diff --git a/readme.md b/readme.md index 3275ebe..08bf042 100644 --- a/readme.md +++ b/readme.md @@ -7,12 +7,12 @@ > A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more. -Botnets like [Mirai](https://en.wikipedia.org/wiki/Mirai_(malware)) have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic. +Botnets like [Mirai]() have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic. If you are a beginner, you should have a look at the [Books](#books) and [Case Studies](#case-studies) sections. If you want to start right away with your own analysis, you should give the [Analysis Frameworks](#analysis-frameworks) a try. They are easy to use and you do not need to be an expert to get first meaningful results. -> *Items marked with :euro: are comercial products.* +> _Items marked with :euro: are comercial products._ ## Contents @@ -36,8 +36,8 @@ They are easy to use and you do not need to be an expert to get first meaningful - [Tutorials and Technical Background](#tutorials-and-technical-background) - [Conferences](#conferences) - ## Software Tools + Software tools for analyzing embedded/IoT devices and firmware. ### Analysis Frameworks @@ -47,6 +47,7 @@ Software tools for analyzing embedded/IoT devices and firmware. - [Improving your firmware security analysis process with FACT](https://passthesalt.ubicast.tv/videos/improving-your-firmware-security-analysis-process-with-fact/) - Conference talk about FACT :tv:. - [FwAnalyzer](https://github.com/cruise-automation/fwanalyzer) - Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI. - [HAL – The Hardware Analyzer](https://github.com/emsec/hal) - A comprehensive reverse engineering and manipulation framework for gate-level netlists. +- [HomePWN](https://github.com/ElevenPaths/HomePWN) - Swiss Army Knife for Pentesting of IoT Devices. - [IoTSecFuzz](https://gitlab.com/invuls/iot-projects/iotsecfuzz) - Framework for automatisation of IoT layers security analysis: hardware, software and communication. - [Killerbee](https://github.com/riverloopsec/killerbee) - Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks. - [PRET](https://github.com/RUB-NDS/PRET) - Printer Exploitation Toolkit. @@ -76,7 +77,10 @@ Software tools for analyzing embedded/IoT devices and firmware. ### Misc Tools -- [Samsung Firmware Magic](https://github.com/chrivers/samsung-firmware-magic) - Decrypt Samsung SSD firmware updates. +- [Cotopaxi](https://github.com/Samsung/cotopaxi) - Set of tools for security testing of Internet of Things devices using specific network IoT protocols. +- [dumpflash](https://github.com/ohjeongwook/dumpflash) - Low-level NAND Flash dump and parsing utility. +- [flashrom](https://github.com/flashrom/flashrom) - Tool for detecting, reading, writing, verifying and erasing flash chips. +- [Samsung Firmware Magic](https://github.com/chrivers/samsung-firmware-magic) - Decrypt Samsung SSD firmware updates. ## Hardware Tools @@ -86,12 +90,13 @@ Software tools for analyzing embedded/IoT devices and firmware. - [JTAGULATOR](http://www.grandideastudio.com/jtagulator/) - Detects JTAG Pinouts fast. - [Saleae](https://www.saleae.com/) - Easy to use Logic Analyzer that support many protocols :euro:. - [Ikalogic](https://www.ikalogic.com/pages/logic-analyzer-sp-series-sp209) - Alternative to Saleae logic analyzers :euro:. -- [HydraBus](https://hydrabus.com/hydrabus-1-0-specifications/) - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities. +- [HydraBus](https://hydrabus.com/hydrabus-1-0-specifications/) - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities. - [ChipWhisperer](https://newae.com/chipwhisperer/) - Detects Glitch/Side-channel attacks. -- [Glasgow](https://github.com/GlasgowEmbedded/Glasgow) - Tool for exploring and debugging different digital interfaces. +- [Glasgow](https://github.com/GlasgowEmbedded/Glasgow) - Tool for exploring and debugging different digital