User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Embedded and IoT Security

A curated list of awesome embedded and IoT security resources.

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: June 26, 2022, 10:05 p.m.
Thank you fkie-cad & contributors
View Topic on GitHub:
fkie-cad/awesome-embedded-and-iot-security

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Analysis Frameworks

cruise-automation/fwanalyzer

a tool to analyze filesystem images for security

408
68
1y 9m
Apache-2.0

emsec/hal

HAL – The Hardware Analyzer

347
43
7m
MIT

ElevenPaths/HomePWN

HomePwn - Swiss Army Knife for Pentesting of IoT Devices

571
109
1y 30d
GPL-3.0

riverloopsec/killerbee

IEEE 802.15.4/ZigBee Security Research Toolkit

593
202
7m
n/a

RUB-NDS/PRET

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

2.86K
537
9m
GPL-2.0

threat9/routersploit

Exploitation Framework for Embedded Devices

9.77K
2.1K
10m
n/a

EXPLIoT

https://gitlab.com/expliot_framework/expliot

FACT - The Firmware Analysis and Comparison Tool

https://fkie-cad.github.io/FACT_core/

Improving your firmware security analysis process with FACT

https://passthesalt.ubicast.tv/videos/improv…

IoTSecFuzz

https://gitlab.com/invuls/iot-projects/iotse…

Analysis Tools

ReFirmLabs/binwalk

Firmware Analysis Tool

7.84K
1.21K
7m
MIT

e-m-b-a/emba

EMBA - The security analyzer for embedded device firmware.

950
83
7m
GPL-3.0

firmadyne/firmadyne

Platform for emulation and dynamic analysis of Linux-based firmware

1.3K
295
9m
MIT

craigz28/firmwalker

Script for searching the extracted firmware file system for goodies!

674
149
1y 9m
GPL-3.0

ChrisTheCoolHut/Firmware_Slap

Discovering vulnerabilities in firmware through concolic analysis and function clustering.

430
76
1y 9m
GPL-3.0

radare/radare2

UNIX-like reverse engineering framework and command-line toolset

15.2K
2.56K
7m
LGPL-3.0

CERTCC/trommel

TROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators

182
46
2y 4d
n/a

Ghidra

https://ghidra-sre.org/

Extraction Tools

fkie-cad/fact_extractor

Standalone Utility for FACT-like extraction

44
18
7m
GPL-3.0

rampageX/firmware-mod-kit

Automatically exported from code.google.com/p/firmware-mod-kit

520
134
8m
n/a

The SRecord package

http://srecord.sourceforge.net/

Support Tools

cyphunk/JTAGenum

Given an Arduino compatible microcontroller or Raspberry PI (experimental), JTAGenum scans pins[] for basic JTAG functionality and can be used to enumerate the Instruction Register for undocumented instructions. Props to JTAG scanner and Arduinull which came before JTAGenum and forwhich much of the code and logic is based on. Feel free to branch and modify religiously (readme, credits, whatever)

473
71
1y 108d
n/a

OpenOCD

http://openocd.org/

Misc Tools

Samsung/cotopaxi

Set of tools for security testing of Internet of Things devices using specific network IoT protocols

287
72
10m
GPL-2.0

ohjeongwook/dumpflash

Low-level NAND Flash dump and parsing utility

236
92
1y 8m
n/a

flashrom/flashrom

Send patches to review.coreboot.org: https://www.flashrom.org/Development_Guidelines#GitHub

485
304
7m
GPL-2.0

chrivers/samsung-firmware-magic

Tool for decrypting the firmware files for Samsung SSDs

147
14
1y 77d
n/a

Hardware Tools

GlasgowEmbedded/Glasgow

Scots Army Knife for electronics

1.48K
107
8m
n/a

Bus Blaster

UART and JTAG.

http://dangerousprototypes.com/docs/Bus_Blas…

Bus Pirate

http://dangerousprototypes.com/docs/Bus_Pira…

Shikra

https://int3.cc/products/the-shikra

JTAGULATOR

http://www.grandideastudio.com/jtagulator/

Saleae

https://www.saleae.com/

Ikalogic

https://www.ikalogic.com/pages/logic-analyze…

HydraBus

https://hydrabus.com/hydrabus-1-0-specificat…

ChipWhisperer

https://newae.com/chipwhisperer/

J-Link

https://www.segger.com/products/debug-probes…

Bluetooth BLE Tools

UberTooth One

https://greatscottgadgets.com/ubertoothone/

Bluefruit LE Sniffer

https://www.adafruit.com/product/2269

ZigBee Tools

ApiMote

http://apimote.com

Freakduino

https://freaklabsstore.com/index.php?main_pa…

SDR Tools

RTL-SDR

https://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-do…

HackerSDR

https://greatscottgadgets.com/hackrf/

YardStick One

https://greatscottgadgets.com/yardstickone/

LimeSDR

https://www.crowdsupply.com/lime-micro/limes…

BladeRF 2.0

https://www.nuand.com/bladerf-2-0-micro/

USRP B Series

https://www.ettus.com/product-categories/usr…

RFID NFC Tools

Proxmark 3 RDV4

https://www.proxmark.com/

ChamaleonMini

http://chameleontiny.com/

HydraNFC

https://hydrabus.com/hydranfc-1-0-specificat…

Books

yadox666/The-Hackers-Hardware-Toolkit

The best hacker's gadgets for Red Team pentesters and security researchers.

1.81K
263
1y 9m
MPL-2.0

unprovable/PentestHardware

Kinda useful notes collated together publicly

463
80
3y 30d
n/a

Practical IoT Hacking

https://www.amazon.com/Fotios-Chantzis-ebook…

The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks

https://nostarch.com/hardwarehacking

The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things

https://www.apress.com/us/book/9781484242995

Hardware Security: A Hands-on Learning Approach

https://www.elsevier.com/books/hardware-secu…

Inside Radio: An Attack and Defense Guide

https://link.springer.com/book/10.1007/978-9…

IoT Penetration Testing Cookbook

https://www.packtpub.com/networking-and-serv…

The Hardware Hacker: Adventures in Making and Breaking Hardware

https://nostarch.com/hardwarehackerpaperback

The Car Hacker's Handbook: A Guide for the Penetration Tester

https://nostarch.com/carhacking

The Art of PCB Reverse Engineering

https://visio-for-engineers.blogspot.com/p/o…

Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

https://shop.oreilly.com/product/06369200335…

Hacking Wireless Exposed

https://www.mhprofessional.com/9780071827638…

Hardware Security: Design, Threats, and Safeguards

https://www.taylorfrancis.com/books/97804290…

The Firmware Handbook (Embedded Technology)

https://www.elsevier.com/books/the-firmware-…

Hacking the XBOX

https://nostarch.com/xboxfree

Research Papers

SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization

https://dl.acm.org/doi/abs/10.1145/3414173

Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk

https://www.mdpi.com/1424-8220/19/19/4107

BenchIoT: A Security Benchmark for the Internet of Things

https://nebelwelt.net/publications/files/19D…

SoK: Security Evaluation of Home-Based IoT Deployments

https://alrawi.github.io/static/papers/alraw…

Challenges in Designing Exploit Mitigations for Deeply Embedded Systems

https://ieeexplore.ieee.org/abstract/documen…

PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary

https://www.ndss-symposium.org/wp-content/up…

What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices

http://www.eurecom.fr/en/publication/5417/do…

Embedded Device Vulnerability Analysis Case Study Using Trommel

https://resources.sei.cmu.edu/library/asset-…

How to Break Secure Boot on FPGA SoCs through Malicious Hardware

https://eprint.iacr.org/2017/625.pdf

Towards Automated Classification of Firmware Images and Identification of Embedded Devices

http://s3.eurecom.fr/docs/ifip17_costin.pdf

Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation

https://www.thinkmind.org/download.php?artic…

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware

https://www.dcddcc.com/docs/2016_paper_firma…

Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces

http://s3.eurecom.fr/docs/asiaccs16_costin.p…

Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware

https://www.ndss-symposium.org/wp-content/up…

Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy

http://www.cse.psu.edu/~pdm12/cse597g-f15/re…

Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares

http://www.eurecom.fr/en/publication/4158/do…

Analysis of embedded applications by evolutionary fuzzing

http://ieeexplore.ieee.org/document/6903734/

A Large-Scale Analysis of the Security of Embedded Firmwares

http://www.s3.eurecom.fr/docs/usenixsec14_co…

FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution

https://www.usenix.org/system/files/conferen…

Case Studies

Binary Hardening in IoT products

https://cyber-itl.org/2019/08/26/iot-data-wr…

Cracking Linksys “Encryption”

http://www.devttys0.com/2014/02/cracking-lin…

Deadly Sins Of Development

https://youtu.be/nXyglaY9N9w

Dumping firmware from a device's SPI flash with a buspirate

https://www.iotpentest.com/2019/06/dumping-f…

Hacking the DSP-W215, Again

http://www.devttys0.com/2014/05/hacking-the-…

Hacking the PS4

https://cturt.github.io/ps4.html

IoT [email protected]

https://doi.org/10.5281/zenodo.1035034

Multiple vulnerabilities found in the D-link DWR-932B

https://pierrekim.github.io/blog/2016-09-28-…

Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol

https://pierrekim.github.io/blog/2017-09-08-…

PWN Xerox Printers (...again)

https://www.fkie.fraunhofer.de/content/dam/f…

Reversing Firmware With Radare

https://www.bored-nerds.com/reversing/radare…

Reversing the Huawei HG533

http://jcjc-dev.com/2016/04/08/reversing-hua…

Free Training

TrustworthyComputing/csaw_esc_2019

CSAW Embedded Security Challenge 2019

29
6
2y 7m
MIT

rdomanski/hardware_hacking

Content related to hardware hacking

29
6
3y 92d
n/a

scriptingxss/IoTGoat

IoTGoat is a deliberately insecure firmware based on OpenWrt.

169
41
2y 90d
MIT

Riscure/RHme-2015

RHme+ 2015 challenge

94
12
6y 21d
n/a

Riscure/Rhme-2016

Rhme2 challenge (2016)

223
44
5y 16d
n/a

Riscure/Rhme-2017

Riscure Hack Me embedded hardware CTF 2017-2018.

68
10
4y 30d
n/a

Embedded Security CTF

https://microcorruption.com

Websites

Hacking Printers Wiki

http://hacking-printers.net/wiki/index.php/M…

OWASP Embedded Application Security Project

https://owasp.org/www-project-embedded-appli…

OWASP Internet of Things Project

https://owasp.org/www-project-internet-of-th…

Router Passwords

https://192-168-1-1ip.mobi/default-router-pa…

Siliconpr0n

https://siliconpr0n.org/

Blogs

RTL-SDR

https://www.rtl-sdr.com/

/dev/ttyS0's Embedded Device Hacking

http://www.devttys0.com/blog/

Exploiteers

https://www.exploitee.rs/

Hackaday

https://hackaday.com

jcjc's Hack The World

https://jcjc-dev.com/

Quarkslab

https://blog.quarkslab.com/

wrong baud

https://wrongbaud.github.io/

Firmware Security

https://firmwaresecurity.com/

PenTestPartners

https://www.pentestpartners.com/internet-of-…

Attify

https://blog.attify.com/

Patayu

https://payatu.com/blog

GracefulSecurity - Hardware tag

https://gracefulsecurity.com/category/hardwa…

Black Hills - Hardware Hacking tag

https://www.blackhillsinfosec.com/tag/hardwa…

Tutorials and Technical Background

Azeria Lab

https://azeria-labs.com/

JTAG Explained

https://blog.senr.io/blog/jtag-explained#

Reverse Engineering Serial Ports

http://www.devttys0.com/2012/11/reverse-engi…

UART explained

https://www.mikroe.com/blog/uart-serial-comm…

Conferences

Hardwear.io

https://hardwear.io/