enjoys traveling around the world.

Rafiuddin Syed is an embedded systems engineer with expertise in real-time computing, virtualization, and low-level software development. He has held various roles at Texas Instruments, Intel, NVIDIA, Harman, and Drako Motors. His work spans hypervisors, Linux kernel development, PCIe, USB, and secure IPC, with contributions to both industry and open source projects.

Namhyung Kim is a staff software engineer at Google. He’s been working on the Linux kernel and other open source projects for more than 15 years. His main interests are low-level infrastructure such as operating systems, toolchains, performance monitoring, tracing, and binary instrumentation. Now he co-maintains the Linux perf tools and uftrace project, and also enjoys traveling all over the world.

Youngmin Nam is a seasoned software engineer with over 15 years of experience in embedded systems and low-level software development. At Samsung Electronics, he has led Linux kernel and Android BSP development for ARM-based SoCs, including the Exynos2400 platform used in Galaxy flagship devices. He played a key role in the Google Pixel project, collaborating directly with Google’s Pixel team to bring up essential system drivers and ensure platform stability. More recently, he has been working closely with Google’s kernel team and upstream maintainers to apply Generic Kernel Image (GKI) support to the Exynos kernel. His expertise spans kernel bring-up, memory management, platform integration, and upstream contributions to both Linux and Android kernels. Youngmin is passionate about reverse engineering, debugging complex system-level issues, and contributing to the open source community.

I would like to thank my family for their continued support and encouragement throughout my professional journey.

Join our community on Discord

Join our community’s Discord space for discussions with the authors and other readers: https://packt.link/embeddedsystems

Preface

Today, Arm processors are used in a wide range of systems, such as smartphones, AI SoCs, the automotive sector (for autonomous driving and infotainment), cloud servers, and MacBooks. These processors are mostly based on Armv8-A 64-bit architecture, including popular Arm processors, such as Cortex-A53, Cortex-A57, and Cortex-A78.

In system software development, Armv8-A architecture is now one of the most important topics that engineers should understand.

This book, Reverse Engineering Armv8-A Systems, was written to share practical ways to analyze binaries on Armv8-A systems. My goal is to help readers learn how Armv8-A architecture works and also build real skills through hands-on experience.

The book covers practical content that can be used directly in real-world projects. It is designed for readers who want to start learning binary analysis from the basics and move forward to a deeper understanding of low-level systems in Armv8-A systems.

Why I wrote this book

Reverse engineering means analyzing a system without access to the original source code. When you hear the term “reverse engineering,” you might think of binary analysis, security research, or exploit development. These are important skills and are often seen as core skills. Many blog posts and articles talk about using reverse engineering to create exploits from a security point of view.

However, for many system software developers, reverse engineering is usually used for a different purpose: to find bugs, analyze crashes, or investigate system failures, rather than to develop exploits. This book focuses on binary analysis skills that are useful for firmware developers and system software engineers. This book is not written for offensive security. Instead, it explains detailed binary analysis methods and practical debugging techniques.

I believe that the ability to analyze binaries is a core skill for becoming an advanced engineer in embedded systems. With this book, you will learn about the key concepts of the Armv8-A architecture and gain practical experience in analyzing binaries on Armv8-A systems.

Who this book is for

If you are interested in binary analysis, reverse engineering, or debugging on Armv8-A devices, this book is for you. It is especially helpful for system software engineers, security consultants, and ethical hackers who want to expand their binary analysis expertise. To get the most value, you should have a basic understanding of C programming. Familiarity with computer architecture, Linux systems, and security concepts will also help you follow the material in this book more effectively.

What this book covers

Chapter 1, Learning Fundamentals of Arm Architecture, introduces the basic concepts of the Armv8-A architecture, such as exception levels, register usage, AAPCS, and exception handling. These fundamentals will help you understand system behavior and prepare you for binary analysis.

Chapter 2, Understanding the ELF Binary Format, introduces you to the ELF binary format, including the file header, section header, and program header. You will learn how to use the readelf command to check binary structure and how each header helps during reverse engineering.

