/awesome-iot-and-hardware-security

A collection of awesome tools, books, resources, software, documents and cool stuff about IoT and HW security.

MIT LicenseMIT

Awesome IoT and Hardware Security

Awesome

A collection of awesome tools, books, resources, software, documents and cool stuff about Internet of Things (IoT) and Hardware Security.

Thanks to all contributors. The goal is to build community-driven collection of well-known resources.

Contents

Testing Tools

Debugging Tools

  • Buspirate - The Bus Pirate is a troubleshooting tool that communicates between a PC and any embedded device over 1-wire, 2-wire, 3-wire, UART, I2C, SPI, and HD44780 LCD protocols - all at voltages from 0-5.5VDC
  • SEGGER J-Link Debug Probes - SEGGER J-Links are the most widely used line of debug probes on the market. They have provided solid value to embedded development for over a decade. Unparalleled performance, an extensive feature set, many supported CPUs and compatibility with popular environments all make J-Link an unbeatable choice
  • Flipper Zero - Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. It's fully open-source and customizable, so you can extend it in whatever way you like
  • FTDI FT2232H - The FT2232H is FTDI’s 5th generation of USB devices. The FT2232H is a USB 2.0 Hi-Speed (480Mb/s) to UART/FIFO IC. It has the capability of being configured in a variety of industry standard serial or parallel interfaces. The FT2232H has two multi-protocol synchronous serial engines (MPSSEs) which allow for communication using JTAG, I2C and SPI on two channels simultaneously.
  • Hak5 Packet Squirrel - Ethernet Tap for capturing device traffic
  • OpenOCD: Open On-Chip Debugger - OpenOCD, the Open On-Chip Debugger has been created by Dominic Rath as part of a diploma thesis at the University of Applied Sciences, FH-Augsburg

Logic Analyzer and Oscilloscope

  • Saleae Logic Analyzer - Effortlessly decode protocols like SPI, I2C, Serial, and many more. Leverage community created analyzers or build your own low-level or high-level protocol analyzer
  • Pico Oscilloscope - PC Oscilloscopes: the modern alternative to the traditional benchtop oscilloscope

SDR

  • GNURadio - GNU Radio is a free & open-source software development toolkit that provides signal processing blocks to implement software radios. It can be used with readily-available, low-cost external RF hardware to create software-defined radios, or without hardware in a simulation-like environment
  • RTL-SDR - The RTL-SDR is an ultra cheap software defined radio based on DVB-T TV tuners with RTL2832U chips. The RTL-SDR can be used as a wide band radio scanner. It may interest ham radio enthusiasts, hardware hackers, tinkerers and anyone interested in RF
  • HackRF One - HackRF One from Great Scott Gadgets is a Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies, HackRF One is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation
  • BladeRF - bladeRF is a Software Defined Radio (SDR) platform designed to enable a community of hobbyists, and professionals to explore and experiment with the multidisciplinary facets of RF communication

RFID and NFC

  • Proxmark Platform - The Proxmark is an RFID swiss-army tool, allowing for both high and low level interactions with the vast majority of RFID tags and systems world-wide. Originally built by Jonathan Westhues over 10 years ago, the device has progressively evolved into the industry standard tool for RFID Analysis
  • HydraNFC - HydraNFC Shield v1.0 is an NFC shield hardware (to be plugged on top of HydraBus) to sniff/read/write/emulate any 13.56MHz NFC tags for anyone interested in advanced NFC Research/Dev/Debug/Hack/PenTest on NFC products

Bluetooth and BLE

  • bettercap - bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks
  • Btlejack - Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices
  • Ubertooth One - Ubertooth One is an open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation
  • nRF51 DK - Bluetooth Low Energy development kit for the nRF51 Series
  • ESP32 - A feature-rich MCU with integrated Wi-Fi and Bluetooth connectivity for a wide-range of applications

