Fix multiple broken links

hacktober-fix-links
Swissky 2022-10-02 16:27:53 +02:00
parent af1faa4a8d
commit 5fb3bc7659
18 changed files with 67 additions and 101 deletions

View File

@ -1,2 +1,6 @@
# HardwareAllTheThings
Hardware Pentesting Wiki
A list of useful payloads and bypasses for Hardware and IOT Security.
Feel free to improve with your payloads and techniques !
I :heart: pull requests :)

View File

@ -4,6 +4,11 @@
:warning: Informations from this repository is very dense, you may encounter information overflow
A list of useful payloads and bypasses for Hardware and IOT Security.
Feel free to improve with your payloads and techniques !
I :heart: pull requests :)
<p align="center">
<img src="https://raw.githubusercontent.com/swisskyrepo/HardwareAllTheThings/master/docs/assets/logo.png">
<img src="https://raw.githubusercontent.com/swisskyrepo/HardwareAllTheThings/master/docs/assets/logo.png" style="max-width: 400px;">
</p>

View File

@ -1,13 +1,5 @@
---
cover: >-
https://images.unsplash.com/photo-1511497584788-876760111969?ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&ixlib=rb-1.2.1&auto=format&fit=crop&w=3432&q=80
coverY: 0
---
# JTAG
****
### Summary
* JTAG Pins
@ -70,6 +62,6 @@ Arduino PIN Layout
### References
* JTAGulator vs. JTAGenum, Tools for Identifying JTAG Pins in IoT Devices by Dylan Ayrey - https://www.praetorian.com/blog/jtagulator-vs-jtagenum-tools-for-identifying-jtag-pins-in-iot-devices?edition=2019
* https://just2secure.blogspot.com/2017/02/jtag-pin-identification.html
* https://wrongbaud.github.io/jtag-hdd/
* [JTAGulator vs. JTAGenum, Tools for Identifying JTAG Pins in IoT Devices by Dylan Ayrey](https://www.praetorian.com/blog/jtagulator-vs-jtagenum-tools-for-identifying-jtag-pins-in-iot-devices?edition=2019)
* [JTAG PIN Identification - February 21, 2017](https://just2secure.blogspot.com/2017/02/jtag-pin-identification.html)
* [Hardware Debugging for Reverse Engineers Part 2: JTAG, SSDs and Firmware Extraction - Posted Apr 2, 2020 by wrongbaud](https://wrongbaud.github.io/posts/jtag-hdd/)

View File

@ -18,3 +18,8 @@ JTAG and SWD are similar and can be interfaced with each other:
| TDO | SWV | JTAG Test data output / SWV trace data output |
| TMS | SWDIO | JTAG test mode select / SWD data in and out |
| GND | GND | - |
## References
* [Hardware Debugging for Reverse Engineers Part 1: SWD, OpenOCD and Xbox One Controllers - Posted Jan 30, 2020 by wrongbaud](https://wrongbaud.github.io/posts/stm-xbox-jtag/)

