🔧 Hardware Hacking Tools

Hardware Hacking Tools! 🚀 lists various tools used in hardware hacking, categorized by attack methods. Whether you're a security researcher, penetration tester, or just curious about hardware security, this repo is for you! 🔍💻

Firmware Analysis & Extraction 🖥️

🛠️ JTAG/SWD Debugging

JTAGulator – Identifies JTAG pinouts on embedded devices.
OpenOCD – Open-source debugging and programming tool for embedded devices.
UrJTAG – Universal JTAG library supporting multiple devices.
Segger J-Link – A commercial JTAG/SWD debugger with high-speed debugging.
Xilinx Platform Cable USB II – Used for debugging and programming Xilinx devices.
STM32 ST-Link – Debugging and flashing STM32 microcontrollers.
Black Magic Probe – Open-source JTAG debugger supporting SWD.

🔌 UART/SPI/I2C Debugging

Bus Pirate – Universal interface for SPI, I2C, and UART debugging.
Logic Analyzers – Capture and analyze signals (Saleae, Sigrok, etc.).
FTDI Adapters – Convert USB to UART/SPI/I2C for debugging.
Beagle I2C/SPI Protocol Analyzer – Monitors I2C and SPI traffic.
TI MSP-FET – Debugger for MSP430 microcontrollers.

📥 Firmware Dumping

CH341A Programmer – Reads and writes SPI flash chips.
Flashrom – Open-source tool for reading, writing, and erasing firmware.
Dediprog SF100 – High-speed SPI Flash programmer.
Shikra – Debug and communicate with UART, JTAG, and SPI devices.
RT809H – Universal programmer for dumping firmware from EEPROMs.
Teensy – Custom DIY method for SPI flash dumping.

📂 Reverse Engineering Firmware

Ghidra – NSA’s open-source reverse engineering framework.
IDA Pro – Industry-standard tool for disassembling firmware binaries.
Binwalk – Extracts and analyzes firmware images.
Firmware-Mod-Kit – Extracts and modifies firmware.
Unblob – Extracts and analyzes binary blobs.
GDB (GNU Debugger) – Debugging firmware in real-time.
Radare2 – Open-source framework for binary analysis.
Capstone – Disassembly framework for analyzing instruction sets.
Angr – Python-based binary analysis tool.
Cutter – GUI-based alternative to Radare2 for reverse engineering.

🔨 Physical Attacks Toolkit

🛠️ Side-Channel Attacks & Fault Injection

ChipWhisperer – Open-source side-channel analysis and fault injection tool.
ChipSHOUTER – Advanced electromagnetic fault injection (EMFI) tool.
GlitchKit – Tool for voltage glitching on embedded devices.
Raspberry Pi Pico + PicoEMP – DIY EM fault injection tool.
OpenQASM – Side-channel vulnerability analysis tool for quantum computing.
Riscure Inspector – Commercial side-channel analysis tool.

🔥 Voltage & Clock Glitching

GlitchKit – Software/hardware glitching toolkit.
ChipWhisperer-Lite – Hardware fault injection tool for glitching.
Proxmark3 – RFID/NFC analysis and glitching attacks.
HackRF One – SDR for RF glitching.

🔩 Hardware Debugging & Tampering

JTAGulator – Finds JTAG pinouts for debugging.
Shikra – Works with JTAG, UART, and SPI.
Bus Pirate – Multi-protocol debugging interface.
GoodFET – Open-source JTAG debugging tool.
OpenOCD – Open-source JTAG/SWD debugging tool.
Black Magic Probe – Open-source debugging tool.

🏴‍☠️ Chip Decapping & Microprobing

Chemical Decapping Kits – Removes IC protective layers.
FIB (Focused Ion Beam) Tools – Modifies IC internals.
Probe Stations – Allows direct electrical contact with microchips.

📡 RFID/NFC Cloning & Attacks

Proxmark3 – RFID/NFC cloning and hacking device.
ChameleonMini – Open-source NFC emulation tool.
Flipper Zero – Multi-tool for RFID, NFC, and other hardware hacking.
MFCUK – Cracks Mifare Classic RFID cards.
MFOC – Dumps and cracks Mifare Classic keys.

