Hardware Hacking
Embedded hardware hacking seems to be all the rage these days so I thought I would poke around at a few concepts and see what's doing with embedded hardware. I decided to set up a simple experiment to test some concepts that I think will be helpful to understand in the future when analyzing embedded systems, namely sniffing traffic and message injection.The Experiment
I decided to create a simple lab involving an Arduino Uno, in this case a SparkFun RedBoard, and a BlinkM LED that can be controlled over I2C. The Arduino would have a simple sketch that will update the color of the BlinkM and using a Bus Pirate I would then sniff traffic that is occurring between the BlinkM and the Arduino. I would also like to study the process involved in using the Bus Pirate to inject messages to take control of the BlinkM and have it change to a different color. I'm not blowing anyone's skirt up with this, but I gotta start out somewhere.
I2C
The protocol used in this experiment is I2C. It is a simple two wire interface (TWI) that supports multiple masters and multiple slaves all sharing a serial bus. Aside from a power and ground I2C uses two lines to perform data transfer. The first is the Serial Data Line (SDA) and the second is the Serial Clock Line (SCL). Grossly, to the point of being misleading, simplified, each bit of data is transferred by reading if SDA is pulled high or low when SCL rises. Helpful resources to lean more about I2C can be found here and here. The main points to take away with respect to how components communicate with each other however is that each component has a read address and a write address. Before one component can talk to another, it will write the destination address (be it a read or write address) on the SDA line and then the rest of the data.
Assembling The Circuit
Creating the circuit was a fairly simple exercise. It's not difficult, it just requires some upfront investment in purchasing hardware. It's a far cry from just spinning up a new VM if software hacking is what you're used to.
First, I plugged in the BlinkM into a breadboard.
I then connected Male to Male (M-M) jumper cables from the ground pin (PWR -) to the GND pin on the RedBoard, the power pin (PWR +) to the 5V header on the RedBoard, the data pin (I2C d) to the A4 header on the RedBoard, and the clock pin (I2C c) to the A5 header on the RedBoard.
With the circuit connected we can now focus on programming controlling the BlinkM with the RedBoard.
Programming the Circuit
Once you give power to the Arduino, you'll probably see the BlinkM light up right away. And if you're like me you'll immediately try to program it and see that it has no effect on the BlinkM and wonder why it's not working. Well, the BlinkM comes out of the box pre-programmed to run a demo script. In order to cease running the script you'll have to send it the Stop Script command documented in the manual for the BlinkM. The easiest way to do that is to load some example code that the makers of the BlinkM provide found here. The BlinkMTester sketch will give you the ability to run some basic commands to control the BlinkM and stopping the script is one option.
With that out of the way we can now program the BlinkM. For my little example I wanted to have the BlinkM change from red to green back and forth at 3 second intervals.
With the sketch uploaded we can see the Arduino and BlinkM go into action.
The Bus Pirate
Now that we have a functioning circuit that can serve as a test bed, we can use the Bus Pirate to sniff traffic on it. The Bus Pirate is a neat little tool that can serve many different functions. It can sniff traffic over a variety of protocols such as UART, SPI, and I2C and it can also inject traffic as well.
In order to have the Bus Pirate be able to sniff traffic on our little circuit we need to insert a couple more Male to Male wires on the SDA and SCL lines. We will then connect the MOSI Bus Pirate probe to the BlinkM's SDA line and the CLK Bus Pirate probe to the BlinkM's SCL line. Be wary of where you purchased your Bus Pirate probes because the colors will be completely off if you bought it from SeeedStudio/Adafruit vs Sparkfun.
Sniffing I2C Traffic
Now, once you've connected to your Bus Pirate using Putty or some other serial terminal you can start sniffing the traffic being passed from the RedBoard to the BlinkM. To do this we will change the Mode of the Bus Pirate so that it is in I2C mode and then drop the Bus Pirate into sniffing mode.
From the screenshot we can see the I2C messages being sent. Each message starts with a [ character and then shows the hexadecimal value of each byte being sent, followed by a + for an ACK or a - for a NACK and is then followed by the end of the message which is the ] character. In this instance the first message sniffed corresponds to the portion of the sketch which is commanding the BlinkM to turn red. 0x12 is the write address of the BlinkM (I know we set the address to be 0x09 in the sketch, but that translates to a 0x12 write address) followed by the hexadecimal ASCII value for the h character (0x68) then followed by the 3 bytes for the hue (0x00), saturation (0x10), and brightness (0x01). Then it's followed by another message that changes the color to blue and then back to red over and over.
This let's us know that we are reading the right messages and validates the data that we think we are sending with the RedBoard. Now for the more interesting part, how to take control of the BlinkM with the Bus Pirate.
Injecting I2C Traffic
Controlling the BlinkM with the Bus Pirate will require us to mimic the message structure but using Bus Pirate syntax. In this case we need to write to the address 0x12 and send the following bytes:
- 0x68 - This is the h character which tells the BlinkM to fade to another color using the next 3 bytes as the HSB values
- 0xAA - This is the color blue
- 0x10 - This is the saturation value
- 0x01 - This is the brightness value
If all goes well you should see the BlinkM turn blue when you inject the message; something that should never occur if the RedBoard is the only master on the I2C bus. Note that the color won't stay blue forever as the RedBoard will continue to send messages to change the color of the BlinkM red and green.
Success! Exciting right? Hello? <tap> <tap> Is this thing on? <tap> <tap>
Sorry, but why the hell did you set toggle to 0, then add 1 every loop and check the remainder? It would be SO much easier to treat toggle as a boolean and do toggle = 0 ... if (toggle) ... toggle = !toggle. Also, your toggle value wouldn't get bigger every loop that way.
ReplyDeleteGreat Article
DeleteCyber Security Projects for CSE Students
Project Centers in Chennai
JavaScript Training in Chennai
JavaScript Training in Chennai
Thanks for another great post. The place else may anyone get that type of information in such a perfect way of writing? I’ve a presentation next week, and I’m at the look for such information. embedded training in Chennai | embedded systems training in Chennai
ReplyDeleteThe strategy you have posted on this technology hepled me to get into the next level and had lot of informations in it. Python is one of the basic level programming and is very important one.
ReplyDeletePython Training in Chennai | Python Course in Chennai
In this competitive world embedded systems are very important for our daily life, feeding from electronic devices, medical equipments, automobiles, telecom instruments, etc. Most of the people are using embedded systems and it was rising day by day. It has been changing our life. Start to learn embedded course in FITA and achieve a dazzling career.
ReplyDeleteThanks,
Embedded systems Training | Embedded course | Embedded Training in Chennai | AWS Training in Chennai
When it lights up that acts as an incentive.
ReplyDeleteThe strategy you have updated here will make me to get trained in future technologies. By the way you are running a great blog. Thanks for sharing this.nice information about this valuable article,which helps to learn more..
ReplyDeleteWeb design institute chennai
Nice Blog.Thank you for Sharing. I'm working in erp software solution in chennaiwe are leading cloud erp software solution in chennai
ReplyDeleteReally an amazing post..! By reading your blog post i gained more information.
ReplyDeleteBulk SMS Chennai
but rather it makes a secondary passage through which messages can be gotten to. iphone text message hack
ReplyDeleteThey also run software security programs as a preventive measure against illegal hacking hackolo.com website
ReplyDeletePeople live in a time where we all are becoming more and more dependent on computers. More companies are starting to depend heavily on their computers and any hacking done can cause serious damage.BluePortal
ReplyDeleteProducing great articles is this writers forte and I love that. Whenever I open the links that say click hereclick here, I am always brought to some spammy sites but this time around, I was brought to this article and I just can't believe that I didn't come across this earlier because this is incredible writing from the writer.
ReplyDeleteExcellent Blog with informative concept. Really I feel happy to see this informative blog, Thanks for sharing such a nice blog. Software Testing Training Institute in Chennai | Selenium Training Institute in Chennai | ISTQB Training Institute in Chennai
ReplyDeleteExcellent content! Thanks for sharing such a useful information..Diploma Project Center in Chennai | Diploma Project Center in Velachery
ReplyDeleteExcellent post. I have read your blog it's very interesting and informative. Keep sharing.
ReplyDeleteMat Lab Project Center in Chennai | Embedded Project Center in Chennai | IEEE Project Center in Chennai | Final Year Project Center in Chennai
Awesome Blog, you have provided the right information that will be beneficial to us. Thanks for sharing your valuable Ideas to our vision. Linux Training in Chennai | Unix Training in Chennai | Python Training in Chennai
ReplyDeleteIt’s great to come across a blog every once in a while that isn’t the same out of date rehashed material. Fantastic read.
ReplyDeleteI’ve bookmarked your site, and I’m adding your RSS feeds to my Google account.
AWS training in bangalore
Thanks For Your valuable posting, it was very informative
ReplyDeleteSchulungsangebote
Great post! Very intriguing and educational, hope to see more from this website! If you ever need business incorporation services, learnt how to accounting company with the best singapore company incorporation consultant today!
ReplyDeleteVery nicely explained. Thanks for the information.
ReplyDeleteSEO Experts Training in Bangalore
nice post.i like it
ReplyDeletessd festplatte
The company that allows a probe into its security system must give a legal consent to the moral hacking school in writing.Android Hacking
ReplyDeleteThe school of moral hackers runs vulnerability assessment to mend loopholes in the internal computer network. They also run software security programs as a preventive measure against illegal hacking
ReplyDeletehack FB
great
ReplyDeleteAmazing Article, thank you!. I am very glad to read your informative & practical blog. Kindly keep updating your blog.
ReplyDeleteJava Developer is a wonderful career for IT students.To start Dream Career to become a Java developer learn from
Java Training in Chennai. or learn thru Java Online Training from India .
I wish to show thanks to you just for bailing me out of this particular
ReplyDeletetrouble.As a result of checking through the net and meeting
techniques that were not productive, I thought my life was done.
white label website builder
The actual time and effort taken to create this wonderful article were really great and I am really impressed with this blog...
ReplyDeleteBest Online Software Training Institute | Hibernate Training
This blog has a positive and eager result.
ReplyDeleteChris
Nice Blog. Thank you for sharing.
ReplyDeleteSAP R3 in Chennai
SAP R3 Service & Support in Chennai
SAP R3 Providers in Chennai
SAP R3 Implementation in Chennai
SAP R3 Software in Chennai
SAP R3 Solutions in Chennai
This was an nice and amazing and the given contents were very useful and the precision has given here is good.
ReplyDeleteDigital Marketing Training in Chennai
myTectra Placement Portal is a Web based portal brings Potentials Employers and myTectra Candidates on a common platform for placement assistance
ReplyDeleteAfter reading your blog, I was quite interested to learn more about this topic. Thanks.
ReplyDeleteSelenium training in chennai
Selenium training institute in Chennai
iOS Course Chennai
Digital Marketing Training in Chennai
website design training
website design courses
Nice Post. Thank you for sharing.
ReplyDeletePayroll Software
Leave Management Software
HR Payroll Software
Attendance Management System
HR Management Software
This blog has communicated its importance in a short yet clear way, so compact.
ReplyDeleteInstaport password hacker
Thanks for your efforts in sharing the knowledge to needed ones. Waiting for more updates. Keep continuing.
ReplyDeleteSpoken English Classes in Bangalore
Spoken English Class in Bangalore
Spoken English Training in Bangalore
Best Spoken English Classes in Bangalore
Spoken English Course near me
English Speaking Course in Bangalore
Best Spoken English Classes in Bangalore
This is really too useful and have more ideas and keep sharing many techniques. Eagerly waiting for your new blog keep doing more.
ReplyDeleteAws Certification Training in Bangalore
Aws Training Center in Bangalore
Best Institute For Java Training In Bangalore
Java J2ee Courses In Bangalore
Aws Classes in Bangalore
Great post!
ReplyDeleteThanks for sharing this list!
It helps me a lot finding a relevant blog in my niche!
German Classes in Chennai
German Language Classes in Chennai
Java Training in Chennai
Web Designing Course in chennai
PHP Training in Chennai
German classes in Tambaram
German classes in Adyar
It is an informative post.
