Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

abelrguezr/mte-memory-tagging

Name: mte-memory-tagging
Author: abelrguezr

skills/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte/SKILL.md

npx skillsauth add abelrguezr/hacktricks-skills mte-memory-tagging

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Memory Tagging Extension (MTE) Analysis & Bypass

A comprehensive guide to understanding, detecting, and bypassing ARM's Memory Tagging Extension for binary exploitation.

What is MTE?

Memory Tagging Extension (MTE) is a hardware-based memory protection mechanism in ARM architecture that detects and prevents memory-related errors like buffer overflows and use-after-free vulnerabilities.

Core Concept

MTE works by:

Dividing memory into 16-byte blocks, each assigned a 4-bit tag
Storing tags in unused pointer bits (top byte of 64-bit pointers)
Checking tag matches on every memory access
Raising exceptions when tags don't match

Pointer structure (64-bit ARM):
┌─────────────────────────────────────────────────────────────┐
│ 31-28: TAG (4 bits) │ 27-0: Address bits                    │
└─────────────────────────────────────────────────────────────┘

MTE Checking Modes

| Mode | Behavior | Performance | Security | |------|----------|-------------|----------| | Sync | Immediate check, raises SIGSEGV (SEGV_MTESERR) | Slowest | Highest | | Async | Deferred check, sets exception bit, SIGSEGV (SEGV_MTEAERR) | Faster | Lower | | Mixed | Per-core preferences via /sys/devices/system/cpu/cpu*/mte_tcf_preferred | Variable | Variable |

Detection via Syscall

# Check if MTE is enabled on the system
cat /sys/devices/system/cpu/cpu*/mte_tcf_preferred

# Check process MTE status
cat /proc/<pid>/auxv | grep -i mte

MTE in Kernel (KASAN)

The kernel implements MTE through Hardware Tag-Based KASAN:

How Kernel MTE Works

kmalloc() allocates memory and assigns a random tag (0-13)
Tag is attached to both memory granules and returned pointer
Only requested size is tagged - remaining granules get invalid tag (0xE)
kfree() retags memory with invalid tag (0xE)

Tag Values

| Tag | Meaning | |-----|---------| | 0x0-0xD | Valid random tags (14 values) | | 0xE | Invalid tag (unallocated memory) | | 0xF | Match-all tag (bypasses MTE) |

Critical Limitations

7% Tag Collision Rate: With only 14 usable tags, probability of tag reuse is ~1/17 (7%)
Last Granule Bug: If you request 35 bytes, you get 48 bytes (3 granules). Bytes 36-47 use the same tag but aren't detected as OOB
Use-After-Free Bypass: If freed chunk is reallocated with the same tag, UAF isn't detected (~7% chance)
Limited Coverage: Only slab and page_alloc use MTE; vmalloc, stack, and globals may still be exploitable

Exploitation Scenarios

Scenario 1: Buffer Overflow with MTE

Challenge: Writing past allocated buffer

MTE Behavior:

If overflow stays within tagged granules: Not detected
If overflow hits untagged granule (0xE): Detected, kernel panic
If overflow hits different tag: Detected, kernel panic
If overflow hits same tag (7%): Not detected

Bypass Strategy:

1. Map memory layout to find granule boundaries
2. Exploit within last granule (bytes 36-47 in 35-byte allocation)
3. Or rely on 7% tag collision probability
4. Or use speculative execution (TikTag) to leak tags

Scenario 2: Use-After-Free with MTE

Challenge: Accessing freed memory

MTE Behavior:

Freed memory gets invalid tag (0xE)
Access with old pointer tag: Detected
Reallocation with same tag (7%): Not detected

Bypass Strategy:

1. Trigger UAF immediately after free (before reallocation)
2. Control allocation to get same tag
3. Use heap spraying to increase collision probability
4. Or leak tag via TikTag and craft matching pointer

TikTag: Speculative Execution Bypass

TikTag (2024) demonstrated that MTE can be bypassed via speculative execution side channels.

