#### NOP-Oriented Programming: Should we Care?

Pierre-Yves Péneau, Ludovic Claudepierre, Damien Hardy, Erven Rohou Univ Rennes, Inria, CNRS, IRISA

SILM workshop - Friday, September 11th 2020



## Introduction

- Fault injection nowadays
  - ElectroMagnetic Pulse (EMP)
  - Laser injection
  - Clock glitch

• ...





### Introduction

- Fault injection nowadays
  - ElectroMagnetic Pulse (EMP)
  - Laser injection
  - Clock glitch
  - • •



• Efficient but limited to 1 or few injections



## Introduction

- Fault injection nowadays
  - ElectroMagnetic Pulse (EMP)
  - Laser injection
  - Clock glitch
  - • • •



- Efficient but limited to 1 or few injections
- Lack of precision
  - EMP/laser: unavoidable delay between 2 injections



## Approach and questions

• What if an attacker can overcome these limitations?

- No delay between injection
- High precision (instruction-level)
- Unlimited number of faults
- Questions:
  - 1. What are the possibilities for an attacker?
  - 2. Can we simulate this?

# Fault model : NOP-Oriented programming

#### Base fault model: instruction skip\*

- An attacker is able to entirely skips a specific instruction
- Skipping an instruction replaces this instruction by a NOP

\*Chong Hee and Quisquater. "Fault attacks for CRT based RSA: New attacks, new results, and new countermeasures." International Workshop on Information Security Theory and Practices, 2007.

# Fault model : NOP-Oriented programming

#### • Base fault model: instruction skip\*

- An attacker is able to entirely skips a specific instruction
- Skipping an instruction replaces this instruction by a NOP
- Our model: instruction-skip by a factor of hundreds/thousands
  - Program mainly driven by NOP
  - Select which instruction you want to execute

\*Chong Hee and Quisquater. "Fault attacks for CRT based RSA: New attacks, new results, and new countermeasures." International Workshop on Information Security Theory and Practices, 2007.

# Fault model : NOP-Oriented programming

#### • Base fault model: instruction skip\*

- An attacker is able to entirely skips a specific instruction
- Skipping an instruction replaces this instruction by a NOP
- Our model: instruction-skip by a factor of hundreds/thousands
  - Program mainly driven by NOP
  - Select which instruction you want to execute
- That's what we call NOP-Oriented Programming

\*Chong Hee and Quisquater. "Fault attacks for CRT based RSA: New attacks, new results, and new countermeasures." International Workshop on Information Security Theory and Practices, 2007.

# Theoretical analysis

# Possibilities with a NOP-Oriented programming model

# Assumptions

#### • The binary contains a minimal set of instructions:

- load/store
- move
- add
- sub
- The binary is bug-free
- No backdoor is necessary
- ARM instruction set
  - Could be applied to other ISA

- Any instruction can be skipped to reach any address
- From an address A, any address A' where A' > A can be reached

- Any instruction can be skipped to reach any address
- From an address A, any address A' where A' > A can be reached

@A : inst. 1
@A+2 : inst. 2
...
@A'-1 : inst. n-1
@A' : inst. n

- Any instruction can be skipped to reach any address
- From an address A, any address A' where A' > A can be reached



- Any instruction can be skipped to reach any address
- From an address A, any address A' where A' > A can be reached



With branches, almost any address could be reached
Starting from @A, how to reach @B?

- Any instruction can be skipped to reach any address
- From an address A, any address A' where A' > A can be reached



With branches, almost any address could be reached
 Starting from @A, how to reach @B?



- Any instruction can be skipped to reach any address
- From an address A, any address A' where A' > A can be reached



With branches, almost any address could be reached
Starting from @A, how to reach @B?



• Do fewer iterations by:

• Do more iterations by:

mov r4, #10 label:

... sub r4, r4, #1 cmp r4, 0 bne label

endloop:

• • •

• Do fewer iterations by:

• Replace entire body by NOP

• Do more iterations by:



#### • Do fewer iterations by:

- Replace entire body by NOP
- NOP the conditional branch at the end and exit

#### • Do more iterations by:



#### • Do fewer iterations by:

- Replace entire body by NOP
- NOP the conditional branch at the end and exit

#### • Do more iterations by:

#### • NOP the instruction which controls the loop condition Typically a subtraction on a counter



. . .

