🏳️
The CTF Recipes
  • Introduction
  • Cryptography
    • Introduction
    • General knowledge
      • Encoding
        • Character encoding
          • ASCII
          • Unicode
          • UTF-8
        • Data encoding
          • Base16
          • Base32
          • Base64
      • Maths
        • Modular arithmetic
          • Greatest Common Divisor
          • Fermat's little theorem
          • Quadratic residues
          • Tonelli-Shanks
          • Chinese Remainder Theorem
          • Modular binomial
      • Padding
        • PKCS#7
    • Misc
      • XOR
    • Mono-alphabetic substitution
      • Index of coincidence
      • frequency analysis
      • Well known algorithms
        • 🔴Scytale
        • 🔴ROT
        • 🔴Polybe
        • 🔴Vigenere
        • 🔴Pigpen cipher
        • 🔴Affine cipher
    • Symmetric Cryptography
      • AES
        • Block Encryption procedure
          • Byte Substitution
          • Shift Row
          • Mix Column
          • Add Key
          • Key Expansion / Key Schedule
        • Mode of Operation
          • ECB
            • Block shuffling
              • Challenge example
            • ECB Oracle
              • Challenge example
          • CBC
            • Bit flipping
              • Challenge example
            • Padding oracle
              • Challenge example
          • OFB
            • Key stream reconstruction
            • Encrypt to Uncrypt
  • 🛠️Pwn
    • General knowledge
      • STACK
        • Variables storage
        • Stack frame
      • PLT and GOT
      • HEAP
        • HEAP operations
        • Chunk
        • Bins
        • Chunk allocation and reallocation
      • Syscall
    • Architectures
      • aarch32
        • Registers
        • Instruction set
        • Calling convention
      • aarch64
        • Registers
        • Instruction set
        • Calling convention
      • mips32
        • Registers
        • Instruction set
        • Calling convention
      • mips64
        • Registers
        • Instruction set
        • Calling convention
      • x86 / x64
        • Registers
        • Instruction set
        • Calling convention
    • Stack exploitation
      • Stack Buffer Overflow
        • Dangerous functions
          • gets
          • memcpy
          • sprintf
          • strcat
          • strcpy
        • Basics
          • Challenge example
        • Instruction pointer Overwrite
          • Challenge example
        • De Bruijn Sequences
        • Stack reading
          • Challenge example
      • Format string
        • Dangerous functions
          • printf
          • fprintf
        • Placeholder
        • Data Leak
          • Challenge example
        • Data modification
          • Challenge example
      • Arbitrary code execution
        • Shellcode
        • ret2reg
        • Code reuse attack
          • Ret2plt
          • Ret2dlresolve
          • GOT Overwrite
          • Ret2LibC
          • Leaking LibC
          • Ret2csu
          • Return Oriented Programming - ROP
          • Sigreturn Oriented Programming - SROP
          • Blind Return Oriented Programming - BROP
            • Challenge example
          • 🔴Call Oriented Programming - COP
          • 🔴Jump Oriented Programming - JOP
          • One gadget
        • Stack pivoting
    • 🛠️Heap exploitation
      • Heap overflow
        • Challenge example
      • Use after free
        • Challenge example
      • 🛠️Double free
      • 🔴Unlink exploit
    • Protections
      • Stack Canaries
      • No eXecute
      • PIE
      • ASLR
      • RELRO
    • Integer overflow
Powered by GitBook
On this page
  • Data processing
  • Load/Store
  • Control Flow
  • Exception-generating
  • Synchronization
  • System
  1. Pwn
  2. Architectures
  3. aarch64

Instruction set

PreviousRegistersNextCalling convention

Last updated 2 years ago

The aarch64 instruction set is an extension of the set, with additional instructions and enhancements to support 64-bit computing.

Aarch64 supports more instructions, such as floating-point operations and SIMD instructions. Aarch32 only supports a limited set operations.