Attack Overview

Leak 4-bit allocation tag in <4 seconds with >95% success
Speculatively touch cache lines and observe prefetch-induced timing
Derandomize tags for Chrome, Android services, or Linux kernel
Craft pointers with leaked tag to bypass MTE
Pivot to retagging fake slabs for full exploitation

Impact

Collapses probabilistic assumptions: 7% false-negative becomes near-100% reliability
Classic heap exploits work: UAF, OOB regain full effectiveness
Hardware tagging schemes vulnerable: Speculative side channels remain viable bypass path

Mitigation

Disable speculative execution features
Use constant-time tag operations
Combine with other mitigations (ASLR, stack canaries)

Practical Detection Checklist

When analyzing an ARM binary or system:

# 1. Check MTE support
grep -i mte /proc/cpuinfo

# 2. Check MTE mode
cat /sys/devices/system/cpu/cpu*/mte_tcf_preferred

# 3. Check for MTE-related crashes
# SIGSEGV with SEGV_MTESERR = sync MTE violation
# SIGSEGV with SEGV_MTEAERR = async MTE violation

# 4. Check kernel MTE (KASAN)
dmesg | grep -i mte
dmesg | grep -i kasan

# 5. Check process MTE status
cat /proc/<pid>/auxv | grep -i mte

Bypass Decision Tree

Is MTE enabled?
├─ No → Standard exploitation
└─ Yes
   ├─ Can you stay within tagged granules?
   │  └─ Yes → Exploit within last granule
   ├─ Can you control allocation?
   │  ├─ Yes → Heap spray for tag collision (7%)
   │  └─ No → Try speculative execution (TikTag)
   ├─ Is it async mode?
   │  └─ Yes → Complete attack before exception
   └─ Can you leak tags?
      └─ Yes → Craft matching pointers

Key Takeaways

MTE is probabilistic: 7% tag collision rate means it's not 100% effective
Last granule is exploitable: Unrequested bytes in final granule aren't protected
Async mode is weaker: Gives attackers time to complete attacks
TikTag breaks assumptions: Speculative execution can leak tags and bypass MTE
Not all memory is tagged: vmalloc, stack, and globals may still be vulnerable

References

ARM MTE Tutorial Video
TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution
ARM MTE Documentation

When to Use This Skill

Use this skill when:

Analyzing ARM binaries with memory protections
Debugging SIGSEGV crashes with MTE error codes
Investigating use-after-free or buffer overflow vulnerabilities on ARM
Researching hardware memory protections
Developing exploits for ARM systems with MTE enabled
Understanding KASAN and kernel memory protections
Working with ARM security features in general

abelrguezr/mte-memory-tagging

skills/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte/SKILL.md

Memory Tagging Extension (MTE) analysis and bypass for ARM binary exploitation. Use this skill whenever working with ARM binaries, analyzing memory protections, debugging MTE-related crashes (SIGSEGV with SEGV_MTESERR/SEGV_MTEAERR), investigating use-after-free or buffer overflow vulnerabilities on ARM systems, or when the user mentions MTE, memory tagging, ARM security, KASAN, or hardware memory protections. This skill covers MTE fundamentals, detection, and bypass techniques including speculative execution attacks like TikTag.

5 stars

tools

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add abelrguezr/hacktricks-skills mte-memory-tagging

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 16, 2026, 2:08 AM21.1s1 file scanned

SKILL.md

name:: mte-memory-tagging
description:: Memory Tagging Extension (MTE) analysis and bypass for ARM binary exploitation. Use this skill whenever working with ARM binaries, analyzing memory protections, debugging MTE-related crashes (SIGSEGV with SEGV_MTESERR/SEGV_MTEAERR), investigating use-after-free or buffer overflow vulnerabilities on ARM systems, or when the user mentions MTE, memory tagging, ARM security, KASAN, or hardware memory protections. This skill covers MTE fundamentals, detection, and bypass techniques including speculative execution attacks like TikTag.

Memory Tagging Extension (MTE) Analysis & Bypass

A comprehensive guide to understanding, detecting, and bypassing ARM's Memory Tagging Extension for binary exploitation.

What is MTE?

