mirror of
https://github.com/fkie-cad/awesome-embedded-and-iot-security.git
synced 2024-12-17 20:14:28 -05:00
commit
0b20894419
44
readme.md
44
readme.md
@ -7,12 +7,12 @@
|
||||
|
||||
> A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.
|
||||
|
||||
Botnets like [Mirai](https://en.wikipedia.org/wiki/Mirai_(malware)) have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic.
|
||||
Botnets like [Mirai](<https://en.wikipedia.org/wiki/Mirai_(malware)>) have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic.
|
||||
If you are a beginner, you should have a look at the [Books](#books) and [Case Studies](#case-studies) sections.
|
||||
If you want to start right away with your own analysis, you should give the [Analysis Frameworks](#analysis-frameworks) a try.
|
||||
They are easy to use and you do not need to be an expert to get first meaningful results.
|
||||
|
||||
> *Items marked with :euro: are comercial products.*
|
||||
> _Items marked with :euro: are comercial products._
|
||||
|
||||
## Contents
|
||||
|
||||
@ -36,8 +36,8 @@ They are easy to use and you do not need to be an expert to get first meaningful
|
||||
- [Tutorials and Technical Background](#tutorials-and-technical-background)
|
||||
- [Conferences](#conferences)
|
||||
|
||||
|
||||
## Software Tools
|
||||
|
||||
Software tools for analyzing embedded/IoT devices and firmware.
|
||||
|
||||
### Analysis Frameworks
|
||||
@ -47,6 +47,7 @@ Software tools for analyzing embedded/IoT devices and firmware.
|
||||
- [Improving your firmware security analysis process with FACT](https://passthesalt.ubicast.tv/videos/improving-your-firmware-security-analysis-process-with-fact/) - Conference talk about FACT :tv:.
|
||||
- [FwAnalyzer](https://github.com/cruise-automation/fwanalyzer) - Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.
|
||||
- [HAL – The Hardware Analyzer](https://github.com/emsec/hal) - A comprehensive reverse engineering and manipulation framework for gate-level netlists.
|
||||
- [HomePWN](https://github.com/ElevenPaths/HomePWN) - Swiss Army Knife for Pentesting of IoT Devices.
|
||||
- [IoTSecFuzz](https://gitlab.com/invuls/iot-projects/iotsecfuzz) - Framework for automatisation of IoT layers security analysis: hardware, software and communication.
|
||||
- [Killerbee](https://github.com/riverloopsec/killerbee) - Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks.
|
||||
- [PRET](https://github.com/RUB-NDS/PRET) - Printer Exploitation Toolkit.
|
||||
@ -54,7 +55,7 @@ Software tools for analyzing embedded/IoT devices and firmware.
|
||||
|
||||
### Analysis Tools
|
||||
|
||||
- [Binwalk](https://github.com/ReFirmLabs/binwalk) - Searches a binary for "interesting" stuff.
|
||||
- [Binwalk](https://github.com/ReFirmLabs/binwalk) - Searches a binary for "interesting" stuff.
|
||||
- [Firmadyne](https://github.com/firmadyne/firmadyne) - Tries to emulate and pentest a firmware.
|
||||
- [Firmwalker](https://github.com/craigz28/firmwalker) - Searches extracted firmware images for interesting files and information.
|
||||
- [Firmware Slap](https://github.com/ChrisTheCoolHut/Firmware_Slap) - Discovering vulnerabilities in firmware through concolic analysis and function clustering.
|
||||
@ -76,7 +77,10 @@ Software tools for analyzing embedded/IoT devices and firmware.
|
||||
|
||||
### Misc Tools
|
||||
|
||||
- [Samsung Firmware Magic](https://github.com/chrivers/samsung-firmware-magic) - Decrypt Samsung SSD firmware updates.
|
||||
- [Cotopaxi](https://github.com/Samsung/cotopaxi) - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.
