Here, the reverse engineering concepts are the same. However, the availability of tools is limited. Static analysis can still be done under an x86 environment, but when we need to execute the file, it would require sandbox emulation.
It is still best to debug native executables locally in the emulated environment. But, if local debugging is slim, one alternative way is to do remote debugging. For Windows, the most popular remote debugging tools are Windbg and IDA Pro. For Linux, we usually use GDB.
Analyzing ARM-compiled executables is not far from the process that we perform with x86 executables. We follow the same steps as we did with x86:
- Study the ARM low-level language
- Do deadlisiting using disassembly tools
- Debug the program in the operating system environment
Studying the ARM low-level language is done in the same way that we studied x86 instructions. We just need to understand the memory address space, general purpose registers, special registers, stack, and language syntax. That would also include how API functions are called.
Tools such as IDA Pro, among other ARM disassembly tools, can be used to show the ARM disassembly code of a native ARM executable.