Hacking IoT devices with the FREE Attify Badge tool

. 7 min read

Welcome to another blog post by Attify – your source for all security and pentesting tips and techniques for IoT devices and mobile applications.

In this post, we would like to introduce you to the **Attify Badge Tool **– which works as a companion app to Attify Badge, which is a hardware device used to hack IoT devices and perform Hardware and Embedded device exploitation.

[![Hack IoT devices with the Attify Badge Tool](https://blog.attify.com/content/images/2017/02/Hack-IoT-Devices.png)](https://blog.attify.com/content/images/2017/02/Hack-IoT-Devices.png)Hack IoT devices with the Attify Badge Tool
## Why a tool for IoT Hardware Exploitation

So many times we have seen people who want to start into IoT security being confused about what kind of hardware setup they need or what hardware tool they need in order to interact with the devices. If they find a hardware device, it’s often not user-friendly or the installation of the required libraries is extremely painful.

The idea behind building the Attify Badge Tool is to create a tool which would be useful for both security researchers and IoT enthusiasts who would like to get started in IoT security to perform Hardware and Embedded Device Exploitation.

Speaking at a very general level, instead of reinventing the wheel – we used a collection of open source libraries and tools and wrapped them in an extremely easy to use application with a nice Graphical Interface.

Attify Badge and Attify Badge tool makes IoT device exploitation extremely easy for anyone who wants to get started with the Internet of Things Security.

For a much deeper insight on how to use the badge, you can go through this easy to follow post which we have written over here for you.

Video Demo

[embedyt] http://www.youtube.com/watch?v=KwXk7SktSDg[/embedyt]


The Attify Badge Tool is comprised of 5 main modules corresponding to the 5 protocols supported by the Attify Badge that are:

  • UART
  • SPI
  • JTAG
  • I2C
  • GPIO

So if your target device which you are trying to exploit has any of these interfaces, Attify Badge should be your go-to tool for that purpose.

The main aim of this blog post is to cover the details and usage of each module, so that once you start your IoT Exploitation journey – you can follow these to make sure you succeed.

So let’s get started. In case you would like to apply all of these techniques in real-world scenarios, consider getting our IoT Exploitation kit or sign up for our next training class.

1. UART 

UART is one of the most popular communication protocol in Embedded Devices. It is the protocol which if found, can at occasions give you a direct root shell without authentication.

Even though you have a number of tools such as Baudrate.py, Screen, minicom etc., how many tools are you going to use! Rather use a single tool for the entire Hardware exploitation purpose and focus on the end goal, not the means.

Here’s what the UART functionality in Attify Badge Tool does:

  1. Detects external USB devices connected to the system and adds them to the combo box on the top left corner of the GUI.
  2. Select the USB port where you have your device attached and the baudrate you want to use. If you’re unsure you can later on change the baudrate.
    Connect over UART using Attify Badge toolHow to connect over UART using Attify Badge tool
  3. After selecting the required baud rate, press enter to connect to the device. The connection status will be shown in the status bar on the bottom.The data received from the UART device will be printed on the black console window.You can use the edit box below it to interact with the device. The combo box on the bottom right corner allows you to chose the line terminator for each line that you send to the device.
[![Bootup messages of a device over UART serial](https://blog.attify.com/content/images/2017/02/UART-bootup-1.png)](https://blog.attify.com/content/images/2017/02/UART-bootup-1.png)Bootup messages of a device over UART serial

2. SPI (Serial Peripheral Interface)

The SPI module is built on top of the popular flashrom  command line tool.  It allows users to detect, read, write and erase SPI based memory of the target device connected to the Attify Badge.

The usage is pretty straight forward.

  1. Select the required operation from the drop-down menu.SPI analysis using Attify Badge
  2. In the case of read/write commands, specify a file path where the data will be stored or retrieved.  An example path would be ~/files/firmware.bin  .
    Firmware dumping using SPIFirmware dumping using SPI


The JTAG or the Joint Test Action Group is one of the most useful standards for exploiting a device. However, there is not a lot of publicly available information on this topic.

The JTAG module is built primarily using OpenOCD and GDB. This blog post does not go into the details of OpenOCD and GDB but a basic understanding of both is necessary to get the most out of the tool. In case you would like to learn JTAG Debugging and Exploitation, consider buying our self-learning JTAG exploitation kit available here.

Steps for JTAG Exploitation

  1. Select the appropriate configuration file for your target device.The example used in the screenshot below shows the configuration file for the STM32 ARM MicroController. Custom configuration files can be added directly to the cfg/  directory.
  2. Click on Start OpenOCD Server. This will show the below screen.
  3. The next step is to connect to the OpenOCD server by clicking the “Connect to OpenOCD Server” button.This will launch a new terminal window with a telnet session connected to the OpenOCD Server.
    Debugging with JTAG and OpenOCDDebugging with JTAG and OpenOCD
  4. You can also use GDB in order to do further analysis – such as identifying and exploiting flaws in the firmware.To do this you need to have the corresponding elf file. Enter the path to the elf file in the path edit box and click on the “**Run GDB**“.This will launch a gdb session using which you can analyze the device.Never before has been using JTAG, OpenOCD and GDB so simple. I believe this gives you enough motivation to start using Attify Badge tool and hack IoT devices.
[![Connect GDB for JTAG debugging ](https://blog.attify.com/content/images/2017/02/jtag3.png)](https://blog.attify.com/content/images/2017/02/jtag3.png)Connect GDB for JTAG debugging

4. I2C

The I2C module can be used to find I2C devices and to read, write and erase the contents of I2C EEPROMs connected to the badge.

