Fix multiple broken links
parent
af1faa4a8d
commit
5fb3bc7659
|
@ -1,2 +1,6 @@
|
|||
# HardwareAllTheThings
|
||||
Hardware Pentesting Wiki
|
||||
|
||||
A list of useful payloads and bypasses for Hardware and IOT Security.
|
||||
Feel free to improve with your payloads and techniques !
|
||||
|
||||
I :heart: pull requests :)
|
|
@ -4,6 +4,11 @@
|
|||
|
||||
:warning: Informations from this repository is very dense, you may encounter information overflow
|
||||
|
||||
A list of useful payloads and bypasses for Hardware and IOT Security.
|
||||
Feel free to improve with your payloads and techniques !
|
||||
|
||||
I :heart: pull requests :)
|
||||
|
||||
<p align="center">
|
||||
<img src="https://raw.githubusercontent.com/swisskyrepo/HardwareAllTheThings/master/docs/assets/logo.png">
|
||||
<img src="https://raw.githubusercontent.com/swisskyrepo/HardwareAllTheThings/master/docs/assets/logo.png" style="max-width: 400px;">
|
||||
</p>
|
||||
|
|
|
@ -1,13 +1,5 @@
|
|||
---
|
||||
cover: >-
|
||||
https://images.unsplash.com/photo-1511497584788-876760111969?ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&ixlib=rb-1.2.1&auto=format&fit=crop&w=3432&q=80
|
||||
coverY: 0
|
||||
---
|
||||
|
||||
# JTAG
|
||||
|
||||
****
|
||||
|
||||
### Summary
|
||||
|
||||
* JTAG Pins
|
||||
|
@ -70,6 +62,6 @@ Arduino PIN Layout
|
|||
|
||||
### References
|
||||
|
||||
* JTAGulator vs. JTAGenum, Tools for Identifying JTAG Pins in IoT Devices by Dylan Ayrey - https://www.praetorian.com/blog/jtagulator-vs-jtagenum-tools-for-identifying-jtag-pins-in-iot-devices?edition=2019
|
||||
* https://just2secure.blogspot.com/2017/02/jtag-pin-identification.html
|
||||
* https://wrongbaud.github.io/jtag-hdd/
|
||||
* [JTAGulator vs. JTAGenum, Tools for Identifying JTAG Pins in IoT Devices by Dylan Ayrey](https://www.praetorian.com/blog/jtagulator-vs-jtagenum-tools-for-identifying-jtag-pins-in-iot-devices?edition=2019)
|
||||
* [JTAG PIN Identification - February 21, 2017](https://just2secure.blogspot.com/2017/02/jtag-pin-identification.html)
|
||||
* [Hardware Debugging for Reverse Engineers Part 2: JTAG, SSDs and Firmware Extraction - Posted Apr 2, 2020 by wrongbaud](https://wrongbaud.github.io/posts/jtag-hdd/)
|
|
@ -18,3 +18,8 @@ JTAG and SWD are similar and can be interfaced with each other:
|
|||
| TDO | SWV | JTAG Test data output / SWV trace data output |
|
||||
| TMS | SWDIO | JTAG test mode select / SWD data in and out |
|
||||
| GND | GND | - |
|
||||
|
||||
|
||||
## References
|
||||
|
||||
* [Hardware Debugging for Reverse Engineers Part 1: SWD, OpenOCD and Xbox One Controllers - Posted Jan 30, 2020 by wrongbaud](https://wrongbaud.github.io/posts/stm-xbox-jtag/)
|
|
@ -1,13 +1,5 @@
|
|||
---
|
||||
cover: >-
|
||||
https://images.unsplash.com/photo-1526304640581-d334cdbbf45e?ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&ixlib=rb-1.2.1&auto=format&fit=crop&w=2970&q=80
|
||||
coverY: 0
|
||||
---
|
||||
|
||||
# UART
|
||||
|
||||
****
|
||||
|
||||
### Summary
|
||||
|
||||
* UART
|
||||
|
@ -43,7 +35,7 @@ Connect to UART using an USB to TTL, then find the `/dev/ttyUSB0` device in the
|
|||
#### Detect baudrate
|
||||
|
||||
Standard baud rate are `110`, `300`, `600`, `1200`, `2400`, `4800`, `9600`, `14400`, `19200`, `38400`, `57600`, `115200`, `128000` and `256000`.\
|
||||
Auto-detect baud rate using the script : https://github.com/devttys0/baudrate/blob/master/baudrate.py
|
||||
Auto-detect baud rate using the script : [devttys0/baudrate/baudrate.py](https://github.com/devttys0/baudrate/blob/master/baudrate.py)
|
||||
|
||||
#### Interact with the /dev/ttyUSB0
|
||||
|
||||
|
@ -79,15 +71,16 @@ It’s an emulation of serial port over BLE. The UUID of the Nordic UART Service
|
|||
|
||||
* **RX Characteristic** (UUID: 6E400002-B5A3-F393-E0A9-E50E24DCCA9E) : The peer can send data to the device by writing to the RX Characteristic of the service. ATT Write Request or ATT Write Command can be used. The received data is sent on the UART interface.
|
||||
* **TX Characteristic** (UUID: 6E400003-B5A3-F393-E0A9-E50E24DCCA9E) : If the peer has enabled notifications for the TX Characteristic, the application can send data to the peer as notifications. The application will transmit all data received over UART as notifications.
|
||||
* nRF UART 2.0 - Nordic Semiconductor ASA - https://play.google.com/store/apps/details?id=com.nordicsemi.nrfUARTv2
|
||||
* Specifications - https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v14.0.0%2Fble\_sdk\_app\_nus\_eval.html
|
||||
* https://thejeshgn.com/2016/10/01/uart-over-bluetooth-low-energy/
|
||||
* [nRF UART 2.0 - Nordic Semiconductor ASA](https://play.google.com/store/apps/details?id=com.nordicsemi.nrfUARTv2)
|
||||
* [UART/Serial Port Emulation over BLE](https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v14.0.0%2Fble_sdk_app_nus_eval.html)
|
||||
* [UART Over Bluetooth Low Energy](https://thejeshgn.com/2016/10/01/uart-over-bluetooth-low-energy/)
|
||||
|
||||
Example with Micro::bit :
|
||||
|
||||
* https://makecode.microbit.org/v1/98535-28913-33692-07418
|
||||
* https://support.microbit.org/support/solutions/articles/19000062330-using-the-micro-bit-bluetooth-low-energy-uart-serial-over-bluetooth-
|
||||
* [https://makecode.microbit.org/v1/98535-28913-33692-07418](https://makecode.microbit.org/v1/98535-28913-33692-07418)
|
||||
* [Using the micro:bit Bluetooth Low Energy UART (serial over Bluetooth)](https://support.microbit.org/support/solutions/articles/19000062330-using-the-micro-bit-bluetooth-low-energy-uart-serial-over-bluetooth-)
|
||||
|
||||
### Examples
|
||||
|
||||
![](https://developer.android.com/things/images/raspberrypi-console.png) ![](http://remotexy.com/img/help/help-esp8266-firmware-update-usbuart.png)
|
||||
![](https://developer.android.com/things/images/raspberrypi-console.png)
|
||||
![](http://remotexy.com/img/help/help-esp8266-firmware-update-usbuart.png)
|
|
@ -2,15 +2,13 @@
|
|||
|
||||
## Searchable FCC ID Database
|
||||
|
||||
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission
|
||||
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission.
|
||||
|
||||
* [https://fccid.io/](https://fccid.io/)
|
||||
* [fccid.io](https://fccid.io/)
|
||||
|
||||
For legal sale of wireless deices in the US, manufacturers must:
|
||||
|
||||
* Have the device evaluated by an independent lab to ensure it conforms to FCC standards
|
||||
* Provide documentation to the FCC of the lab results
|
||||
* Provide User Manuals, Documentation, and Photos relating to the device
|
||||
* [Digitally](https://fccid.io/blog/2014/11/e-label-act/) or physically label the device with the unique identifier provided by the FCC (upon approved application)
|
||||
|
||||
\
|
||||
* [Digitally](https://fccid.io/blog/2014/11/e-label-act/) or physically label the device with the unique identifier provided by the FCC (upon approved application)
|
|
@ -1,9 +1,3 @@
|
|||
---
|
||||
cover: >-
|
||||
https://images.unsplash.com/photo-1552664730-d307ca884978?ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&ixlib=rb-1.2.1&auto=format&fit=crop&w=2970&q=80
|
||||
coverY: 0
|
||||
---
|
||||
|
||||
# Firmware Dumping
|
||||
|
||||
### Summary
|
||||
|
@ -148,4 +142,4 @@ sudo unsquashfs -f -d /media/seagate /tmp/file.squashfs
|
|||
|
||||
![](https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581004558438-UJV08PX8O5NVAQ6Z8HXI/ke17ZwdGBToddI8pDm48kHSRIhhjdVQ3NosuzDMrTulZw-zPPgdn4jUwVcJE1ZvWQUxwkmyExglNqGp0IvTJZamWLI2zvYWH8K3-s\_4yszcp2ryTI0HqTOaaUohrI8PIYASqlw8FVQsXpiBs096GedrrOfpwzeSClfgzB41Jweo/Picture2.png?format=1000w)
|
||||
|
||||
* https://www.zerodayinitiative.com/blog/2020/2/6/mindshare-dealing-with-encrypted-router-firmware
|
||||
* [MINDSHARE: DEALING WITH ENCRYPTED ROUTER FIRMWARE](https://www.zerodayinitiative.com/blog/2020/2/6/mindshare-dealing-with-encrypted-router-firmware)
|
||||
|
|
|
@ -21,9 +21,7 @@ Prerequisite:
|
|||
|
||||
> To load it properly in IDA, open the file, select ATMEL AVR and then select ATmega323\_L.
|
||||
|
||||
https://thanat0s.trollprod.org/2014/01/loader-un-binaire-arduino-dans-ida/
|
||||
|
||||
* ESP8266 : https://github.com/themadinventor/ida-xtensa
|
||||
* ESP8266 : [https://github.com/themadinventor/ida-xtensa](https://github.com/themadinventor/ida-xtensa)
|
||||
|
||||
### Loading bare-metal binaries into Radare2
|
||||
|
||||
|
@ -70,11 +68,11 @@ jmp 0x59ae
|
|||
|
||||
### Loading bare-metal binaries into Ghidra
|
||||
|
||||
* SVD-Loader for Ghidra: Simplifying bare-metal ARM reverse engineering - https://leveldown.de/blog/svd-loader/
|
||||
* SVD-Loader for Ghidra: Simplifying bare-metal ARM reverse engineering - [svd-loader/](https://leveldown.de/blog/svd-loader/)
|
||||
|
||||
### ESPTool
|
||||
|
||||
ESP8266 and ESP32 serial bootloader utility : github.com/espressif/esptool
|
||||
ESP8266 and ESP32 serial bootloader utility : [espressif/esptool](https://github.com/espressif/esptool)
|
||||
|
||||
```powershell
|
||||
josh@ioteeth:/tmp/reversing$ ~/esptool/esptool.py image_info recovered_file
|
||||
|
@ -87,7 +85,7 @@ Segment 1: len 0x00568 load 0x4010f000 file_offs 0x00000008
|
|||
|
||||
### nRF5x Firmware disassembly tools
|
||||
|
||||
* https://github.com/DigitalSecurity/nrf5x-tools
|
||||
* [DigitalSecurity/nrf5x-tools](https://github.com/DigitalSecurity/nrf5x-tools)
|
||||
|
||||
```powershell
|
||||
$ python3 nrfident.py bin firmwares/s132.bin
|
||||
|
@ -113,8 +111,8 @@ ROM length : 0x5d000
|
|||
|
||||
### Pure disassemblers
|
||||
|
||||
* Vavrdisasm -- vAVRdisasm will auto-recognize Atmel Generic, Intel HEX8, and Motorola S-Record files - https://github.com/vsergeev/vavrdisasm
|
||||
* ODAweb -- https://www.onlinedisassembler.com/odaweb/
|
||||
* Vavrdisasm -- vAVRdisasm will auto-recognize Atmel Generic, Intel HEX8, and Motorola S-Record files - [vsergeev/vavrdisasm](https://github.com/vsergeev/vavrdisasm)
|
||||
* [ODA - The Online Disassembler](https://www.onlinedisassembler.com/odaweb/)
|
||||
* avr-objdump – gcc kit standard tool
|
||||
|
||||
```powershell
|
||||
|
@ -132,7 +130,7 @@ $ simulavr -P atmega128 -F 16000000 –f build-crumbuino128/ex1.1.elf
|
|||
|
||||
### UEFI Firmware
|
||||
|
||||
Parse BIOS/Intel ME/UEFI firmware related structures: Volumes, FileSystems, Files, etc - [https://github.com/theopolis/uefi-firmware-parser](https://github.com/theopolis/uefi-firmware-parser)
|
||||
Parse BIOS/Intel ME/UEFI firmware related structures: Volumes, FileSystems, Files, etc - [theopolis/uefi-firmware-parser](https://github.com/theopolis/uefi-firmware-parser)
|
||||
|
||||
```
|
||||
sudo pip install uefi_firmware
|
||||
|
@ -143,3 +141,7 @@ $ uefi-firmware-parser --test ~/firmware/*
|
|||
~/firmware/O990-A03.exe: None
|
||||
~/firmware/O990-A03.exe.hdr: DellPFS
|
||||
```
|
||||
|
||||
## References
|
||||
|
||||
* [Loader un binaire Arduino dans IDA - Posted on January 26, 2014 by thanatos](https://thanat0s.trollprod.org/2014/01/loader-un-binaire-arduino-dans-ida/)
|
|
@ -1,8 +1,6 @@
|
|||
# Bus Pirate
|
||||
|
||||
|
||||
|
||||
![](https://iotmyway.files.wordpress.com/2018/05/mode-guide.png)
|
||||
![MOSI-MISO](https://iotmyway.files.wordpress.com/2018/05/mode-guide.png)
|
||||
|
||||
### Update Bus Pirate
|
||||
|
||||
|
@ -18,4 +16,4 @@ sudo flashrom –p buspirate_spi:dev=/dev/ttyUSB0
|
|||
|
||||
# Dump firmware using a bus pirate (SPI)
|
||||
sudo flashrom –p Buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M –c (Chip name) –r (Name.bin)
|
||||
```
|
||||
```
|
|
@ -1,50 +1,36 @@
|
|||
---
|
||||
description: https://flipperzero.one/
|
||||
---
|
||||
|
||||
# Flipper Zero
|
||||
|
||||
![FlipperZero](../assets/image.png)
|
||||
|
||||
### **Firmwares**
|
||||
|
||||
* Flipper Zero Firmware\
|
||||
[https://github.com/flipperdevices/flipperzero-firmware](https://github.com/flipperdevices/flipperzero-firmware)
|
||||
* Flipper Zero Unleashed Firmware
|
||||
* [Flipper Zero Firmware](https://github.com/flipperdevices/flipperzero-firmware)
|
||||
* [Flipper Zero Unleashed Firmware](https://github.com/Eng1n33r/flipperzero-firmware)
|
||||
* [Flipper Zero FW RogueMaster](https://github.com/RogueMaster/flipperzero-firmware-wPlugins)
|
||||
|
||||
[https://github.com/Eng1n33r/flipperzero-firmware](https://github.com/Eng1n33r/flipperzero-firmware)
|
||||
* Flipper Zero FW \[ROGUEMASTER]
|
||||
|
||||
[https://github.com/RogueMaster/flipperzero-firmware-wPlugins](https://github.com/RogueMaster/flipperzero-firmware-wPlugins)
|
||||
|
||||
Awesome FlipperZero: [https://github.com/djsime1/awesome-flipperzero](https://github.com/djsime1/awesome-flipperzero)
|
||||
* [Awesome FlipperZero](https://github.com/djsime1/awesome-flipperzero)
|
||||
|
||||
#### Firmware Update
|
||||
|
||||
1. Update to the latest firmware using https://flipperzero.one/update
|
||||
2. Download and install qFlipper 
|
||||
1. Update to the latest firmware using [https://flipperzero.one/update](https://flipperzero.one/update)
|
||||
2. Download and install qFlipper
|
||||
3. Connect your Flipper Zero via USB, update to the official firmware
|
||||
4. Disconnect from USB, power off the Flipper Zero, and remove the SD to prepare it for flashing.
|
||||
5. Download the latest RogueMaster firmware from their Github Page. https://github.com/RogueMaster/flipperzero-firmware-wPlugins
|
||||
5. Download the latest [RogueMaster](https://github.com/RogueMaster/flipperzero-firmware-wPlugins) firmware from their Github Page.
|
||||
6. Unzip the downloaded .zip and copy the content into /update of the Flipper SD card (including the .dfu)
|
||||
7. On the Flipper Zero, once booted, press down, and left until you are on the 'Browser' screen. Scroll down until you see the 'update' directory and click on it. 
|
||||
7. On the Flipper Zero, once booted, press down, and left until you are on the 'Browser' screen. Scroll down until you see the 'update' directory and click on it.
|
||||
8. You should now see the contents you uploaded and an 'update' option. Hover over the 'update' option, click the center button on your Flipper, once again on the 'Run in App' option.
|
||||
|
||||
### Videos
|
||||
|
||||
* Flipper Zero: Want some good news? - Penthertz 
|
||||
|
||||
[https://www.youtube.com/watch?v=tB0eYatvu0k](https://www.youtube.com/watch?v=tB0eYatvu0k)
|
||||
* Flipper Zero: is this for you? Follow our 1st tests! - Penthertz
|
||||
|
||||
[https://www.youtube.com/watch?v=W5YYObSBUno](https://www.youtube.com/watch?v=W5YYObSBUno)
|
||||
* [Flipper Zero: Want some good news? - Penthertz](https://www.youtube.com/watch?v=tB0eYatvu0k)
|
||||
* [Flipper Zero: is this for you? Follow our 1st tests! - Penthertz](https://www.youtube.com/watch?v=W5YYObSBUno)
|
||||
|
||||
### Tutorials and Resources
|
||||
|
||||
* [https://flipper.pingywon.com/flipper/](https://flipper.pingywon.com/flipper/)\
|
||||
[https://flipper.pingywon.com/](https://flipper.pingywon.com/)
|
||||
* [https://github.com/UberGuidoZ/Flipper](https://github.com/UberGuidoZ/Flipper)
|
||||
* [https://interestingsoup.com/n00b-guide-flashing-flipper-zero-to-rougemaster/](https://interestingsoup.com/n00b-guide-flashing-flipper-zero-to-rougemaster/)
|
||||
* [Flipper Zero Hacking 101 - pingywon](https://flipper.pingywon.com/flipper/)
|
||||
* [Flipper Zero Playground - UberGuidoZ](https://github.com/UberGuidoZ/Flipper)
|
||||
* [Flashing Flipper Zero with RogueMaster CFW](https://interestingsoup.com/n00b-guide-flashing-flipper-zero-to-rougemaster/)
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
# Micro::bit
|
||||
|
||||
|
||||
|
||||
### Extract source code from firmware
|
||||
|
||||
When the source has been build from https://makecode.microbit.org/#editor, the Javascript code is embedded into the firmware.
|
||||
When the source has been build from [https://makecode.microbit.org/#editor](https://makecode.microbit.org/#editor), the Javascript code is embedded into the firmware.
|
||||
|
||||
```python
|
||||
import bincopy
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
# Default IoT Passwords
|
||||
|
||||
|
||||
|
||||
IoT Device Default Password Lookup : https://www.defpass.com
|
||||
IoT Device Default Password Lookup : [https://www.defpass.com](https://www.defpass.com)
|
||||
|
||||
### Mirai Wordlist
|
||||
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
# Links & Hardware Kits
|
||||
|
||||
|
||||
|
||||
### Hardware Challenges & CTF
|
||||
|
||||
* [BLE CTF](https://github.com/hackgnar/ble\_ctf)
|
||||
|
@ -31,4 +29,7 @@
|
|||
|
||||
### Hardware Kit
|
||||
|
||||
![HW1](https://i.ibb.co/WW55LH4/Hardware-Toolkit.jpg) ![HW2](https://i.ibb.co/F3vRmgV/Hardware-Toolkit2.jpg) ![DVID1](https://github.com/Vulcainreo/DVID/raw/master/kit-contents.jpg) ![Ph0wn Basic](https://pbs.twimg.com/media/ELVWNyKWwAAPa0T?format=jpg\&name=900x900)
|
||||
![HW1](https://i.ibb.co/WW55LH4/Hardware-Toolkit.jpg)
|
||||
![HW2](https://i.ibb.co/F3vRmgV/Hardware-Toolkit2.jpg)
|
||||
![DVID1](https://github.com/Vulcainreo/DVID/raw/master/kit-contents.jpg)
|
||||
![Ph0wn Basic](https://pbs.twimg.com/media/ELVWNyKWwAAPa0T?format=jpg\&name=900x900)
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
# LoRa
|
||||
|
||||
|
||||
|
||||
### LoRa with Arduino on 868.1MHZ
|
||||
|
||||
[arduino-LoRa](https://github.com/sandeepmistry/arduino-LoRa)\
|
||||
|
|
|
@ -8,7 +8,7 @@ MQTT client:
|
|||
* [MQTT CLI](https://asciinema.org/a/DlPmJwXbhuAURHseamGdMy4z3/embed?speed=2\&autoplay=true)
|
||||
* [MQTT Lens](https://chrome.google.com/webstore/detail/mqttlens/hemojaaeigabkbcookmlgmdigohjobjm)
|
||||
* MQTT.fx
|
||||
* mosquitto\_tools
|
||||
* mosquitto_tools
|
||||
|
||||
Scan an MQTT with nmap : `nmap -p 1883 -vvv --script=mqtt-subscribe -d sensors.domain.com`
|
||||
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
# RFID NFC
|
||||
|
||||
|
||||
|
||||
### Install and configuration
|
||||
|
||||
Dependencies to install first :\
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
# SPI
|
||||
|
||||
|
||||
|
||||
### Dump Firmware via SPI
|
||||
|
||||
```powershell
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
# Wifi
|
||||
|
||||
|
||||
|
||||
### Tools
|
||||
|
||||
* Wifite - https://github.com/derv82/wifite
|
||||
|
@ -689,6 +687,6 @@ aircrack-ng -J network network.cap
|
|||
|
||||
### References
|
||||
|
||||
* https://uceka.com/2014/05/12/wireless-penetration-testing-cheat-sheet/
|
||||
* https://www.doyler.net/security-not-included/aireplay-0841-attack
|
||||
* https://gist.github.com/s4vitar/3b42532d7d78bafc824fb28a95c8a5eb
|
||||
* [Wireless Penetration Testing Cheat Sheet [UPDATED – 2022]](https://uceka.com/2014/05/12/wireless-penetration-testing-cheat-sheet/)
|
||||
* [Aireplay 0841 Attack – Introduction](https://www.doyler.net/security-not-included/aireplay-0841-attack)
|
||||
* [Preparación para el OSWP (by s4vitar)](https://gist.github.com/s4vitar/3b42532d7d78bafc824fb28a95c8a5eb)
|
Loading…
Reference in New Issue