|
||||
- [dumpflash](https://github.com/ohjeongwook/dumpflash) - Low-level NAND Flash dump and parsing utility.
|
||||
- [flashrom](https://github.com/flashrom/flashrom) - Tool for detecting, reading, writing, verifying and erasing flash chips.
|
||||
- [Samsung Firmware Magic](https://github.com/chrivers/samsung-firmware-magic) - Decrypt Samsung SSD firmware updates.
|
||||
|
||||
## Hardware Tools
|
||||
|
||||
@ -86,12 +90,13 @@ Software tools for analyzing embedded/IoT devices and firmware.
|
||||
- [JTAGULATOR](http://www.grandideastudio.com/jtagulator/) - Detects JTAG Pinouts fast.
|
||||
- [Saleae](https://www.saleae.com/) - Easy to use Logic Analyzer that support many protocols :euro:.
|
||||
- [Ikalogic](https://www.ikalogic.com/pages/logic-analyzer-sp-series-sp209) - Alternative to Saleae logic analyzers :euro:.
|
||||
- [HydraBus](https://hydrabus.com/hydrabus-1-0-specifications/) - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
|
||||
- [HydraBus](https://hydrabus.com/hydrabus-1-0-specifications/) - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
|
||||
- [ChipWhisperer](https://newae.com/chipwhisperer/) - Detects Glitch/Side-channel attacks.
|
||||
- [Glasgow](https://github.com/GlasgowEmbedded/Glasgow) - Tool for exploring and debugging different digital interfaces.
|
||||
- [Glasgow](https://github.com/GlasgowEmbedded/Glasgow) - Tool for exploring and debugging different digital interfaces.
|
||||
- [J-Link](https://www.segger.com/products/debug-probes/j-link/models/model-overview/) - J-Link offers USB powered JTAG debug probes for multiple different CPU cores :euro:.
|
||||
|
||||
### Bluetooth BLE Tools
|
||||
|
||||
- [UberTooth One](https://greatscottgadgets.com/ubertoothone/) - Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.
|
||||
- [Bluefruit LE Sniffer](https://www.adafruit.com/product/2269) - Easy to use Bluetooth Low Energy sniffer.
|
||||
|
||||
@ -102,6 +107,7 @@ Software tools for analyzing embedded/IoT devices and firmware.
|
||||
- [Freakduino](https://freaklabsstore.com/index.php?main_page=product_info&cPath=22&products_id=219&zenid=fpmu2kuuk4abjf6aurt3bjnfk4) - Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer.
|
||||
|
||||
### SDR Tools
|
||||
|
||||
- [HackRF One](https://greatscottgadgets.com/hackrf/) - Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex).
|
||||
- [YardStick One](https://greatscottgadgets.com/yardstickone/) - Half-duplex sub-1 GHz wireless transceiver.
|
||||
- [LimeSDR](https://www.crowdsupply.com/lime-micro/limesdr) - Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex).
|
||||
@ -109,13 +115,14 @@ Software tools for analyzing embedded/IoT devices and firmware.
|
||||
- [USRP B Series](https://www.ettus.com/product-categories/usrp-bus-series/) - Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex).
|
||||
|
||||
### RFID NFC Tools
|
||||
|
||||
- [Proxmark 3 RDV4](https://www.proxmark.com/) - Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags.
|
||||
- [ChamaleonMini](http://chameleontiny.com/) - Programmable, portable tool for NFC security analysis.
|
||||
- [HydraNFC](https://hydrabus.com/hydranfc-1-0-specifications/) - Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate.