Chapter 3, Manipulating Data with Arm Data Processing Instructions, explains data processing instructions for arithmetic, logic, and bit shifts. You will learn how to reconstruct assembly instructions into C. These skills are key background knowledge for binary analysis.

Chapter 4, Reading and Writing with Memory Access Instructions, covers how memory access works in Armv8-A using LDR and STR. You will learn how they move data between registers and memory.

Chapter 5, Controlling Execution with Flow Control Instructions, explains flow control instructions that change how a program runs based on conditions with comparison and branch instructions.

Chapter 6, Introducing Reverse Engineering, introduces reverse engineering, a way to understand software without source code. You will learn about static and dynamic analysis, as well as the compilation process, which are important for binary analysis.

Chapter 7, Setting Up a Practice Environment with an Arm Device, covers how to set up a practice environment using an Arm device such as the Raspberry Pi or QEMU. With these tools, you will perform binary analysis.

Chapter 8, Unpacking the Kernel with Linux Fundamentals, focuses on Linux basics: user space, kernel space, system calls, and process management. You will also learn about memory management and security features such as LSM and KASLR.

Chapter 9, Understanding Basic Static Analysis, covers basic static analysis for reverse engineering by using binary utilities. You will learn how to check the type of a binary file and how to examine a corrupted object file. You will also learn how to read assembly code and understand how to convert it into C code.

Chapter 10, Going Deeper with Advanced Static Analysis, covers advanced static analysis for kernel binaries such as *.ko and vmlinux. You will learn about the ELF structure, typical kernel binary patterns, and how to recognize elements such as the .modinfo section.

Chapter 11, Analyzing Program Behavior with Basic Dynamic Analysis, discusses basic dynamic analysis, including its benefits and limitations. You will use tools such as GDB and GEF to debug various user-space binaries. This chapter also provides case studies related to memory corruption issues.

Chapter 12, Expert Techniques in Advanced Dynamic Analysis, covers advanced dynamic analysis of kernel binaries using the Crash utility. You will learn how to identify kernel structures such as task_struct using stack patterns and memory addresses. These skills are a key feature of this book.

Chapter 13, Tracing Execution with uftrace, explores uftrace, a powerful open source tool to monitor process execution. You will learn how to install and use uftrace with a simple example that traces function calls and return values.

Chapter 14, Securing Execution with Armv8-A TrustZone, explores TrustZone in Armv8-A. You will also learn how software switches between the non-secure and secure worlds using the SMC instruction. It also explains hardware features that support TrustZone, such as the AxPROT signal.

Chapter 15, Building Defenses with Key Security Features of Armv8-A, explains the latest security features in Armv8-A, including PAN, PAC, BTI, and MTE. These features are used to protect systems by controlling memory access and verifying addresses.

To get the most out of this book

To get the most benefit from this book, we recommend the following:

We have tested all the example code in this book using the following platforms:

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

Everything will be explained step by step. Whether you are a beginner or an experienced developer, this book will guide you through the interesting and practical world of binary analysis for reverse engineering.

Download the example code files

The code bundle for the book is hosted on GitHub at https://github.com/PacktPublishing/Reverse-Engineering-Armv8-A-Systems. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://packt.link/gbp/9781835088920.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. For example: “The MOV instruction is used to copy the value of an operand into the destination register”:

A block of code is set as follows:

Any command-line input or output is written as follows:

Bold: Indicates a new term, an important word, or words that you see on the screen. For instance, words in menus or dialog boxes appear in the text like this. For example: “[3] Callstack shows how function calls are made by processes.

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book’s title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you reported this to us. Please visit http://www.packtpub.com/submit-errata, click Submit Errata, and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit http://authors.packtpub.com/.

Share your thoughts

Once you’ve read Reverse Engineering Armv8-A Systems, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily.

Follow these simple steps to get the benefits:

https://packt.link/free-ebook/9781835088920

Part 1

Fundamentals of Armv8-A Architecture

In this part, you will learn about the fundamentals of the Armv8-A architecture that are necessary to begin binary analysis. This part provides practical knowledge that you can use in real debugging or reverse engineering tasks in Armv8-A systems.

This part includes the following chapters: