Thursday, September 11, 2014

Hardware Hacking: I2C Injection with the Bus Pirate

Hardware Hacking

Embedded hardware hacking seems to be all the rage these days so I thought I would poke around at a few concepts and see what's doing with embedded hardware. I decided to set up a simple experiment to test some concepts that I think will be helpful to understand in the future when analyzing embedded systems, namely sniffing traffic and message injection.

The Experiment

I decided to create a simple lab involving an Arduino Uno, in this case a SparkFun RedBoard, and a BlinkM LED that can be controlled over I2C. The Arduino would have a simple sketch that will update the color of the BlinkM and using a Bus Pirate I would then sniff traffic that is occurring between the BlinkM and the Arduino. I would also like to study the process involved in using the Bus Pirate to inject messages to take control of the BlinkM and have it change to a different color. I'm not blowing anyone's skirt up with this, but I gotta start out somewhere.


The protocol used in this experiment is I2C. It is a simple two wire interface (TWI) that supports multiple masters and multiple slaves all sharing a serial bus. Aside from a power and ground I2C uses two lines to perform data transfer. The first is the Serial Data Line (SDA) and the second is the Serial Clock Line (SCL). Grossly, to the point of being misleading, simplified, each bit of data is transferred by reading if SDA is pulled high or low when SCL rises. Helpful resources to lean more about I2C can be found here and here. The main points to take away with respect to how components communicate with each other however is that each component has a read address and a write address. Before one component can talk to another, it will write the destination address (be it a read or write address) on the SDA line and then the rest of the data.

Assembling The Circuit

Creating the circuit was a fairly simple exercise. It's not difficult, it just requires some upfront investment in purchasing hardware. It's a far cry from just spinning up a new VM if software hacking is what you're used to. 

First, I plugged in the BlinkM into a breadboard.

I then connected Male to Male (M-M) jumper cables from the ground pin (PWR -) to the GND pin on the RedBoard, the power pin (PWR +) to the 5V header on the RedBoard, the data pin (I2C d) to the A4 header on the RedBoard, and the clock pin (I2C c) to the A5 header on the RedBoard.

With the circuit connected we can now focus on programming controlling the BlinkM with the RedBoard.

Programming the Circuit

Once you give power to the Arduino, you'll probably see the BlinkM light up right away. And if you're like me you'll immediately try to program it and see that it has no effect on the BlinkM and wonder why it's not working. Well, the BlinkM comes out of the box pre-programmed to run a demo script. In order to cease running the script you'll have to send it the Stop Script command documented in the manual for the BlinkM. The easiest way to do that is to load some example code that the makers of the BlinkM provide found here. The BlinkMTester sketch will give you the ability to run some basic commands to control the BlinkM and stopping the script is one option.

With that out of the way we can now program the BlinkM. For my little example I wanted to have the BlinkM change from red to green back and forth at 3 second intervals. 

With the sketch uploaded we can see the Arduino and BlinkM go into action.

The Bus Pirate

Now that we have a functioning circuit that can serve as a test bed, we can use the Bus Pirate to sniff traffic on it. The Bus Pirate is a neat little tool that can serve many different functions. It can sniff traffic over a variety of protocols such as UART, SPI, and I2C and it can also inject traffic as well. 

In order to have the Bus Pirate be able to sniff traffic on our little circuit we need to insert a couple more Male to Male wires on the SDA and SCL lines. We will then connect the MOSI Bus Pirate probe to the BlinkM's SDA line and the CLK Bus Pirate probe to the BlinkM's SCL line. Be wary of where you purchased your Bus Pirate probes because the colors will be completely off if you bought it from SeeedStudio/Adafruit vs Sparkfun. 

Sniffing I2C Traffic

Now, once you've connected to your Bus Pirate using Putty or some other serial terminal you can start sniffing the traffic being passed from the RedBoard to the BlinkM. To do this we will change the Mode of the Bus Pirate so that it is in I2C mode and then drop the Bus Pirate into sniffing mode.

From the screenshot we can see the I2C messages being sent. Each message starts with a [ character and then shows the hexadecimal value of each byte being sent, followed by a + for an ACK or a - for a NACK and is then followed by the end of the message which is the ] character. In this instance the first message sniffed corresponds to the portion of the sketch which is commanding the BlinkM to turn red. 0x12 is the write address of the BlinkM (I know we set the address to be 0x09 in the sketch, but that translates to a 0x12 write address) followed by the hexadecimal ASCII value for the h character (0x68) then followed by the 3 bytes for the hue (0x00), saturation (0x10), and brightness (0x01). Then it's followed by another message that changes the color to blue and then back to red over and over.

