User Experience on mobile might not be great yet, but
I'm working on it.
Your first time on this page? Allow me to give some explanations.
Awesome Embedded and IoT Security
A curated list of awesome embedded and IoT security resources.
Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.
Thank you fkie-cad & contributors
View Topic on GitHub:
fkie-cad/awesome-embedded-and-iot-security
Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.
Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.
Analysis Frameworks
a tool to analyze filesystem images for security
HAL – The Hardware Analyzer
HomePwn - Swiss Army Knife for Pentesting of IoT Devices
IEEE 802.15.4/ZigBee Security Research Toolkit
Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
Exploitation Framework for Embedded Devices
Pentest framework like Metasploit but specialized for IoT.
Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.
Conference talk about FACT :tv:.
Framework for automatisation of IoT layers security analysis: hardware, software and communication.
Analysis Tools
Firmware Analysis Tool
emba - Embedded Analyzer
Platform for emulation and dynamic analysis of Linux-based firmware
Script for searching the extracted firmware file system for goodies!
Discovering vulnerabilities in firmware through concolic analysis and function clustering.
UNIX-like reverse engineering framework and command-line toolset
TROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators
Extraction Tools
Standalone Utility for FACT-like extraction
Automatically exported from code.google.com/p/firmware-mod-kit
Collection of tools for manipulating EPROM files (can convert lots of binary formats).
Support Tools
Given an Arduino compatible microcontroller or Raspberry PI (experimental), JTAGenum scans pins[] for basic JTAG functionality and can be used to enumerate the Instruction Register for undocumented instructions. Props to JTAG scanner and Arduinull which came before JTAGenum and forwhich much of the code and logic is based on. Feel free to branch and modify religiously (readme, credits, whatever)
Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.
Misc Tools
Set of tools for security testing of Internet of Things devices using specific network IoT protocols
Low-level NAND Flash dump and parsing utility
Patches welcome, see https://www.flashrom.org/Development_Guidelines#Patch_submission
Tool for decrypting the firmware files for Samsung SSDs
Hardware Tools
Scots Army Knife for electronics
Detects and interacts with hardware debug ports like UART and JTAG.
Detects and interacts with hardware debug ports like UART and JTAG. Among other protocols.
Alternative to Saleae logic analyzers :euro:.
Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
J-Link offers USB powered JTAG debug probes for multiple different CPU cores :euro:.
Bluetooth BLE Tools
Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.
Easy to use Bluetooth Low Energy sniffer.
ZigBee Tools
ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible.
Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer.
SDR Tools
Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz.
A Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies.
Half-duplex sub-1 GHz wireless transceiver.
Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex).
Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex).
Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex).
RFID NFC Tools
Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags.
Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate.
Books
The best hacker's gadgets for Red Team pentesters and security researchers.
Kinda useful notes collated together publicly
Research Papers
Case Studies
Conference talk presenting several real world examples on real bad implementations :tv:.
Free Training
CSAW Embedded Security Challenge 2019
Content related to hardware hacking
IoTGoat is a deliberately insecure firmware based on OpenWrt.
RHme+ 2015 challenge
Rhme2 challenge (2016)
Riscure Hack Me embedded hardware CTF 2017-2018.
Websites
Development best practices and list of hardware and software tools.
IoT common vulnerabilities and attack surfaces.
Default login credential database sorted by manufacturer.
Blogs
Tutorials and Technical Background
A walkthrough covering UART and JTAG bypassing a protected login shell.
Detailed tutorial about how to spot debug pads on a PCB.
An in depth explanation of the UART protocol.