ReplyDeleteProtecting your computer against hacking is different than protecting it against viruses that you accidentally or unknowingly invite into your computer that then cause damage in one form or another. Random Password Generator will help to provide strong password. Use these passwords and secure your accounts and systems.
ReplyDeleteI'm really impressed with the info you provide in your articles. Hope to see more info from this site
ReplyDeletepython training in annanagar
python training in chennai
Web Design training in chennai
Data Science Training in Chennai
Java Training in Chennai
Dotnet Training in Chennai
This is more informative blog to give a more knowledge for readers.
ReplyDeleteweb design training programs
php training center in chennai
magento developer training
Thank you for this informative blog
ReplyDeleteTop 5 Data science training in chennai
Data science training in chennai
Data science training in velachery
Data science training in OMR
Best Data science training in chennai
Data science training course content
Data science syllabus
Data science courses in chennai
Data science training institute in chennai
Data science online course
Data science with python training
Data science with R training
Thanks for the informative article. This is one of the best resources I have found in quite some time. Nicely written and great info. I really cannot thank you enough for sharing.
ReplyDeleteDevops online training
Devops certification training
Devops online course
Devops training course
Thank you for taking the time and sharing this information with us. It was indeed very helpful and insightful while being straight forward and to the point.
ReplyDeleteSelenium online training
Selenium certification training
Selenium online course
Selenium training course
Thank you for such a fabulous post. I have a lot of info and it is really helpful for developing my knowledge.
ReplyDeleteSpark Training in Chennai
Spark Training Academy Chennai
Linux Training in Chennai
Oracle Training in Chennai
Power BI Training in Chennai
Tableau Training in Chennai
Pega Training in Chennai
Advanced Excel Training in Chennai
Oracle DBA Training in Chennai
Spark Training in Velachery
Spark Training in OMR
Thank you for sharing wonderful post. Looking more informative.
ReplyDeleteSkolarrssolutions
Mbbs in Russia
Mbbs in UK
Mbbs in Malaysia
Popular Fashion Blogs in Surat
ReplyDeleteFashion Blogger in Surat
Surat Blogger
Indian Fashion Blogger
I am sure this post has helped me save many hours of browsing other related posts just to find what I was looking for. Many thanks!
ReplyDeleteBest Android Online Certification
Rice Bags Manufacturers
ReplyDeletePouch Manufacturers
fertilizer bag manufacturers
Lyrics with music
we have provide the best ppc service.
ReplyDeleteppc company in gurgaon
website designing company in Gurgaon
PPC company in Noida
seo company in gurgaon
PPC company in Mumbai
PPC company in Chandigarh
Digital Marketing Company
we have provide the best fridge repair service.
ReplyDeleteWashing Machine Repair In Faridabad
LG Washing Machine Repair In Faridabad
Videocon Washing Machine Service Centre In Faridabad
IFB Washing Machine service centre in faridabad
Samsung Washing Machine Repair In Faridabad
Washing Machine Repair in Noida
godrej washing machine repair in noida
whirlpool Washing Machine Repair in Noida
IFB washing Machine Repair in Noida
LG Washing Machine Repair in Noida
iso certification in noida
ReplyDeleteiso certification in delhi
ce certification in delhi
iso 14001 certification in delhi
iso 22000 certification cost
iso consultants in noida
iso 27001 certification services
ReplyDeleteiso 27001 certification in delhi
ISO 9001 Certification in Noida
iso 22000 certification in Delhi
I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I will learn much new stuff right here! Good luck for the next!
ReplyDeleteWeb Designing Course in Chennai | Web Designing Training in Chennai
web designing institute in chennai | Web Designing Training Institute in Chennai
Web Designing Training Institute in Chennai | web design training class in chennai | web designing course in chennai with placement
Nice Blog !!.. Thanks For Sharing.
