Merge pull request #17 from fkie-cad/new_content

New content
This commit is contained in:
Peter Weidenbach 2020-05-05 15:16:13 +02:00 committed by GitHub
commit 0b20894419
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -7,12 +7,12 @@
> A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.
Botnets like [Mirai](https://en.wikipedia.org/wiki/Mirai_(malware)) have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic.
Botnets like [Mirai](<https://en.wikipedia.org/wiki/Mirai_(malware)>) have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic.
If you are a beginner, you should have a look at the [Books](#books) and [Case Studies](#case-studies) sections.
If you want to start right away with your own analysis, you should give the [Analysis Frameworks](#analysis-frameworks) a try.
They are easy to use and you do not need to be an expert to get first meaningful results.
> *Items marked with :euro: are comercial products.*
> _Items marked with :euro: are comercial products._
## Contents
@ -36,8 +36,8 @@ They are easy to use and you do not need to be an expert to get first meaningful
- [Tutorials and Technical Background](#tutorials-and-technical-background)
- [Conferences](#conferences)
## Software Tools
Software tools for analyzing embedded/IoT devices and firmware.
### Analysis Frameworks
@ -47,6 +47,7 @@ Software tools for analyzing embedded/IoT devices and firmware.
- [Improving your firmware security analysis process with FACT](https://passthesalt.ubicast.tv/videos/improving-your-firmware-security-analysis-process-with-fact/) - Conference talk about FACT :tv:.
- [FwAnalyzer](https://github.com/cruise-automation/fwanalyzer) - Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.
- [HAL The Hardware Analyzer](https://github.com/emsec/hal) - A comprehensive reverse engineering and manipulation framework for gate-level netlists.
- [HomePWN](https://github.com/ElevenPaths/HomePWN) - Swiss Army Knife for Pentesting of IoT Devices.
- [IoTSecFuzz](https://gitlab.com/invuls/iot-projects/iotsecfuzz) - Framework for automatisation of IoT layers security analysis: hardware, software and communication.
- [Killerbee](https://github.com/riverloopsec/killerbee) - Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks.
- [PRET](https://github.com/RUB-NDS/PRET) - Printer Exploitation Toolkit.
@ -76,6 +77,9 @@ Software tools for analyzing embedded/IoT devices and firmware.
### Misc Tools
- [Cotopaxi](https://github.com/Samsung/cotopaxi) - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.
- [dumpflash](https://github.com/ohjeongwook/dumpflash) - Low-level NAND Flash dump and parsing utility.
- [flashrom](https://github.com/flashrom/flashrom) - Tool for detecting, reading, writing, verifying and erasing flash chips.
- [Samsung Firmware Magic](https://github.com/chrivers/samsung-firmware-magic) - Decrypt Samsung SSD firmware updates.
## Hardware Tools
@ -92,6 +96,7 @@ Software tools for analyzing embedded/IoT devices and firmware.
- [J-Link](https://www.segger.com/products/debug-probes/j-link/models/model-overview/) - J-Link offers USB powered JTAG debug probes for multiple different CPU cores :euro:.
### Bluetooth BLE Tools
- [UberTooth One](https://greatscottgadgets.com/ubertoothone/) - Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.
- [Bluefruit LE Sniffer](https://www.adafruit.com/product/2269) - Easy to use Bluetooth Low Energy sniffer.
@ -102,6 +107,7 @@ Software tools for analyzing embedded/IoT devices and firmware.
- [Freakduino](https://freaklabsstore.com/index.php?main_page=product_info&cPath=22&products_id=219&zenid=fpmu2kuuk4abjf6aurt3bjnfk4) - Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer.
### SDR Tools
- [HackRF One](https://greatscottgadgets.com/hackrf/) - Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex).
- [YardStick One](https://greatscottgadgets.com/yardstickone/) - Half-duplex sub-1 GHz wireless transceiver.
- [LimeSDR](https://www.crowdsupply.com/lime-micro/limesdr) - Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex).
@ -109,6 +115,7 @@ Software tools for analyzing embedded/IoT devices and firmware.
- [USRP B Series](https://www.ettus.com/product-categories/usrp-bus-series/) - Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex).
### RFID NFC Tools
- [Proxmark 3 RDV4](https://www.proxmark.com/) - Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags.
