Hardware Hacking 101 Needs Matching Toolkit

Hands probing inside a case with tools

One doesn’t always have the luxury of sipping tea comfortably while hacking a piece of hardware at a fully-equipped workbench, where every tool is within reach. To address this, [Zokol] shares an early look at a hardware hacking toolkit-in-progress, whose purpose is to make hacking sessions as productive as possible while keeping size and weight within reasonable limits. There isn’t a part list yet, but there are some good tips on creating your own.

A view of a wide variety of toolsTo put together an effective hardware hacking toolkit, one must carefully consider what kinds of tasks need to be performed, and in what order. Once a basic workflow is identified, one can put together a set of complementary hardware tools and resources to meet the expected needs. The goal is to have the tools to go as far as one can in a single session, and identify any specialized equipment that will be needed later. That way, follow-up sessions can be as effective as possible.

Since hardware hacking is all about inspecting (and possibly modifying the behavior of) electronic devices, [Zokol] observes that step one is always to begin with external interfaces. That means common cables and adapters should all be part of a hardware hacking toolkit, otherwise the session might end awfully early. The next step is to open the device, so common tools and ways to deal with things like adhesives are needed. After that, diagnostic tools like multimeters come into play, with tools becoming more specialized as investigation proceeds. It’s a very sensible way to approach the problem of what to bring (and not bring) in a hardware hacking toolkit, and we can’t wait to see what the final version looks like.

Hardware hacking sometimes involves hardware that can’t be opened without damaging it. The Google Stadia controller is one such piece of hardware, and [Zokol] addressed the problem of how to permanently disable the microphone by figuring out exactly where to drill a hole.

21 thoughts on “Hardware Hacking 101 Needs Matching Toolkit

    1. If you can operate a sewing machine: DIY them. Just stay away from rubber bands and zippers, use velcro and snap fasteners instead. A used FIBC aka big bag can provide a robust fabric and can be had for free at the food industry.

    2. pros’s kit and ifixit (seen on photo). (Quasi) military/tactical or edc panels/organizers (Baribal Poland have nice customization form on their page). Bags and organizers for photographers.

  1. To do my job I get by with a passport, a gigabit network tap and a can adapter in my backpack with my laptop and what feels like 100 patch cables.

    To do my hobbies, all the stuff has to come to my bench and not the other way around. I’ve been tempted to get one of those pocket scopes for a while now though.

  2. I noticed the multi-tool in the center right of the first picture. It looks similar to a Leatherman Squirt ES4. However, there isn’t any Leatherman logos visible. The Leatherman ES4 seems to be discontinued. Is there a clone of the ES4 that’s available?

  3. I would like to find out more about the stuff he collected there. Most of it, I know but maybe someone of you might be so kind to fill the gaps:

    Yellow device? Maybe a mobile oscilloscope???
    Likely chinese magic cards and blanks for rfid
    USB Sticks: Kingston data traveler
    Raspberry Pi Zero (W)
    Saleae 8 Logic Analyzer
    ESP board?
    CANbus adapter (bluetooth)
    Wifi Antennas
    Wiha ? Some kind of screwdriver
    ts80 Soldering iron (imo a modded ts100 is better)
    proxmark 3 easy presumably with iceman flashed on it
    black plastic trapezoid device ???
    Mini-VNA
    Teensy 4.1
    What are those other mini electronics?
    Probably a Awus036ach with custom 3D printed case to save space
    Olight 1E3
    Southord Lockpicks or cheap clones
    Leatherman ES4
    BUBM Organizers
    mobile internet hotspot

    1. Good job correctly identifying almost everything in the picture!
      Happy to give more insight on what the picture has, and why.

      The picture was actually taken in 2019, while I was preparing for a hardware hacking event here in Finland. We actually didn’t know much of the targets to be hacked, so I had to carry as much as I could with me.

