A curated list of awesome embedded and IoT security resources.
Go to file
Peter Weidenbach 2aeca838a6
Merge pull request #5 from fkie-cad/add-summercamp-links
Links to hacker summercamp tools
2019-08-16 10:35:00 +02:00
.gitattributes awesome embedded and iot security init 2019-07-26 09:22:29 +02:00
.gitignore awesome embedded and iot security init 2019-07-26 09:22:29 +02:00
.travis.yml awesome embedded and iot security init 2019-07-26 09:22:29 +02:00
code-of-conduct.md awesome embedded and iot security init 2019-07-26 09:22:29 +02:00
contributing.md awesome embedded and iot security init 2019-07-26 09:22:29 +02:00
LICENSE LICENSE File added 2019-07-26 09:41:47 +02:00
package.json awesome embedded and iot security init 2019-07-26 09:22:29 +02:00
readme.md Period 2019-08-16 10:17:05 +02:00

Awesome Embedded and IoT Security Awesome

A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.

If you are a beginner, you should have a look at the Books and Case Studies sections.
If you want to start right away with your own analysis, you should give the Analysis Frameworks a try. They are easy to use and you do not need to be an expert to get first meaningful results.

Contents

Software Tools

Software tools for analyzing embedded/IoT firmware.

Analysis Frameworks

  • EXPLIoT - Pentest framework like Metasploit but specialized for IoT.
  • FACT - The Firmware Analysis and Comparison Tool - Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.
  • FwAnalyzer - Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.

Analysis Tools

  • Binwalk - Searches a binary for "interesting" stuff.
  • Firmadyne - Tries to emulate and pentest a firmware.
  • firmwalker - Searches extracted firmware images for interesting files and information.
  • Firmware Slap - Discovering vulnerabilities in firmware through concolic analysis and function clustering.
  • Ghidra - Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.
  • Trommel - Searches extracted firmware images for interesting files and information.

Extraction Tools

  • Binwalk - Extracts arbitrary files utilizing a carving approach.
  • FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.
  • Firmware Mod Kit - Extraction tools for several container formats.
  • The SRecord package - Collection of tools for manipulating EPROM files (can convert lots of binary formats).

Support Tools

  • JTAGenum - Add JTAG capabilities to an Arduino.
  • OpenOCD - Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.

Hardware Tools

  • Bus Blaster - Detects and interacts with hardware debug ports like UART and JTAG.
  • Bus Pirate - Detects and interacts with hardware debug ports like UART and JTAG.
  • JTAGULATOR - Detects JTAG Pinouts fast.
  • Saleae - Easy to use Logic Analyzer that support many protocols 💶.
  • Ikalogic - Alternative to Saleae logic analyzers 💶.
  • HydraBus - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
  • ChipWhisperer - Detects Glitch/Side-channel attacks.
  • Glasgow - Tool for exploring and debugging different digital interfaces.
  • J-Link - J-Link offers USB powered JTAG debug probes for multiple different CPU cores 💶.

Books

Research Papers

Case Studies

Free Trainings

Websites

Conferences

Contribute

Contributions welcome! Read the contribution guidelines first.

License

CC0

To the extent possible under law, Fraunhofer FKIE has waived all copyright and related or neighboring rights to this work.