Hacking IoT devices with the FREE Attify Badge tool

. 7 min read

Welcome to another blog post by Attify – your source for all security and pentesting tips and techniques for IoT devices and mobile applications.

In this post, we would like to introduce you to the **Attify Badge Tool **– which works as a companion app to Attify Badge, which is a hardware device used to hack IoT devices and perform Hardware and Embedded device exploitation.

Hack IoT devices with the Attify Badge Tool

Hack IoT devices with the Attify Badge Tool

Why a tool for IoT Hardware Exploitation

So many times we have seen people who want to start into IoT security being confused about what kind of hardware setup they need or what hardware tool they need in order to interact with the devices. If they find a hardware device, it’s often not user-friendly or the installation of the required libraries is extremely painful.

The idea behind building the Attify Badge Tool is to create a tool which would be useful for both security researchers and IoT enthusiasts who would like to get started in IoT security to perform Hardware and Embedded Device Exploitation.

Speaking at a very general level, instead of reinventing the wheel – we used a collection of open source libraries and tools and wrapped them in an extremely easy to use application with a nice Graphical Interface.

Attify Badge and Attify Badge tool makes IoT device exploitation extremely easy for anyone who wants to get started with the Internet of Things Security.

For a much deeper insight on how to use the badge, you can go through this easy to follow post which we have written over here for you.

Video Demo

Attify Badge tool Demo

Usage

The Attify Badge Tool is comprised of 5 main modules corresponding to the 5 protocols supported by the Attify Badge that are:

  • UART
  • SPI
  • JTAG
  • I2C
  • GPIO

So if your target device which you are trying to exploit has any of these interfaces, Attify Badge should be your go-to tool for that purpose.

The main aim of this blog post is to cover the details and usage of each module, so that once you start your IoT Exploitation journey – you can follow these to make sure you succeed.

So let’s get started. In case you would like to apply all of these techniques in real-world scenarios, consider getting our IoT Exploitation kit or sign up for our next training class.

1. UART

UART is one of the most popular communication protocol in Embedded Devices. It is the protocol which if found, can at occasions give you a direct root shell without authentication.

Even though you have a number of tools such as Baudrate.py, Screen, minicom etc., how many tools are you going to use! Rather use a single tool for the entire Hardware exploitation purpose and focus on the end goal, not the means.

Here’s what the UART functionality in Attify Badge Tool does:

  1. Detects external USB devices connected to the system and adds them to the combo box on the top left corner of the GUI.
  2. Select the USB port where you have your device attached and the baudrate you want to use. If you’re unsure you can later on change the baudrate. How to connect over UART using Attify Badge tool
  3. After selecting the required baud rate, press enter to connect to the device. The connection status will be shown in the status bar on the bottom.The data received from the UART device will be printed on the black console window.You can use the edit box below it to interact with the device. The combo box on the bottom right corner allows you to chose the line terminator for each line that you send to the device.
Connect over UART using Attify Badge tool
How to connect to UART using Attify Badge (Serial Communication)\

2. SPI (Serial Peripheral Interface)

The SPI module is built on top of the popular `flashrom`  command line tool.  It allows users to detect, read, write and erase SPI based memory of the target device connected to the Attify Badge.

The usage is pretty straight forward.

  1. Select the required operation from the drop-down menu.
  2. In the case of read/write commands, specify a file path where the data will be stored or retrieved.  An example path would be ~/files/firmware.bin. (https://blog.attify.com/content/images/2017/02/spi2.png)Firmware dumping using SPI

3. JTAG

The JTAG or the Joint Test Action Group is one of the most useful standards for exploiting a device. However, there is not a lot of publicly available information on this topic.

The JTAG module is built primarily using OpenOCD and GDB. This blog post does not go into the details of OpenOCD and GDB but a basic understanding of both is necessary to get the most out of the tool. In case you would like to learn JTAG Debugging and Exploitation, consider buying our self-learning JTAG exploitation kit available here.

2. SPI (Serial Peripheral Interface)>

The SPI module is built on top of the popular flashrom command line tool. It allows users to detect, read, write and erase SPI based memory of the target device connected to the Attify Badge.

The usage is pretty straight forward.

  1. Select the required operation from the drop-down menu.SPI analysis using Attify Badge
  2. In the case of read/write commands, specify a file path where the data will be stored or retrieved. An example path would be ~/files/firmware.bin.
    Firmware dumping using SPIFirmware dumping using SPI

3. JTAG

The JTAG or the Joint Test Action Group is one of the most useful standards for exploiting a device. However, there is not a lot of publicly available information on this topic.

The JTAG module is built primarily using OpenOCD and GDB. This blog post does not go into the details of OpenOCD and GDB but a basic understanding of both is necessary to get the most out of the tool. In case you would like to learn JTAG Debugging and Exploitation, consider buying our self-learning JTAG exploitation kit available here.

Steps for JTAG Exploitation

  1. Select the appropriate configuration file for your target device.The example used in the screenshot below shows the configuration file for the STM32 ARM MicroController. Custom configuration files can be added directly to the cfg/ directory.