🧲 Electromagnetic Attacks & TEMPEST

TempestSDR – Reads screen emissions via radio signals.
Van Eck Phreaking Kits – Exploits electromagnetic leaks.
USBKill – Physically destroys hardware via high-voltage USB.

Wireless & Radio Hacking Tools

📡 Wi-Fi Hacking Tools

Aircrack-ng – Suite for Wi-Fi penetration testing.
Wifite – Automated Wi-Fi cracking tool.
Fern Wi-Fi Cracker – GUI tool for Wi-Fi auditing.
Reaver – WPS attack tool.
PixieWPS – Offline WPS attack tool.
Bettercap – Powerful network attack tool, including Wi-Fi attacks.
MDK3 – Wi-Fi testing and deauthentication tool.
Kismet – Wireless network detection and monitoring.
Wigle.net – Database for mapping Wi-Fi networks.

📶 Bluetooth & BLE Hacking

Blue Hydra – Bluetooth device scanner.
Bluesniff – Bluetooth packet sniffer.
BtleJack – Bluetooth Low Energy hijacking tool.
BLE CTF – Bluetooth attack training tool.
Bleah – Bluetooth hacking framework.
BlueRanger – Detect Bluetooth device distances.
Ubertooth One – Open-source Bluetooth monitoring tool.

📻 Software-Defined Radio (SDR) Hacking

GNU Radio – Signal processing toolkit for SDR.
HackRF One – Software-defined radio device for hacking.
RTL-SDR – Cheap USB SDR receiver.
SDR# (SDRSharp) – Popular SDR software.
GQRX – Open-source SDR software.
BladeRF – USB 3.0 SDR device for signal analysis.
Red Pitaya – SDR and signal processing platform.
OsmoSDR – Open-source SDR framework.
RFExplorer – Portable RF spectrum analyzer.
GR-GSM – GSM signal analysis tool.

📡 RFID/NFC Hacking

Proxmark3 – RFID/NFC research tool.
ChameleonMini – RFID emulator and cloning device.
Flipper Zero – Multi-tool for wireless attacks, RFID cloning, and more.
MFCUK – Tool for MIFARE Classic card attacks.
MFOC – MIFARE Classic offline cracking tool.
NFC Tools – Mobile app for NFC analysis.
RFIDler – Software-defined RFID tool.
Libnfc – Library for NFC communication.
ICopy-X – RFID cloning and hacking device.

📞 GSM & Mobile Network Hacking

OsmocomBB – Open-source GSM baseband software.
OpenBTS – Build your own GSM network.
IMSI Catcher – Detect IMSI catchers and rogue cell towers.
Stingray Detector – Mobile IMSI catcher detection.
SIMtrace – Intercept SIM card communication.

🔬 Chip-Level Attack Tools

🏴‍☠️ 1. Chip Decapping & Microscopy

Razor Blade & Nitric Acid – Basic method for removing chip packaging.
FIB (Focused Ion Beam) – High-end method for modifying IC structures.
Delayering Kits – Chemical solutions for peeling off IC layers.
Optical Microscopes – Inspecting chips post-decapping.
Scanning Electron Microscope (SEM) – Advanced chip imaging.

⚡ 2. Fault Injection & Glitching

ChipWhisperer – Side-channel analysis and fault injection tool.
ChipSHOUTER – Electromagnetic fault injection (EMFI).
GlitchKit – Glitching framework for embedded systems.
VoltageGlitcher – Fault injection via voltage control.
SPIDriver – SPI communication and glitching.

🔑 3. Power Analysis & Side-Channel Attacks

ChipWhisperer-Nano – Low-cost power analysis tool.
Riscure Inspector – Commercial side-channel attack framework.
OpenADC – ADC-based power analysis module.
EM Probe – Captures electromagnetic signals from chips.
Kocher’s DPA Toolkit – Differential Power Analysis (DPA) framework.