- [ChamaleonMini](http://chameleontiny.com/) - Programmable, portable tool for NFC security analysis.
- [HydraNFC](https://hydrabus.com/hydranfc-1-0-specifications/) - Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate.
@ -133,7 +140,9 @@ Software tools for analyzing embedded/IoT devices and firmware.
- 2013, Andrew Huang: [Hacking the XBOX](https://nostarch.com/xboxfree)
## Research Papers
<!--lint ignore match-punctuation-->
- 2019, Almakhdhub et al: [BenchIoT: A Security Benchmark for the Internet of Things](https://nebelwelt.net/publications/files/19DSN.pdf)
- 2019, Alrawi et al: [SoK: Security Evaluation of Home-Based IoT Deployments](https://alrawi.github.io/static/papers/alrawi_sok_sp19.pdf)
- 2019, Abbasi et al: [Challenges in Designing Exploit Mitigations for Deeply Embedded Systems](https://ieeexplore.ieee.org/abstract/document/8806725)
@ -149,12 +158,13 @@ Software tools for analyzing embedded/IoT devices and firmware.
- 2015, Papp et al: [Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy](http://www.cse.psu.edu/~pdm12/cse597g-f15/readings/cse597g-embedded_systems.pdf)
- 2014, Zaddach et al: [Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares](http://www.eurecom.fr/en/publication/4158/download/rs-publi-4158.pdf)
- 2014, Alimi et al: [Analysis of embedded applications by evolutionary fuzzing](http://ieeexplore.ieee.org/document/6903734/)
- 2014, Costin et al: [A Large-Scale Analysis of the Security of Embedded Firmware
s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf)
- 2014, Costin et al: [A Large-Scale Analysis of the Security of Embedded Firmwares](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf)
- 2013, Davidson et al: [FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution](https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_davidson.pdf)
## Case Studies
<!--lint ignore no-repeat-punctuation-->
- [Binary Hardening in IoT products](https://cyber-itl.org/2019/08/26/iot-data-writeup.html)
- [Cracking Linksys “Encryption”](http://www.devttys0.com/2014/02/cracking-linksys-crypto/)
- [Deadly Sins Of Development](https://youtu.be/nXyglaY9N9w) - Conference talk presenting several real world examples on real bad implementations :tv:.
@ -186,14 +196,15 @@ s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf)
- [Siliconpr0n](https://siliconpr0n.org/) - A Wiki/Archive of all things IC reversing.
### Blogs
<!--lint ignore no-repeat-punctuation-->
- [/dev/ttyS0's Embedded Device Hacking](http://www.devttys0.com/blog/)
- [Exploiteers](https://www.exploitee.rs/)
- [Hackaday](https://hackaday.com)
- [jcjc's Hack The World](https://jcjc-dev.com/)
- [Quarkslab](https://blog.quarkslab.com/)
- [wrong baud](https://wrongbaud.github.io/)
- [Firmware Security](https://firmwaresecurity.com/)
- [PenTestPartners](https://www.pentestpartners.com/internet-of-things/)
- [Attify](https://blog.attify.com/)
@ -201,15 +212,15 @@ s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf)
- [GracefulSecurity - Hardware tag](https://gracefulsecurity.com/category/hardware/)
- [Black Hills - Hardware Hacking tag](https://www.blackhillsinfosec.com/tag/hardware-hacking/)
### Tutorials and Technical Background
- [Azeria Lab](https://azeria-labs.com/) - Miscellaneous ARM related Tutorials.
- [JTAG Explained](https://blog.senr.io/blog/jtag-explained#) - A walkthrough covering UART and JTAG bypassing a protected login shell.
- [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/) - Detailed tutorial about how to spot debug pads on a PCB.
- [UART explained](https://www.mikroe.com/blog/uart-serial-communication) - An in depth explanation of the UART protocol.
## Conferences
Conferences focused on embedded and/or IoT security.
- [Hardwear.io](https://hardwear.io/) - The Hague, September.
@ -225,4 +236,3 @@ Contributions welcome! Read the [contribution guidelines](contributing.md) first
To the extent possible under law, Fraunhofer FKIE has waived all copyright and
related or neighboring rights to this work.