Fox Book
Blue Fox Edition

Arm Assembly

& Reverse


Arm Reverse Engineering Assembly Internals

Azeria Book

Book Overview

For Security Researchers Software Engineers Hackers Defenders Malware Analysts

This book begins with an introduction explaining what instructions are and where they come from. In the second chapter, you will learn about the ELF file format and its sections, along with a basic overview of the compilation process. Since binary analysis would be incomplete without understanding the context they are executed in, the third chapter provides an overview of operating system fundamentals. With this background knowledge, you are well prepared to delve into the Arm architecture in the fourth chapter.

In this section of the book, you will learn about the two primary instruction sets of the Armv8-A architecture: A32 and A64. You will gain a thorough understanding of data processing instructions, memory access instructions, conditional execution, and control flow instruction. This exploration of the Armv8-A architecture's core components equips you with the essential knowledge required to embark on your reverse engineering journey.

The reverse engineering part of the book starts with an overview of Arm environments. Knowing the different types of Arm environments is crucial, especially when you perform dynamic analysis and need to analyze binaries during execution.

The Static Analysis chapter includes an overview of the most common static analysis tools, followed by practical static analysis examples you can follow step-by-step.
Reverse engineering would be boring without dynamic analysis to observe how a program behaves during execution. In the Dynamic Analysis, you will learn about the most common dynamic analysis tools as well as examples of useful commands you can use during your analysis. This chapter concludes with two practical debugging examples: debugging a memory corruption vulnerability and debugging a process in GDB.

Reverse engineering offers numerous applications, enabling you to expand your skillset into areas such as vulnerability analysis and malware analysis. To get you started in the area of malware analysis, this book includes a chapter on analyzing arm64 macOS malware, written in collaboration witg Patrick Wardle (author of The Art of Mac Malware). This chapter introduces you to common anti-analysis techniques that macOS malware uses to avoid analysis.

Architecture & OS Internals

Introduction to Arm Assembly

Learn the fundamentals of the Arm architecture and familiarize yourself with both Arm 32-bit and 64-bit Assembly.

ELF File Formats

Learn about the ELF file format and its sections, along with a basic overview of the compilation process.

OS Fundamentals

Get an overview of operating system fundamentals to understand the context binaries are executed in.

The Arm Architecture

Learn about the Armv8-A architecture, its registers, execution environments, and instruction sets.

Data Processing Instructions

Learn about shifts and rotates, bitfield manipulations, logical and arithmetic operations, and multiplication instructions.

Memory Access Instructions

Learn about the different types of memory access instructions that are part of the A32 and A64 instruction sets.

Reverse Engineering

Conditional Execution

Learn about condition codes and how instructions are executed conditionally.

Control Flow

Learn how branch instructions alter the flow of execution, and how functions and subroutines look like in assembly.

Arm Environments

Get an overview of different Arm environments and learn how to emulate router firmware.

Static Analysis

Learn the tools and techniques used to statically analyze binaries, including static analysis step-by-step examples.

Dynamic Analysis

Learn about the tools used to analyze binaries during execution with dynamic analysis.

Reversing arm64 macOS Malware

Learn about anti-analysis techniques used by malware, based on a real-world arm64 macOS malware example.

Order Links

Don't worry if you see a different release date on your regional Amazon page. The book is set to release on May 9th globally. The release date will update to May (or June latest) for all regions once the book arrives in Amazon warehouses by late April, with shipping everywhere. To access the Amazon book page for your region, change the TLD to your region.

Amazon US

Amazon UK

Amazon DE

Wiley Website

The Author

Harry Jones
Maria Markstedter
Founder and CEO, Azeria Labs

Maria is the founder and CEO of Azeria Labs, offering services and private training courses for large tech companies. She holds a Bachelor’s degree in Corporate and IT Security and a Master’s degree in Enterprise and IT Security. In 2018, Maria became a Forbes “30 under 30” list member for technology and has been featured in Vogue Business Magazine. In 2020 Maria was named the Forbes Person of the Year in Cybersecurity. She is a member of both the Black Hat® EU and US Trainings and Briefings Review Board.

Her research focus is on Mobile and IoT reverse engineering and binary exploitation, as well as exploit mitigations and bypasses. Maria worked on exploit mitigation research alongside Arm in Cambridge and continues to educate security researchers and developers around the world on attacking and defending Arm binary applications.

Notable Mentions


Chapter 12: Reversing arm64 macOS Malware

Patrick Wardle
Patrick Wardle
Founder of Objective-See Foundation

Patrick Wardle is the creator of the non-profit Objective-See Foundation, author of the "The Art of Mac Malware" book series, and founder of the "Objective by the Sea" macOS Security conference. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing both books, and free open-source security tools to protect Mac users.

Notable Mentions

Technical Reviewers

Jon Masters
Jon Masters
Computer Architect, Google

Jon Masters is a Computer Architect at Google, where he works on Arm server related technology. Prior to Google, Jon spent 12 years leading Red Hat’s Arm server program from its inception through its first shipping product, driving industry standardization of Arm server platforms along the way. He co-authored several of the core Arm server specifications, and co-created the Linaro Enterprise Group to help drive Open Source ecosystem enablement for Arm architecture. He also spent several years leading Red Hat’s efforts mitigating speculative execution side-channel vulnerabilities including Meltdown and Spectre across all architectures. Between his time at Red Hat and Google, Jon was VP of Software for NUVIA, an Arm server startup. Jon has authored several books on Linux and began a Computer Science degree at the age of 13. He has a keen interest in understanding all levels of computer architecture. Jon has run over a dozen marathons, most of them while wearing Arm branded gear.

Matthias Boettcher
Matthias Boettcher
Staff Research Engineer, Arm Ltd.

Matthias Boettcher (PhD) is a Staff Research Engineer at Arm Ltd. When joining Arm’s Cambridge offices in the early 2010s, he initially investigated data-, instruction-, and threat-level parallelization techniques for CPUs. This contributed to what was later released as Arm’s Scalable Vector Extension (SVE). Since then, his personal interests and work focus shifted towards architectural and micro-architectural security. Among other things, he contributed to the release of features to accelerate symmetric, post-quantum and fully homomorphic algorithms, and to support pointer authentication and hardware enforced compartmentalization.

Maddie Stone
Maddie Stone
Security Researcher, Google Project Zero

Maddie Stone is a Security Researcher on Google Project Zero where she focuses on 0-days actively exploited in-the-wild. She has previously worked as a reverse engineer and team lead on the Android Security team. Maddie also spent many years deep in the circuitry and firmware of embedded devices while working at the Johns Hopkins Applied Physics Lab.

Daniel Cuthbert
Daniel Cuthbert
Security Researcher

Daniel Cuthbert is the Global Head of Security Research for Banco Santander. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).

Follow For Updates

Twitter Accounts


Author of the book

Main account of Azeria (Maria Markstedter). Personal tweets and updates.

Azeria Labs

Blog Website

Only tweets announcements and updates on blogs, trainings, all things Azeria Labs.

Blue Fox Book

Book Updates

Announcements, resources, and updates about this book.

Subscribe for Updates

Sign up to get the latest developments on this book, new blogs, and online training releases delivered straight to your inbox.