View File

@ -1,13 +1,5 @@
---
cover: >-
https://images.unsplash.com/photo-1526304640581-d334cdbbf45e?ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&ixlib=rb-1.2.1&auto=format&fit=crop&w=2970&q=80
coverY: 0
---
# UART
****
### Summary
* UART
@ -43,7 +35,7 @@ Connect to UART using an USB to TTL, then find the `/dev/ttyUSB0` device in the
#### Detect baudrate
Standard baud rate are `110`, `300`, `600`, `1200`, `2400`, `4800`, `9600`, `14400`, `19200`, `38400`, `57600`, `115200`, `128000` and `256000`.\
Auto-detect baud rate using the script : https://github.com/devttys0/baudrate/blob/master/baudrate.py
Auto-detect baud rate using the script : [devttys0/baudrate/baudrate.py](https://github.com/devttys0/baudrate/blob/master/baudrate.py)
#### Interact with the /dev/ttyUSB0
@ -79,15 +71,16 @@ Its an emulation of serial port over BLE. The UUID of the Nordic UART Service
* **RX Characteristic** (UUID: 6E400002-B5A3-F393-E0A9-E50E24DCCA9E) : The peer can send data to the device by writing to the RX Characteristic of the service. ATT Write Request or ATT Write Command can be used. The received data is sent on the UART interface.
* **TX Characteristic** (UUID: 6E400003-B5A3-F393-E0A9-E50E24DCCA9E) : If the peer has enabled notifications for the TX Characteristic, the application can send data to the peer as notifications. The application will transmit all data received over UART as notifications.
* nRF UART 2.0 - Nordic Semiconductor ASA - https://play.google.com/store/apps/details?id=com.nordicsemi.nrfUARTv2
* Specifications - https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v14.0.0%2Fble\_sdk\_app\_nus\_eval.html
* https://thejeshgn.com/2016/10/01/uart-over-bluetooth-low-energy/
* [nRF UART 2.0 - Nordic Semiconductor ASA](https://play.google.com/store/apps/details?id=com.nordicsemi.nrfUARTv2)
* [UART/Serial Port Emulation over BLE](https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v14.0.0%2Fble_sdk_app_nus_eval.html)
* [UART Over Bluetooth Low Energy](https://thejeshgn.com/2016/10/01/uart-over-bluetooth-low-energy/)
Example with Micro::bit :
* https://makecode.microbit.org/v1/98535-28913-33692-07418
* https://support.microbit.org/support/solutions/articles/19000062330-using-the-micro-bit-bluetooth-low-energy-uart-serial-over-bluetooth-
* [https://makecode.microbit.org/v1/98535-28913-33692-07418](https://makecode.microbit.org/v1/98535-28913-33692-07418)
* [Using the micro:bit Bluetooth Low Energy UART (serial over Bluetooth)](https://support.microbit.org/support/solutions/articles/19000062330-using-the-micro-bit-bluetooth-low-energy-uart-serial-over-bluetooth-)
### Examples
![](https://developer.android.com/things/images/raspberrypi-console.png) ![](http://remotexy.com/img/help/help-esp8266-firmware-update-usbuart.png)
![](https://developer.android.com/things/images/raspberrypi-console.png)
![](http://remotexy.com/img/help/help-esp8266-firmware-update-usbuart.png)

View File

@ -2,15 +2,13 @@
## Searchable FCC ID Database
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission.
* [https://fccid.io/](https://fccid.io/)
* [fccid.io](https://fccid.io/)
For legal sale of wireless deices in the US, manufacturers must:
* Have the device evaluated by an independent lab to ensure it conforms to FCC standards
* Provide documentation to the FCC of the lab results
* Provide User Manuals, Documentation, and Photos relating to the device
* [Digitally](https://fccid.io/blog/2014/11/e-label-act/) or physically label the device with the unique identifier provided by the FCC (upon approved application)
\
* [Digitally](https://fccid.io/blog/2014/11/e-label-act/) or physically label the device with the unique identifier provided by the FCC (upon approved application)

View File

@ -1,9 +1,3 @@
---
cover: >-
https://images.unsplash.com/photo-1552664730-d307ca884978?ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&ixlib=rb-1.2.1&auto=format&fit=crop&w=2970&q=80
coverY: 0
---
# Firmware Dumping
### Summary
@ -148,4 +142,4 @@ sudo unsquashfs -f -d /media/seagate /tmp/file.squashfs
![](https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581004558438-UJV08PX8O5NVAQ6Z8HXI/ke17ZwdGBToddI8pDm48kHSRIhhjdVQ3NosuzDMrTulZw-zPPgdn4jUwVcJE1ZvWQUxwkmyExglNqGp0IvTJZamWLI2zvYWH8K3-s\_4yszcp2ryTI0HqTOaaUohrI8PIYASqlw8FVQsXpiBs096GedrrOfpwzeSClfgzB41Jweo/Picture2.png?format=1000w)
* https://www.zerodayinitiative.com/blog/2020/2/6/mindshare-dealing-with-encrypted-router-firmware
* [MINDSHARE: DEALING WITH ENCRYPTED ROUTER FIRMWARE](https://www.zerodayinitiative.com/blog/2020/2/6/mindshare-dealing-with-encrypted-router-firmware)

