courses

IoT Security Tools

Hardware Toolkit

There are many tools available for IoT security testing and development. Here is the contents of my hardware toolkit:

IoT Security Tools

  1. StickVise: A compact and portable vise for holding small objects securely while working on them. You can even 3D print cup holders for it.
  2. Solder sucker/Desoldering pump: A tool for removing solder from circuit boards. This is useful for repairing or modifying electronic components.
  3. USB soldering iron. This one is the Pinecil Soldering Iron. At the price, it’s hard to beat. Not going to work as well as a high-end soldering iron, but it’s portable and works well enough for most tasks.
  4. Flux pen: A flux pen is used to apply flux to the soldering area. Flux helps to clean the surface and improve the flow of solder.
  5. JTAGulator: A tool for identifying JTAG pinouts on unknown devices. This is useful for reverse engineering and debugging.
  6. Bitscope: A mixed signal oscilloscope and logic analyzer. Somewhat similar to the Saleae Logic Pro, but lower speed and with the ability to use standard oscilloscope probes. This is useful for debugging and reverse engineering electronic components.
  7. IP-KVM: A network addressable device that allows remote access to a computer’s keyboard, video, and mouse. This is useful for managing headless systems or systems in remote locations. This specific model is the GL.inet Comet
  8. BladeRF 2.0 Micro xA9: A software-defined radio (SDR) platform that can be used for a variety of wireless communication applications, including IoT security testing.
  9. Raspberry Pi 5: A small, single-board computer computer. It can be used for a variety of tasks, including running security tools, extracting firmware, and emulating IoT devices.
  10. Notebook: Probably the single most important tool in the kit. This is where all the research, notes, and documentation will go. Get yourself a good one, a nice pen, and go to town. Depending on what your goals are, this may be a critical piece of any patent or legal defense. Date and sign every page. Don’t leave blank pages. If you make a mistake, cross it out with a single line and initial it. Never use white-out or tape to cover up mistakes. We will talk about this in greater detail in class.
  11. Raspberry Pi 4 CM based HMI Just like the Pi 5 above, but this one has a touchscreen. When you need to interact with a device but have no network handy for SSH, this is a great option.
  12. Pocket Beagle 2: A small, low-cost, open-source development board based on the BeagleBone architecture. Most importantly, it has a lot of GPIO pins and extensive realtime capabilities. For when you need a clocked protocol or need to bit-bang something at a very specific timing.
  13. Variable antenna: A variable antenna is a type of antenna that can be adjusted to different frequencies. This is useful for testing and analyzing wireless signals.
  14. Portable document camera. A document camera is a type of camera that can be used to capture images or video of documents or objects. This is useful for documenting your work or sharing information with others. Can also be used for PCB inspection, especially when paired with a good magnification source. This one is the ELMO MX-P.
  15. Precision screwdriver set: A precision screwdriver set is a collection of small screwdrivers that are used for working with small screws. This is useful for repairing or modifying electronic components. iFixit makes a great set, as does Jakemy.
  16. Chip Whisperer Lite: A tool for side-channel power analysis and fault injection. This is useful for testing the security of cryptographic implementations.
  17. Faultier: The Hextree Faultier is a low-cost piece hardware for performing voltage fault-injection attacks. Similar to the ChipWhisperer, but doesn’t cost an arm and a leg.

  18. Bus Pirate 6. A multi-purpose bus interface tool for debugging and interacting with various protocols. You can script it via python serial commands like so:

    import serial

BUSPIRATE_PORT = '/dev/cu.usbmodem6buspirate1' #customize this! 

def interact(ser,cmd):
    """send the command and listen to the response."""
    ser.write(str(cmd+'\r\n').encode('ascii')) # send our command
    return ser.readlines() # get the response

def send(ser, cmd):
     """send the command without listening for a response."""
     ser.write(str(cmd+'\r\n').encode('ascii')) # send our command

def flush(ser):
     while ser
     return ser.readlines() # flush any data

ser=serial.Serial(BUSPIRATE_PORT, 115200, timeout=1) # is com free
  19. Variable power supply: A variable power supply is a type of power supply that can be adjusted to different voltages and currents. This is useful for testing and powering electronic components, not all of which are covered by USB power.
  20. DSO Nano v3: A portable oscilloscope for measuring and analyzing electronic signals. This is useful for debugging and reverse engineering electronic components.
  21. Saleae Logic Pro 8: A high-performance logic analyzer for capturing and analyzing digital signals. We will spend a lot of time with this tool.
  22. Glasgow Interface Explorer: An open-source hardware tool for exploring and interacting with various digital interfaces. Similar to the Bus Pirate, but with more features and capabilities.
  23. Black Magic Probe: An open-source JTAG/SWD debugger for ARM Cortex-M microcontrollers. This is useful for debugging and programming embedded systems.
  24. 8-channel TTL interface board: This board provides 8 channels of TTL-level input and output, which can be used for interfacing with various digital devices and protocols.
  25. Tigard: An open-source hardware tool for testing and analyzing various digital interfaces. Similar to the Bus Pirate and Glasgow, but with different features and capabilities.
  26. Exodus Intelligence Xi board: A multi-purpose hardware tool for interacting with various digital interfaces and protocols. Similar to the Bus Pirate, Glasgow, and Tigard, but with different features and capabilities. Not for retail purchase, but cool if you can get one.
  27. Multimeter: Probably the second most important tool in the kit. A multimeter is a versatile tool that can be used to measure voltage, current, and resistance. Additionally, it can help find different pintouts on unknown devices. A good multimeter is a must-have for any electronics work.
  28. BitMagic Logic Analyzer: A low-cost logic analyzer that integrates with the Tigard board. This is useful for capturing and analyzing digital signals on the Tigard itself.

Not pictured:

  1. Wire cutters/strippers: I like the Katapult for this. There are many others that work well, too.
  2. Adapters for various protocols (FTDI, CAN, RS485, etc.)
  3. Ethernet tap: I like to use a Pi5 and something like this as a tap. There are many turn-key options available, but this has the added benefit of also acting as a wired router when not being used as a tap. Plus, it can act like a Packet Squirrel when needed for MiTM attacks.
  4. WiFi adapter capable of monitor mode. I like Alfa cards for this. Anything based on a MediaTek, Atheros, or Ralink chipset should work well.
  5. Good quality magnifying glass or loupe: A good magnifying glass or loupe is essential for inspecting small components and solder joints.
  6. Video cables (HDMI, VGA, etc.)
  7. Jumper wires: M-M, F-F, M-F. Lots of them.
  8. Solder: Get good quality solder. I avoid lead-free solder for most tasks, as it is harder to work with. That said, heavy-metal poisoning is no joke.
  9. Wire harnesses for the various tools: debug ports, logic analyzer, oscilloscope, etc. Most use standard 0.1” pitch headers, so you can make your own if needed. Some use JST connectors, which are a bit harder to source, but still doable.
  10. USB-PD battery pack: Get one that can handle high output (45W or more). This will allow you to power your Pi5, BladeRF, and other high-power devices when you are away from a wall outlet.
  11. HackRF One + Portapack: A software-defined radio (SDR) platform that can be used for a variety of wireless communication applications, including IoT security testing.
  12. Flipper Zero: A portable multi-tool for pentesters and hardware hackers. It has a variety of features, including RFID emulation, infrared control, USB RubberDucky functionality, and GPIO pins.
  13. Travel router with OpenWRT/OpnSense: A small, portable router that can be configured for various networking tasks, including VPN access and network monitoring. Also works to repeat wireless signals when needed.
  14. Helping hands/magnifier/light source: A tool that holds small objects in place while you work on them. This is useful for soldering and other precision tasks. Reading chip labels is much easier with a good light and magnification source.