      In the end we got to hack a Tesla X and bunch of IoT-stuff, while the event was broadcasted live to national television. Fun times :D

    2. Upper-right corner, Gadget Bag;
      (in order from left to right, top to bottom)

      – RFID-tags, blank. To bypass some access controls.
      – USB-sticks and microsd-cards. For moving data and raspberry pies.
      – Wiha 21105 control cabinet key. For accessing those electricity panels and control systems.
      – TS80 (powerbank for it is next to the bag, solderwick and wires below the yellow box). For soldering stuff.
      – Raspberry pi zero W. For variety of computation and control needs, cheap and easy to carry.
      – Saleae Logic 8. Logic analyzer, also includes analog measurement.
      – Proxmark 3 clone with iceman firmware. For attacking RFID/NFC-systems.
      – Kingston Media Reader. Memory card reader, quite good one actually.
      – MiniVNA Pro. Very nice thing to have, especially if you need to make new antenna from a piece of wire.
      – Particle Photon with CAN-adapter. Paired with the 4g modem, this allows easy remote access to a can-bus
      – OBD-2 adapter for Particle Photon
      – Another Raspberry Pi zero W, with USB-A connector for “gadget-mode”. Allows data extraction, or GPIO-control via USB.
      – ATTiny-board flashed to act as keyboard, for example to escape kiosk-mode
      – Teensy 4.1. Generic and powerful MCU, for those times that you need a simple DSP or just to blink a led.
      – RTLSDR and YARD Stick One. For radio analysis, easier and more stable than LimeSDR.
      – Mooshimeter. BLE multimeter with logging to sd-card. Quite useful, for example to analyze power consumption of a target device.
      – Arduino Pro Micro, another Particle Photon. Just another option for embedded platform.
      – Alfa Awus036 with case to attach on Lenovo Thinkpad X250 screen corner (https://www.thingiverse.com/thing:4057961). For wifi packet capture.

    3. Rest of the table

      (in order from left to right, top to bottom)

      – SSD-enclosure
      – Powerbank for TS80
      – Sharpie silver and black, for writing on dark and bright surfaces
      – Yellow box is LimeSDR, with aluminium enclosure. Fixed on top, a wide frequency range antenna for generic signal analysis.
      – On left-side, the Cable Bag. Basically all cables I might need for the stuff I carry. Also includes antenna adapters, calibration connectors for VNA and H-field probe (the red circle).
      – USB-powerbank
      – Leatherman Wave with bits and Leatherman Squirt ES4
      – Multipick Elite 9, with few extra picks
      – Multipick TOK
      – Cheap lock for locksport
      – Lenovo Thinkpad X250
      – Iphone 6S with Otterbox Defender
      – Another powerbank
      – Olight i3E
      – 4G mobile hotspot
      – iFixit Pro toolkit
      – Logitech M705
      – Dell XPS 15

      1. Thanks! We almost have the same gear except a few things:

        – Cocoon Grid it organizer for cables attached to the laptop
        – I use a rad1o because I got it for free https://rad1o.badge.events.ccc.de/
        – LCR-T4
        – chinese magic cards in form of stickers, so you can use a nuked original card, a lot of other cards.
        – RFID Chameleon
        – Mini DS213
        – Buspirate
        – Cheap Saleae clone
        – southord lockpicks with sugru handles inside a scrap leather laser cut tool roll bag
        – Crazy Radio PA Dongle with custom firmware for keyboards
        – Swiss Army Cyber tool
        – Awus 036ach
        – Nitecore Tube Flashlight
        – MSR 605 for magnet cards
        – Diy Magspoof card
        – Diy ESP-Key https://github.com/octosavvi/ESPKey (those crimp connectors are a pita to find and don’t bother without a microscope that thing is tiny)
        – 3D printed Biquad Yagi
        – Hardware keylogger
        – X330(X230 with full hd screen through nitrocaster mod), whitelist removal, coreboot. Macbook air 2018 speakers, Apple Usb C Dac, 9 cell battery and secondary battery for around 18 hours of battery runtime
        – A pirate remote, basically brute forces TV common model infrared codes to own them

        Do you have any experience with the Jtagulator? I am thinking about building one since they are only 50 bucks opposed to 170.

Leave a Reply to volt-kCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.