🛡 4. Secure Chip Extraction & Key Recovery

Glitching AES Chips – Bypassing AES protection via fault injection.
Voltage EMIF Fault Injection – Extracting keys via voltage spikes.
X-Ray Chip Inspection – Identifying hidden security fuses.
Laser Fault Injection – Disrupting chip execution to leak data.

📥 5. Firmware & ROM Dumping

JTAGulator – Identifying JTAG pinouts on unknown chips.
Flashrom – Dumping flash memory from ICs.
Bus Pirate – Dumping firmware from SPI/I2C/UART chips.
Dediprog SF100 – High-speed SPI Flash programmer.
EEPROM Dumper – Extracting EEPROM contents.

🔌 USB & Peripheral Attack Tools

🏴‍☠️ 1. USB Exploitation & HID Attacks

Rubber Ducky – HID-based keystroke injection tool.
Bash Bunny – Advanced automation & attack payloads.
OMG Cable – Malicious USB cable for remote access.
Evil Crow Cable – Open-source keystroke injection.
Cactus WHID – USB HID injection with WiFi.
PHUKD/URFUKED – HID-based payload execution.

💾 2. USB Data Extraction & Exfiltration

USBHarpoon – Data exfiltration via USB.
USaBUSe – Automated USB data theft.
USBExfil – Auto-copy data from plugged-in devices.

🎭 3. USB Impersonation & Spoofing

P4wnP1 A.L.O.A. – USB attack framework (HID, WiFi, storage).
USBProxy – Man-in-the-Middle (MitM) for USB devices.
USBDriveBy – USB device emulation for bypassing security.
BadUSB – Create malicious USB payloads.

📡 4. USB Network Attacks

LAN Turtle – USB network implant for remote access.
Packet Squirrel – USB network sniffing and payload execution.
WiFi Pineapple – Rogue WiFi access point for network MITM.

🔥 5. USB Firmware & Debugging Exploits

USBKill – Automatically disable a system when a USB device is removed.
USBlyzer – USB protocol analyzer for debugging.
USBGuard – Policy-based USB protection.
FaceDancer – USB attack framework for fuzzing & reversing.
GreatFET One – USB debugging and analysis tool.

🛠 Hardware Modification & Implantation

🏴‍☠️ 1. Hardware Backdoor Implants

NSA COTTONMOUTH – USB implant for covert data exfiltration.
NSA IRONCHEF – Malicious BIOS/firmware modification for persistence.
NSA DEITYBOUNCE – BIOS-level malware for remote access.
BadUSB – USB firmware modification for keystroke injection.
USBNinja – Wireless USB payload injector for remote attacks.
OMG Cable – Malicious USB cable for payload execution.

🎛 2. BIOS & Firmware Modification

Flashrom – Reads, writes, erases, and verifies BIOS firmware.
UEFI Tool – Analyzes and modifies UEFI firmware.
CH341A Programmer – USB flash programmer for BIOS modifications.
Bus Pirate – SPI/I2C interface for firmware modifications.
Dediprog SF100 – SPI flash programmer for BIOS recovery.
Intel ME Cleaner – Disables Intel Management Engine.

🔌 3. Hardware Keyloggers & Data Interceptors

KeyGrabber – Hardware keylogger that records keystrokes invisibly.
WiFi Keylogger – Wirelessly transmits keystroke logs over WiFi.
USB Keylogger – Plug-and-play keylogger for USB keyboards.
LAN Tap – Passive network traffic sniffer.
PS/2 Hardware Keylogger – Keystroke logger for older PS/2 keyboards.

🔩 4. Covert Implants & Surveillance Devices

PwnPlug – Covert network implant disguised as a power adapter.
Pwnagotchi – AI-driven WiFi hacking device.
HackRF One – Wireless SDR for sniffing and modifying radio signals.
Flipper Zero – Multi-functional hacking device for RFID/NFC access.
NSA RAGEMASTER – Covert RF implant that transmits monitor data remotely.
WiFi Pineapple – Wireless network penetration testing device.