|
||||
|
||||
## Books
|
||||
|
||||
- 2020, Fotios Chantzis, Evangel Deirme, Ioannis Stais, Paulino Calderon, Beau Woods: [Practical IoT Hacking](https://www.amazon.com/Fotios-Chantzis-ebook/dp/B085BVVSN6/)
|
||||
- 2020, Fotios Chantzis, Evangel Deirme, Ioannis Stais, Paulino Calderon, Beau Woods: [Practical IoT Hacking](https://www.amazon.com/Fotios-Chantzis-ebook/dp/B085BVVSN6/)
|
||||
- 2020, Jasper van Woudenberg, Colin O'Flynn: [The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks](https://nostarch.com/hardwarehacking)
|
||||
- 2019, Yago Hansen: [The Hacker's Hardware Toolkit: The best collection of hardware gadgets for Red Team hackers, Pentesters and security researchers](https://github.com/yadox666/The-Hackers-Hardware-Toolkit/blob/master/TheHackersHardwareToolkit.pdf)
|
||||
- 2019, Aditya Gupta: [The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things](https://www.apress.com/us/book/9781484242995)
|
||||
@ -127,13 +134,15 @@ Software tools for analyzing embedded/IoT devices and firmware.
|
||||
- 2016, Craig Smith: [The Car Hacker's Handbook: A Guide for the Penetration Tester](https://nostarch.com/carhacking)
|
||||
- 2015, Keng Tiong Ng: [The Art of PCB Reverse Engineering](https://visio-for-engineers.blogspot.com/p/order.html)
|
||||
- 2015, Nitesh Dhanjan: [Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts](https://shop.oreilly.com/product/0636920033547.do)
|
||||
- 2015, Joshua Wright , Johnny Cache: [Hacking Wireless Exposed](https://www.mhprofessional.com/9780071827638-usa-hacking-exposed-wireless-third-edition-group)
|
||||
- 2015, Joshua Wright , Johnny Cache: [Hacking Wireless Exposed](https://www.mhprofessional.com/9780071827638-usa-hacking-exposed-wireless-third-edition-group)
|
||||
- 2014, Debdeep Mukhopadhyay: [Hardware Security: Design, Threats, and Safeguards](https://www.taylorfrancis.com/books/9780429066900)
|
||||
- 2014, Jack Ganssle: [The Firmware Handbook (Embedded Technology)](https://www.elsevier.com/books/the-firmware-handbook/ganssle/978-0-7506-7606-9)
|
||||
- 2013, Andrew Huang: [Hacking the XBOX](https://nostarch.com/xboxfree)
|
||||
|
||||
## Research Papers
|
||||
|
||||
<!--lint ignore match-punctuation-->
|
||||
|
||||
- 2019, Almakhdhub et al: [BenchIoT: A Security Benchmark for the Internet of Things](https://nebelwelt.net/publications/files/19DSN.pdf)
|
||||
- 2019, Alrawi et al: [SoK: Security Evaluation of Home-Based IoT Deployments](https://alrawi.github.io/static/papers/alrawi_sok_sp19.pdf)
|
||||
- 2019, Abbasi et al: [Challenges in Designing Exploit Mitigations for Deeply Embedded Systems](https://ieeexplore.ieee.org/abstract/document/8806725)
|
||||
@ -149,12 +158,13 @@ Software tools for analyzing embedded/IoT devices and firmware.
|
||||
- 2015, Papp et al: [Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy](http://www.cse.psu.edu/~pdm12/cse597g-f15/readings/cse597g-embedded_systems.pdf)
|
||||
- 2014, Zaddach et al: [Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares](http://www.eurecom.fr/en/publication/4158/download/rs-publi-4158.pdf)
|
||||
- 2014, Alimi et al: [Analysis of embedded applications by evolutionary fuzzing](http://ieeexplore.ieee.org/document/6903734/)
|
||||
- 2014, Costin et al: [A Large-Scale Analysis of the Security of Embedded Firmware
|
||||
s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf)
|
||||
- 2014, Costin et al: [A Large-Scale Analysis of the Security of Embedded Firmwares](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf)
|
||||
- 2013, Davidson et al: [FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution](https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_davidson.pdf)
|
||||
|
||||
## Case Studies
|
||||
|
||||
<!--lint ignore no-repeat-punctuation-->
|
||||
|
||||
- [Binary Hardening in IoT products](https://cyber-itl.org/2019/08/26/iot-data-writeup.html)
|
||||
- [Cracking Linksys “Encryption”](http://www.devttys0.com/2014/02/cracking-linksys-crypto/)
|
||||
- [Deadly Sins Of Development](https://youtu.be/nXyglaY9N9w) - Conference talk presenting several real world examples on real bad implementations :tv:.