View File

@ -21,9 +21,7 @@ Prerequisite:
> To load it properly in IDA, open the file, select ATMEL AVR and then select ATmega323\_L.
https://thanat0s.trollprod.org/2014/01/loader-un-binaire-arduino-dans-ida/
* ESP8266 : https://github.com/themadinventor/ida-xtensa
* ESP8266 : [https://github.com/themadinventor/ida-xtensa](https://github.com/themadinventor/ida-xtensa)
### Loading bare-metal binaries into Radare2
@ -70,11 +68,11 @@ jmp 0x59ae
### Loading bare-metal binaries into Ghidra
* SVD-Loader for Ghidra: Simplifying bare-metal ARM reverse engineering - https://leveldown.de/blog/svd-loader/
* SVD-Loader for Ghidra: Simplifying bare-metal ARM reverse engineering - [svd-loader/](https://leveldown.de/blog/svd-loader/)
### ESPTool
ESP8266 and ESP32 serial bootloader utility : github.com/espressif/esptool
ESP8266 and ESP32 serial bootloader utility : [espressif/esptool](https://github.com/espressif/esptool)
```powershell
josh@ioteeth:/tmp/reversing$ ~/esptool/esptool.py image_info recovered_file
@ -87,7 +85,7 @@ Segment 1: len 0x00568 load 0x4010f000 file_offs 0x00000008
### nRF5x Firmware disassembly tools
* https://github.com/DigitalSecurity/nrf5x-tools
* [DigitalSecurity/nrf5x-tools](https://github.com/DigitalSecurity/nrf5x-tools)
```powershell
$ python3 nrfident.py bin firmwares/s132.bin
@ -113,8 +111,8 @@ ROM length : 0x5d000
### Pure disassemblers
* Vavrdisasm -- vAVRdisasm will auto-recognize Atmel Generic, Intel HEX8, and Motorola S-Record files - https://github.com/vsergeev/vavrdisasm
* ODAweb -- https://www.onlinedisassembler.com/odaweb/
* Vavrdisasm -- vAVRdisasm will auto-recognize Atmel Generic, Intel HEX8, and Motorola S-Record files - [vsergeev/vavrdisasm](https://github.com/vsergeev/vavrdisasm)
* [ODA - The Online Disassembler](https://www.onlinedisassembler.com/odaweb/)
* avr-objdump gcc kit standard tool
```powershell
@ -132,7 +130,7 @@ $ simulavr -P atmega128 -F 16000000 f build-crumbuino128/ex1.1.elf
### UEFI Firmware
Parse BIOS/Intel ME/UEFI firmware related structures: Volumes, FileSystems, Files, etc - [https://github.com/theopolis/uefi-firmware-parser](https://github.com/theopolis/uefi-firmware-parser)
Parse BIOS/Intel ME/UEFI firmware related structures: Volumes, FileSystems, Files, etc - [theopolis/uefi-firmware-parser](https://github.com/theopolis/uefi-firmware-parser)
```
sudo pip install uefi_firmware
@ -143,3 +141,7 @@ $ uefi-firmware-parser --test ~/firmware/*
~/firmware/O990-A03.exe: None
~/firmware/O990-A03.exe.hdr: DellPFS
```
## References
* [Loader un binaire Arduino dans IDA - Posted on January 26, 2014 by thanatos](https://thanat0s.trollprod.org/2014/01/loader-un-binaire-arduino-dans-ida/)

View File

@ -1,8 +1,6 @@
# Bus Pirate
![](https://iotmyway.files.wordpress.com/2018/05/mode-guide.png)
![MOSI-MISO](https://iotmyway.files.wordpress.com/2018/05/mode-guide.png)
### Update Bus Pirate
@ -18,4 +16,4 @@ sudo flashrom p buspirate_spi:dev=/dev/ttyUSB0
# Dump firmware using a bus pirate (SPI)
sudo flashrom p Buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M c (Chip name) r (Name.bin)
```
```

View File

@ -1,50 +1,36 @@
---
description: https://flipperzero.one/
---
# Flipper Zero
![FlipperZero](../assets/image.png)
### **Firmwares**
* Flipper Zero Firmware\
[https://github.com/flipperdevices/flipperzero-firmware](https://github.com/flipperdevices/flipperzero-firmware)
* Flipper Zero Unleashed Firmware
* [Flipper Zero Firmware](https://github.com/flipperdevices/flipperzero-firmware)
