Now that all the foundational IoT technology has been covered, let's work on setting up an IoT pentesting lab. Due to the suite of technologies employed by IoT devices, there are several tools required for the software and hardware portions of testing. There is a mix of paid commercial tools, as well as free tools that we will use. Some upfront purchasing will be required for hardware and radio analysis tools. There are modest licensing fees for web application proxy tools, but we will try to keep the price tag as low as possible and offer free tools where possible.
Software tools will cover firmware, web applications, and mobile application testing tools. The majority of testing tools are free for each of the three categories, with the exception of Burp Suite for web application testing. For convenience, time has been taken to set up and install most of the software tools for firmware analysis, web testing, mobile testing (limited), and radio analysis within a virtual machine for this book. However, a list of all tools has been compiled and is recorded here.
Fortunately, most firmware analysis tools are free and open source. Some of the tools are actively updated while others may be dated but still work. The following are a number of firmware software tools which can analyze firmware images, disassemble images, and attach to firmware processes during runtime:
- Binwalk
- Firmadyne
- Firmwalker
- Angr
- Firmware-mod-toolkit
- Firmware analysis toolkit
- GDB
- Radare2
- Binary Analysis Tool (BAT)
- Qemu
- IDA Pro (optional)
For web application testing, the most common tools of the trade are Burp Suite and OWASP Zed Attack Proxy (ZAP). Burp Suite has a free and pro version available for a modest price. ZAP is completely free and open source, which may be a good alternative to keep costs low. Additional plugins or add-ons may be used to help with web service and API testing. Unfortunately, to install plugins with Burp Suite, a pro license is required. All tools listed here are cross-platform, as they are either Java based or within your browser:
- Burp Suite
- OWASP Zed Attack Proxy (ZAP)
- REST Easy Firefox plugin
- Postman Chrome extension
Like firmware tools, most mobile application security tools are also free and open source. The mobile tools that will be used are broken down according to the mobile platform below.
There are many Android testing tools and virtual machines available online as of the writing of this book. Some tools focus purely on statically analyzing an APK's code while other tools focus on app analysis during runtime. Most of the Android testing virtual machine distributions are free and contain the necessities for testing an Android app such an Android's SDK. Although Android testing tools are listed here, it is recommended you download an Android testing virtual machine distribution that suits your testing needs, and install any supplemental testing tools in that virtual machine.
Although not required, keeping your Android testing tools separate from your host computer will lead to a more stable mobile testing workbench and prevent dependency issues as well.
- Android testing virtual machine distribution:
- Android SDK
- Android emulator
- Enjarify
- JD-Gui
- Mob-SF
- SQLite browser
- Burp Suite
- OWASP ZAP
iOS testing tools are unique in that an OS X computer and a jailbroken iDevice are required for testing. Without these two prerequisites, the testing of iOS applications will not be possible. Here are some of the tools that may be utilized for iOS mobile testing:
OS X computer
The following listed items are software tools that are to be installed on your host computer for testing and/or assessing iOS applications:
- idb
- Xcode tools
- Class-dump
- Hopper (optional)
- Mob-SF
- SQLite browser
- Burp Suite
- OWASP ZAP
Jailbroken iDevice
The following list includes packages that need to be installed on to your jailbroken device in order to start testing:
- Cydia
- openURL
- dumpdecrypted
- ipainstaller
- SSL Kill Switch 2
- Clutch2
- Cycript
Hardware tools vary for the specific device that is being analyzed; however, there are basic tools that are valid for all hardware and even electrical requirements. Manufactures will use different types of screws, housing, and security bits as a stopgap for hardware disassembly. Sometimes, the screws will be hidden under labels or rubber feet. It's important to identify the screw types. We will list toolkits available that can bypass this obfuscation technique used by vendors. The following figure should assist with some of the different types of screw type:
Image source: http://www.instructables.com/id/When-a-Phillips-is-not-a-Phillips/
Listed here are the options for hardware tools and hardware analysis software that will be used in this book.
Hardware testing tools require some upfront investment to get started. Here are the required and optional tools needed for disassembling devices, finding ground, and accessing device interfaces:
- Multimeters
- IFixit classic pro tech toolkit for hardware disassembly
- Bus Pirate
- USB to serial adapters
- Shikra, FTDI FT232, CP2102, PL2303, Adafruit FTDI Friend
- JTAG adapters
- Shikra, JTAGulator, Arduino with JTAGenum, JLINK, Bus Blaster
- Logic analyzer (optional)
- Saleae Logic or others
For more information, you can visit these following links:
In order to start sniffing wireless technology, certain wireless chipsets are required. In this book, we will focus on sniffing traffic from ZigBee and Z-Wave protocols. Special software will be required to go along with the wireless cards or dongles. Suggestions on which wireless cards and analysis software to use are provided here.
The following is a list of hardware that will be used for analyzing radio frequencies:
- Atmel RZ Raven USB (KillerBee framework)
- Attify Badge (alternatively, a combination of a C232HM-DDHSL-0 cable and Adafruit FTDI Breakout)
- HackRF One
- Yardstick One
- XBee with Xbee Shield
- Ubertooth
- BLe adapter