#### • Do fewer iterations by:

- Replace entire body by NOP
- NOP the conditional branch at the end and exit

#### • Do more iterations by:

- NOP the instruction which controls the loop condition Typically a subtraction on a counter
- NOP the compare instruction
  - This relies on the current state of the control flags



- This relies on the presence of
  - Instruction(s) to increment a register
  - move or load



• • •

- This relies on the presence of
  - Instruction(s) to increment a register
  - move or load
- 1. Use a controlled loop (attack 2)
  - We control the number of iterations



- This relies on the presence of
  - Instruction(s) to increment a register
  - move or load
- 1. Use a controlled loop (attack 2)
  - We control the number of iterations
- 2. Use a register Rs whose content is controlled



- This relies on the presence of
  - Instruction(s) to increment a register
  - move or load
- 1. Use a controlled loop (attack 2)
  - We control the number of iterations
- 2. Use a register Rs whose content is controlled
- 3. Use a move instruction from Rs into Rd

| mov r0, #0<br>mov r4, #10<br>label:        |
|--------------------------------------------|
| <br>add r0, r0, #1                         |
| mov r3, r0                                 |
|                                            |
|                                            |
| <br>Sub 14, 14, #1                         |
| <br><del>Sub 14, 14, #1</del><br>cmp r4, 0 |
|                                            |
| cmp r4, 0                                  |

. . .

- This relies on the presence of
  - Instruction(s) to increment a register
  - move or load
- 1. Use a controlled loop (attack 2)
  - We control the number of iterations
- 2. Use a register Rs whose content is controlled
- 3. Use a move instruction from Rs into Rd
- 4. Exit the loop (attack 1)



- This relies on the presence of
  - Instruction(s) to increment a register
  - move or load
- 1. Use a controlled loop (attack 2)
  - We control the number of iterations
- 2. Use a register Rs whose content is controlled
- 3. Use a move instruction from Rs into Rd
- 4. Exit the loop (attack 1)

```
mov r0, #0
mov r4, #10
label:
...
add r0, r0, #1
...
mov r3, r0
...
sub r4, r4, #1
cmp r4, 0
bme label
endloop:
```

• This can be extended to a set of registers (see paper)

11 - September 2020

- *Rm* represents a memory address
- Rs represents a value to store

mov r0, #0 mov r1, #0 mov r4, #10 label: . . . add r0, r0, #1 add r1, r1, #1 sub r4, r4, #1 cmp r4, 0 bne label endloop: . . . . . . . . . . . .

. . .

- *Rm* represents a memory address
- Rs represents a value to store
- Both registers content are controlled (attack 3)



- *Rm* represents a memory address
- Rs represents a value to store
- Both registers content are controlled (attack 3)
- To read in memory, reach a load that uses Rm
  - No need of Rs for reading

| mov r0, #0<br>mov r1, #0<br>mov r4, #10<br>label: |
|---------------------------------------------------|
| add r0, r0, #1<br>add r1, r1, #1                  |
| cmp r4, 0                                         |
| endloop:<br>Idr rX, [r0]<br>                      |
|                                                   |

- Rm represents a memory address
- Rs represents a value to store
- Both registers content are controlled (attack 3)
- To read in memory, reach a load that uses Rm
  - No need of Rs for reading
- To write in memory, reach a store that uses *Rm* and *Rs*

| mov r0, #0                                   |
|----------------------------------------------|
| mov r1, #0                                   |
| mov r4, #10                                  |
| label:                                       |
|                                              |
| add r0, r0, #1                               |
| add r1, r1, #1                               |
|                                              |
| •••                                          |
| <br>3ub 14, 14, π1                           |
| <br><del>- sub 14, 14, #1</del><br>cmp r4, 0 |
|                                              |
| cmp r4, 0                                    |
| cmp r4, 0                                    |

. . .



