One of the questions I receive more than any other is “What tools do you use for hardware hacking?” or “What tools should I buy to get started with hardware hacking?”. Rather than wasting a bunch of time answering this every time someone asks, I’ve decided to write a blog post on the subject! It’s worth noting that YOU DON’T NEED EVERYTHING on this list in order to get started. The general idea of this post is that you would pick one tool from each category and by the time you’re done you’ll have a planned out and versatile setup. Also, I’m going to try my best to add tools that fit all different budget levels.
Communicating with protocols like UART/JTAG/SPI/I2C are pretty much the foundation of hardware hacking. With that being said this is one of the main tools you’ll end up using, And one of the first things you should buy. The tools below are similar to a Swiss Army knife in the hardware work. First tool I bought when I started building my lab was an Attify badge, then a Bus Pirate shortly there after.
Amazon: $16 Adafruit FT232H
Amazon: $35 Bus Pirate v3.6 + Probe cables
Amazon: $67 Bus Pirate v4 (not as stable as v3.6)
Attify Store: $43.99 Attify Badge
Xipiter: $45 Xipiter Shikra
Lab401: $57 HydraBus
Majority of the time when you take the case off an embedded device the first thing you’re going to look for is debug headers. While you can usually spot them based of common pin layouts (ex. line of 4 is usually UART and 10 or 14 is usually JTAG) It’s very rare that each pin will be labeled for you. So if you’ve got suspected debug ports you can then hookup the logic analyzer and see exactly what kind of activity is happening on each pin. They’re also a handy tool to have when it comes to debugging or repairing electronics.
If you’re getting into hardware hacking then decent soldering tools are a must. Majority of the time you’ll likely use it for soldering pin headers into debug pads or desoldering things like EEPROMs but you definitely want one in your setup. The deeper you get into electronics and hardware hacking the more you’l find yourself using the soldering station, Especially once you start assembling your own PCBs.
The multimeter is probably the single most valuable tool in the hardware hacking arsenal! You can use them during debugging to measure voltage/resistance/continuity, or to do things like mapping out UART ports. They range in price anywhere from around $5 to $150+. I often hear more experienced hardware hackers say to fork over the cash and get a high quality Fluke model, but so far I’ve managed to get by just fine with the $30 meter I bought.
While I personally consider an oscilloscope a must have tool, You really won’t need it until you have a good understanding of electronics and dig into the more advanced topics. An oscilloscope lets you read the voltage and frequency of electronic signals. If you plan on doing things like glitching and side channel attacks then you’re going to need a decent oscilloscope.
Specialty Items and Kits
JTAGulator $200 “JTAGulator is an open source hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device.”
Ubertooth One $124 “The Ubertooth One is an open source 2.4 GHz wireless development platform suitable for 2.4GHz experimentation. Based on the powerful LPC175x ARM Cortex-M3 microcontroller with full-speed USB 2.0, the Ubertooth One is a great way to develop custom Class 1 devices. The entire board is only two and a half inches long with a USB-A connector at one end and an RP-SMA connector at the other.”
YARD Stick One $124 “YARD (Yet Another Radio Dongle) Stick One can transmit or receive digital wireless signals at frequencies below 1 GHz. It uses the same radio circuit as the popular IM-Me. The radio functions that are possible by customizing IM-Me firmware are now at your fingertips when you attach YARD Stick One to a computer via USB.”
HackRF One $318 “HackRF One from Great Scott Gadgets is a Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies, HackRF One is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation.”
ChipWhisperer-Lite $250 “NewAE Technology ChipWhisperer-Lite (CW1173) is a low-cost device designed to allow design engineers and students to conduct Differential Power Analysis (DPA) and explore glitch vulnerabilities in their hardware projects. The ChipWhisperer-Lite is part of an open-source toolchain for embedded hardware security research.”
ChipWhisperer Lvl 2 Starter Kit $912 “NewAE Technology ChipWhisperer-Lite Level 2 Starter Kit (NAE-SCAPACK-L2) offers an expanded set of tools needed to conduct side-channel power analysis and evaluate glitch and fault injection vulnerabilities. The Level 2 Starter Kit is based on the ChipWhisperer-Lite (CW1173), an open-source toolchain for embedded security research.”
Attify IoT Exploitation Learning Kit $1555 “IoT Exploitation Learning Kit is a learning kit to help individuals get started into IoT Security. It’s a single kit packed with EVERYTHING you will need for Internet of Things and Smart Device Exploitation. The kit is meant to take you from the very basics to practicing IoT pentesting and security research for the real-world. The kits covers our years of pentesting experience broken down into modular topics which are easy to learn. Not only this, we also provide with the tools to exploit and the target devices in the kit, so that you actually are able to perform all the topics hands-on.”