This let's us know that we are reading the right messages and validates the data that we think we are sending with the RedBoard. Now for the more interesting part, how to take control of the BlinkM with the Bus Pirate.

Injecting I2C Traffic

Controlling the BlinkM with the Bus Pirate will require us to mimic the message structure but using Bus Pirate syntax. In this case we need to write to the address 0x12 and send the following bytes:
  1. 0x68 - This is the h character which tells the BlinkM to fade to another color using the next 3 bytes as the HSB values
  2. 0xAA - This is the color blue
  3. 0x10 - This is the saturation value
  4. 0x01 - This is the brightness value
To send a message with this kind of structure we will type into the I2C prompt of the Bus Pirate this command:

Once you inject the command the feedback from the Bus Pirate should indicate that it received ACKs for each byte you injected.

If all goes well you should see the BlinkM turn blue when you inject the message; something that should never occur if the RedBoard is the only master on the I2C bus. Note that the color won't stay blue forever as the RedBoard will continue to send messages to change the color of the BlinkM red and green.

Success! Exciting right? Hello? <tap> <tap> Is this thing on? <tap> <tap> 


  1. Sorry, but why the hell did you set toggle to 0, then add 1 every loop and check the remainder? It would be SO much easier to treat toggle as a boolean and do toggle = 0 ... if (toggle) ... toggle = !toggle. Also, your toggle value wouldn't get bigger every loop that way.

    1. Rockfish Sec: Hardware Hacking: I2C Injection With The Bus Pirate >>>>> Download Now

      >>>>> Download Full

      Rockfish Sec: Hardware Hacking: I2C Injection With The Bus Pirate >>>>> Download LINK

      >>>>> Download Now

      Rockfish Sec: Hardware Hacking: I2C Injection With The Bus Pirate >>>>> Download Full

      >>>>> Download LINK dQ

  2. Thanks for another great post. The place else may anyone get that type of information in such a perfect way of writing? I’ve a presentation next week, and I’m at the look for such information. embedded training in Chennai | embedded systems training in Chennai

  3. The strategy you have posted on this technology hepled me to get into the next level and had lot of informations in it. Python is one of the basic level programming and is very important one.
    Python Training in Chennai | Python Course in Chennai

  4. In this competitive world embedded systems are very important for our daily life, feeding from electronic devices, medical equipments, automobiles, telecom instruments, etc. Most of the people are using embedded systems and it was rising day by day. It has been changing our life. Start to learn embedded course in FITA and achieve a dazzling career.
    Embedded systems Training | Embedded course | Embedded Training in Chennai | AWS Training in Chennai

  5. When it lights up that acts as an incentive.

  6. The strategy you have updated here will make me to get trained in future technologies. By the way you are running a great blog. Thanks for sharing this.nice information about this valuable article,which helps to learn more..
    Web design institute chennai

  7. but rather it makes a secondary passage through which messages can be gotten to. iphone text message hack

  8. They also run software security programs as a preventive measure against illegal hacking website

  9. People live in a time where we all are becoming more and more dependent on computers. More companies are starting to depend heavily on their computers and any hacking done can cause serious damage.BluePortal

  10. Producing great articles is this writers forte and I love that. Whenever I open the links that say click hereclick here, I am always brought to some spammy sites but this time around, I was brought to this article and I just can't believe that I didn't come across this earlier because this is incredible writing from the writer.

  11. Excellent Blog with informative concept. Really I feel happy to see this informative blog, Thanks for sharing such a nice blog. Software Testing Training Institute in Chennai | Selenium Training Institute in Chennai | ISTQB Training Institute in Chennai

  12. Awesome Blog, you have provided the right information that will be beneficial to us. Thanks for sharing your valuable Ideas to our vision. Linux Training in Chennai | Unix Training in Chennai | Python Training in Chennai

  13. Great post! Very intriguing and educational, hope to see more from this website! If you ever need business incorporation services, learnt how to accounting company with the best singapore company incorporation consultant today!

  14. The company that allows a probe into its security system must give a legal consent to the moral hacking school in writing.Android Hacking

  15. The school of moral hackers runs vulnerability assessment to mend loopholes in the internal computer network. They also run software security programs as a preventive measure against illegal hacking
    hack FB

  16. I wish to show thanks to you just for bailing me out of this particular
    trouble.As a result of checking through the net and meeting
    techniques that were not productive, I thought my life was done.

    white label website builder

  17. The actual time and effort taken to create this wonderful article were really great and I am really impressed with this blog...
    Best Online Software Training Institute | Hibernate Training

  18. This blog has a positive and eager result.

  19. This was an nice and amazing and the given contents were very useful and the precision has given here is good.
    Digital Marketing Training in Chennai

  20. This blog has communicated its importance in a short yet clear way, so compact.
    Instaport password hacker

  21. Protecting your computer against hacking is different than protecting it against viruses that you accidentally or unknowingly invite into your computer that then cause damage in one form or another. Random Password Generator will help to provide strong password. Use these passwords and secure your accounts and systems.

  22. Thanks for the informative article. This is one of the best resources I have found in quite some time. Nicely written and great info. I really cannot thank you enough for sharing.
    Devops online training
    Devops certification training
    Devops online course
    Devops training course

  23. Thank you for taking the time and sharing this information with us. It was indeed very helpful and insightful while being straight forward and to the point.
    Selenium online training
    Selenium certification training
    Selenium online course
    Selenium training course

  24. I am sure this post has helped me save many hours of browsing other related posts just to find what I was looking for. Many thanks!

    Best Android Online Certification

  25. Nice hacking guide. Extremely pleased to read!

  26. You worked pretty hard on solving the issue in a proper manner. And you finally did it! Thanks a lot for the contribution!

  27. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.

    Digital Marketing Course in Chennai
    Digital Marketing Courses in Bangalore
    Digital Marketing Course in Delhi
    Digital Marketing Online Course

  28. Thanks for Sharing a Very Informative Post & I read Your Article & I must say that is very helpful post for us.
    Data Science Course in Pune
    Python Classes in Pune
    AWS Training in Pune

  29. Online Exam Help
    Are you searching for Online Exam Help? Don’t worry! You are in the right place. with top class experts are always ready to help you with a reasonable price. To know more, reach us today visit.
    Online Exam Help

  30. Online Quiz Help
    Are you looking for Quiz help answers from professional experts.Don't get worry,Contact now and get best quiz help at affordable price..
    Online Quiz Help

  31. Online Exam Help
    Are you searching for Online Exam Help? Don’t worry! You are in the right place. with top class experts are always ready to help you with a reasonable price. To know more, reach us today visit.
    Online Exam Help

  32. great post !!!! Thanks for sharing
    <a href="''>find us </a here!

  33. Nice article !! Thanks for sharing !!
    <a href="''>find us </a> here!

  34. Bài viết cung cấp nhiều thông tin rất hữu ích, cảm ơn tác giả đã chia sẻ. Hi vọng sẽ có nhiều người biết đến điều đó hơn.

  35. We provide Classroom training on IBM Certified Data Science Course in Hyderabad for the individuals who believe hand-held training. We teach as per the Indian Standard Time (IST) with In-depth practical Knowledge on each topic in classroom training, 80 – 90 Hrs of Real-time practical training classes. There are different slots available on weekends or weekdays according to your choices.

  36. Become a data science expert by joining AI Patasala’s Data Science Course in Hyderabad program, here you can learn data science concepts with practical knowledge.
    Data Science Training Institute in Hyderabad

  37. Usually I never comment on blogs but your article is so convincing that I never stop myself to say something about it. You’re doing a great job Man,Keep it up. Meanwhile visit our website for mba project report

  38. Your work is very good and I appreciate you and hopping for some more informative posts. Thank you for sharing great information to us.. Best Sexologist in Prayagraj

  39. This post is so interactive and informative.keep update more information...
    Tally Course in Velachery
    Tally course in Chennai

  40. Thanks a lot for giving us such a helpful information. You can also visit our website for nmims assignment april 2022

  41. Nagpurflorist is the best gift shop I have ever come across. An absolutely incredible assortment of gifts from Florist in Nagpur. Thanks and Cheers! Source:
    - Falak, Himachal Pradesh

  42. This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information. Keep it up. Keep blogging. Looking to reading your next post. top 10 sexologist doctors in allahabad

  43. Rockfish Sec: Hardware Hacking: I2C Injection With The Bus Pirate >>>>> Download Now

    >>>>> Download Full

    Rockfish Sec: Hardware Hacking: I2C Injection With The Bus Pirate >>>>> Download LINK

    >>>>> Download Now

    Rockfish Sec: Hardware Hacking: I2C Injection With The Bus Pirate >>>>> Download Full

    >>>>> Download LINK UF

  44. If your car uses more warm-up time, your engine is failing, and that marks the time to order your infallible Suzuki Engine Parts from BP Auto Spares India.

    Suzuki Electrical Parts: Your Suzuki car’s electrical system comprises of the alternator, battery, and the starter. Before you go on long-distance trips, check their health and get the right replacements.

    If your Suzuki car isn’t performing great as in its initial stages, attend to it immediately. Get replacement Suzuki Brake Parts for all your Suzuki brands and drive safely.

