Beginner's Guide to IoT and Hardware Hacking

The Beginner’s Guide to IoT and Hardware Hacking course teaches foundational skills and techniques required to get started performing security research and testing on IoT devices and hardware. This course focuses mainly on the hardware aspects of IoT hacking and how to use the underlying access to physical hardware to aid in and amplify the ability to hunt for vulnerabilities. While this course is a “beginner” level for IoT and Hardware Hacking the difficulty level as an overall cybersecurity course is intermediate. This course is open to everyone but has been specifically created for students who are familiar with software-based penetration testing (such as network, web, and mobile) and want to learn how to bridge those skills over to IoT and Hardware testing.

• Electrical engineering and electronics fundamentals
• Understanding and identifying common electronic components
• How to use common hardware hacking tools such as digital multimeters, logic analyzers, USB to serial adapters, and flash programmers
• An optional lesson on soldering
• Performing OSINT and recon on hardware
• How to read and interpret datasheets
• Common IoT protocols such as UART and SPI
• Initiating and using a serial shell
• Firmware extraction methods
• Firmware analysis and reverse engineering

• A computing environment (Windows, Linux, or Mac*) capable of running a virtual machine with at least 8GB of RAM and 40GB of disk space. *Note that new MacBook Pros with the M1 chip are unable to run virtual machines such as the ones demonstrated in this course.

• If you want to follow along with all the hands-on portions of the course, you’ll need to purchase the physical equipment and tools used in the course; you can find a full list in the second lesson of the course which is available for preview. Note that some hands-on portions of the course can be completed without physical hardware. 

A general understanding of penetration testing methods and methodology and a general understanding of Linux are strongly recommended.

• Section 0 – Course Introduction
  • 0.1 – Course Intro
  • 0.2 – Required Equipment and Tooling
  • 0.3 – Course Resources
  • 0.4 – Watch This Before Opening Your Router Box
  • 0.5 – Ethical Hacking and Responsible Disclosure
  • 0.6 – Course Discord
• Testing Notes
  • Testing Notes
• Section 1 – Electrical Engineering For Hackers 101
  • 1.1 – Section Intro
  • 1.2 – What is Electricity Part 1
  • 1.3 – What is Electricity Part 2
  • 1.4 – Electrical Engineering Fundamentals: Schematics, Voltage Source, Resistors and Ohm’s Law
  • 1.5 – Electrical Engineering Fundamentals: Kirchov’s Voltage Law and Series Circuits
  • 1.6 Electrical Engineering Fundamentals: Parallel Circuits and Kirchov’s Current Law
  • 1.7 – Circuit Lab Simulation Demo
  • 1.8 – Reading Schematics
  • 1.9 – Section Challenge
  • 1.10 – Section Challenge Solution
• Section 2 – Hands on with PCBs and Multimeters
  • 2.1 – Electrical Lab Safety
  • 2.2 – Opening the Router
  • 2.3 – ESD Precautions
  • 2.4 – Intro to PCBs
  • 2.5 – Intro to Digital Multimeters
  • 2.6 – Measuring Voltage with DMM
  • 2.7 – Measuring Resistance with DMM
  • 2.8 – Measuring Continuity with DMM
  • 2.9 – Measuring Current with DMM
• Section 3 – Electrical Engineering for Hackers 201
  • 3.1 – AC / DC
  • 3.2 – Capacitors
  • 3.3- Demoing Filters with Circuit Lab
  • 3.4 – Inductors
  • 3.5 – Diodes
  • 3.6 – Transistors
  • 3.7 – Transistor Circuit Lab Example
  • 3.8 – Electronic Communications and Signals
• Section 4 – Hands on with Logic Analyzers and UART
  • 4.1 – Intro to UART Part 1
  • 4.2 – Attaching Header Pins (Solderless)
  • 4.3 – Attaching Header Pins (With Solder – Optional)
  • 4.4 – Logic Analyzers, Sigrok and Pulseview
  • 4.5 – Intro to UART Part 2
  • 4.6 – Hardware Hacking CTF
• Section 5 – Initial Recon and OSINT
  • 5.1 – IoT Architecture and Attack Surface
  • 5.2 – Internet Facing IoT Devices
  • 5.3 – Hardware OSINT via FCC ID
  • 5.4 – Embedded System Components
  • 5.5 – Locating and Reading Datasheets
  • 5.6 – Locating Firmware Online
  • 5.7 – Network Setup
  • 5.8 – NMAP Scans
  • 5.9 – Exploring Past CVEs
  • 5.10 – Section and Notes Review
• Section 6 – UART Shell and Live Enumeration
  • 6.1 – Initiating UART Shell
  • 6.2 – Boot Logs and Boot Loader
  • 6.3 – Using TFTP to Exfil Files
  • 6.4 – Using TFTP to Transfer Tools onto Devices
  • 6.5 – Hunting Interesting Files and Passwords
  • 6.6 – Reviewing Files and Cracking Passwords
  • 6.7 – Checking Running Processes and Network Connections
  • 6.8 – Prompting Additional Console Logging
  • 6.9 – Serial Connections via Python
  • 6.10 – Tricky UART Connections
  • 6.11 – Troubleshooting UART
  • 6.12 – Section and Notes Review
• Section 7 – SPI and Firmware Extraction/Analysis
  • 7.1 – Firmware Extraction Methods
  • 7.2 – Serial Peripheral Interface Part 1
  • 7.3 – Serial Peripheral Interface Part 2
  • 7.4 – Extracting Firmware from ROM
  • 7.5 – Firmware Analysis
  • 7.6 – Inspecting Firmware and Manual Firmware Extraction
  • 7.7 – Enumerating Root File System
• Section 8 – Reverse Engineering Firmware
  • 8.1 – Intro to Reverse Engineering
  • 8.2 – Reverse Engineering Decryption Function Part 1
  • 8.3 – Reverse Engineering Decryption Function Part 2
  • 8.4 – Decrypting Config Files
  • 8.5 – Reviewing util_execSystem for Command Injection
  • 8.6 – Tracing Function Calls
  • 8.7 – Section and Notes Reviews
• Section 9 – End of Course Challenge and Course Wrap-Up
  • 9.1 – End of Course Challenge
  • 9.2 – Course Wrap-Up
  • 9.3 – Next Steps: Practical IoT Pentest Associate (PIPA) Certification
• Firmware Modifications and Chip-Off Firmware Extraction
  • Firmware Modifications and Chip-Off Firmware Exrtraction