Core Concept

MTE works by:

Dividing memory into 16-byte blocks, each assigned a 4-bit tag
Storing tags in unused pointer bits (top byte of 64-bit pointers)
Checking tag matches on every memory access
Raising exceptions when tags don't match

Pointer structure (64-bit ARM):
┌─────────────────────────────────────────────────────────────┐
│ 31-28: TAG (4 bits) │ 27-0: Address bits                    │
└─────────────────────────────────────────────────────────────┘

MTE Checking Modes

Detection via Syscall

# Check if MTE is enabled on the system
cat /sys/devices/system/cpu/cpu*/mte_tcf_preferred

# Check process MTE status
cat /proc/<pid>/auxv | grep -i mte

MTE in Kernel (KASAN)

The kernel implements MTE through Hardware Tag-Based KASAN:

How Kernel MTE Works

kmalloc() allocates memory and assigns a random tag (0-13)
Tag is attached to both memory granules and returned pointer
Only requested size is tagged - remaining granules get invalid tag (0xE)
kfree() retags memory with invalid tag (0xE)

Tag Values

| Tag | Meaning | |-----|---------| | 0x0-0xD | Valid random tags (14 values) | | 0xE | Invalid tag (unallocated memory) | | 0xF | Match-all tag (bypasses MTE) |

Critical Limitations

7% Tag Collision Rate: With only 14 usable tags, probability of tag reuse is ~1/17 (7%)
Last Granule Bug: If you request 35 bytes, you get 48 bytes (3 granules). Bytes 36-47 use the same tag but aren't detected as OOB
Use-After-Free Bypass: If freed chunk is reallocated with the same tag, UAF isn't detected (~7% chance)
Limited Coverage: Only slab and page_alloc use MTE; vmalloc, stack, and globals may still be exploitable

Exploitation Scenarios

Scenario 1: Buffer Overflow with MTE

Challenge: Writing past allocated buffer

MTE Behavior:

If overflow stays within tagged granules: Not detected
If overflow hits untagged granule (0xE): Detected, kernel panic
If overflow hits different tag: Detected, kernel panic
If overflow hits same tag (7%): Not detected

Bypass Strategy:

1. Map memory layout to find granule boundaries
2. Exploit within last granule (bytes 36-47 in 35-byte allocation)
3. Or rely on 7% tag collision probability
4. Or use speculative execution (TikTag) to leak tags

Scenario 2: Use-After-Free with MTE

Challenge: Accessing freed memory

MTE Behavior:

Freed memory gets invalid tag (0xE)
Access with old pointer tag: Detected
Reallocation with same tag (7%): Not detected

Bypass Strategy:

1. Trigger UAF immediately after free (before reallocation)
2. Control allocation to get same tag
3. Use heap spraying to increase collision probability
4. Or leak tag via TikTag and craft matching pointer

TikTag: Speculative Execution Bypass

TikTag (2024) demonstrated that MTE can be bypassed via speculative execution side channels.

Attack Overview

Leak 4-bit allocation tag in <4 seconds with >95% success
Speculatively touch cache lines and observe prefetch-induced timing
Derandomize tags for Chrome, Android services, or Linux kernel
Craft pointers with leaked tag to bypass MTE
Pivot to retagging fake slabs for full exploitation

Impact

Collapses probabilistic assumptions: 7% false-negative becomes near-100% reliability
Classic heap exploits work: UAF, OOB regain full effectiveness
Hardware tagging schemes vulnerable: Speculative side channels remain viable bypass path

Mitigation

Disable speculative execution features
Use constant-time tag operations
Combine with other mitigations (ASLR, stack canaries)

Practical Detection Checklist

When analyzing an ARM binary or system:

# 1. Check MTE support
grep -i mte /proc/cpuinfo

# 2. Check MTE mode
cat /sys/devices/system/cpu/cpu*/mte_tcf_preferred

# 3. Check for MTE-related crashes
# SIGSEGV with SEGV_MTESERR = sync MTE violation
# SIGSEGV with SEGV_MTEAERR = async MTE violation

