iot_sec_learn

---

A collection of IoT security tools

Dynamic debugging tools

• Home of gdb
  • pwndbg+Pwndbg
  • gef
  • peda
  • hyperpwn
  • multiarch
  • gdbserver

Static analysis tools

• IDA pro👩

  • wine(linux+mac)
  • IDApython and IDC
  • awesome-ida
  • IDAPythonEmbeddedToolkit
  • BaseSpec
  • BinSeeker
  • mips-rop
  • mipsAudit
  • IDA_MIPS_EMU
  • cheatsheets

• Ghidra

  • plugin(java and python)
    • cwe_checker
    • BinAbsInspector
    • vxhunter
    • FirmXRay
    • ghidra_scripts
  • cheatsheets

• Radare2 | cutter

• Binary Ninja🥷

• Hopper

• Karonte

• SaTC

• Capstone

• Online Assemblers

  • AZM
  • Compiler-Explorer

Firmware emulation tools

• QEMU🐦

  • user mod
  • system mod

• Firmware Analysis Toolkit

  • Firmadyne
  • Binwalk
  • Firmware-Mod-Kit
  • Firmwalker

• FirmAE

  • check
  • run
  • analyze
  • debug

• Qiling🦁️

• Unicorn🦄️

  • udbserver

• firmware-analysis-plus

• EMUX

Firmware analysis tools

• dd、nc、hexdump、objdump、readelf、df、mount、ptrace 、strace...
• binwalk
• UBI Reader
• draytools
• LuaDec
• firmwalker
• trommel
• emba
  • EMBArk
• FACT
• avatar2
• jetset
• HALucinator
• P2IM
• DICE
• para-rehosting
• FirmWire
• PeriScope
• Pretender
• Laelaps
• μEmu
• Frankenstein

Protocol analysis tools

• Wireshark
• Burp suite
• Bettercap
• Fiddler
• Postman
• EXPLIoT
• ZigDiggity
• ApiMote
• KillerBee
• MQTT-PWN
• HackRF
• SweynTooth
• LimeSDR

Other tools

general

• SecureCRT
• PuTTY
• Xshell
• Royal tsx
• Winscp
• MobaXterm
• FinalShell
• docker
• git

web

• sqlmap
• Nmap
• Metasploit
• OWASP ZAP
• Appscan

misc

• 010editor

pwn

• ROPgadget
• BinDiff
• codeql
• pwntools
• angr
• KLEE

iot

• Minicom
• Flashrom
• Jtagulator
• IoT-vulhub
• attifyos
• AttifyOS4.0

---

Firmware download

• firmware.center
• IOT_Vul
• TP-LINK
• D-LINK
• Tenda
• TOTOLINK
• FAST
• NETGEAR
• HIWIFI极路由
• MERCURY
• H3C华三
• CISCO思科
• Ruijie锐捷
• ZYXEL
• ASUS华硕
• netis
• tuoshi拓实
• LB-LINK
• 飞鱼星
• UTT-艾泰
• 磊科
• WAYOS维盟
• draytek
• grandstream
• Linksys
• RUCKUS
• XM雄迈
• RoomAlert
• SOFTPEDIA
• Western Digital
• HIKVISION
• SONY
• Sapido
• ...

---

Bootloader

• U-boot
• RedBoot
• Blob
• vivi
• ARMboot
• CoreBoot
• LinuxBoot
• Slim Bootloader

---

filesystem

• SquashFS
• JFFS2
• YAFFS2
• UBIFS
• CramFS

---

Firmware classification

• General-purpose operating system
  • linux kernel + unix filesystem
  • uClibc
• Real-time operating system
  • VxWorks
  • FreeRTOS
  • eCos
• No OS/bare metal

---

Firmware decryption

• Old and new firmware alternate
• Reverse decryption algorithm and key
• Debug reads

---

Firmware debugging

• UART
• JTAG
• Remote debugging

---

Firmware fuzz

• awesome fuzz
• AFL
• AFL++
• Boofuzz
• Honggfuzz
• FirmAFL
• libfuzzer
• Fuzzowski
• MozPeach
• Mutiny
• kitty
• syzkaller

