Challenges of Return-Oriented-Programming on the Xtensa Hardware   Architecture

Kai Lehniger; Marcin J. Aftowicz; Peter Langend\"orfer; Zoya Dyka

arXiv:2201.06785·cs.CR·January 19, 2022

Challenges of Return-Oriented-Programming on the Xtensa Hardware Architecture

Kai Lehniger, Marcin J. Aftowicz, Peter Langend\"orfer, Zoya Dyka

PDF

TL;DR

This paper explores how the unique properties of the Xtensa architecture can be exploited to perform Return-Oriented Programming attacks, highlighting new techniques for gadget chaining and register manipulation.

Contribution

It introduces novel ROP techniques tailored to Xtensa's architecture, especially for the windowed ABI, without relying on specific gadgets or attack scenarios.

Findings

01

Xtensa architecture can be effectively exploited with ROP techniques

02

A new mechanism for register manipulation in ROP on Xtensa is presented

03

The paper demonstrates architecture-specific vulnerabilities for ROP attacks

Abstract

This paper shows how the Xtensa architecture can be attacked with Return-Oriented-Programming (ROP). The presented techniques include possibilities for both supported Application Binary Interfaces (ABIs). Especially for the windowed ABI a powerful mechanism is presented that not only allows to jump to gadgets but also to manipulate registers without relying on specific gadgets. This paper purely focuses on how the properties of the architecture itself can be exploited to chain gadgets and not on specific attacks or a gadget catalog.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.