Hacking, hardware hacking, Reverse Engineering

Setting Up A Hardware Hacking Lab

hardware hacking

Introduction

One of the questions I receive more than any other is “What tools do you use for hardware hacking?” or “What tools should I buy to get started with hardware hacking?”. Rather than wasting a bunch of time answering this every time someone asks, I’ve decided to write a blog post on the subject! It’s worth noting that YOU DON’T NEED EVERYTHING on this list in order to get started. The general idea of this post is that you would pick one tool from each category and by the time you’re done you’ll have a planned out and versatile setup. Also, I’m going to try my best to add tools that fit all different budget levels.

Protocol Communication

Communicating with protocols like UART/JTAG/SPI/I2C are pretty much the foundation of hardware hacking. With that being said this is one of the main tools you’ll end up using, And one of the first things you should buy. The tools below are similar to a Swiss Army knife in the hardware work. First tool I bought when I started building my lab was an Attify badge, then a Bus Pirate shortly there after.

Amazon: $16 Adafruit FT232H
Amazon: $35 Bus Pirate v3.6 + Probe cables
Amazon: $67 Bus Pirate v4 (not as stable as v3.6)
Attify Store: $43.99 Attify Badge
Xipiter: $45 Xipiter Shikra
Lab401: $57 HydraBus

Logic Analyzer

Majority of the time when you take the case off an embedded device the first thing you’re going to look for is debug headers. While you can usually spot them based of common pin layouts (ex. line of 4 is usually UART and 10 or 14 is usually JTAG) It’s very rare that each pin will be labeled for you. So if you’ve got suspected debug ports you can then hookup the logic analyzer and see exactly what kind of activity is happening on each pin. They’re also a handy tool to have when it comes to debugging or repairing electronics.

Amazon: $11.99 Saleae Clone
Amazon: $119.00 DSLogic Plus
Amazon: $400-$1000 Saleae Logic

Soldering Station

If you’re getting into hardware hacking then decent soldering tools are a must. Majority of the time you’ll likely use it for soldering pin headers into debug pads or desoldering things like EEPROMs but you definitely want one in your setup. The deeper you get into electronics and hardware hacking the more you’l find yourself using the soldering station, Especially once you start assembling your own PCBs.

Amazon: $6.39 110V 60W Adjustable Temp Soldering Iron
Amazon: $68 TS100 Portable Soldering Iron
Amazon: $75 878D 2-in-1 Soldering Station
Amazon: $97 Hakko FX888D Soldering Station

Digital Multimeter

The multimeter is probably the single most valuable tool in the hardware hacking arsenal! You can use them during debugging to measure voltage/resistance/continuity, or to do things like mapping out UART ports. They range in price anywhere from around $5 to $150+. I often hear more experienced hardware hackers say to fork over the cash and get a high quality Fluke model, but so far I’ve managed to get by just fine with the $30 meter I bought.

Amazon: $7 DT33D Digital Multimeter
Amazon: $36 AstroAI WH5000A
Amazon: $125 EEVblog Brymen BM235
Amazon: $145 Fluke 117 True RMS Multimeter

Oscilloscope

While I personally consider an oscilloscope a must have tool, You really won’t need it until you have a good understanding of electronics and dig into the more advanced topics. An oscilloscope lets you read the voltage and frequency of electronic signals. If you plan on doing things like glitching and side channel attacks then you’re going to need a decent oscilloscope.

Amazon: $66 Hantek 6022BE USB Oscilloscope
Amazon: $260 Siglent SDS1052DL+ 50mhz 2ch DSO
Amazon: $375 Rigol DS1054Z 50mhz 4ch DSO
Amazon: $500 Siglent SDS1104X-E 100Mhz 4ch

Specialty Items and Kits

JTAGulator $200 “JTAGulator is an open source hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device.”

Ubertooth One $124 “The Ubertooth One is an open source 2.4 GHz wireless development platform suitable for 2.4GHz experimentation. Based on the powerful LPC175x ARM Cortex-M3 microcontroller with full-speed USB 2.0, the Ubertooth One is a great way to develop custom Class 1 devices. The entire board is only two and a half inches long with a USB-A connector at one end and an RP-SMA connector at the other.”

YARD Stick One $124 “YARD (Yet Another Radio Dongle) Stick One can transmit or receive digital wireless signals at frequencies below 1 GHz. It uses the same radio circuit as the popular IM-Me. The radio functions that are possible by customizing IM-Me firmware are now at your fingertips when you attach YARD Stick One to a computer via USB.”

HackRF One $318 “HackRF One from Great Scott Gadgets is a Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies, HackRF One is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation.”

ChipWhisperer-Lite $250 “NewAE Technology ChipWhisperer-Lite (CW1173) is a low-cost device designed to allow design engineers and students to conduct Differential Power Analysis (DPA) and explore glitch vulnerabilities in their hardware projects. The ChipWhisperer-Lite is part of an open-source toolchain for embedded hardware security research.”

ChipWhisperer Lvl 2 Starter Kit $912 “NewAE Technology ChipWhisperer-Lite Level 2 Starter Kit (NAE-SCAPACK-L2) offers an expanded set of tools needed to conduct side-channel power analysis and evaluate glitch and fault injection vulnerabilities. The Level 2 Starter Kit is based on the ChipWhisperer-Lite (CW1173), an open-source toolchain for embedded security research.”

Attify IoT Exploitation Learning Kit $1555 “IoT Exploitation Learning Kit is a learning kit to help individuals get started into IoT Security. It’s a single kit packed with EVERYTHING you will need for Internet of Things and Smart Device Exploitation. The kit is meant to take you from the very basics to practicing IoT pentesting and security research for the real-world. The kits covers our years of pentesting experience broken down into modular topics which are easy to learn. Not only this, we also provide with the tools to exploit and the target devices in the kit, so that you actually are able to perform all the topics hands-on.”

Thanks for reading and I hope this helps you get started on your hardware hacking journey! If you have any questions about the post or hardware hacking in general feel free to submit an email through the Contact page, Or you can contact me on Twitter

Please follow and like us:
Tagged , , , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.