ReplyDeleteIT Infrastructure Services
HRMS Services
JAVA Development Services
HR Management Services
Nice infromation
ReplyDeleteSelenium Training In Chennai
Selenium course in chennai
Selenium Training
Selenium Training institute In Chennai
Best Selenium Training in chennai
Selenium Training In Chennai
Rpa Training in Chennai
ReplyDeleteRpa Course in Chennai
Rpa training institute in Chennai
Best Rpa Course in Chennai
uipath Training in Chennai
Blue prism training in Chennai
Data Science Training In Chennai
Data Science Course In Chennai
Data Science Training institute In Chennai
Best Data Science Training In Chennai
Python Training In Chennai
ReplyDeletePython course In Chennai
Protractor Training in Chennai
jmeter training in chennai
Loadrunner training in chennai
Thanks for sharing valuable information.
ReplyDeleteDigital Marketing training Course in Chennai
digital marketing training institute in Chennai
digital marketing training in Chennai
digital marketing course in Chennai
digital marketing course training in omr
digital marketing certification in omr
digital marketing course training in velachery
digital marketing training center in Chennai
digital marketing courses with placement in Chennai
digital marketing certification in Chennai
digital marketing institute in Chennai
digital marketing certification course in Chennai
digital marketing course training in Chennai
Digital Marketing course in Chennai with placement
digital marketing courses in Chennai
thank you for your blog
ReplyDeleteKenya Shared Web Hosting
Dominican Republic Web Hosting
Dominican Republic Jordan Web Hosting
Dominican Republic Kazakhstan Web Hosting
Dominican Republic Web Hosting Korea
Dominican Republic Web Hosting Timor Lestes
Dominican Republic Costa Rica Web Hosting
Dominican Republic Hong Kong Web Hosting
ReplyDeleteDominican Republic Slovakia Web Hosting
Dominican Republic Bahrain Web Hosting
Dominican Republic Web Hosting India
Dominican Republic Iran Web Hosting
Dominican Republic Moldova Web Hosting
Dominican Republic Turkey Web Hosting
EXCELLENT INFORMATION AND THANKING YOU
ReplyDeleteINDIAN ADVOCATE RESUME FORMAT DOC
BYPASS MAC FILTERING ANDROID
HTML IMAGE ROLLOVER
OP AMP ADDER AND SUBTRACTOR THEORY
THE PROFIT OBTAINED BY SELLING AN ARTICLE FOR RS 480
THE LCM OF THREE DIFFERENT NUMBERS IS 1024
ERROR [ERR_HTTP_HEADERS_SENT]:
CANNOT SET HEADERS AFTER THEY ARE SENT TO THE CLIENT
GIVEN SIGNS SIGNIFY SOMETHING AND ON THAT BASIS AMCAT
ZOHO APTITUDE QUESTIONS 2019 PDF
HOW TO HACK HOTSPOT PASSWORD
This is an amazing blog, thank you so much for sharing such valuable information with us.
ReplyDeleteVisit for best logo and brochure designing services at- brochure designer in gurgaon.
Freelance Graphic Designing:
Freelance Catalogue Designing in delhi
Freelance Catalogue Designing in gurgaon
Freelance Brochure Designing
Freelance Label Designing
Freelance Banner Designer
Freelance Poster Designer
graphic design services in delhi
graphic design services in gurgaon
Freelance Catalogue Designing in delhi
Freelance Catalogue Designing in gurgaon
Freelance Brochure Designing
Freelance Label Designing
Freelance Banner Designer
Freelance Poster Designer
graphic design services in delhi
graphic design services in gurgaon
Freelance Catalogue Designing in delhi
Freelance Catalogue Designing in gurgaon
Freelance Brochure Designing
Freelance Label Designing
Freelance Banner Designer
Freelance Poster Designer
graphic design services in delhi
graphic design services in gurgaon
Freelance Catalogue Designing in delhi
Freelance Catalogue Designing in gurgaon
Freelance Brochure Designing
Freelance Label Designing
Freelance Banner Designer
Freelance Poster Designer
graphic design services in delhi
graphic design services in gurgaon
keep up the good work. this is an Assam post. this to helpful, i have reading here all post. i am impressed. thank you. this is our digital marketing training center. This is an online certificate course
ReplyDeletedigital marketing training in bangalore / https://www.excelr.com/digital-marketing-training-in-bangalore