Following a previous post on ARM exploitation, this post walks through extracting and analyzing modern IoT firmware to discover a previously unknown vulnerability. We then construct an ARM ROP chain that bypasses ASLR without an address leak to achieve unauthenticated RCE.
Full blog post available at https://modzero.com/en/blog/no-leak-no-problem/.