MQTT

  • Nmap MQTT Library - Nmap MQTT Library
  • MQTT-PWN - MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations, as it combines enumeration, supportive functions and exploitation modules while packing it all within command-line-interface with an easy-to-use and extensible shell-like environment
  • Eclipse Mosquitto - Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers

Zigbee

  • RaspBee - The universal Raspberry Pi Zigbee gateway
  • nRF52840 Dongle - The nRF52840 Dongle is a small, low-cost USB dongle that supports Bluetooth 5.4, Bluetooth mesh, Thread, Zigbee, 802.15.4, ANT and 2.4 GHz proprietary protocols
  • ZigDiggity - ZigBee Hacking Toolkit

Fault Injection - Glitching and Side Channel Analysis

Firmware Analysis and Exploit Frameworks

  • EMBA The security analyzer for firmware of embedded devices - EMBA is designed as the central firmware analysis tool for penetration testers and product security teams. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation and finally generating a web report
  • Binwalk - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images
  • Unblob - Unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats, extracts their content recursively, and carves out unknown chunks that have not been accounted for
  • Firmware Mod Kit - The Firmware Mod Kit allows for easy deconstruction and reconstruction of firmware images for various embedded devices. While it primarily targets Linux based routers, it should be compatible with most firmware that makes use of common firmware formats and file systems such as TRX/uImage and SquashFS/CramFS
  • Panda.re - PANDA is an open-source Platform for Architecture-Neutral Dynamic Analysis. It is built upon the QEMU whole system emulator, and so analyses have access to all code executing in the guest and all data. PANDA adds the ability to record and replay executions, enabling iterative, deep, whole system analyses
  • The Firmware Analysis and Comparison Tool (FACT) - The Firmware Analysis and Comparison Tool (FACT) is intended to automate Firmware Security analysis (Router, IoT, UEFI, Webcams, Drones, …). Thereby it shall be easy to use (web UI), extend (plug-in system) and integrate (REST API)
  • HAL – The Hardware Analyzer - HAL [/hel/] is a comprehensive netlist reverse engineering and manipulation framework
  • EXPLIoT Framework - A Framework for security testing and exploiting IoT products and IoT infrastructure. It provides a set of plugins (test cases) which are used to perform the assessment and can be extended easily with new ones
  • RouterSploit - The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices
  • IoTSecFuzz(ISF) - IoTSecFuzz(ISF) was created with the aim of combining the maximum number of utilities for comprehensive testing of IoT device security at all levels of implementation. It has a convenient console in order to use it as a stand-alone application, as well as the ability to import it as a library
  • HomePwn - Swiss Army Knife for Pentesting of IoT Devices - HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices
  • QEMU - A generic and open source machine emulator and virtualizer

Reverse Engineering

  • Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
  • IDA Pro - IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language)
  • Radare2 - A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging
  • Cutter - An open-source GUI for Radare2 framework, Cutter's goal is to be an advanced FREE and open-source reverse-engineering platform while keeping the user experience at mind
  • GDB: The GNU Project Debugger - GDB allows you to see what is going on inside another program while it executes or what another program was doing at the moment it crashed
  • x64dgb - An open-source x64/x32 debugger for windows

Fuzzing

  • AFL++ - AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support
  • Boofuzz: Network Protocol Fuzzing for Humans - Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility

Misc Tools

  • Dumpflash - Low-level NAND Flash dump and parsing utility
  • Flashrom - Flashrom is a utility for detecting, reading, writing, verifying and erasing flash chips. It is often used to flash BIOS/EFI/coreboot/firmware images in-system using a supported mainboard, but it also supports flashing of network cards (NICs), SATA controller cards, and other external devices which can program flash chips
  • JTAGenum - Given an Arduino compatible microcontroller or Raspberry PI (experimental), JTAGenum scans pins for basic JTAG functionality and can be used to enumerate the Instruction Register for undocumented instructions

Penetration Test Use-Cases

Standarts and Regulations

Books

Useful Websites

Youtube Channels

Twitter Accounts

Blogs

Trainings

Conferences

Awesome Lists