Home / Series / Chaos Communication Congress / Aired Order / Season 32 / Episode 72

Hardsploit: A Metasploit-like tool for hardware hacking

Speakers: Yann.A, Julien MOINARD, Gwénolé Audic It is clear that something is needed to help the security community to evaluate, audit and control the security level of hardware products. Hardsploit is a complete tool box (hardware & software), a framework which aims to: - Facilitate the audit of electronic systems for industry 'security' workers (consultants, auditors, pentesters, product designers, etc.) - Increase the level of security (and trust !) of new products designed by the industry Hardsploit is an all-in-one hardware pentesting tool with software and electronic aspects. It's a technical and modular platform (using FPGA) to perform security tests by using electronic communication bus. The main hardware security audit functions are: - Sniffer - Interact - Dump Hardsploit's modules will let users intercept, replay and / or send data via each type of electronic bus used by the target. The level of interaction that pentesters will have depends on the targeted bus features. Hardsploit's modules also enable you to analyze electronic bus (serial and parallel types) like JTAG, SPI, I2C's, parallel addresses and more will come ! We also provide a graphical interface to manage your components and their commands. A wiring helper module is available too. It will help you connect easily your target to Hardsploit. Our ambition is to provide a tool equivalent to those offered by the company Qualys or the Metasploit Framework but in the domain of embedded systems/electronics.

English
  • Originally Aired December 28, 2015
  • Runtime 60 minutes
  • Production Code 7496
  • Created September 19, 2017 by
    Administrator admin
  • Modified September 19, 2017 by
    Administrator admin