interfaces. - [J-Link](https://www.segger.com/products/debug-probes/j-link/models/model-overview/) - J-Link offers USB powered JTAG debug probes for multiple different CPU cores :euro:. ### Bluetooth BLE Tools + - [UberTooth One](https://greatscottgadgets.com/ubertoothone/) - Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation. - [Bluefruit LE Sniffer](https://www.adafruit.com/product/2269) - Easy to use Bluetooth Low Energy sniffer. @@ -102,6 +107,7 @@ Software tools for analyzing embedded/IoT devices and firmware. - [Freakduino](https://freaklabsstore.com/index.php?main_page=product_info&cPath=22&products_id=219&zenid=fpmu2kuuk4abjf6aurt3bjnfk4) - Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer. ### SDR Tools + - [HackRF One](https://greatscottgadgets.com/hackrf/) - Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex). - [YardStick One](https://greatscottgadgets.com/yardstickone/) - Half-duplex sub-1 GHz wireless transceiver. - [LimeSDR](https://www.crowdsupply.com/lime-micro/limesdr) - Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex). @@ -109,13 +115,14 @@ Software tools for analyzing embedded/IoT devices and firmware. - [USRP B Series](https://www.ettus.com/product-categories/usrp-bus-series/) - Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex). ### RFID NFC Tools + - [Proxmark 3 RDV4](https://www.proxmark.com/) - Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags. - [ChamaleonMini](http://chameleontiny.com/) - Programmable, portable tool for NFC security analysis. - [HydraNFC](https://hydrabus.com/hydranfc-1-0-specifications/) - Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate. ## Books -- 2020, Fotios Chantzis, Evangel Deirme, Ioannis Stais, Paulino Calderon, Beau Woods: [Practical IoT Hacking](https://www.amazon.com/Fotios-Chantzis-ebook/dp/B085BVVSN6/) +- 2020, Fotios Chantzis, Evangel Deirme, Ioannis Stais, Paulino Calderon, Beau Woods: [Practical IoT Hacking](https://www.amazon.com/Fotios-Chantzis-ebook/dp/B085BVVSN6/) - 2020, Jasper van Woudenberg, Colin O'Flynn: [The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks](https://nostarch.com/hardwarehacking) - 2019, Yago Hansen: [The Hacker's Hardware Toolkit: The best collection of hardware gadgets for Red Team hackers, Pentesters and security researchers](https://github.com/yadox666/The-Hackers-Hardware-Toolkit/blob/master/TheHackersHardwareToolkit.pdf) - 2019, Aditya Gupta: [The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things](https://www.apress.com/us/book/9781484242995) @@ -127,13 +134,15 @@ Software tools for analyzing embedded/IoT devices and firmware. - 2016, Craig Smith: [The Car Hacker's Handbook: A Guide for the Penetration Tester](https://nostarch.com/carhacking) - 2015, Keng Tiong Ng: [The Art of PCB Reverse Engineering](https://visio-for-engineers.blogspot.com/p/order.html) - 2015, Nitesh Dhanjan: [Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts](https://shop.oreilly.com/product/0636920033547.do) -- 2015, Joshua Wright , Johnny Cache: [Hacking Wireless Exposed](https://www.mhprofessional.com/9780071827638-usa-hacking-exposed-wireless-third-edition-group) +- 2015, Joshua Wright , Johnny Cache: [Hacking Wireless Exposed](https://www.mhprofessional.com/9780071827638-usa-hacking-exposed-wireless-third-edition-group) - 2014, Debdeep Mukhopadhyay: [Hardware Security: Design, Threats, and Safeguards](https://www.taylorfrancis.com/books/9780429066900) - 2014, Jack Ganssle: [The Firmware Handbook (Embedded Technology)](https://www.elsevier.com/books/the-firmware-handbook/ganssle/978-0-7506-7606-9) - 2013, Andrew Huang: [Hacking the XBOX](https://nostarch.com/xboxfree) ## Research Papers + + - 2019, Almakhdhub et al: [BenchIoT: A Security Benchmark for the Internet of Things](https://nebelwelt.net/publications/files/19DSN.pdf) - 2019, Alrawi et al: [SoK: Security Evaluation of Home-Based