* [Flipper Zero Unleashed Firmware](https://github.com/Eng1n33r/flipperzero-firmware)
* [Flipper Zero FW RogueMaster](https://github.com/RogueMaster/flipperzero-firmware-wPlugins)
[https://github.com/Eng1n33r/flipperzero-firmware](https://github.com/Eng1n33r/flipperzero-firmware)
* Flipper Zero FW \[ROGUEMASTER]
[https://github.com/RogueMaster/flipperzero-firmware-wPlugins](https://github.com/RogueMaster/flipperzero-firmware-wPlugins)
Awesome FlipperZero: [https://github.com/djsime1/awesome-flipperzero](https://github.com/djsime1/awesome-flipperzero)
* [Awesome FlipperZero](https://github.com/djsime1/awesome-flipperzero)
#### Firmware Update
1. Update to the latest firmware using https://flipperzero.one/update
2. Download and install qFlipper&#x20;
1. Update to the latest firmware using [https://flipperzero.one/update](https://flipperzero.one/update)
2. Download and install qFlipper
3. Connect your Flipper Zero via USB, update to the official firmware
4. Disconnect from USB, power off the Flipper Zero, and remove the SD to prepare it for flashing.
5. Download the latest RogueMaster firmware from their Github Page. https://github.com/RogueMaster/flipperzero-firmware-wPlugins
5. Download the latest [RogueMaster](https://github.com/RogueMaster/flipperzero-firmware-wPlugins) firmware from their Github Page.
6. Unzip the downloaded .zip and copy the content into /update of the Flipper SD card (including the .dfu)
7. On the Flipper Zero, once booted, press down, and left until you are on the 'Browser' screen. Scroll down until you see the 'update' directory and click on it.&#x20;
7. On the Flipper Zero, once booted, press down, and left until you are on the 'Browser' screen. Scroll down until you see the 'update' directory and click on it.
8. You should now see the contents you uploaded and an 'update' option. Hover over the 'update' option, click the center button on your Flipper, once again on the 'Run in App' option.
### Videos
* Flipper Zero: Want some good news? - Penthertz&#x20;
[https://www.youtube.com/watch?v=tB0eYatvu0k](https://www.youtube.com/watch?v=tB0eYatvu0k)
* Flipper Zero: is this for you? Follow our 1st tests! - Penthertz
[https://www.youtube.com/watch?v=W5YYObSBUno](https://www.youtube.com/watch?v=W5YYObSBUno)
* [Flipper Zero: Want some good news? - Penthertz](https://www.youtube.com/watch?v=tB0eYatvu0k)
* [Flipper Zero: is this for you? Follow our 1st tests! - Penthertz](https://www.youtube.com/watch?v=W5YYObSBUno)
### Tutorials and Resources
* [https://flipper.pingywon.com/flipper/](https://flipper.pingywon.com/flipper/)\
[https://flipper.pingywon.com/](https://flipper.pingywon.com/)
* [https://github.com/UberGuidoZ/Flipper](https://github.com/UberGuidoZ/Flipper)
* [https://interestingsoup.com/n00b-guide-flashing-flipper-zero-to-rougemaster/](https://interestingsoup.com/n00b-guide-flashing-flipper-zero-to-rougemaster/)
* [Flipper Zero Hacking 101 - pingywon](https://flipper.pingywon.com/flipper/)
* [Flipper Zero Playground - UberGuidoZ](https://github.com/UberGuidoZ/Flipper)
* [Flashing Flipper Zero with RogueMaster CFW](https://interestingsoup.com/n00b-guide-flashing-flipper-zero-to-rougemaster/)

View File

@ -1,10 +1,8 @@
# Micro::bit
### Extract source code from firmware
When the source has been build from https://makecode.microbit.org/#editor, the Javascript code is embedded into the firmware.
When the source has been build from [https://makecode.microbit.org/#editor](https://makecode.microbit.org/#editor), the Javascript code is embedded into the firmware.
```python
import bincopy

