RISC-V Assembly

Xeno Kovah
March, 2024

Abstract

The RISC-V architecture is the new hotness! It’s going to take over the world! (Or is it?… (It is!;))) But what is RISC-V, and why should you care?

RISC-V is an open source Instruction Set Architecture (ISA). Or, in reality, a small, tight-knit family of ISAs and ISA extensions. The multiple ISAs allow it to be modular and be cut down to work for a 32-bit embedded system, or scaled up for a 64-bit desktop system. (And there’s even a fairly clear path to 128-bit super-computer extensions in the future.)

But it’s the open-source aspect of RISC-V which is what will make it take over. In a world where many embedded device makers use ARM ISAs, but have to pay ARM a licensing fee, what company wouldn’t want to investigate making their chips without paying licensing fees to ARM, or Tensilica, or others? E.g. in 2022 Espressif indicated they’ll be using RISC-V exclusively for all future chips. So in the same way that Linux found some clearly beneficial early niches, and kept expanding from there, RISC-V has begun to find its niches, and natural market forces will cause it to continue expand. So this is the class where you can get ahead of the curve, and learn RISC-V assembly language, and be able to reverse engineer software written for RISC-V hardware!

In this class we take a top-down approach of looking at simple C code, compiling it, and then understanding the assembly instructions that were generated. We look at new C examples designed to introduce the fewest new instructions at a time. And we use programatically-randomized games and spaced repetition to reinforce the student’s memorization of what the instructions do. The class outline is as follows:

If all this sounds super-cool to you, that’s because it is! To train your engineers on this future-facing computer architecture, reach out to us with info about how many students you’d like us to teach, and where.

Full class outline
  • Introduction
  • Registers
  • Your first instruction - No-op.
    • Instructions learned - NOP, ADDI
  • Just returning from a function + learning about the stack.
    • Instructions learned - LI, RET, JR, JALR, SD, LD, MOV, C.JR, C.SDSP, C.LDSP, C.ADDI4SPN, C.ADDI
  • Understanding local variables.
    • Instructions learned - SW, LW, SH, LH, LHU, SB, LBU, LB, LUI, AUIPC, ADD, ADDW, ADDIW, SUBW, SEXT.W, C.MV, C.ADDI16SP, C.LD, C.ADD, C.ADDIW
  • Calling functions and calling conventions.
    • Instructions learned - JAL, CALL, J, SUB, C.SUB
  • Boolean operations.
    • Instructions learned - AND, OR, XOR, NOT, C.AND, C.OR, C.XOR, XORI, ANDI, ORI, ZEXT.B
  • Control flow.
    • Instructions learned - BNE, BGE, BGEU, BLT, BLTU, BNEZ, C.BNEZ, BEQZ, BEQ, C.BEQZ, BGTZ, BLTZ
  • Bit shifting.
    • Instructions learned - SLLI, SRLI, SRAI, SLL, SRL, SRA, SLLW, SRLW, SRAW, SLLIW, SRLIW, SRAIW, LWU, C.SUBW, C.SLLI, C.SRLI, C.SRAI
  • “Set-if” instructions.
    • Instructions learned - SNEZ, SLTU, SGTZ, SLT, SLTI, SLTIU
  • The stragglers that we just need to collect in order to complete our full set of base 32 and 64-bit instructions!
    • Instructions learned - FENCE, ECALL, EBREAK
  • “M” standard ISA extension - Multiplication, Division, and Remainder.
    • Instructions learned - MUL, DIVU, REMU, MULHU, MULW, DIVUW, REMUW, DIV, REM, DIVW, REMW, MULH, MULHSU
  • Read The Fun Manual!
  • Writing inline assembly for fun and understanding!
  • The infamous CMU Binary Bomb - now with 100% more RISC-V! With an option to use the Ghidra Software Reverse Engineering (SRE) tool, instead of just plain GDB!
Request Training Quote

Assembly RISC-V RV32I RV64I RV32G RV64G Linux QEMU debugging gdb Ghidra Reverse Engineering binary-bomb-lab MangoPi
Xeno Kovah
Xeno Kovah
Dark Mentor Level X

Hacking firmware like it’s no big deal.