- Rm represents a memory address
- Rs represents a value to store
- Both registers content are controlled (attack 3)
- To read in memory, reach a load that uses Rm
  - No need of Rs for reading
- To write in memory, reach a store that uses *Rm* and *Rs* 
  - If no such instruction, use other registers with move (attack 3)





- *Rm* represents a memory address
- Rs represents a value to store
- Both registers content are controlled (attack 3)
- To read in memory, reach a load that uses Rm
  - No need of Rs for reading
- To write in memory, reach a store that uses *Rm* and *Rs* 
  - If no such instruction, use other registers with move (attack 3)

• This can be extended to a set of registers (see paper)





Jump to any address (attack 5)

• Rd represents the destination of a branch

mov r0, #0 mov r4, #10 label:

add r0, r0, #1

sub r4, r4, #1 cmp r4, 0 bne label

endloop:



Jump to any address (attack 5)

- Rd represents the destination of a branch
- Rd is a controlled register

mov r0, #0 mov r4, #10 label: ... add r0, r0, #1 ... sub r4, r4, #1 cmp r4, 0 bne label

. . .

endloop:

Jump to any address (attack 5)

- Rd represents the destination of a branch
- Rd is a controlled register
- Find an unconditional branch to *Rd*: blx *Rd*



Jump to any address (attack 5)

- Rd represents the destination of a branch
- Rd is a controlled register
- Find an unconditional branch to *Rd*: blx *Rd*
- Execute



Jump to any address (attack 5)

- Rd represents the destination of a branch
- Rd is a controlled register
- Find an unconditional branch to *Rd*: blx *Rd*
- Execute
- Use the stack: push Rd
   pop pc



CFG Hijacking
 Control loop iteration
 Control register(s) content

CFG Hijacking
 Control loop iteration
 Control register(s) content



CFG Hijacking
 Control loop iteration
 Control register(s) content



CFG Hijacking
 Control loop iteration
 Control register(s) content

Direct dependency

CFG Hijacking
 Control loop iteration
 Control register(s) content

4) Load/Store from register(s)5) Jump to any address

Direct dependency

CFG Hijacking
 Control loop iteration
 Control register(s) content

4) Load/Store from register(s)5) Jump to any address

This is Turing-Complete (proof in the paper)

Direct dependency

# Application to (almost) real life

#### NOP-Oriented programming in a nutshell

## Disclaimer

- We present two attacks:
  - 1) How to retrieve the encryption key used in AES
  - 2) How to write user-defined data in memory
- However, this is not specific to AES

## Disclaimer

- We present two attacks:
  - 1) How to retrieve the encryption key used in AES
  - 2) How to write user-defined data in memory
- However, this is not specific to AES
- We only need a minimum set of instructions
- Our target: ARM embedded systems
  - No memory protection

## Disclaimer

- We present two attacks:
  - 1) How to retrieve the encryption key used in AES
  - 2) How to write user-defined data in memory
- However, this is not specific to AES
- We only need a minimum set of instructions
- Our target: ARM embedded systems
  - No memory protection
- Realised in the <u>gem5<sup>\*</sup> simulator</u>
  - Replay fault model has been implemented
  - Few attacks tested on real board

Theory: skipping an instruction <u>has no side-effect</u>
NOP-Oriented Programming

- Theory: skipping an instruction has no side-effect
  - NOP-Oriented Programming
- Experienced fault model<sup>\*</sup>: skipping an instruction <u>repeats the N</u>
   <u>previous ones</u>

- Theory: skipping an instruction has no side-effect
  - NOP-Oriented Programming
- Experienced fault model<sup>\*</sup>: skipping an instruction <u>repeats the N</u>
   <u>previous ones</u>
  - N is the size of the instruction buffer
  - N = 1 in our experiments

- Theory: skipping an instruction has no side-effect
  - NOP-Oriented Programming
- Experienced fault model<sup>\*</sup>: skipping an instruction <u>repeats the N</u>
   <u>previous ones</u>
  - N is the size of the instruction buffer
  - N = 1 in our experiments
- Limits the attacker
  - cannot repeat a PC-relative load for example

- Theory: skipping an instruction has no side-effect
  - NOP-Oriented Programming
- Experienced fault model<sup>\*</sup>: skipping an instruction <u>repeats the N</u>
   <u>previous ones</u>
  - N is the size of the instruction buffer
  - N = 1 in our experiments
- Limits the attacker
  - cannot repeat a PC-relative load for example

ldr *r0*, [*pc*, #-32] add *r0*, *r0*, *r1* 

- Theory: skipping an instruction has no side-effect
  - NOP-Oriented Programming
- Experienced fault model<sup>\*</sup>: skipping an instruction <u>repeats the N</u>
   <u>previous ones</u>
  - N is the size of the instruction buffer
  - N = 1 in our experiments
- Limits the attacker
  - cannot repeat a PC-relative load for example