Data processing

Instruction
Description

FMADD

Perform a fused multiply-add operation

FMSUB

Perform a fused multiply-subtract operation

FMUL

Multiply two floating-point registers

FDIV

Divide two floating-point registers

FCMP

Compare two floating-point registers

FMOV

Move a floating-point value from one register to another

FCVT

Convert a floating-point value to a different data type

STLR

Store a word from a register into memory and make the store visible to other processors

Note that this is not an exhaustive list of data processing instructions that are available in the aarch64 instruction set but not in the aarch32 instruction set. There are many other instructions that can be used to perform a wide range of operations on data. The specific instructions available and their exact behavior may vary depending on the implementation of the aarch64 instruction set.

Load/Store

Instruction
Description

LDUR

Load a word from memory into a register using an offset from the base register

STUR

Store a word from a register into memory using an offset from the base register

LDRD

Load two consecutive words from memory into two registers

STRD

Store two consecutive words from two registers into memory

LDXP

Load a word from memory using an address calculated from two registers

STXP

Store a word into memory using an address calculated from two registers

LDAR

Load a word from memory and make the load visible to other processors

Note that this is not an exhaustive list of load/store instructions that are available in the aarch64 instruction set but not in the aarch32 instruction set. There are many other instructions that can be used to load and store data from memory using a variety of addressing modes and data types. The specific instructions available and their exact behavior may vary depending on the implementation of the aarch64 instruction set.

Control Flow

Instruction
Description

CBZ

Branch to a specified address if the value in a register is zero

CBNZ

Branch to a specified address if the value in a register is not zero

BLR

Branch to the address stored in a register

RET

Return from a subroutine and restore the return address from the stack

BRK

Trigger a breakpoint exception

HLT

Halt the processor until an external event occurs

Note that this is not an exhaustive list of control flow instructions that are available in the aarch64 instruction set but not in the aarch32 instruction set. There are many other instructions that can be used to control the flow of execution in a program, such as conditional branches and subroutine calls. The specific instructions available and their exact behavior may vary depending on the implementation of the aarch64 instruction set.

Exception-generating

Instruction
Description

SVC

Trigger a supervisor call (SVC) exception

HVC

Trigger a hypervisor call (HVC) exception

SMC

Trigger a secure monitor call (SMC) exception

BRK

Trigger a breakpoint exception

HLT

Halt the processor until an external event occurs

ERET

Return from an exception or interrupt

Note that this is not an exhaustive list of exception-generating instructions that are available in the aarch64 instruction set but not in the aarch32 instruction set. There are many other instructions that can be used to trigger different types of exceptions or interrupts, such as data abort and undefined instruction exceptions. The specific instructions available and their exact behavior may vary depending on the implementation of the aarch64 instruction set.

Synchronization

Instruction
Description

DMB

Ensure that all memory accesses before this instruction have completed before any memory accesses after this instruction are performed

DSB

Ensure that all memory accesses before this instruction have completed before the processor can execute any subsequent instructions

ISB

Ensure that all instructions before this instruction have completed before any subsequent instructions are executed

CAS

Compare the value in a register with the value in memory, and store a new value in memory if they match

LDXR

Load a word from memory using an atomic read-modify-write operation

STXR

Store a word into memory using an atomic read-modify-write operation

Note that this is not an exhaustive list of synchronization instructions that are available in the aarch64 instruction set but not in the aarch32 instruction set. There are many other instructions that can be used to manage concurrent access to shared data by multiple threads or processes. The specific instructions available and their exact behavior may vary depending on the implementation of the aarch64 instruction set.

System

Instruction
Description

MRS

Read the value of a system register into a register

MSR

Write a value to a system register from a register

SYS

Perform a privileged operation or access a system resource

HINT

Provide a hint to the processor about the expected behavior of the code

DCPS

Change the current processor mode or the state of interrupts

NOP

Do nothing

Note that this is not an exhaustive list of system instructions that are available in the aarch64 instruction set but not in the aarch32 instruction set. There are many other instructions that can be used to access system resources or perform other privileged operations. The specific instructions available and their exact behavior may vary depending on the implementation of the aarch64 instruction set.

🛠️
aarch32 instruction