Static analysis of Arm binaries typically doesn't require a full Arm environment. Disassemblers such as Ghidra and IDA, for example, will happily analyze Arm binaries while running on non‐Arm machines because they know how to interpret and show the disassembled machine code inside those binaries. But what happens when we want to run those Arm programs in the context of dynamic analysis? For this, we will need to set up and run those Arm executables inside an Arm‐based environment.

When setting up an Arm environment, we generally have three options. The first is obvious: we can use a local environment on physical Arm hardware like an Arm‐based laptop, server, or dedicated Arm board. Until recently, researchers had to purchase dedicated Arm boards, with the Raspberry Pi surfacing as the most affordable option. That changed over the past few years, as laptops and servers with Arm chipsets become increasingly common. Championed by the release of Apple's custom‐built M1 chip, the majority of Mac devices are now based on the Arm architecture.

The second option is to use an emulator. Using emulators such as QEMU, we can create a virtual Arm environment capable of decoding and executing Arm programs entirely in software. Our target binary can be run inside this virtualized environment, unaware that its Arm CPU is implemented in software running on a CPU based on a completely different architecture.

The third option is to use a cloud‐based Arm environment, ...