Idr r0, [pc, #-32] add r0, r0, r1 Idr r0, [pc, #-32] Idr r0, [pc, #-32]

- Theory: skipping an instruction has no side-effect
  - NOP-Oriented Programming
- Experienced fault model<sup>\*</sup>: skipping an instruction <u>repeats the N</u>
   <u>previous ones</u>
  - N is the size of the instruction buffer
  - N = 1 in our experiments
- Limits the attacker
  - cannot repeat a PC-relative load for example



#### Base program

memset(cipher, 0, BUF\_SIZE);
sprintf(plain, "%s", "thisisaplaintext");
sprintf(key, "%s", "0123456789ABCDEF");

Init phase

printf("%s\n", cipher);

#### Base program

memset(cipher, 0, BUF\_SIZE);
sprintf(plain, "%s", "thisisaplaintext");
sprintf(key, "%s", "0123456789ABCDEF");
AESEncrypt(cipher, plain, key);
Compute phase

11 - September 2020

#### Base program

memset(cipher, 0, BUF\_SIZE);
sprintf(plain, "%s", "thisisaplaintext");
sprintf(key, "%s", "0123456789ABCDEF");
AESEncrypt(cipher plain key):
Compute phase

AESEncrypt(cipher, plain, key); printf("%s\n", cipher);

• Goal: retrieve the key

AESEncrypt(cipher, plain, key);
 → key is in r2 (function call convention)

AESEncrypt(cipher, plain, key);
 → key is in r2 (function call convention)

printf("%s\n", cipher);

 $\rightarrow$  String to print is in r1 (function call convention)

AESEncrypt(cipher, plain, key);
 → key is in r2 (function call convention)

- printf("%s\n", cipher);
  → String to print is in r1 (function call convention)
- Idea: move r2 into r1, then call printf()

1 <abort>:
2 ...
3 <main>:
4 ...

# Move r2 into r1 Call printf()

13 <Encrypt>:
14 105d0: push {fp, lr}
15 105d4: add fp, sp, #4
16 105d8: sub sp, sp, #248
17 105dc: str r0, [fp, #-240]
18 105e0: str r1, [fp, #-244]
19 105e4: str r2, [fp, #-248]
20 105e8: sub r3, fp, #24
21 105ec: ldr r1, [fp, #-248]



| key is in r2 |    |                                                                      |      |      |      |        |
|--------------|----|----------------------------------------------------------------------|------|------|------|--------|
|              | 13 | <encryp< th=""><th>pt&gt;:</th><th></th><th></th><th></th></encryp<> | pt>: |      |      |        |
|              | 14 | 105d0:                                                               | push | {fp, | lr   |        |
|              | 15 | 105d4:                                                               | add  | fp,  | sp,  | #4     |
|              | 16 | 105d8:                                                               | sub  | sp,  | sp,  | #248   |
|              | 17 | 105dc:                                                               | str  | r0,  | [fp, | #-240] |
|              | 18 | 105e0:                                                               | str  | r1,  | [fp, | #-244] |
|              | 19 | 105e4:                                                               | str  | r2,  | [fp, | #-248] |
|              | 20 | 105e8:                                                               | sub  | r3,  | fp,  | #24    |
|              | 21 | 105ec:                                                               | ldr  | r1,  | [fp, | #-248] |



| key is in r2      |    |                                                                    |      |      |                        |  |
|-------------------|----|--------------------------------------------------------------------|------|------|------------------------|--|
|                   | 13 | <encry< th=""><th>pt&gt;:</th><th></th><th></th><th></th></encry<> | pt>: |      |                        |  |
|                   | 14 | 105d0:                                                             | push | {fp, | <pre>lr }</pre>        |  |
|                   | 15 | 105d4:                                                             | add  | fp,  | <mark>sp</mark> , #4   |  |
|                   | 16 | 105d8:                                                             | sub  | sp,  | <mark>sp</mark> , #248 |  |
|                   | 17 | 105dc:                                                             | str  | r0,  | [fp, #-240]            |  |
| Store at \$fp-248 | 18 | 105e0:                                                             | str  | r1,  | [fp, #-244]            |  |
|                   | 19 | 105e4:                                                             | str  | r2,  | [fp, #-248]            |  |
|                   | 20 | 105e8:                                                             | sub  | r3,  | <b>fp</b> , #24        |  |
|                   | 21 | 105ec:                                                             | ldr  | r1,  | [fp, #-248]            |  |