⚡ 5. Peripheral Device Hijacking

USB Rubber Ducky – Keystroke injection tool disguised as a USB drive.
MalDuino – Open-source BadUSB keystroke injection tool.
ESPloitV2 – ESP8266-based WiFi HID attack device.
MouseJack – Exploits vulnerabilities in wireless mice.
AirDrive Forensic Keylogger – Wireless keylogger with real-time keystroke transmission.

🔬 6. Chip-Level Hardware Trojans

ChipWhisperer – Power analysis and fault injection tool.
ChipSHOUTER – Electromagnetic fault injection for security bypassing.
JTAGulator – Identifies JTAG interfaces on unknown chips.
GlitchKit – Firmware glitching and fault injection framework.
X-Ray Chip Inspection – Scans chips for hidden implants and modifications.

⚡ Power & Battery Attack Tools

🔋 1. Power Analysis & Side-Channel Attacks

ChipWhisperer – Side-channel power analysis and fault injection.
Riscure Inspector – Commercial tool for Differential Power Analysis (DPA).
OpenADC – Analog-to-digital converter for power monitoring.
Kocher’s DPA Toolkit – Used for differential power analysis.
Langer EM Probe – Captures electromagnetic emissions from chips.

⚡ 2. Voltage Fault Injection & Glitching

ChipSHOUTER – Electromagnetic fault injection (EMFI).
VoltageGlitcher – Injects voltage glitches to bypass security.
GlitchKit – Framework for hardware glitching.
SPIDriver – SPI-based power glitching tool.
EMFI Kit – Voltage and electromagnetic fault injection toolkit.

🔌 3. Power Consumption & Tampering Attacks

USBKill – Kills power to devices via USB ports.
Proxmark3 – RFID power analysis tool.
Flipper Zero – Multi-functional device for power manipulation.
Lab Power Supplies – Precision voltage control for attacks.
Raspberry Pi Pico – Can be used for power analysis and manipulation.

🔥 4. Battery-Based Attacks

Supercapacitor Surge – Disrupts devices with sudden power bursts.
Battery Spoofing – Modifies power reports to bypass security.
DC Power Attack – Manipulates voltage to damage components.
Inductive Coupling – Extracts data through power fluctuations.
Battery Overload – Overcharges or overheats batteries for attack vectors.

🏴‍☠️ Supply Chain Attack Tools

🔩 1. Hardware Supply Chain Attacks

NSA Cottonmouth – Covert USB implant with espionage capabilities.
NSA IRATEMONK – Hard drive firmware injection.
NSA JETPLOW – Persistent backdoors in Cisco devices.
NSA SURLYSPAWN – Secure chip manipulation.
NSA FEEDTHROUGH – BIOS-level malware persistence.

🔗 2. Firmware & BIOS Manipulation

UEFI Implant – UEFI firmware analysis and modification.
Thunderstrike – Exploiting MacBook boot ROM.
BIOS Implant Tools – BIOS dumping and modification.
Coreboot – Open-source firmware alternative.
Heads – Secure boot with tamper detection.

🎭 3. Software Supply Chain Attacks

Poisoned Dependencies – Detecting malicious npm/PyPI packages.
Typosquatting Malware – Identifying typo-based dependency attacks.
Dependency Confusion Attack – Checking for dependency confusion vulnerabilities.
BadUSB Firmware – Exploiting firmware on USB devices.
Firmware Patching – Extract and modify firmware images.

🏗 4. Hardware Implantation

Rogue Raspberry Pi – Concealed MITM attack device.
Malicious USB Keylogger – USB-based keystroke logging.
Trojanned ICs – Compromised microchips.
Intercepted Shipment Attacks – Tampering with hardware in transit.

🛡 5. Detection & Prevention

SigMF – Spectrum analysis to detect implants.
Osquery – Querying firmware for anomalies.
YARA Rules – Malware detection in software supply chains.
Binwalk – Firmware backdoor analysis.
Firmware Integrity Checker – Comparing firmware to clean versions.

Uh oh!

FilesExpand file tree

README.md

Latest commit

History