|
||||
@ -181,19 +191,20 @@ s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf)
|
||||
|
||||
- [Hacking Printers Wiki](http://hacking-printers.net/wiki/index.php/Main_Page) - All things printer.
|
||||
- [OWASP Embedded Application Security Project](https://owasp.org/www-project-embedded-application-security/) - Development best practices and list of hardware and software tools.
|
||||
- [OWASP Internet of Things Project](https://owasp.org/www-project-internet-of-things/) - IoT common vulnerabilities and attack surfaces.
|
||||
- [OWASP Internet of Things Project](https://owasp.org/www-project-internet-of-things/) - IoT common vulnerabilities and attack surfaces.
|
||||
- [Router Passwords](https://192-168-1-1ip.mobi/default-router-passwords-list/) - Default login credential database sorted by manufacturer.
|
||||
- [Siliconpr0n](https://siliconpr0n.org/) - A Wiki/Archive of all things IC reversing.
|
||||
|
||||
### Blogs
|
||||
|
||||
<!--lint ignore no-repeat-punctuation-->
|
||||
|
||||
- [/dev/ttyS0's Embedded Device Hacking](http://www.devttys0.com/blog/)
|
||||
- [Exploiteers](https://www.exploitee.rs/)
|
||||
- [Hackaday](https://hackaday.com)
|
||||
- [jcjc's Hack The World](https://jcjc-dev.com/)
|
||||
- [Quarkslab](https://blog.quarkslab.com/)
|
||||
- [wrong baud](https://wrongbaud.github.io/)
|
||||
|
||||
- [Firmware Security](https://firmwaresecurity.com/)
|
||||
- [PenTestPartners](https://www.pentestpartners.com/internet-of-things/)
|
||||
- [Attify](https://blog.attify.com/)
|
||||
@ -201,19 +212,19 @@ s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf)
|
||||
- [GracefulSecurity - Hardware tag](https://gracefulsecurity.com/category/hardware/)
|
||||
- [Black Hills - Hardware Hacking tag](https://www.blackhillsinfosec.com/tag/hardware-hacking/)
|
||||
|
||||
|
||||
### Tutorials and Technical Background
|
||||
|
||||
- [Azeria Lab](https://azeria-labs.com/) - Miscellaneous ARM related Tutorials.
|
||||
- [JTAG Explained](https://blog.senr.io/blog/jtag-explained#) - A walkthrough covering UART and JTAG bypassing a protected login shell.
|
||||
- [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/) - Detailed tutorial about how to spot debug pads on a PCB.
|
||||
- [UART explained](https://www.mikroe.com/blog/uart-serial-communication) - An in depth explanation of the UART protocol.
|
||||
|
||||
|
||||
## Conferences
|
||||
|
||||
Conferences focused on embedded and/or IoT security.
|
||||
|
||||
- [Hardwear.io](https://hardwear.io/) - The Hague, September.
|
||||
- [Hardwear.io USA](https://hardwear.io/) - Santa Clara, June.
|
||||
- [Hardwear.io USA](https://hardwear.io/) - Santa Clara, June.
|
||||
|
||||
## Contribute
|
||||
|
||||
@ -225,4 +236,3 @@ Contributions welcome! Read the [contribution guidelines](contributing.md) first
|
||||
|
||||
To the extent possible under law, Fraunhofer FKIE has waived all copyright and
|
||||
related or neighboring rights to this work.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user