[![Find I2C devices using Attify Badge tool](https://blog.attify.com/content/images/2017/02/i2c-1.png)](https://blog.attify.com/content/images/2017/02/i2c-1.png)Find I2C devices using Attify Badge tool
In order to use it just select the required operation from the drop-down menu, enter the file path if required and click the “**Run**” button.
[![Dump contents from I2C chip](https://blog.attify.com/content/images/2017/02/i2c-2.png)](https://blog.attify.com/content/images/2017/02/i2c-2.png)Dump contents from I2C chip
## **5. GPIO**

The GPIO module allows users to use the pins D0 to D7 on the Badge as GPIO pins. If you are a hardware hacker or an electronics enthusiast, this would be typically interesting – because this allows you to extend the badge and maybe even connect your own additional devices to the badge.

To use, select the required mode ( Input / Output ) from the combo box next to the name of each pin.

Output Mode:

Checking the check box next to each pin will change the pin state to HIGH, un-checking the check box would change the pin state to LOW.

Input Mode:

In order to use the pins in input mode, change the modes of the required pins to Input, check them in order to activate the pins.

Click on “Start Input Monitor” to launch the Input Monitor Widget.

Click the start button on the Input Monitor Widget to start monitoring the input received to the selected pins.

Hack IoT devices and Pentest using the Attify Badge tool

The tool is Open Source and can be download from Attify’s Github Repository.

In case you don’t have an Attify Badge, you can purchase the badge here – Attify Store.

If you would like to learn IoT Security and Exploitation – all by yourself, you can get our IoT Exploitation Learning kit by clicking on the link below.


This is the first release of the Attify Badge Tool, and we have several improvements and features on our roadmap.

In case you have issues with the tool, or wish to have more functionalities added to the tool, feel free to create an Issue on the github repo or Contact the developers directly on the Github page of the tool.

Any contributions to the tool whether it’s code, bug reports or feature requests would be appreciated.

Attify Team

IoT Security and Penetration Testing

Get IoT Security Training

IoT Pentesting Exploitation Training


Android android application security android hands on security and exploitation training android security Apktool application auditing application security auditing appsec usa appwatch attify attify badge attify training binwalk blackberry pentesting blackhat ble BLE hacking and exploitation BLE sniffing box brut Exception chroot cloud based mobile application security scanner consulting CTF Damn Vulnerable iOS App devops dumping memory embedded hacking exploitation exploiting smart devices Firmware hacking frida hackfest hacking smart devices how to secure iot device IDA internet of things Internet of Things Security ios application security ios security iot iot device IoT Exploitation iot hacking iot pentest iot pentesting iot security iot security training iotsecurity jtag jtag debugging mobile app mobile application security mobile application security testing mobile security ninja recon technique offensive iot exploitation ola cabs owasp owasp appsec penetration testing pentesting pentesting mobile apps powerofcommunity PrinterSecurity qemu quizup radio communication protocol radio coomunication Reversing sdr secure coding guidelines security security issue security services security training security vulnerability smart devices social networking spi threat modeling training uart vulnerability writeups xposed hooking zigbee zigbee exploitation zigbee security zwave firmware reverse engineering firmware emulation firmware analysis toolkit firmadyne getting started with firmware hacking iot penetration testing iot attacks recent iot attacks cyber attacks iot hacks biggest iot attacks of all time hacked smart devices iot bots, malwares latest iot attacks BtleJuice bleah retail iot challenges in iot retail security issues faced by e-retailers network security in retail DDoS attacks phishing attacks how retail can prevent cyber attacks security challenges in retail IoT Flare-on radio waves hacking arduino nano how to hack radio waves analog modulation digital modulation capture radio traffic bluetooth technology BLE vulnerabilities BLE attacks BLE dangers BLE security issues exploiting ble how to exploit ble tools to exploit ble privacy protection iot threats protect against iot threats dangers of iot smart user security how to protect iot devices monitor iot devices internet security safety measures to protect privacy healthcare iot iot threats to healthcare industry how can healthcare fight iot threats healthcare cyber security prevent cyber attacks on healthcare measures to prevent cyber attacks on healthcare organisations steps to prevent iot attacks on healthcare healthcare business protection against iot threats security in healthcare iot recent cyber attacks recent ARM attacks ARM course ARM Training ARM binaries Exploit ARM devices IoT hacks on ARM devices ARM gadgets learn ARM exploitation Mirai Botnet vulnerable ARM devices arm