---

IoT protocol

• REST/HTTP
• (SSL/Ipsec) VPN
• SNMP
• SSH
• Telnet
• FTP
• DDS
• WiFi
• RFID
• Bluetooth
• zigbee
• MQTT
• LoRaWAN
• UPnP
• TDDP
• Modbus
• CLI
• KNX
• NFC
• CoAP
• XMPP
• JMS
• NB-IoT
• AMQP
• BLE

---

app security

• JEB
• Jadx
• frida
• Deoptfuscator
• FART
• eBPF
• frida-unpack
• Xposed

---

Vulnerability analysis

Device type

Camera

router

• cve-2018-18708 溢出
• sapido RB-1732 RCE
• TP-LINK Smart Home Router RCE
• D-LINK DIR-815 溢出
• Netgear Nighthawk R8300 upnpd PreAuth RCE 溢出
• D-LINK DIR-505 越界
• D-Link DIR-600M web漏洞
• D-LINK DIR-605L
• 磊科全系列后门

Smart door lock

Smart speakers

Smart terminals

Smart watches

Industrial control equipment

Internet of Vehicles

awesome-vehicle-security

Other devices

• U-Boot NFS RCE Vulnerabilities (CVE-2019-14192)

Vulnerability type

WEB

• SQL injection、xss、csrf、ssrf、xxe
• Hard-coded
• Information leakage
• Directory traversal
• RCE

essay

foreign countries

• https://payatu.com/blog/
• https://raelize.com/blog/
• http://jcjc-dev.com/
• https://w00tsec.blogspot.in/
• http://www.devttys0.com/
• https://wrongbaud.github.io/
• https://embeddedbits.org/
• https://www.rtl-sdr.com/
• https://keenlab.tencent.com/en/
• https://courk.cc/
• https://iotsecuritywiki.com/
• https://cybergibbons.com/
• http://firmware.re/
• http://blog.k3170makan.com/
• https://blog.tclaverie.eu/
• http://blog.besimaltinok.com/category/iot-pentest/
• https://ctrlu.net/
• http://iotpentest.com/
• https://blog.attify.com
• https://duo.com/decipher/
• http://www.sp3ctr3.me
• http://blog.0x42424242.in/
• https://dantheiotman.com/
• https://blog.danman.eu/
• https://quentinkaiser.be/
• https://blog.quarkslab.com
• https://blog.ice9.us/
• https://labs.f-secure.com/
• https://mg.lol/blog/
• https://cjhackerz.net/
• https://github.com/sponsors/bunnie/
• https://iotmyway.wordpress.com/
• https://www.synacktiv.com/publications.html
• http://blog.cr4.sh/
• https://ktln2.org/
• https://naehrdine.blogspot.com/
• https://limitedresults.com/
• https://fail0verflow.com/blog/
• https://github.com/V33RU/IoTSecurity101

home

• https://github.com/DasSecurity-HatLab/HatLab_IOT_Wiki
• https://github.com/VulnTotal-Team
• https://iot-security.wiki/
• https://book.yunzhan365.com/tkgd/lzkp/mobile/index.html
• https://mp.weixin.qq.com/s/Wc6rE_2rVKHOPoCQzmGvKg
• https://zhuanlan.zhihu.com/future-sec
• https://www.wolai.com/nocbtm/raLqL3TfbGTAcJVp7rVbFW
• https://www.ctfiot.com/
• https://zybuluo.com/H4l0/note/1524758

bbs

• https://bbs.kanxue.com/
• https://www.seebug.org/
• https://www.anquanke.com/
• https://www.iotsec-zone.com/home
• https://www.52pojie.cn/forum.php
• https://xz.aliyun.com/
• https://www.freebuf.com/

video

paper

CTF and IoT

IoT real-time information

• cve
• zeroday

assembly language

compilation

• arm
• mips
• ppc
• x86
• riscv

automation