View File

@ -1,8 +1,6 @@
# Default IoT Passwords
IoT Device Default Password Lookup : https://www.defpass.com
IoT Device Default Password Lookup : [https://www.defpass.com](https://www.defpass.com)
### Mirai Wordlist

View File

@ -1,7 +1,5 @@
# Links & Hardware Kits
### Hardware Challenges & CTF
* [BLE CTF](https://github.com/hackgnar/ble\_ctf)
@ -31,4 +29,7 @@
### Hardware Kit
![HW1](https://i.ibb.co/WW55LH4/Hardware-Toolkit.jpg) ![HW2](https://i.ibb.co/F3vRmgV/Hardware-Toolkit2.jpg) ![DVID1](https://github.com/Vulcainreo/DVID/raw/master/kit-contents.jpg) ![Ph0wn Basic](https://pbs.twimg.com/media/ELVWNyKWwAAPa0T?format=jpg\&name=900x900)
![HW1](https://i.ibb.co/WW55LH4/Hardware-Toolkit.jpg)
![HW2](https://i.ibb.co/F3vRmgV/Hardware-Toolkit2.jpg)
![DVID1](https://github.com/Vulcainreo/DVID/raw/master/kit-contents.jpg)
![Ph0wn Basic](https://pbs.twimg.com/media/ELVWNyKWwAAPa0T?format=jpg\&name=900x900)

View File

@ -1,7 +1,5 @@
# LoRa
### LoRa with Arduino on 868.1MHZ
[arduino-LoRa](https://github.com/sandeepmistry/arduino-LoRa)\

View File

@ -8,7 +8,7 @@ MQTT client:
* [MQTT CLI](https://asciinema.org/a/DlPmJwXbhuAURHseamGdMy4z3/embed?speed=2\&autoplay=true)
* [MQTT Lens](https://chrome.google.com/webstore/detail/mqttlens/hemojaaeigabkbcookmlgmdigohjobjm)
* MQTT.fx
* mosquitto\_tools
* mosquitto_tools
Scan an MQTT with nmap : `nmap -p 1883 -vvv --script=mqtt-subscribe -d sensors.domain.com`

View File

@ -1,7 +1,5 @@
# RFID NFC
### Install and configuration
Dependencies to install first :\

View File

@ -1,7 +1,5 @@
# SPI
### Dump Firmware via SPI
```powershell

View File

@ -1,7 +1,5 @@
# Wifi
### Tools
* Wifite - https://github.com/derv82/wifite
@ -689,6 +687,6 @@ aircrack-ng -J network network.cap
### References
* https://uceka.com/2014/05/12/wireless-penetration-testing-cheat-sheet/
* https://www.doyler.net/security-not-included/aireplay-0841-attack
* https://gist.github.com/s4vitar/3b42532d7d78bafc824fb28a95c8a5eb
* [Wireless Penetration Testing Cheat Sheet [UPDATED 2022]](https://uceka.com/2014/05/12/wireless-penetration-testing-cheat-sheet/)
* [Aireplay 0841 Attack Introduction](https://www.doyler.net/security-not-included/aireplay-0841-attack)
* [Preparación para el OSWP (by s4vitar)](https://gist.github.com/s4vitar/3b42532d7d78bafc824fb28a95c8a5eb)