  2. Click on Start OpenOCD Server. This will show the below screen.OpenOCD for JTAG Debugging

  3. The next step is to connect to the OpenOCD server by clicking the “Connect to OpenOCD Server” button.This will launch a new terminal window with a telnet session connected to the OpenOCD Server. Debugging with JTAG and OpenOCDDebugging with JTAG and OpenOCD

  4. You can also use GDB in order to do further analysis – such as identifying and exploiting flaws in the firmware.To do this you need to have the corresponding elf file. Enter the path to the elf file in the path edit box and click on the “Run GDB“.This will launch a gdb session using which you can analyze the device.Never before has been using JTAG, OpenOCD and GDB so simple. I believe this gives you enough motivation to start using Attify Badge tool and hack IoT devices. Connect GDB for JTAG debugging Connect GDB for JTAG debugging

4. I2C

The I2C module can be used to find I2C devices and to read, write and erase the contents of I2C EEPROMs connected to the badge.

Find I2C devices using Attify Badge toolFind I2C devices using Attify Badge tool

In order to use it just select the required operation from the drop-down menu, enter the file path if required and click the “Run” button.

Dump contents from I2C chipDump contents from I2C chip

5. GPIO

The GPIO module allows users to use the pins D0 to D7 on the Badge as GPIO pins. If you are a hardware hacker or an electronics enthusiast, this would be typically interesting – because this allows you to extend the badge and maybe even connect your own additional devices to the badge.

To use, select the required mode ( Input / Output ) from the combo box next to the name of each pin.

Output Mode:

Checking the check box next to each pin will change the pin state to HIGH, un-checking the check box would change the pin state to LOW.

GPIO Pins

Input Mode:

In order to use the pins in input mode, change the modes of the required pins to Input, check them in order to activate the pins.

Click on “Start Input Monitor” to launch the Input Monitor Widget.

Click the start button on the Input Monitor Widget to start monitoring the input received to the selected pins.

GPIO inputs in Attify Badge

Hack IoT devices and Pentest using the Attify Badge tool

The tool is Open Source and can be download from Attify’s Github Repository.

In case you don’t have an Attify Badge, you can purchase the badge here – Attify Store.

If you would like to learn IoT Security and Exploitation – all by yourself, you can get our IoT Exploitation Learning kit by clicking on the link below.

Conclusion

This is the first release of the Attify Badge Tool, and we have several improvements and features on our roadmap.

In case you have issues with the tool, or wish to have more functionalities added to the tool, feel free to create an Issue on the github repo or Contact the developers directly on the Github page of the tool.

Any contributions to the tool whether it’s code, bug reports or feature requests would be appreciated.



Attify Team

IoT Security and Penetration Testing

Get IoT Security Training

IoT Pentesting Exploitation Training

Tags

analog modulation Android android application security android hands on security and exploitation training android security Apktool application auditing application security auditing appsec usa appwatch arduino nano arm ARM binaries ARM course ARM exploitation book ARM exploitation video training ARM gadgets ARM Training attify attify badge attify training best security practices biggest iot attacks of all time binwalk blackberry pentesting blackhat ble BLE attacks BLE dangers BLE hacking and exploitation BLE security issues BLE sniffing BLE vulnerabilities bleah bluetooth technology box brut Exception BtleJuice capture radio traffic career in cybersecurity CCTV cameras challenges in iot retail chroot cloud based mobile application security scanner consulting CTF cyber attacks cybersecurity Damn Vulnerable iOS App dangers of iot DDoS attacks devops digital modulation dumping memory embedded hacking expert Exploit ARM devices exploitation exploiting ble exploiting smart devices firmadyne firmware analysis toolkit firmware emulation Firmware hacking firmware reverse engineering Flare-on frida getting started with firmware hacking GSMA guide to ARM exploitation hacked security IP cameras hacked smart devices hackers hackfest hacking smart devices healthcare business protection against iot threats healthcare cyber security how can healthcare fight iot threats How Mirai botnet infects your device How Mirai works how retail can prevent cyber attacks how to exploit ble how to hack radio waves how to protect iot devices how to secure iot device IDA internet of things Internet of Things Security internet security ios application security ios security iot iot attacks iot bots, malwares iot device IoT Devices IoT Exploitation iot hacking iot hacks IoT hacks on ARM devices iot penetration testing iot pentest iot pentesting iot security IoT security guidelines iot security training iot threats iot threats to healthcare industry iotsecurity IP cameras jtag jtag debugging latest iot attacks learn ARM exploitation measures to prevent cyber attacks on healthcare organisations Mirai Botnet mirai history mobile app mobile application security mobile application security testing mobile security monitor iot devices Mozilla network security in retail ninja recon technique NIST offensive iot exploitation ola cabs owasp owasp appsec penetration testers penetration testing pentesting pentesting mobile apps phishing attacks powerofcommunity PrinterSecurity privacy protection profession professional qemu quizup radio communication protocol radio coomunication radio waves hacking recent ARM attacks recent cyber attacks recent iot attacks recent security camera attacks retail iot Reversing safety measures to protect privacy sdr secure coding guidelines security security cameras security challenges in retail IoT security in healthcare iot security issue security issues faced by e-retailers security services security training security vulnerability setup smart devices smart user security social networking spi steps to prevent iot attacks on healthcare surveillance cameras hijacked threat modeling tools to exploit ble training uart Understanding Mirai Botnet virus vulnerabilities discovered in popular IoT IP cameras vulnerabilities in internet connected cameras vulnerability vulnerable ARM devices What is mirai botnet? why choose career in cybersecurity writeups xposed hooking zigbee zigbee exploitation zigbee security zwave

Instagram