| key is in r2      |                                 |          |
|-------------------|---------------------------------|----------|
|                   | 13 <encrypt>:</encrypt>         |          |
|                   | 14 105d0: push {fp, lr}         |          |
|                   | 15 105d4: add fp, sp, #4        |          |
|                   | 16 105d8: sub sp, sp, #248      |          |
|                   | 17 105dc: str r0, [fp, #-240]   |          |
| Store at \$fp-248 | 18 105e0: str r1, [fp, #-244]   |          |
|                   | 19 105e4: str r2, [fp, #-248]   | 1: inst. |
| Load into r1      | 20 105e8: sub r3, fp, #24       | to reach |
|                   | 21 105ec: ldr r1, [fp, #-248] ← |          |



| key is in r2      |                                           |
|-------------------|-------------------------------------------|
| 2                 | 13 <encrypt>:</encrypt>                   |
|                   | 14 105d0: push {fp, lr}                   |
|                   | 15 105d4: add fp, sp, #4                  |
|                   | 16 105d8: sub sp, sp, #248                |
|                   | 17 105dc: str r0, [fp, #-240]             |
| Store at \$fp-248 | 18 105e0: str r1, [fp, #-244]             |
|                   | 19 105e4: str r2, [fp, #-248] 1: inst.    |
| Load into r1      | 20 105e8: sub r3, fp, #24 to reach        |
|                   | 21 105ec: ldr r1, [fp, #-248] ← CO Feach  |
|                   | 22 105f0: <del>mov r0, r3</del>           |
|                   | 23                                        |
|                   | 24 <assert_fail_base>:</assert_fail_base> |
|                   | 25                                        |
|                   | 26 11ef4: bl 10170 <abort></abort>        |















1) Move r2 into r1

2) Call printf()



Move r2 into r1
 Call printf()

 Two bursts of nops are necessary

#### Attack #1 : get the encryption key (2/2)



Move r2 into r1
 Call printf()

- Two bursts of nops are necessary
- More generic attacks to retrieve the key are presented in the paper

Idea: hijack cipher buffer to write custom data
 → ASCII characters in this example

memset(cipher, 0, BUF\_SIZE);
AESEncrypt(cipher, plain, key);
printf("%s\n", cipher);

- Idea: hijack cipher buffer to write custom data
   → ASCII characters in this example
  - Init → memset(cipher, 0, BUF\_SIZE); AESEncrypt(cipher, plain, key); printf("%s\n", cipher);

Idea: hijack cipher buffer to write custom data
 → ASCII characters in this example

Init → memset(cipher, 0, BUF\_SIZE); Attack → AESEncrypt(cipher, plain, key); printf("%s\n", cipher);

Idea: hijack cipher buffer to write custom data
 → ASCII characters in this example

Init → memset(cipher, 0, BUF\_SIZE); Attack → AESEncrypt(cipher, plain, key); Display → printf("%s\n", cipher);

Idea: hijack cipher buffer to write custom data
 → ASCII characters in this example

Init <u>memset(cipher, 0, BUF\_SIZE);</u> Attack <u>AESEncrypt(cipher, plain, key);</u> Display <u>printf("%s\n", cipher);</u>

• How? Take control of a loop to:

Idea: hijack cipher buffer to write custom data
 → ASCII characters in this example

Init <u>memset(cipher, 0, BUF\_SIZE);</u> Attack <u>AESEncrypt(cipher, plain, key);</u> Display <u>printf("%s\n", cipher);</u>

How? Take control of a loop to:
1) Re-create the address of cipher in register *Rm*

Idea: hijack cipher buffer to write custom data
 → ASCII characters in this example

Init <u>memset(cipher, 0, BUF\_SIZE);</u> Attack <u>AESEncrypt(cipher, plain, key);</u> Display <u>printf("%s\n", cipher);</u>

- How? Take control of a loop to:
  - Re-create the address of cipher in register *Rm* Set the decimal value for a character in register *Rs*

Idea: hijack cipher buffer to write custom data
 → ASCII characters in this example

Init <u>memset(cipher, 0, BUF\_SIZE);</u> Attack <u>AESEncrypt(cipher, plain, key);</u> Display <u>printf("%s\n", cipher);</u>

- How? Take control of a loop to:
  - 1) Re-create the address of cipher in register Rm
  - 2) Set the decimal value for a character in register Rs
  - 3) Find a store instruction that use Rm and Rs

- Illustration with "Hello World!"
- 1. Call AESEncrypt()

<AESEncrypt>:

- Illustration with "Hello World!"
- 1. Call AESEncrypt()



mov r0, #0 mov r1, #0

. . .

