In this series of ARM challenges, you’ll be provided with vulnerable ARM64 binaries that can exploited within a controlled environment.

Think of these challenges as your personal playground for ARM64 reversing and hacking.

What You’ll Learn

By the time you finish these challenges, you’ll be able to:

  • Reverse Engineer ARM binaries like a pro
  • Spot vulnerabilities in the provided CTF style ARM64 binaries
  • Craft exploit poc or shellcodes to exploit the binaries and prove your findings
  • Master ARM64 security Write polished reports to impress any security team Getting Started Is a Breeze

In these challenges, you’ll work with precompiled ARM64 binaries within a containerized lab environment, eliminating the need for compilation. This setup lays the groundwork for the practical exploitation exercises you’ll complete throughout the course.

Before diving into the exploitation work, let’s go over the setup. This module provides everything you need to get started:

  • Run precompiled ARM64 challenge binaries in Docker
  • Dynamically generate flags each time the container is launched
  • Expose binaries over TCP sockets for remote exploitation using tools like nc, pwntools, or gdb
  • Reuse this environment for all upcoming ARM64 pwn challenges

System Requirements

Here’s what you’ll need to run the challenge binaries in this module: • Docker: Make sure Docker is installed and running on your system. It’s the core tool we use to launch and manage the challenge containers. • Docker Buildx: Required for building Docker images that target different CPU architectures, like ARM64. This allows you to build ARM64-compatible containers even on an x86_64 machine. • ARM64-Compatible Docker Support You’ll need support for running ARM64 images. This can be: • A native ARM64 machine (e.g., Raspberry Pi, Apple Silicon Mac), or • An x86_64 system with QEMU emulation, which is typically available through Docker Desktop with multi-architecture support enabled.

Inside Each Challenge Pack

A precompiled, static ARM64 binary (e.g., vuln-arm64-static) will be executable and compiled with no dynamic dependencies (statically linked)

Inside the Docker Environment

• Base Image: arm64v8/ubuntu:20.04 • Installed Tools: • gdb, lldb — ARM64-capable debuggers • socat — Used to expose the binary over TCP • build-essential — for completeness • User: A non-root user ctf is created to match realistic sandboxed environments • Flag: A random flag (flag.txt) is generated on container start, placed in /home/ctf/ for certain challenges

Ports Exposed

• 1337 — Primary port (for binary interaction) • 1234, 4444 — Extra ports for debugging, second-stage shells, or exploit flexibility Launch Instructions

./run.sh -f vuln-arm64-static

Here is an example of what you’ll see when you launch one of our challenges.

No Hints, No Solutions! Just Real-World Challenges

Will we provide Hints? Nope. Will we provide step-by-step walkthroughs? Not happening.

Why? Because we want you to think like a real security researcher. These aren’t textbook exercises with neat, one-size-fits-all answers. They’re messy, unpredictable, and mirror the types of vulnerabilities you’d actually see in the wild.

You’ll obiously be expected to bypass some security mitigations, but thats part of the game right? Your Mission Should You Choose to Accept It

For each challenge, you’ll need to: Reverse-engineer the ARM binaries to understand its inner workings Identify vulnerabilities hiding in the code Build a working exploit that proves the flaw exists Create a proof-of-concept to demonstrate the attack Document your process in a writeup you can be proud of Show Us Your Proof

When you’re done, we want to see: Your exploit poc — the poc we can use to validate your exploit A detailed writeup — your step-by-step journey to revealing the flag from the provided target binary Proof of exploitation — screenshots, videos, or logs Zip these files and upload them to the “Upload Solution” section of the individual challenges. Discovered a show-stopping bug or crash?

Drop us a line at support@8ksec.io, and we’ll take a look. Let’s Get Started

Till now we tried to give you a clean, reusable lab setup for all ARM64-based pwn challenges. Whether you’re crafting buffer overflows, hijacking control flow, or building full ROP chains, this environment will be your playground.