    Rejuvenate the look and feel of your Suzuki car with top-notch Suzuki Body Parts. Get custom parts to suit the requirements of individual Suzuki brands.

    If you are unable to halt your car without killing the engine, your Suzuki Clutch Parts have become damaged. Order your replacements now and save your Suzuki car.

  45. Suzuki Suspension Parts tend to wear out with time. But don't wait for complete damage. Restore ride quality and smoothen all ride bumps with our spare parts.

    Genuine and robust Suzuki Gear Parts for all Suzuki cars . Check out our vast list of Suzuki Spare Parts and aftermarket replacement parts here at BP Auto Spares India.

    Get the smooth driving feel of your Suzuki car as when it was new. Make every turn smooth with BP Auto Spares India tried and trusted Suzuki Steering Parts.

    Suzuki Propeller Shaft Parts: When your Suzuki car’s propeller shaft fails, it can detriment the propulsion function capacity. So, be on the alert for steel-to-steel contact, and get your spares always ready.

    Genuine and robust Suzuki Various Pipes and Hoses for all Suzuki cars . Check out our vast list of Suzuki Spare Parts and aftermarket replacement parts here at BP Auto Spares India.

    Genuine and robust Suzuki Other Parts for all Suzuki cars . Check out our vast list of Suzuki Spare Parts and aftermarket replacement parts here at BP Auto Spares India.

    Complete Online Suzuki Parts Catalog

  46. Budget is an important consideration too. Always make sure clarify the details about the budget in advance and

    sort out all the costs involved in designing and developing. Most Best Website Designing Company In Delhi or in any

    other city, have a dedicated cost sheet, which they follow. Have a look at it before signing the final contract. We

    at are ready to cater to all your web designing needs.

  47. Thank you for sharing such a great article.

  48. Need professional WordPress Web Design Services? We're experts in developing attractive mobile-friendly WordPress websites for businesses. Contact us today!

  49. Looking forward to reading more from your blog in the future. Keep up the excellent work!" Visit to AWS Training in Pune

  50. Experience automotive excellence with IGL Coatings India, the foremost ceramic coating manufacturers, wholesalers, and distributors in the India.

  51. This comment has been removed by the author.

  52. Equipping a laboratory in the UAE requires finding reliable suppliers who offer high-quality equipment and exceptional service. This article explores the landscape of lab equipment suppliers in the UAE and highlights the valuable contributions of Exsrtel in this domain.
    Understanding Lab Equipment Suppliers in the UAE
    The UAE boasts a thriving scientific community, and consequently, a diverse range of lab equipment suppliers cater to various needs. Here's a glimpse into the types of suppliers you'll encounter:
    International Brands: Renowned global brands distribute their equipment through local representatives, ensuring access to cutting-edge technology.
    Regional Distributors: Established regional companies supply a comprehensive range of equipment from multiple brands, offering a one-stop shopping experience.
    Specialized Suppliers: These suppliers focus on specific scientific disciplines, providing in-depth knowledge and equipment tailored to those fields.
    Exsrtel: Your Partner in Lab Equipment Solutions
    Exsrtel stands out as a prominent supplier in the UAE's lab equipment market. Here's what sets them apart:
    Extensive Product Portfolio: Exsrtel offers a vast selection of equipment from leading manufacturers, encompassing a wide spectrum of scientific disciplines.
    Unmatched Expertise: Their team possesses in-depth knowledge of laboratory equipment and its applications, ensuring they provide tailored solutions to your specific needs.
    Exceptional Customer Service: Exsrtel prioritizes exceptional customer service, offering comprehensive support before, during, and after your purchase. This includes installation, training, and ongoing maintenance.
    Competitive Pricing: Exsrtel works diligently to offer competitive pricing on their equipment, ensuring you receive the best value for your investment.
    Beyond Equipment: Exsrtel's Value Proposition
    Exsrtel goes beyond simply supplying equipment. They serve as a valuable partner in your laboratory's success by providing:
    Consultation: Their team can help you design your lab layout, select the most appropriate equipment, and ensure it complies with all relevant regulations.
    Technical Support: Exsrtel offers ongoing technical support to ensure your equipment functions optimally and that your staff can utilize it effectively.
    After-Sales Service: They provide comprehensive after-sales service, including maintenance plans, parts replacement, and troubleshooting assistance.
    Equipping your UAE laboratory requires a strategic approach. Partnering with a reliable and knowledgeable supplier like Exsrtel is crucial for acquiring the necessary equipment and ensuring its successful operation. Exsrtel's commitment to quality, expertise, and customer service makes them a top choice for your lab equipment needs in the UAE.

    Lab equipment suppliers in UAE