# 4. Check kernel MTE (KASAN)
dmesg | grep -i mte
dmesg | grep -i kasan

# 5. Check process MTE status
cat /proc/<pid>/auxv | grep -i mte

Bypass Decision Tree

Is MTE enabled?
├─ No → Standard exploitation
└─ Yes
   ├─ Can you stay within tagged granules?
   │  └─ Yes → Exploit within last granule
   ├─ Can you control allocation?
   │  ├─ Yes → Heap spray for tag collision (7%)
   │  └─ No → Try speculative execution (TikTag)
   ├─ Is it async mode?
   │  └─ Yes → Complete attack before exception
   └─ Can you leak tags?
      └─ Yes → Craft matching pointers

Key Takeaways

MTE is probabilistic: 7% tag collision rate means it's not 100% effective
Last granule is exploitable: Unrequested bytes in final granule aren't protected
Async mode is weaker: Gives attackers time to complete attacks
TikTag breaks assumptions: Speculative execution can leak tags and bypass MTE
Not all memory is tagged: vmalloc, stack, and globals may still be vulnerable

References

ARM MTE Tutorial Video
TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution
ARM MTE Documentation

When to Use This Skill

Use this skill when:

Analyzing ARM binaries with memory protections
Debugging SIGSEGV crashes with MTE error codes
Investigating use-after-free or buffer overflow vulnerabilities on ARM
Researching hardware memory protections
Developing exploits for ARM systems with MTE enabled
Understanding KASAN and kernel memory protections
Working with ARM security features in general

Related Skills

abelrguezr/house-of-lore-exploit

testing

VerifiedTrustedCommunity

How to perform a House of Lore (small bin attack) heap exploitation. Use this skill whenever the user mentions heap exploitation, small bin attacks, fake chunks, glibc heap vulnerabilities, or needs to insert fake chunks into small bins for arbitrary read/write. Trigger for CTF challenges involving heap corruption, glibc 2.31+ exploitation, or when the user needs to bypass malloc sanity checks using fake chunk linking.

5SKILL.mdUpdated Apr 16, 2026

abelrguezr/house-of-lore-exploit

abelrguezr/house-of-force-exploit

testing

VerifiedTrustedCommunity

How to perform House of Force heap exploitation attacks. Use this skill whenever the user mentions heap exploitation, House of Force, top chunk manipulation, arbitrary memory allocation, malloc manipulation, or wants to allocate chunks at specific addresses. Also trigger for CTF challenges involving heap overflows, top chunk size overwrites, or when the user needs to calculate evil_size for heap attacks. Make sure to use this skill for any binary exploitation task involving glibc heap manipulation, even if they don't explicitly say "House of Force".

5SKILL.mdUpdated Apr 16, 2026

abelrguezr/house-of-force-exploit

abelrguezr/house-of-einherjar

tools

VerifiedTrustedCommunity

How to perform House of Einherjar heap exploitation to allocate memory at arbitrary addresses. Use this skill whenever the user mentions heap exploitation, glibc heap attacks, arbitrary memory allocation, off-by-one overflow exploitation, tcache poisoning, fast bin attacks, or any CTF challenge involving heap manipulation. This is essential for binary exploitation tasks where you need to control malloc() return addresses.

5SKILL.mdUpdated Apr 16, 2026

abelrguezr/house-of-einherjar

abelrguezr/heap-overflow-exploitation

testing

VerifiedTrustedCommunity

How to identify, analyze, and exploit heap overflow vulnerabilities in binary exploitation challenges and real-world scenarios. Use this skill whenever the user mentions heap overflows, memory corruption, heap grooming, tcache poisoning, fast-bin attacks, or any heap-related vulnerability in CTF challenges, binary analysis, or security research. This skill covers heap overflow fundamentals, exploitation techniques, heap grooming strategies, and real-world CVE analysis.

5SKILL.mdUpdated Apr 16, 2026

abelrguezr/heap-overflow-exploitation

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/abelrguezr/hacktricks-skills.git

# Copy into Claude Code skills folder (global)
cp -r hacktricks-skills/skills/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

abelrguezr/hacktricks-skills

5 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT