

Ask HN: Which Low-Cost Micro-controller is the Best for Learning Assembly? - phaus

I've recently started working in an IT Security position, and I'm trying to gain a solid foundation in assembly so I can start playing around with reverse engineering malware in my spare time. I've taken classes in Java and C++ before, and played around with HTML, JavaScript, and Python, but I haven't built anything significant yet, so I still consider myself to be a beginner. I've read a few articles, in an attempt to find out what I should start with, but there seems to be quite a wide variety of low-cost microprocessors out there.<p>I've read that the MSP430 is a good place to start, and it's definitely inexpensive, but I wonder if it would make more sense to just start with something more modern.<p>ARM processors are also supposed to be a good choice for a beginner, but there are so many choices, it's hard to figure out what I need.<p>Arduino looks interesting, and I hear about it all the time, but from the looks of it, most people don't use them to learn assembly. I know that they made an ARM version (which is hard to find) but I'm not sure what the difference would be between this and other ARM processors.<p>If anyone has a minute to share their thoughts I would be greatly appreciative.
======
deanfranks
If you want to learn assembler to analyze malware, learning x86 assembler
under linux or windows is where you should start. If you really want to start
with a microcontroller, the AVR is a good place. You can use one of the Atmel
XPlain boards or an Arduino with the Atmel Studio. I would recommend getting
an AVR Dragon JTAG interface, being able to debug at the hardware level is
invaluable when you are learning or doing "real" development in assembler.

Note that a good portion of the learning curve for AVR or other
microcontroller assembler is learning the hardware environment and learning
about interrupts, execution environment setup, etc etc. None of this is
particularly useful for malware analysis on x86 hardware.

If you are going to analyse malware under Android/etc then ARM is not such a
bad idea. The PI or the BeagleBone are excellent platforms for getting
started. Be aware that ARM assembler is a bit of a beast and is probably not a
good first architecture to learn.

------
octopus
My advice - buy a Raspberry Pi model B (about 35$) and read these lessons
(assembly programming on the Pi):

<http://www.cl.cam.ac.uk/freshers/raspberrypi/tutorials/os/>

~~~
orangethirty
Accidentally downvoted you. Apologies. The link is good.

~~~
octopus
No problem.

------
gary__
My answer relates to experiences getting started in malware analysis rather
than microcontroller assembler, but it might be useful to you :)

I took an interest in malware analysis last autumn and cant recommend the book
Practical Malware Analysis enough. It introduces the subject to a beginner
including the wide variety of skills required and tools used. One of the best
things about the book is the malware samples supplied for analysis at the end
of each chapter and then the detailed walk-throughs of how it should have been
done.

The book focusses on windows malware and thus discusses x86 assembly, both an
introduction to and identifying the constructs of higher level languages on
dissassembly.

I immediately looked to supplement the information on assembly however. First
with the Linux Assembly and Windows assembly "megaprimers" on
securitytube.net, then with the Intermediate Intel x86 series of video
lectures on opensecuritytraining.info. The quality of the latter was very
good, so much so that I may go back and watch the introductory x86 lectures as
well. I'm not usually a fan of video tutorials, but I thought the format
suited the topic quite well.

I've stopped looking into malware analysis for now due to work, part time
college and side projects that will hopefully lead to better work in the short
term. I do look forward to picking it up again in the future though, its
really quite fascinating.

------
orangethirty
Yes, the MSP430 is a good option. Its cheap (even free if you ask for a
sample), and has good support. Though I don't get why you would need a micro-
controller to learn how to reverse engineer malware with Assembly. There are
many good (free) books out there that teach Assembly for the X86 architecture.
Maybe you want to learn how to reverse engineer embedded malware/virii?

