HARD_device_attack

View on GitHub

pic

pic https://docs.srsran.com/en/latest/index.html

4G - 5G attacking

https://asset-group.github.io/disclosures/5ghoul/disclosure.html & jamming -> https://ningning-hou.github.io/homepage/files/rewrite_Jamming_TOSN.pdf

https://olegkutkov.me/2021/12/25/analysis-and-reverse-engineering-of-the-original-starlink-router/

Medvejatnik (вскрытие замков)

https://www.youtube.com/channel/UCnJzwMaQxQux3kTqoGYC6hg

RFID протоколы и как их похекать с помощью Flipper Zero

pic https://github.com/Ondrik8/HARD_device_attack/blob/master/The_Hardware_Hacking_Handbook_Breaking_Embedded_Security_with_Hardware.pdf

Android-PIN-Bruteforce

How to Connect Phones

interactive-shell-via-bluetooth


Фреймворки для тестирования проникновения IOT:

  https://gitlab.com/expliot_framework/expliot
  https://gitlab.com/invuls/iot-projects/iotsecfuzz
  https://github.com/threat9/routersploit

Инструменты reverse инжиниринга прошивки IOT:

  https://github.com/ReFirmLabs/binwalk
  https://github.com/craigz28/firmwalker
  https://github.com/fkie-cad/FACT_core
  https://github.com/david-a-wheeler/flawfinder
  https://github.com/rampageX/firmware-mod-kit
  https://github.com/radareorg/r2ghidra-dec
  https://github.com/CERTCC/trommel
  https://github.com/ChrisTheCoolHut/Firmware_Slap
  https://github.com/angr/angr
  

BLOG & SHOP

GSM ОБОРУДОВАНИЕ

статьи на русском по теме GSM

sniffer for Bluetooth 5 and 4.x (LE)

NFC и Apple Pay и уронить человека с гироскутера

Атака авто-сигнализации

CAN-Bus-Arduino-Tool

Evil Crow RF

РУССКИЙ НАЦИОНАЛЬНЫЙ ХАКИНГ : Павел Жовнер

Собираем глушилку из г-на и палок

PENIOT: Penetration Testing Tool for IoT

Frida Cheatsheet

NVIDIA_vgpu_unlock

JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Awesome-Cellular-Hacking

Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the community’s knowledge. Thank you, I plan on frequently updating this “Awesome Cellular Hacking” curated list with the most up to date exploits, blogs, research, and papers.

The idea is to collect information like the BMW article below, that slowly gets cleared and wiped up from the Internet - making it less accessible, and harder to find. Feel free to email me any document or link to add.

Rogue BTS & CDMA/GSM Traffic Impersonation and Interception

Rogue Base Stations or Evil BTS’s, 2G/3G/4G

OpenBTS software is a Linux application that uses a software-defined radio to present a standard 3GPP air interface to user devices, while simultaneously presenting those devices as SIP endpoints to the Internet

YateBTS is a software implementation of a GSM/GPRS radio access network based on Yate and is compatible with both 2.5G and 4G core networks comprised in our YateUCN unified core network server. Resiliency, customization and technology independence are the main attributes of YateBTS

BladRF and YateBTS Configuration

srsLTE is a free and open-source LTE software suite developed by SRS (www.softwareradiosystems.com)

Installing a USRP Device on Linux

sudo add-apt-repository ppa:ettusresearch/uhd
sudo apt-get update
sudo apt-get install libuhd-dev libuhd003 uhd-host
uhd_find_devices
cd /usr/lib/uhd/utils/
./uhd_images_downloader.py
sudo uhd_usrp_probe 
sudo uhd_usrp_probe
[INFO] [UHD] linux; GNU C++ version 7.4.0; Boost_106501; UHD_3.14.1.1-release
[INFO] [B200] Detected Device: B*****
[INFO] [B200] Operating over USB 3.
[INFO] [B200] Initialize CODEC control...
[INFO] [B200] Initialize Radio control...
[INFO] [B200] Performing register loopback test...
[INFO] [B200] Register loopback test passed
[INFO] [B200] Setting master clock rate selection to 'automatic'.
[INFO] [B200] Asking for clock rate 16.000000 MHz...
[INFO] [B200] Actually got clock rate 16.000000 MHz.
  _____________________________________________________
 /
|       Device: B-Series Device