// the memory address
// the ASCII value

• Illustration with "Hello World!"

1. Call AESEncrypt()



cmp bne loop endloop:

• Illustration with "Hello World!"

 Call AESEncrypt()
 Do as many iteration as necessary <AESEncrypt>: ... mov r0, #0

mov r1, #0

. . .

loop:

// the memory address// the ASCII value

cmp bne loop endloop:

• Illustration with "Hello World!"

 Call AESEncrypt()
 Do as many iteration as necessary



bne loop endloop:

• Illustration with "Hello World!"

 Call AESEncrypt()
 Do as many iteration as necessary

```
<AESEncrypt>:
       . . .
  mov r0, #0
                    // the memory address
  mov r1, #0
                    // the ASCII value
loop:
  add r0, r0, #1
                    // Executed N times, with N = @cipher
  add r1, r1, #1
                    // Executed 72 times ('H' character)
                    // then always skipped
       . . .
  cmp
  bne loop
endloop:
```

• Illustration with "Hello World!"

- 1. Call AESEncrypt()
- 2. Do as many iteration as necessary
- 3. Exit the loop

```
<AESEncrypt>:
       . . .
  mov r0, #0
                    // the memory address
                    // the ASCII value
  mov r1, #0
loop:
  add r0, r0, #1
                    // Executed N times, with N = @cipher
  add r1, r1, #1
                    // Executed 72 times ('H' character)
                    // then always skipped
       . . .
  cmp
  bne loop
endloop:
```

• Illustration with "Hello World!"

- 1. Call AESEncrypt()
- 2. Do as many iteration as necessary
- 3. Exit the loop
- 4. Store the value

```
<AESEncrypt>:
       . . .
  mov r0, #0
                    // the memory address
                    // the ASCII value
  mov r1, #0
loop:
  add r0, r0, #1
                    // Executed N times, with N = @cipher
  add r1, r1, #1
                    // Executed 72 times ('H' character)
                     // then always skipped
       . . .
  cmp
  bne loop
endloop:
  str r1, [r0]
```

• Illustration with "Hello World!"

- 1. Call AESEncrypt()
- 2. Do as many iteration as necessary
- 3. Exit the loop
- 4. Store the value
- 5. Restart

```
<AESEncrypt>:
       . . .
  mov r0, #0
                    // the memory address
                    // the ASCII value
  mov r1, #0
loop:
  add r0, r0, #1
                    // Executed N times, with N = @cipher
  add r1, r1, #1
                    // Executed 72 times ('H' character)
                     // then always skipped
       . . .
  cmp
  bne loop
endloop:
  str r1, [r0]
```

#### Conclusion

#### Let's try to summarize and answer our questions

# Summary

#### • Q1. What are the possibilities for an attacker?

- Hijack CFG
- Control registers
- Write in memory
- $\rightarrow$  The attacker executes what he wants (full control)

# Summary

- Q1. What are the possibilities for an attacker?
  - Hijack CFG
  - Control registers
  - Write in memory
  - $\rightarrow$  The attacker executes what he wants (full control)
- Q2. Can we simulate this fault model?
  - gem5 simulator
    - Setup available at <a href="https://gitlab.inria.fr/gem5-nop/gem5">https://gitlab.inria.fr/gem5-nop/gem5</a>
    - Simulator modifications + all source code and binaries
  - Successfully retrieve a key with AES
  - Successfully altered memory

#### **Future Works**

- More realistic use-cases
  - Proof of concept
  - Extends to real applications (embedded OS?)
- Fault model in gem5 has to be enhanced (on-going internship)
  - More realistic fault model (replay more than one inst.)
- Propose countermeasures
  - Hardware (could depend on how the injection is made)
  - Software (HW independent)

# Thank You!

NOP-Oriented Programming: Should we Care? Pierre-Yves Péneau, Ludovic Claudepierre, Damien Hardy, Erven Rohou