IoT Deployments](https://alrawi.github.io/static/papers/alrawi_sok_sp19.pdf) - 2019, Abbasi et al: [Challenges in Designing Exploit Mitigations for Deeply Embedded Systems](https://ieeexplore.ieee.org/abstract/document/8806725) @@ -150,11 +159,13 @@ Software tools for analyzing embedded/IoT devices and firmware. - 2014, Zaddach et al: [Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares](http://www.eurecom.fr/en/publication/4158/download/rs-publi-4158.pdf) - 2014, Alimi et al: [Analysis of embedded applications by evolutionary fuzzing](http://ieeexplore.ieee.org/document/6903734/) - 2014, Costin et al: [A Large-Scale Analysis of the Security of Embedded Firmware -s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf) + s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf) - 2013, Davidson et al: [FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution](https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_davidson.pdf) ## Case Studies + + - [Binary Hardening in IoT products](https://cyber-itl.org/2019/08/26/iot-data-writeup.html) - [Cracking Linksys “Encryption”](http://www.devttys0.com/2014/02/cracking-linksys-crypto/) - [Deadly Sins Of Development](https://youtu.be/nXyglaY9N9w) - Conference talk presenting several real world examples on real bad implementations :tv:. @@ -181,19 +192,20 @@ s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf) - [Hacking Printers Wiki](http://hacking-printers.net/wiki/index.php/Main_Page) - All things printer. - [OWASP Embedded Application Security Project](https://owasp.org/www-project-embedded-application-security/) - Development best practices and list of hardware and software tools. -- [OWASP Internet of Things Project](https://owasp.org/www-project-internet-of-things/) - IoT common vulnerabilities and attack surfaces. +- [OWASP Internet of Things Project](https://owasp.org/www-project-internet-of-things/) - IoT common vulnerabilities and attack surfaces. - [Router Passwords](https://192-168-1-1ip.mobi/default-router-passwords-list/) - Default login credential database sorted by manufacturer. - [Siliconpr0n](https://siliconpr0n.org/) - A Wiki/Archive of all things IC reversing. ### Blogs + + - [/dev/ttyS0's Embedded Device Hacking](http://www.devttys0.com/blog/) - [Exploiteers](https://www.exploitee.rs/) - [Hackaday](https://hackaday.com) - [jcjc's Hack The World](https://jcjc-dev.com/) - [Quarkslab](https://blog.quarkslab.com/) - [wrong baud](https://wrongbaud.github.io/) - - [Firmware Security](https://firmwaresecurity.com/) - [PenTestPartners](https://www.pentestpartners.com/internet-of-things/) - [Attify](https://blog.attify.com/) @@ -201,7 +213,6 @@ s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf) - [GracefulSecurity - Hardware tag](https://gracefulsecurity.com/category/hardware/) - [Black Hills - Hardware Hacking tag](https://www.blackhillsinfosec.com/tag/hardware-hacking/) - ### Tutorials and Technical Background - [Azeria Lab](https://azeria-labs.com/) - Miscellaneous ARM related Tutorials. @@ -209,12 +220,12 @@ s](http://www.s3.eurecom.fr/docs/usenixsec14_costin.pdf) - [Reverse Engineering Serial Ports](http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/) - Detailed tutorial about how to spot debug pads on a PCB. - [UART explained](https://www.mikroe.com/blog/uart-serial-communication) - An in depth explanation of the UART protocol. - ## Conferences + Conferences focused on embedded and/or IoT security. - [Hardwear.io](https://hardwear.io/) - The Hague, September. -- [Hardwear.io USA](https://hardwear.io/) - Santa Clara, June. +- [Hardwear.io USA](https://hardwear.io/) - Santa Clara, June. ## Contribute @@ -226,4 +237,3 @@ Contributions welcome! Read the [contribution guidelines](contributing.md) first To the extent possible under law, Fraunhofer FKIE has waived all copyright and related or neighboring rights to this work. -