Troubleshooting SDR’s that are running BTS software

Common issues:

JAMMING SPECIFC ATTACKS

4.5 Radio Jamming Attacks Jamming attacks are a method of interrupting access to cellular networks by exploiting the radio frequency channel being used to transmit and receive information. Specifically, this attack occurs by decreasing the signal to noise ratio by transmitting static and/or noise at high power levels across a given frequency band. This classification of attack can be accomplished in a variety of ways requiring a varying level of skill and access to specialized equipment. Jamming that targets specific channels in the LTE spectrum and is timed specifically to avoid detection is often referred to as smart jamming. Broadcasting noise on a large swath of RF frequencies is referred to as dumb jamming.

4.5.1 Jamming UE Radio Interface A low cost, high complexity attack has been proposed to prevent the transmission of UE signaling to an eNodeB.

4.5.2 Jamming eNodeB Radio Interface Base stations may have physical (e.g., fiber optic) or wireless (e.g., microwave) links to other base stations. These links are often used to perform call handoff operations. As mentioned in section 4.5.1, it may be possible to jam the wireless connections eNodeBs use to communicate with each other. Although theoretical, the same type of smart jamming attacks that are used against the UE could be modified to target communicating eNodeBs, which would prevent the transmission of eNodeB to eNodeB RF communication.

CERT/Media Alerts

5G Cellular Attacks

2G-4G/LTE Cellular Attacks

SIM Specific Attacks

Stingray’s

SS7/Telecom Specific

Github/Code Repo’s

Misc IMSI/Cellular Tools

Resources

Misc

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Screenshot of simulation

CAR hacking

  1. https://freecodecamp.org/news/hacking-cars-a-guide-tutorial-on-how-to-hack-a-car-5eafcfbbb7ec/

  2. https://cactuscon.com/2021-talks-and-workshops/introduction-to-car-hacking-basics

  3. https://amazon.com/Car-Hackers-Handbook-Penetration-Tester/dp/1593277032

  4. https://github.com/jaredthecoder/awesome-vehicle-security

  5. https://medium.com/@yogeshojha/car-hacking-101-practical-guide-to-exploiting-can-bus-using-instrument-cluster-simulator-part-i-cd88d3eb4a53

  6. https://medium.com/@souravbaghz/a-quick-guide-to-hack-car-intro-to-canghost-f9370a0a51b5

  7. https://youtube.com/watch?v=nn-_3AbtEkI

drone hacking

Screenshot of simulation

https://github.com/dhondta/dronesploit

spy on HDMI

Screenshot of simulation

https://github.com/git-artes/gr-tempest.git

//////////////////////////////////////////////////

https://telegra.ph/CHemodanchik-hakera-2020-03-20

//////////////////////////////////////////////////

Дефолтные пароли устройств. –> https://default-password.info

HomePWN

HomePwn. Bluetooth Low-Energy PoC & Hacking

HomePwn. Bluetooth Low-Energy PoC & Hacking

HomePwn. Bluetooth Spoofing

HomePwn. Bluetooth Spoofing

HomePwn. NFC Clone

HomePwn. NFC Clone

HomePwn. BLE capture on PCAP file (sniffing)

HomePwn. BLE capture on PCAP file (sniffing)

HomePwn. QR Options hack

HomePwn. QR Options hack

HomePwn. Apple BLE Discovery

HomePwn. Apple BLE Discovery

HomePwn. Xiaomi IoT Advertisement

HomePwn. Xiaomi IoT Advertisement

DRONSPLOOIT

dronesploit

Wifi Attacks:

mousejack

jackit

demo: www.mousejack.com/

https://www.bettercap.org/modules/hid/

rubber-ducky

Generator payloads for Ducky: https://ducktoolkit.com/

https://github.com/topics/rubberducky

sigintos

incl. HackRF, BladeRF, USRP, RTL-SDR and others + SigintOS-Tool, GnuRadio, YateBTS, srsLTE, IMSI Catcher and others*

awesome-iot-hacks

h4ck IOT

router-exploitation

sdrangel

SDRangel - это интерфейс с открытым исходным кодом Qt5 / OpenGL 3.0+ SDR и анализатор сигналов для различных аппаратных средств.

SDR Angel banner

lOT Sec https://github.com/Samsung/cotopaxi

Logo

ESP-RFID-Tool_BLOG