IoT

UART

This is generally used to read device logs, some times used to get into shell/debug mode mode of device if correct escape sequence is known.

  1. Commonly 4 pins - VCC, GND, TX,RX

  2. Find GND by using multimeter continuity test by connecting each of them with a metal part in circuit.

  3. Check voltage between other 3 pins & GND, the one having highest will be VCC.

  4. TX will have varying voltage during boot up, best test this during boot up. (measure voltage between gnd & suspected TX, it should be varying)

  5. TX & RX can also be got by bruteforce.

  6. TX of target should be connected to RX of our device, RX of target should be connected to RX of our device.

  7. Baudrate should also be bruteforced with common baudrates, before seeing meaningful data, expliot framework can also be used for this purpose using Expliot nano.

  8. Putty in windows can be used to read/write to UART.

Bus Auditor can also be used to find correct pins.

Expliot Nano can used to read/write data using UART protocol.

JTAG

JTAG/SWD is used for dumping/writing the firmware into the microcontrollers.

  1. Commonly 6 pins - VCC, GND, TMS, TCK, TDO, TDI, TRST(Optional)

  2. Find GND by using multimeter continuity test by connecting each of them with a metal part in circuit.

  3. Use Arduino Nano/ESP32 with JTAGEnum script to find correct pins. (Do not connect VCC of target to enumerator)

  4. Connect Expliot Nano to target device with correct JTAG pins, use OPENOCD to first configure for the microcontroller.

  5. Use OPENOCD to dump image, using from address & to address of memory seeing the datasheet of microcontroller.

You can also use J-Flash/J-Link & Segger tools in windows to dump/write firmware to memory of microcontroller. (easy way)

I2C

Few EEPROMS use I2C, its possible to dump memory of EEPROM using Expliot Nano & other similar tools.

  1. Commonly 4 pins - VCC, GND, SDA, SCL

  2. Find GND by using multimeter continuity test by connecting each of them with a metal part in circuit.

  3. Use Expliot Bus auditor to find I2C address & pins.

  4. Use Expliot Nano to further exploit, for example dump EEPROM memory.

PreviousCheatsheetNextThick Client Vulnerabilities

Last updated