cyber-security-resources/iot_hacking/README.md
2023-08-20 16:04:32 -04:00

20 KiB
Raw Permalink Blame History

Internet of Things (IoT) Hacking Resources

The Internet of Things (IoT) Hacking Resources refer to an array of tools and frameworks used to ensure the security of IoT devices and networks.

Analysis Frameworks

  • EXPLIoT: This is a penetrating testing framework that is akin to Metasploit, but it specifically caters to Internet of Things (IoT) applications.
  • FACT - The Firmware Analysis and Comparison Tool: A comprehensive static analysis tool that specializes in firmware extraction, plugin-facilitated analysis, and comparison between different firmware versions. To understand more, watch this conference talk discussing enhancements in the firmware security analysis process using FACT.
  • FwAnalyzer: Designed to evaluate firmware security via customized rule-based analysis. It's an excellent complementary step in DevSecOps, analogous to Continuous Integration (CI) in function.
  • HAL The Hardware Analyzer: An all-encompassing reverse engineering tool that provides a manipulation framework for gate-level netlists.
  • HomePWN: Consider it your Swiss Army Knife for penetration testing of IoT devices.
  • IoTSecFuzz: This framework automates the security analysis of IoT layers, including hardware, software, and communication.
  • Killerbee: An established framework for the testing and auditing of ZigBee and IEEE 802.15.4 networks.
  • PRET: The go-to toolkit for printer exploitation.
  • Routersploit: A dedicated framework specifically designed to exploit embedded devices.

Advanced Tools for Binary and Firmware Analysis

  • Binwalk: This powerful tool delves into binaries to identify "interesting" elements and also facilitates the extraction of arbitrary files.
  • emba: Designed specifically to analyze the Linux-based firmware of embedded devices, emba provides a comprehensive framework for firmware scrutiny.
  • Firmadyne: This resource aims to emulate and conduct penetration tests on various firmwares, providing a simulation environment for security testing.
  • Firmwalker: This tool specializes in exploring extracted firmware images, searching for relevant files and information.
  • Firmware Slap: A unique tool for discovering vulnerabilities in firmware through the method of concolic analysis and function clustering.
  • Ghidra: Ghidra is a comprehensive Software Reverse Engineering suite. It can manage arbitrary binaries when provided with the CPU architecture and endianness of the binary.
  • Radare2: This is a versatile Software Reverse Engineering framework. Capable of handling popular formats and arbitrary binaries, it boasts an extensive command line toolkit.
  • Trommel: Trommel conducts a detailed search through extracted firmware images, hunting for relevant files and intriguing information.

Tools for Firmware Extraction and Manipulation

  • FACT Extractor: This intelligent tool identifies container formats automatically and triggers the appropriate extraction tool, thereby streamlining the process.
  • Firmware Mod Kit: This kit provides a range of extraction tools compatible with various container formats, offering a versatile solution for firmware modification.
  • The SRecord package: This package encompasses a suite of tools for manipulating EPROM files. Its functionality includes the ability to convert numerous binary formats, providing an essential resource for binary file conversion and manipulation.
  • JTAGenum - Add JTAG capabilities to an Arduino.
  • OpenOCD - Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.

Misc Tools

  • Cotopaxi - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.
  • dumpflash - Low-level NAND Flash dump and parsing utility.
  • flashrom - Tool for detecting, reading, writing, verifying and erasing flash chips.
  • Samsung Firmware Magic - Decrypt Samsung SSD firmware updates.

Hardware Tools

  • Bus Blaster - Detects and interacts with hardware debug ports like UART and JTAG.
  • Bus Pirate - Detects and interacts with hardware debug ports like UART and JTAG.
  • GreatFET One - If you need an interface to an external chip, a logic analyzer, a debugger, or just a whole lot of pins to bit-bang, the versatile GreatFET One is the tool for you.
  • Shikra - Detects and interacts with hardware debug ports like UART and JTAG. Among other protocols.
  • JTAGULATOR - Detects JTAG Pinouts fast.
  • Saleae - Easy to use Logic Analyzer that support many protocols 💶.
  • Ikalogic - Alternative to Saleae logic analyzers 💶.
  • HydraBus - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
  • ChipWhisperer - Detects Glitch/Side-channel attacks.
  • Glasgow - Tool for exploring and debugging different digital interfaces.
  • J-Link - J-Link offers USB powered JTAG debug probes for multiple different CPU cores 💶.

Bluetooth BLE Tools

  • UberTooth One - Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.
  • Bluefruit LE Sniffer - Easy to use Bluetooth Low Energy sniffer.

ZigBee Tools

  • ApiMote - ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible.
  • Atmel RZUSBstick - Discontinued product. Lucky if you have one! - Tool for development, debugging and demonstration of a wide range of low power wireless applications including IEEE 802.15.4, 6LoWPAN, and ZigBee networks. Killerbee compatible.
  • Freakduino - Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer.

SDR Tools

  • RTL-SDR - Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz.
  • HackRF One - Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex).
  • YardStick One - Half-duplex sub-1 GHz wireless transceiver.
  • LimeSDR - Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex).
  • BladeRF 2.0 - Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex).
  • USRP B Series - Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex).

RFID NFC Tools

  • Proxmark 3 RDV4 - Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags.
  • ChamaleonMini - Programmable, portable tool for NFC security analysis.
  • HydraNFC - Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate.

Free Training

Websites

Blogs

Tutorials and Technical Background

OWASP Resources

IoT Hacking Communities

Training Available Through ICS-CERT

Interesting Blogs

YouTube Channels for Embedded hacking

Reverse Enginnering Tools

MQTT

CoAP

Automobile

Radio IoT Protocols Overview

Base transceiver station (BTS)

GSM & SS7 Pentesting

Zigbee & Zwave

BLE

Mobile security (Android & iOS)

ARM

Firmware Pentest

IoT hardware Overview

Hardware Tools

Hardware Interfaces

UART

JTAG